On Mon, Jun 29, 2020 at 10:02:48AM -0700, Linus Torvalds wrote: > That said, is there no practical limit on how big "optlen" can be? There are some pretty huge ones, like the sctp one that can take a basically unlimited list of sockaddr structures. > Sure, I realize that a lot of setsockopt users may not use all of the > data, but let's say that "optlen" is 128, but the actual low-level > setsockopt operation only uses the first 16 bytes, maybe we could > always just copy the 128 bytes from user space into kernel space, and > just say "setsockopt() always gets a kernel pointer". One issue is that a lot setsockopt calls are in the fast path, and even have micro-optimizations like putting an int on stack for the fast path to avoid the memory allocation. While I don't know for sure I fear that always doing a large allocation could end up having a performance impact. But otherwise I like that idea, and did in fact start some prep work until I realized what I did was futile. > Then the bpf use is even simpler. It would just pass the kernel > pointer natively. > > Because that seems to be what the BPF code really wants to do: it > takes the user optval, and munges it into a kernel optval, and then > (if that has been done) runs the low-level sock_setsockopt() under > KERNEL_DS. > > Couldn't we switch things around instead, and just *always* copy > things from user space, and sock_setsockopt (and > sock->ops->setsockopt) _always_ get a kernel buffer? > > And avoid the set_fs(KERNEL_DS) games entirely that way? I'd love to be able to do that. And now that we want through this whole mess than Nth time I have another idea: - we assume optlen is correct, which should cover about 90% of the protocols - but to override that a new setsockopt_len method is added that returns the correct length for all the messy ones. Let me try if that works out.
