From: Jann Horn <jannh@google.com>
To: Eric Dumazet <edumazet@google.com>,
Kuniyuki Iwashima <kuniyu@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Willem de Bruijn <willemb@google.com>,
netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
John Fastabend <john.fastabend@gmail.com>,
Jann Horn <jannh@google.com>
Subject: [PATCH] net: block MSG_NO_SHARED_FRAGS in sendmsg()
Date: Tue, 12 May 2026 16:02:03 +0200 [thread overview]
Message-ID: <20260512-msg_no_shared_frags-v1-1-55ea46760331@google.com> (raw)
This change should cause no difference in behavior; it just cleans up some
hazardous code that could have become a problem in the future.
MSG_NO_SHARED_FRAGS is a kernel-internal flag that cancels the effect of
MSG_SPLICE_PAGES, another kernel-internal flag that influences the
data-sharing semantics of SKBs.
Prevent passing this flag in from userspace via sendmsg() by adding it to
MSG_INTERNAL_SENDMSG_FLAGS.
This is not currently an observable problem because MSG_NO_SHARED_FRAGS
only has an effect if kernel code adds MSG_SPLICE_PAGES to it.
The only codepath that adds MSG_SPLICE_PAGES to user-supplied flags from
which MSG_NO_SHARED_FRAGS hasn't been cleared is the path
tcp_bpf_sendmsg -> tcp_bpf_send_verdict -> tcp_bpf_push, and that is not a
problem because tcp_bpf_sendmsg always intentionally sets
MSG_NO_SHARED_FRAGS anyway.
Signed-off-by: Jann Horn <jannh@google.com>
---
include/linux/socket.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/socket.h b/include/linux/socket.h
index ec4a0a025793..1a4d0d128a13 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -357,7 +357,7 @@ struct ucred {
/* Flags to be cleared on entry by sendmsg and sendmmsg syscalls */
#define MSG_INTERNAL_SENDMSG_FLAGS \
- (MSG_SPLICE_PAGES | MSG_SENDPAGE_NOPOLICY | MSG_SENDPAGE_DECRYPTED)
+ (MSG_SPLICE_PAGES | MSG_SENDPAGE_NOPOLICY | MSG_SENDPAGE_DECRYPTED | MSG_NO_SHARED_FRAGS)
/* Setsockoptions(2) level. Thanks to BSD these must match IPPROTO_xxx */
#define SOL_IP 0
---
base-commit: 5d6919055dec134de3c40167a490f33c74c12581
change-id: 20260511-msg_no_shared_frags-d557c14e487b
--
Jann Horn <jannh@google.com>
next reply other threads:[~2026-05-12 14:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 14:02 Jann Horn [this message]
2026-05-13 8:50 ` [PATCH] net: block MSG_NO_SHARED_FRAGS in sendmsg() David Laight
2026-05-13 12:55 ` Jann Horn
2026-05-15 1:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260512-msg_no_shared_frags-v1-1-55ea46760331@google.com \
--to=jannh@google.com \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=kuniyu@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.