Re: [Ocfs2-devel] [PATCH 27/33] sctp: export sctp_setsockopt_bindx
From: Matthew Wilcox
Date: Sat May 16 2020 - 11:37:03 EST
On Sat, May 16, 2020 at 03:11:40PM +0000, David Laight wrote:
> From: David Howells
> > Sent: 15 May 2020 16:20
> > Christoph Hellwig <hch@xxxxxx> wrote:
> >
> > > > The advantage on using kernel_setsockopt here is that sctp module will
> > > > only be loaded if dlm actually creates a SCTP socket. With this
> > > > change, sctp will be loaded on setups that may not be actually using
> > > > it. It's a quite big module and might expose the system.
> > >
> > > True. Not that the intent is to kill kernel space callers of setsockopt,
> > > as I plan to remove the set_fs address space override used for it.
> >
> > For getsockopt, does it make sense to have the core kernel load optval/optlen
> > into a buffer before calling the protocol driver? Then the driver need not
> > see the userspace pointer at all.
> >
> > Similar could be done for setsockopt - allocate a buffer of the size requested
> > by the user inside the kernel and pass it into the driver, then copy the data
> > back afterwards.
>
> Yes, it also simplifies all the compat code.
> And there is a BPF test in setsockopt that also wants to
> pass on a kernel buffer.
>
> I'm willing to sit and write the patch.
> Quoting from a post I made later on Friday.
>
> Basically:
>
> This patch sequence (to be written) does the following:
>
> Patch 1: Change __sys_setsockopt() to allocate a kernel buffer,
> copy the data into it then call set_fs(KERNEL_DS).
> An on-stack buffer (say 64 bytes) will be used for
> small transfers.
>
> Patch 2: The same for __sys_getsockopt().
>
> Patch 3: Compat setsockopt.
>
> Patch 4: Compat getsockopt.
>
> Patch 5: Remove the user copies from the global socket options code.
>
> Patches 6 to n-1; Remove the user copies from the per-protocol code.
>
> Patch n: Remove the set_fs(KERNEL_DS) from the entry points.
>
> This should be bisectable.
I appreciate your dedication to not publishing the source code to
your kernel module, but Christoph's patch series is actually better.
It's typesafe rather than passing void pointers around.