Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp865611rwd; Wed, 7 Jun 2023 07:55:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5EIGuagGkrXTYeiA9xw48IkF3fvA6hIfC2fB8/pI0/Av9MmycWETInGTIcgG8DQW9eb7+w X-Received: by 2002:a05:6359:3a4:b0:127:f9d1:a3a7 with SMTP id eg36-20020a05635903a400b00127f9d1a3a7mr4290051rwb.23.1686149756770; Wed, 07 Jun 2023 07:55:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686149756; cv=none; d=google.com; s=arc-20160816; b=j/y1IOECyClSA5rImt593hjmccGmwiQSHGOgFkQv4Gc7xzN6FPbO4Ns2VPKTqBEczP t66lTb+5oUdl+Kt9rj4ohrv1K0ZLSaVRDWGfuxFdJtyQNtq5iAOmmJeeXjR0PogE2Rcy iDrdkNXfFvE0f0bDVOLErX7b9Hfyb809ee548k492DSrjwkfpuzKKOVy032U3ncG3NSD 1Z6+f8xxcs0PLcLkVFcew3dK3blOOu2pZ4N+yTBZsdAwFy5uTAb2DF3wEZmIpklb7Kql BEl63UoJIJCHd8S6T7RmUEZ3miqQwrHhDCmsNvs9u5SAeEafsXh5qn0tV/6F6zY98XPi YsWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=WT0fon3sSQnJ4q6gsnSXCqAPTF67ljevgujpZ8gxaH0=; b=e5o2WHD3uzydbX9wuCA1Wf1UkMVzP/+9oGBW9q5EFDCcDukGR7wEUb6oZyAdqsS9sJ HNElhHKX+/HIZ/2c0Esj/L2lAudsxCubkmKLiXp8yqu8/EewsSqYSctzlgahZNXsH/Zk l8AV22ado/mDcE00IlJ9xilF78eC6GNt0Q8NsXz5Y/i8nP8oMCGh0y+yHz+Qyr3o3Bnq G+PNTB1sgUq5/oX8Yg2QWtiSLVIZs/pI9KvHzqEpDdehtwjzFwGDDUcdt3u6a/a74kj/ TC7A9xTq/EfOirC01CqsrBtRWlHWPLmOddjCfiVR57O/EDnDjluYIm0BpfCj5v/pNLHA og2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iD70bf4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v17-20020a63f211000000b0053f3b3eb6d2si9176571pgh.867.2023.06.07.07.55.45; Wed, 07 Jun 2023 07:55:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iD70bf4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240803AbjFGOpz (ORCPT + 99 others); Wed, 7 Jun 2023 10:45:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239828AbjFGOpy (ORCPT ); Wed, 7 Jun 2023 10:45:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1BFA1BD2; Wed, 7 Jun 2023 07:45:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 532816403E; Wed, 7 Jun 2023 14:45:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 55874C433D2; Wed, 7 Jun 2023 14:45:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686149151; bh=KYxbixY/YPcTPmWMMjEzFB2YgbL02WvqegnlW8x4q/8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=iD70bf4rX5r1dba/J3aCUPj3qSHuwuhLe6KYypwKppjNruVQswPc0WhssUqXzDXxr 7PFmObSTK8grCkIhUSwN6suorixLko5WIbw+HZGd61Z9uQFIfkdCwc5e1J4w2D05XL y+P4T2nMRuVKt3EGjCjMNBFlLkLjB+v5G7MmRXAxNNLvO2p/yBGffzVS27M+OLB9C4 LUfC9Fx2FjoyrainzfFJjYiUvof0apI7mIwDjn1I7/bWlBvj/VdDT0ZxoKvfFjENzr zvTcZOcG5DxQtqFiM1K36FfKZzPdh1GgLTkHGglfgdyHiATbwHTpXtpovrINzKBcwW BQyN1A1x8Vv4A== Message-ID: Date: Wed, 7 Jun 2023 08:45:49 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: [PATCH net-next v6] net: ioctl: Use kernel memory on protocol ioctl callbacks To: Breno Leitao , Remi Denis-Courmont , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Aring , Stefan Schmidt , Miquel Raynal , Willem de Bruijn , Matthieu Baerts , Mat Martineau , Marcelo Ricardo Leitner , Xin Long , Ido Schimmel Cc: axboe@kernel.dk, asml.silence@gmail.com, leit@fb.com, Martin KaFai Lau , Alexei Starovoitov , Kuniyuki Iwashima , Jason Xing , Joanne Koong , Hangyu Hua , Guillaume Nault , Andrea Righi , Wojciech Drewek , open list , "open list:NETWORKING [GENERAL]" , "open list:DCCP PROTOCOL" , "open list:IEEE 802.15.4 SUBSYSTEM" , "open list:NETWORKING [MPTCP]" , "open list:SCTP PROTOCOL" References: <20230606180045.827659-1-leitao@debian.org> Content-Language: en-US From: David Ahern In-Reply-To: <20230606180045.827659-1-leitao@debian.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/6/23 12:00 PM, Breno Leitao wrote: > Most of the ioctls to net protocols operates directly on userspace > argument (arg). Usually doing get_user()/put_user() directly in the > ioctl callback. This is not flexible, because it is hard to reuse these > functions without passing userspace buffers. > > Change the "struct proto" ioctls to avoid touching userspace memory and > operate on kernel buffers, i.e., all protocol's ioctl callbacks is > adapted to operate on a kernel memory other than on userspace (so, no > more {put,get}_user() and friends being called in the ioctl callback). > > This changes the "struct proto" ioctl format in the following way: > > int (*ioctl)(struct sock *sk, int cmd, > - unsigned long arg); > + int *karg); > > (Important to say that this patch does not touch the "struct proto_ops" > protocols) > > So, the "karg" argument, which is passed to the ioctl callback, is a > pointer allocated to kernel space memory (inside a function wrapper). > This buffer (karg) may contain input argument (copied from userspace in > a prep function) and it might return a value/buffer, which is copied > back to userspace if necessary. There is not one-size-fits-all format > (that is I am using 'may' above), but basically, there are three type of > ioctls: > > 1) Do not read from userspace, returns a result to userspace > 2) Read an input parameter from userspace, and does not return anything > to userspace > 3) Read an input from userspace, and return a buffer to userspace. > > The default case (1) (where no input parameter is given, and an "int" is > returned to userspace) encompasses more than 90% of the cases, but there > are two other exceptions. Here is a list of exceptions: > > * Protocol RAW: > * cmd = SIOCGETVIFCNT: > * input and output = struct sioc_vif_req > * cmd = SIOCGETSGCNT > * input and output = struct sioc_sg_req > * Explanation: for the SIOCGETVIFCNT case, userspace passes the input > argument, which is struct sioc_vif_req. Then the callback populates > the struct, which is copied back to userspace. > > * Protocol RAW6: > * cmd = SIOCGETMIFCNT_IN6 > * input and output = struct sioc_mif_req6 > * cmd = SIOCGETSGCNT_IN6 > * input and output = struct sioc_sg_req6 > > * Protocol PHONET: > * cmd == SIOCPNADDRESOURCE | SIOCPNDELRESOURCE > * input int (4 bytes) > * Nothing is copied back to userspace. > > For the exception cases, functions sock_sk_ioctl_inout() will > copy the userspace input, and copy it back to kernel space. > > The wrapper that prepare the buffer and put the buffer back to user is > sk_ioctl(), so, instead of calling sk->sk_prot->ioctl(), the callee now > calls sk_ioctl(), which will handle all cases. > > Signed-off-by: Breno Leitao > -- It looks good to me, so: Reviewed-by: David Ahern What kind of testing was done with the patch? Would be good to run through a NOS style of test suites to make sure the ipmr and ip6mr changes are correct. (cc'ed Ido since the mlxsw crew has a really good test up)