From 3735f9cff1e8a7ce7079b957bc3b37f0f886caed Mon Sep 17 00:00:00 2001
From: Dmitry Chagin <dchagin@FreeBSD.org>
Date: Sat, 28 May 2022 23:48:45 +0300
Subject: [PATCH] linux(4): Handle multiple mbufs in a control message chain in
 recvmsg

PR:		230274
MFC after:	2 weeks
---
 sys/compat/linux/linux_socket.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index 67da1b51a86..9434e40709b 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -1727,7 +1727,7 @@ linux_recvmsg_common(struct thread *td, l_int s, struct l_msghdr *msghdr,
 	socklen_t datalen, maxlen, outlen;
 	struct l_msghdr l_msghdr;
 	struct iovec *iov, *uiov;
-	struct mbuf *control = NULL;
+	struct mbuf *m, *control = NULL;
 	struct mbuf **controlp;
 	struct sockaddr *sa;
 	caddr_t outbuf;
@@ -1797,10 +1797,10 @@ linux_recvmsg_common(struct thread *td, l_int s, struct l_msghdr *msghdr,
 	lcm = malloc(L_CMSG_HDRSZ, M_LINUX, M_WAITOK | M_ZERO);
 	msg->msg_control = mtod(control, struct cmsghdr *);
 	msg->msg_controllen = control->m_len;
-	cm = CMSG_FIRSTHDR(msg);
 	outbuf = PTRIN(l_msghdr.msg_control);
 	outlen = 0;
-	while (cm != NULL) {
+	for (m = control; m != NULL; m = m->m_next) {
+		cm = mtod(m, struct cmsghdr *);
 		lcm->cmsg_type = bsd_to_linux_cmsg_type(p, cm->cmsg_type,
 		    cm->cmsg_level);
 		lcm->cmsg_level = bsd_to_linux_sockopt_level(cm->cmsg_level);
@@ -1876,7 +1876,6 @@ cont:
 			if (error == 0) {
 				outbuf += LINUX_CMSG_ALIGN(datalen);
 				outlen += LINUX_CMSG_LEN(datalen);
-				cm = CMSG_NXTHDR(msg, cm);
 			}
 		}
 err: