From: David Laight <david.laight.linux@gmail.com>
To: Jann Horn <jannh@google.com>
Cc: Eric Dumazet <edumazet@google.com>,
Kuniyuki Iwashima <kuniyu@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Willem de Bruijn <willemb@google.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
John Fastabend <john.fastabend@gmail.com>
Subject: Re: [PATCH] net: block MSG_NO_SHARED_FRAGS in sendmsg()
Date: Wed, 13 May 2026 09:50:38 +0100 [thread overview]
Message-ID: <20260513095038.116dcb34@pumpkin> (raw)
In-Reply-To: <20260512-msg_no_shared_frags-v1-1-55ea46760331@google.com>
On Tue, 12 May 2026 16:02:03 +0200
Jann Horn <jannh@google.com> wrote:
> This change should cause no difference in behavior; it just cleans up some
> hazardous code that could have become a problem in the future.
>
> MSG_NO_SHARED_FRAGS is a kernel-internal flag that cancels the effect of
> MSG_SPLICE_PAGES, another kernel-internal flag that influences the
> data-sharing semantics of SKBs.
>
> Prevent passing this flag in from userspace via sendmsg() by adding it to
> MSG_INTERNAL_SENDMSG_FLAGS.
>
> This is not currently an observable problem because MSG_NO_SHARED_FRAGS
> only has an effect if kernel code adds MSG_SPLICE_PAGES to it.
> The only codepath that adds MSG_SPLICE_PAGES to user-supplied flags from
> which MSG_NO_SHARED_FRAGS hasn't been cleared is the path
> tcp_bpf_sendmsg -> tcp_bpf_send_verdict -> tcp_bpf_push, and that is not a
> problem because tcp_bpf_sendmsg always intentionally sets
> MSG_NO_SHARED_FRAGS anyway.
Should that be inverted to an explicit list of valid flags?
Unfortunately it doesn't look like calls with unsupported flags can be
errored - which actually means that no new ones can be allocated for
new functionality.
-- David
>
> Signed-off-by: Jann Horn <jannh@google.com>
> ---
> include/linux/socket.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/linux/socket.h b/include/linux/socket.h
> index ec4a0a025793..1a4d0d128a13 100644
> --- a/include/linux/socket.h
> +++ b/include/linux/socket.h
> @@ -357,7 +357,7 @@ struct ucred {
>
> /* Flags to be cleared on entry by sendmsg and sendmmsg syscalls */
> #define MSG_INTERNAL_SENDMSG_FLAGS \
> - (MSG_SPLICE_PAGES | MSG_SENDPAGE_NOPOLICY | MSG_SENDPAGE_DECRYPTED)
> + (MSG_SPLICE_PAGES | MSG_SENDPAGE_NOPOLICY | MSG_SENDPAGE_DECRYPTED | MSG_NO_SHARED_FRAGS)
>
> /* Setsockoptions(2) level. Thanks to BSD these must match IPPROTO_xxx */
> #define SOL_IP 0
>
> ---
> base-commit: 5d6919055dec134de3c40167a490f33c74c12581
> change-id: 20260511-msg_no_shared_frags-d557c14e487b
>
> --
> Jann Horn <jannh@google.com>
>
>
next prev parent reply other threads:[~2026-05-13 8:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 14:02 [PATCH] net: block MSG_NO_SHARED_FRAGS in sendmsg() Jann Horn
2026-05-13 8:50 ` David Laight [this message]
2026-05-13 12:55 ` Jann Horn
2026-05-15 1:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513095038.116dcb34@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=edumazet@google.com \
--cc=jannh@google.com \
--cc=john.fastabend@gmail.com \
--cc=kuniyu@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.