| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240709091400.GE346094@kernel.org>
Date: Tue, 9 Jul 2024 10:14:00 +0100
From: Simon Horman <horms@...nel.org>
To: zijianzhang@...edance.com
Cc: netdev@...r.kernel.org, edumazet@...gle.com,
willemdebruijn.kernel@...il.com, cong.wang@...edance.com,
xiaochun.lu@...edance.com, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
David Ahern <dsahern@...nel.org>, Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH net-next v7 1/3] sock: support copying cmsgs to the user
space in sendmsg
+ Dave Miller, Jakub Kicinski, Paolo Abeni, David Ahern, and Jens Axboe
Please generate the CC list Networking for patches using
get_maintainer.pl --git-min-percent=25 this.patch
but omitting LKML.
On Mon, Jul 08, 2024 at 09:04:03PM +0000, zijianzhang@...edance.com wrote:
> From: Zijian Zhang <zijianzhang@...edance.com>
>
> Users can pass msg_control as a placeholder to recvmsg, and get some info
> from the kernel upon returning of it, but it's not available for sendmsg.
> Recvmsg uses put_cmsg to copy info back to the user, while ____sys_sendmsg
> creates a kernel copy of msg_control and passes that to the callees,
> put_cmsg in sendmsg path will write into this kernel buffer.
>
> If users want to get info after returning of sendmsg, they typically have
> to call recvmsg on the ERRMSG_QUEUE of the socket, incurring extra system
> call overhead. This commit supports copying cmsg from the kernel space to
> the user space upon returning of sendmsg to mitigate this overhead.
>
> Signed-off-by: Zijian Zhang <zijianzhang@...edance.com>
> Signed-off-by: Xiaochun Lu <xiaochun.lu@...edance.com>
...
> diff --git a/net/socket.c b/net/socket.c
> index e416920e9399..6a9c9e24d781 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -2525,8 +2525,43 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
> return err < 0 ? err : 0;
> }
>
> -static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
> - unsigned int flags, struct used_address *used_address,
> +static int sendmsg_copy_cmsg_to_user(struct msghdr *msg_sys,
> + struct user_msghdr __user *umsg)
> +{
> + struct compat_msghdr __user *umsg_compat =
> + (struct compat_msghdr __user *)umsg;
> + unsigned int flags = msg_sys->msg_flags;
> + struct msghdr msg_user = *msg_sys;
> + unsigned long cmsg_ptr;
> + struct cmsghdr *cmsg;
> + int err;
> +
> + msg_user.msg_control_is_user = true;
> + msg_user.msg_control_user = umsg->msg_control;
nit: Sparse seems unhappy about the use of a __user pointer here.
net/socket.c:2540:37: warning: dereference of noderef expression
> + cmsg_ptr = (unsigned long)msg_user.msg_control;
> + for_each_cmsghdr(cmsg, msg_sys) {
> + if (!CMSG_OK(msg_sys, cmsg))
> + break;
> + if (cmsg_copy_to_user(cmsg))
> + put_cmsg(&msg_user, cmsg->cmsg_level, cmsg->cmsg_type,
> + cmsg->cmsg_len - sizeof(*cmsg), CMSG_DATA(cmsg));
> + }
> +
> + err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT), COMPAT_FLAGS(umsg));
nit: The line above could be trivially line-wrapped so that it is
no more than 80 columns wide, as is still preferred in Networking code.
Flagged by: checkpatch.pl --max-line-length=80
> + if (err)
> + return err;
> + if (MSG_CMSG_COMPAT & flags)
> + err = __put_user((unsigned long)msg_user.msg_control - cmsg_ptr,
> + &umsg_compat->msg_controllen);
> + else
> + err = __put_user((unsigned long)msg_user.msg_control - cmsg_ptr,
> + &umsg->msg_controllen);
> + return err;
> +}
...
Powered by blists - more mailing lists