From: David Laight <david.laight.linux@gmail.com>
To: Stefan Metzmacher <metze@samba.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Jens Axboe" <axboe@kernel.dk>,
"Pavel Begunkov" <asml.silence@gmail.com>,
"Breno Leitao" <leitao@debian.org>,
"Jakub Kicinski" <kuba@kernel.org>,
"Christoph Hellwig" <hch@lst.de>,
"Karsten Keil" <isdn@linux-pingi.de>,
"Ayush Sawal" <ayush.sawal@chelsio.com>,
"Andrew Lunn" <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Kuniyuki Iwashima" <kuniyu@amazon.com>,
"Willem de Bruijn" <willemb@google.com>,
"David Ahern" <dsahern@kernel.org>,
"Marcelo Ricardo Leitner" <marcelo.leitner@gmail.com>,
"Xin Long" <lucien.xin@gmail.com>,
"Neal Cardwell" <ncardwell@google.com>,
"Joerg Reuter" <jreuter@yaina.de>,
"Marcel Holtmann" <marcel@holtmann.org>,
"Johan Hedberg" <johan.hedberg@gmail.com>,
"Luiz Augusto von Dentz" <luiz.dentz@gmail.com>,
"Oliver Hartkopp" <socketcan@hartkopp.net>,
"Marc Kleine-Budde" <mkl@pengutronix.de>,
"Robin van der Gracht" <robin@protonic.nl>,
"Oleksij Rempel" <o.rempel@pengutronix.de>,
kernel@pengutronix.de, "Alexander Aring" <alex.aring@gmail.com>,
"Stefan Schmidt" <stefan@datenfreihafen.org>,
"Miquel Raynal" <miquel.raynal@bootlin.com>,
"Alexandra Winter" <wintera@linux.ibm.com>,
"Thorsten Winkler" <twinkler@linux.ibm.com>,
"James Chapman" <jchapman@katalix.com>,
"Jeremy Kerr" <jk@codeconstruct.com.au>,
"Matt Johnston" <matt@codeconstruct.com.au>,
"Matthieu Baerts" <matttbe@kernel.org>,
"Mat Martineau" <martineau@kernel.org>,
"Geliang Tang" <geliang@kernel.org>,
"Krzysztof Kozlowski" <krzk@kernel.org>,
"Remi Denis-Courmont" <courmisch@gmail.com>,
"Allison Henderson" <allison.henderson@oracle.com>,
"David Howells" <dhowells@redhat.com>,
"Marc Dionne" <marc.dionne@auristor.com>,
"Wenjia Zhang" <wenjia@linux.ibm.com>,
"Jan Karcher" <jaka@linux.ibm.com>,
"D. Wythe" <alibuda@linux.alibaba.com>,
"Tony Lu" <tonylu@linux.alibaba.com>,
"Wen Gu" <guwen@linux.alibaba.com>,
"Jon Maloy" <jmaloy@redhat.com>,
"Boris Pismenny" <borisp@nvidia.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Martin Schiller" <ms@dev.tdt.de>,
"Björn Töpel" <bjorn@kernel.org>,
"Magnus Karlsson" <magnus.karlsson@intel.com>,
"Maciej Fijalkowski" <maciej.fijalkowski@intel.com>,
"Jonathan Lemon" <jonathan.lemon@gmail.com>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Jesper Dangaard Brouer" <hawk@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-sctp@vger.kernel.org, linux-hams@vger.kernel.org,
linux-bluetooth@vger.kernel.org, linux-can@vger.kernel.org,
dccp@vger.kernel.org, linux-wpan@vger.kernel.org,
linux-s390@vger.kernel.org, mptcp@lists.linux.dev,
linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com,
linux-afs@lists.infradead.org,
tipc-discussion@lists.sourceforge.net,
virtualization@lists.linux.dev, linux-x25@vger.kernel.org,
bpf@vger.kernel.org, isdn4linux@listserv.isdn4linux.de,
io-uring@vger.kernel.org
Subject: Re: [RFC PATCH 3/4] net: pass a kernel pointer via 'optlen_t' to proto[ops].getsockopt() hooks
Date: Mon, 31 Mar 2025 22:49:46 +0100 [thread overview]
Message-ID: <20250331224946.13899fcf@pumpkin> (raw)
In-Reply-To: <d482e207223f434f0d306d3158b2142dceac4631.1743449872.git.metze@samba.org>
On Mon, 31 Mar 2025 22:10:55 +0200
Stefan Metzmacher <metze@samba.org> wrote:
> The motivation for this is to remove the SOL_SOCKET limitation
> from io_uring_cmd_getsockopt().
>
> The reason for this limitation is that io_uring_cmd_getsockopt()
> passes a kernel pointer.
>
> The first idea would be to change the optval and optlen arguments
> to the protocol specific hooks also to sockptr_t, as that
> is already used for setsockopt() and also by do_sock_getsockopt()
> sk_getsockopt() and BPF_CGROUP_RUN_PROG_GETSOCKOPT().
>
> But as Linus don't like 'sockptr_t' I used a different approach.
>
> Instead of passing the optlen as user or kernel pointer,
> we only ever pass a kernel pointer and do the
> translation from/to userspace in do_sock_getsockopt().
>
> The simple solution would be to just remove the
> '__user' from the int *optlen argument, but it
> seems the compiler doesn't complain about
> '__user' vs. without it, so instead I used
> a helper struct in order to make sure everything
> compiles with a typesafe change.
>
> That together with get_optlen() and put_optlen() helper
> macros make it relatively easy to review and check the
> behaviour is most likely unchanged.
I've looked into this before (and fallen down the patch rabbit hole).
I think the best (final) solution is to pass a validated non-negative
'optlen' into all getsockopt() functions and to have them usually return
either -errno or the modified length.
This simplifies 99% of the functions.
The problem case is functions that want to update the length and return
an error.
By best solution is to support return values of -errno << 20 | length
(as well as -errno and length).
There end up being some slight behaviour changes.
- Some code tries to 'undo' actions if the length can't be updated.
I'm sure this is unnecessary and the recovery path is untested and
could be buggy. Provided the kernel data is consistent there is
no point trying to get code to recover from EFAULT.
The 'length' has been read - so would also need to be readonly
or unmapped by a second thread!
- A lot of getsockopt functions actually treat a negative length as 4.
I think this 'bug' needs to preserved to avoid breaking applications.
The changes are mechanical but very widespread.
They also give the option of not writing back the length if unchanged.
David
next prev parent reply other threads:[~2025-03-31 21:49 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-31 20:10 [RFC PATCH 0/4] net/io_uring: pass a kernel pointer via optlen_t to proto[_ops].getsockopt() Stefan Metzmacher
2025-03-31 20:10 ` [RFC PATCH 1/4] net: introduce get_optlen() and put_optlen() helpers Stefan Metzmacher
2025-04-01 12:17 ` Breno Leitao
2025-04-01 12:22 ` Stefan Metzmacher
2025-03-31 20:10 ` [RFC PATCH 2/4] net: pass 'optlen_t' to proto[ops].getsockopt() hooks Stefan Metzmacher
2025-03-31 20:27 ` Stefan Metzmacher
2025-03-31 20:10 ` [RFC PATCH 3/4] net: pass a kernel pointer via " Stefan Metzmacher
2025-03-31 21:49 ` David Laight [this message]
2025-04-01 8:24 ` Stefan Metzmacher
2025-03-31 20:10 ` [RFC PATCH 4/4] io_uring: let io_uring_cmd_getsockopt() allow level other than SOL_SOCKET Stefan Metzmacher
2025-03-31 21:04 ` [RFC PATCH 0/4] net/io_uring: pass a kernel pointer via optlen_t to proto[_ops].getsockopt() Stanislav Fomichev
2025-04-01 8:19 ` Stefan Metzmacher
2025-04-01 13:37 ` Stefan Metzmacher
2025-04-01 13:48 ` Stefan Metzmacher
2025-04-01 15:35 ` Breno Leitao
2025-04-01 15:45 ` Stanislav Fomichev
2025-04-01 21:20 ` Stefan Metzmacher
2025-04-01 22:04 ` Stanislav Fomichev
2025-04-01 22:53 ` Stefan Metzmacher
2025-04-02 12:29 ` David Laight
2025-04-02 14:19 ` Stanislav Fomichev
2025-04-02 20:46 ` David Laight
2025-04-02 21:07 ` Linus Torvalds
2025-04-02 21:21 ` Stanislav Fomichev
2025-04-02 22:38 ` David Laight
2025-04-02 23:39 ` Stanislav Fomichev
2025-04-02 0:40 ` Linus Torvalds
2025-04-02 12:35 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250331224946.13899fcf@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=alex.aring@gmail.com \
--cc=alibuda@linux.alibaba.com \
--cc=allison.henderson@oracle.com \
--cc=andrew+netdev@lunn.ch \
--cc=asml.silence@gmail.com \
--cc=ast@kernel.org \
--cc=axboe@kernel.dk \
--cc=ayush.sawal@chelsio.com \
--cc=bjorn@kernel.org \
--cc=borisp@nvidia.com \
--cc=bpf@vger.kernel.org \
--cc=courmisch@gmail.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dccp@vger.kernel.org \
--cc=dhowells@redhat.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=geliang@kernel.org \
--cc=guwen@linux.alibaba.com \
--cc=hawk@kernel.org \
--cc=hch@lst.de \
--cc=horms@kernel.org \
--cc=io-uring@vger.kernel.org \
--cc=isdn4linux@listserv.isdn4linux.de \
--cc=isdn@linux-pingi.de \
--cc=jaka@linux.ibm.com \
--cc=jchapman@katalix.com \
--cc=jk@codeconstruct.com.au \
--cc=jmaloy@redhat.com \
--cc=johan.hedberg@gmail.com \
--cc=john.fastabend@gmail.com \
--cc=jonathan.lemon@gmail.com \
--cc=jreuter@yaina.de \
--cc=kernel@pengutronix.de \
--cc=krzk@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=leitao@debian.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-hams@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=linux-x25@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=luiz.dentz@gmail.com \
--cc=maciej.fijalkowski@intel.com \
--cc=magnus.karlsson@intel.com \
--cc=marc.dionne@auristor.com \
--cc=marcel@holtmann.org \
--cc=marcelo.leitner@gmail.com \
--cc=martineau@kernel.org \
--cc=matt@codeconstruct.com.au \
--cc=matttbe@kernel.org \
--cc=metze@samba.org \
--cc=miquel.raynal@bootlin.com \
--cc=mkl@pengutronix.de \
--cc=mptcp@lists.linux.dev \
--cc=ms@dev.tdt.de \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=o.rempel@pengutronix.de \
--cc=pabeni@redhat.com \
--cc=rds-devel@oss.oracle.com \
--cc=robin@protonic.nl \
--cc=sgarzare@redhat.com \
--cc=socketcan@hartkopp.net \
--cc=stefan@datenfreihafen.org \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=tonylu@linux.alibaba.com \
--cc=torvalds@linux-foundation.org \
--cc=twinkler@linux.ibm.com \
--cc=virtualization@lists.linux.dev \
--cc=wenjia@linux.ibm.com \
--cc=willemb@google.com \
--cc=wintera@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox