lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 May 2020 10:46:33 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Christoph Hellwig' <hch@....de> CC: "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Vlad Yasevich <vyasevich@...il.com>, Neil Horman <nhorman@...driver.com>, "Marcelo Ricardo Leitner" <marcelo.leitner@...il.com>, Jon Maloy <jmaloy@...hat.com>, Ying Xue <ying.xue@...driver.com>, "drbd-dev@...ts.linbit.com" <drbd-dev@...ts.linbit.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>, "linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org>, "target-devel@...r.kernel.org" <target-devel@...r.kernel.org>, "linux-afs@...ts.infradead.org" <linux-afs@...ts.infradead.org>, "linux-cifs@...r.kernel.org" <linux-cifs@...r.kernel.org>, "cluster-devel@...hat.com" <cluster-devel@...hat.com>, "ocfs2-devel@....oracle.com" <ocfs2-devel@....oracle.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>, "ceph-devel@...r.kernel.org" <ceph-devel@...r.kernel.org>, "rds-devel@....oracle.com" <rds-devel@....oracle.com>, "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org> Subject: RE: remove kernel_setsockopt and kernel_getsockopt v2 From: 'Christoph Hellwig' > Sent: 21 May 2020 10:12 ... > > I worried about whether getsockopt() should read the entire > > user buffer first. SCTP needs the some of it often (including a > > sockaddr_storage in one case), TCP needs it once. > > However the cost of reading a few words is small, and a big > > buffer probably needs setting to avoid leaking kernel > > memory if the structure has holes or fields that don't get set. > > Reading from userspace solves both issues. > > As mention in the thread on the last series: That was my first idea, but > we have way to many sockopts, especially in obscure protocols that just > hard code the size. The chance of breaking userspace in a way that can't > be fixed without going back to passing user pointers to get/setsockopt > is way to high to commit to such a change unfortunately. Right the syscall stubs probably can't do it. But the per-protocol ones can for the main protocols. I posted a patch for SCTP yesterday that removes 800 lines of source and 8k of object code. Even that needs a horrid bodge for one request where the length returned has to be less than the data copied! David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists