net: Block MSG_SENDPAGE_* from being passed to sendmsg() by userspace - lwn.git - Linux kernel documentation tree maintained by Jonathan Corbet

diff options

author	David Howells <dhowells@redhat.com>	2023-06-07 19:19:07 +0100
committer	Jakub Kicinski <kuba@kernel.org>	2023-06-08 19:40:30 -0700
commit	4fe38acdac8a71f7cccf347a2e9902bc818ecef7 (patch)
tree	9238a6b230b5b5b5500ed0f5efe9d3da9c3f0515 /fs/open.c
parent	736013292e3ca5ec2aabb32daf72a73b1256ac57 (diff)
download	lwn-4fe38acdac8a71f7cccf347a2e9902bc818ecef7.tar.gz lwn-4fe38acdac8a71f7cccf347a2e9902bc818ecef7.zip

net: Block MSG_SENDPAGE_* from being passed to sendmsg() by userspace

It is necessary to allow MSG_SENDPAGE_* to be passed into ->sendmsg() to allow sendmsg(MSG_SPLICE_PAGES) to replace ->sendpage(). Unblocking them in the network protocol, however, allows these flags to be passed in by userspace too[1]. Fix this by marking MSG_SENDPAGE_NOPOLICY, MSG_SENDPAGE_NOTLAST and MSG_SENDPAGE_DECRYPTED as internal flags, which causes sendmsg() to object if they are passed to sendmsg() by userspace. Network protocol ->sendmsg() implementations can then allow them through. Note that it should be possible to remove MSG_SENDPAGE_NOTLAST once sendpage is removed as a whole slew of pages will be passed in in one go by splice through sendmsg, with MSG_MORE being set if it has more data waiting in the pipe. Signed-off-by: David Howells <dhowells@redhat.com> cc: Chuck Lever <chuck.lever@oracle.com> cc: Boris Pismenny <borisp@nvidia.com> cc: John Fastabend <john.fastabend@gmail.com> cc: Jens Axboe <axboe@kernel.dk> cc: Matthew Wilcox <willy@infradead.org> Link: https://lore.kernel.org/r/20230526181338.03a99016@kernel.org/ [1] Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'fs/open.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: