Re: [PATCH net-next v3 0/4] net: move .getsockopt away from __user buffers

Next message: Chris Lu (&#x9678;&#x7A1A;&#x6CD3;): "Re: [PATCH v2] Bluetooth: btmtk: add event filter to filter specific event"
Previous message: John Garry: "Re: [PATCH 07/13] libmultipath: Add delayed removal support"
In reply to: Breno Leitao: "[PATCH net-next v3 1/4] net: add getsockopt_iter callback to proto_ops"
Next in thread: Breno Leitao: "Re: [PATCH net-next v3 0/4] net: move .getsockopt away from __user buffers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Laight

Date: Wed Apr 08 2026 - 07:30:07 EST

On Wed, 08 Apr 2026 03:30:28 -0700
Breno Leitao <leitao@xxxxxxxxxx> wrote:

> Currently, the .getsockopt callback requires __user pointers:
>
> int (*getsockopt)(struct socket *sock, int level,
> int optname, char __user *optval, int __user *optlen);
>
> This prevents kernel callers (io_uring, BPF) from using getsockopt on
> levels other than SOL_SOCKET, since they pass kernel pointers.
>
> Following Linus' suggestion [0], this series introduces sockopt_t, a
> type-safe wrapper around iov_iter, and a getsockopt_iter callback that
> works with both user and kernel buffers. AF_PACKET and CAN raw are
> converted as initial users, with selftests covering the trickiest
> conversion patterns.

What are you doing about the cases where 'optlen' is a complete lie?
IIRC there is one related to some form of async io where it is just
the length of the header, the actual buffer length depends on
data in the header.
This doesn't matter with the existing code for applications, when they
get it wrong they just crash.
But kernel users will need to pass the actual buffer length separately
from optlen.
It also affects any code that tries to cache the actual data and copy
it back to userspace in the syscall wrapper - which makes sense for
most short getsockopt.

(This is different from historic code where the length might be
assumed to be 4 regardless of what was passed.)

David