| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 May 2020 15:11:40 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'David Howells' <dhowells@...hat.com>,
Christoph Hellwig <hch@....de>
CC: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
Eric Dumazet <edumazet@...gle.com>,
"linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org>,
"linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
"target-devel@...r.kernel.org" <target-devel@...r.kernel.org>,
"linux-afs@...ts.infradead.org" <linux-afs@...ts.infradead.org>,
"drbd-dev@...ts.linbit.com" <drbd-dev@...ts.linbit.com>,
"linux-cifs@...r.kernel.org" <linux-cifs@...r.kernel.org>,
"rds-devel@....oracle.com" <rds-devel@....oracle.com>,
"linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
"cluster-devel@...hat.com" <cluster-devel@...hat.com>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
Jakub Kicinski <kuba@...nel.org>,
"ceph-devel@...r.kernel.org" <ceph-devel@...r.kernel.org>,
"linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
Neil Horman <nhorman@...driver.com>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Vlad Yasevich <vyasevich@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Jon Maloy <jmaloy@...hat.com>,
Ying Xue <ying.xue@...driver.com>,
"David S. Miller" <davem@...emloft.net>,
"ocfs2-devel@....oracle.com" <ocfs2-devel@....oracle.com>
Subject: RE: [PATCH 27/33] sctp: export sctp_setsockopt_bindx
From: David Howells
> Sent: 15 May 2020 16:20
> Christoph Hellwig <hch@....de> wrote:
>
> > > The advantage on using kernel_setsockopt here is that sctp module will
> > > only be loaded if dlm actually creates a SCTP socket. With this
> > > change, sctp will be loaded on setups that may not be actually using
> > > it. It's a quite big module and might expose the system.
> >
> > True. Not that the intent is to kill kernel space callers of setsockopt,
> > as I plan to remove the set_fs address space override used for it.
>
> For getsockopt, does it make sense to have the core kernel load optval/optlen
> into a buffer before calling the protocol driver? Then the driver need not
> see the userspace pointer at all.
>
> Similar could be done for setsockopt - allocate a buffer of the size requested
> by the user inside the kernel and pass it into the driver, then copy the data
> back afterwards.
Yes, it also simplifies all the compat code.
And there is a BPF test in setsockopt that also wants to
pass on a kernel buffer.
I'm willing to sit and write the patch.
Quoting from a post I made later on Friday.
Basically:
This patch sequence (to be written) does the following:
Patch 1: Change __sys_setsockopt() to allocate a kernel buffer,
copy the data into it then call set_fs(KERNEL_DS).
An on-stack buffer (say 64 bytes) will be used for
small transfers.
Patch 2: The same for __sys_getsockopt().
Patch 3: Compat setsockopt.
Patch 4: Compat getsockopt.
Patch 5: Remove the user copies from the global socket options code.
Patches 6 to n-1; Remove the user copies from the per-protocol code.
Patch n: Remove the set_fs(KERNEL_DS) from the entry points.
This should be bisectable.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists