| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260131153735.3c9273a8@pumpkin> Date: Sat, 31 Jan 2026 15:37:35 +0000 From: David Laight <david.laight.linux@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Breno Leitao <leitao@...ian.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Kuniyuki Iwashima <kuniyu@...gle.com>, Willem de Bruijn <willemb@...gle.com>, metze@...ba.org, axboe@...nel.dk, Stanislav Fomichev <sdf@...ichev.me>, io-uring@...r.kernel.org, bpf@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-team@...a.com Subject: Re: [PATCH net-next RFC 0/3] net: move .getsockopt away from __user buffers On Fri, 30 Jan 2026 17:19:55 -0800 Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Fri, 30 Jan 2026 at 14:40, David Laight <david.laight.linux@...il.com> wrote: > > > > There is not much point making the 'optval' parameter more than > > a structure of a user and kernel address - one of which will be NULL. > > That's exactly what we do *NOT* want. Because people will get it > wrong, and then we're back to the bad old days where trivial bugs > result in security issues. It can still be a (semi-)transparent structure that code isn't allowed to change. That is no different from using iov_iter. > Can you point to an actual case where setsockopt / getsockopt would be > performance-critical? Typically you do it once or twice. IIRC a really horrid one - I think for async io. That is also one of the few where the supplied length is a lie. David > > Linus >
Powered by blists - more mailing lists