From: Breno Leitao <leitao@debian.org>
To: sdf@fomichev.me, "David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Alexander Aring" <alex.aring@gmail.com>,
"Stefan Schmidt" <stefan@datenfreihafen.org>,
"Miquel Raynal" <miquel.raynal@bootlin.com>,
"Remi Denis-Courmont" <courmisch@gmail.com>,
"Rémi Denis-Courmont" <remi.denis-courmont@nokia.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"Sabrina Dubroca" <sd@queasysnail.net>,
"Shuah Khan" <shuah@kernel.org>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-wpan@vger.kernel.org, linux-kselftest@vger.kernel.org,
Breno Leitao <leitao@debian.org>,
kernel-team@meta.com
Subject: [PATCH net-next 6/7] tls: convert getsockopt to sockopt_t
Date: Thu, 16 Jul 2026 06:00:04 -0700 [thread overview]
Message-ID: <20260716-getsockopt_phase4-v1-6-4f45cb12dce7@debian.org> (raw)
In-Reply-To: <20260716-getsockopt_phase4-v1-0-4f45cb12dce7@debian.org>
Continue converting the proto-layer getsockopt callbacks to the sockopt_t
interface, converting do_tls_getsockopt() and its per-option helpers to
take a sockopt_t.
The thin tls_getsockopt() wrapper keeps its __user signature for now: it
builds a user-backed sockopt_t with sockopt_init_user(), calls the helper,
and writes the returned length back to optlen. The helpers use
copy_to_iter() instead of copy_to_user(); the NULL optval check in the
TLS_TX/TLS_RX path is preserved by testing the iterator user buffer.
No functional change.
Signed-off-by: Breno Leitao <leitao@debian.org>
---
net/tls/tls_main.c | 80 ++++++++++++++++++++++++++----------------------------
1 file changed, 38 insertions(+), 42 deletions(-)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 8c588cdab733d..fbb274287aa5f 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -424,20 +424,16 @@ static __poll_t tls_sk_poll(struct file *file, struct socket *sock,
return mask;
}
-static int do_tls_getsockopt_conf(struct sock *sk, char __user *optval,
- int __user *optlen, int tx)
+static int do_tls_getsockopt_conf(struct sock *sk, sockopt_t *opt, int tx)
{
int rc = 0;
const struct tls_cipher_desc *cipher_desc;
struct tls_context *ctx = tls_get_ctx(sk);
struct tls_crypto_info *crypto_info;
struct cipher_context *cctx;
- int len;
+ int len = opt->optlen;
- if (get_user(len, optlen))
- return -EFAULT;
-
- if (!optval || (len < sizeof(*crypto_info))) {
+ if (!opt->iter_out.ubuf || len < sizeof(*crypto_info)) {
rc = -EINVAL;
goto out;
}
@@ -462,7 +458,8 @@ static int do_tls_getsockopt_conf(struct sock *sk, char __user *optval,
}
if (len == sizeof(*crypto_info)) {
- if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
+ if (copy_to_iter(crypto_info, sizeof(*crypto_info),
+ &opt->iter_out) != sizeof(*crypto_info))
rc = -EFAULT;
goto out;
}
@@ -478,44 +475,38 @@ static int do_tls_getsockopt_conf(struct sock *sk, char __user *optval,
memcpy(crypto_info_rec_seq(crypto_info, cipher_desc),
cctx->rec_seq, cipher_desc->rec_seq);
- if (copy_to_user(optval, crypto_info, cipher_desc->crypto_info))
+ if (copy_to_iter(crypto_info, cipher_desc->crypto_info,
+ &opt->iter_out) != cipher_desc->crypto_info)
rc = -EFAULT;
out:
return rc;
}
-static int do_tls_getsockopt_tx_zc(struct sock *sk, char __user *optval,
- int __user *optlen)
+static int do_tls_getsockopt_tx_zc(struct sock *sk, sockopt_t *opt)
{
struct tls_context *ctx = tls_get_ctx(sk);
unsigned int value;
- int len;
-
- if (get_user(len, optlen))
- return -EFAULT;
+ int len = opt->optlen;
if (len != sizeof(value))
return -EINVAL;
value = ctx->zerocopy_sendfile;
- if (copy_to_user(optval, &value, sizeof(value)))
+ if (copy_to_iter(&value, sizeof(value), &opt->iter_out) != sizeof(value))
return -EFAULT;
return 0;
}
-static int do_tls_getsockopt_no_pad(struct sock *sk, char __user *optval,
- int __user *optlen)
+static int do_tls_getsockopt_no_pad(struct sock *sk, sockopt_t *opt)
{
struct tls_context *ctx = tls_get_ctx(sk);
- int value, len;
+ int value, len = opt->optlen;
if (ctx->prot_info.version != TLS_1_3_VERSION)
return -EINVAL;
- if (get_user(len, optlen))
- return -EFAULT;
if (len < sizeof(value))
return -EINVAL;
@@ -525,38 +516,31 @@ static int do_tls_getsockopt_no_pad(struct sock *sk, char __user *optval,
if (value < 0)
return value;
- if (put_user(sizeof(value), optlen))
- return -EFAULT;
- if (copy_to_user(optval, &value, sizeof(value)))
+ opt->optlen = sizeof(value);
+ if (copy_to_iter(&value, sizeof(value), &opt->iter_out) != sizeof(value))
return -EFAULT;
return 0;
}
-static int do_tls_getsockopt_tx_payload_len(struct sock *sk, char __user *optval,
- int __user *optlen)
+static int do_tls_getsockopt_tx_payload_len(struct sock *sk, sockopt_t *opt)
{
struct tls_context *ctx = tls_get_ctx(sk);
u16 payload_len = ctx->tx_max_payload_len;
- int len;
-
- if (get_user(len, optlen))
- return -EFAULT;
+ int len = opt->optlen;
if (len < sizeof(payload_len))
return -EINVAL;
- if (put_user(sizeof(payload_len), optlen))
- return -EFAULT;
-
- if (copy_to_user(optval, &payload_len, sizeof(payload_len)))
+ opt->optlen = sizeof(payload_len);
+ if (copy_to_iter(&payload_len, sizeof(payload_len),
+ &opt->iter_out) != sizeof(payload_len))
return -EFAULT;
return 0;
}
-static int do_tls_getsockopt(struct sock *sk, int optname,
- char __user *optval, int __user *optlen)
+static int do_tls_getsockopt(struct sock *sk, int optname, sockopt_t *opt)
{
int rc = 0;
@@ -565,17 +549,16 @@ static int do_tls_getsockopt(struct sock *sk, int optname,
switch (optname) {
case TLS_TX:
case TLS_RX:
- rc = do_tls_getsockopt_conf(sk, optval, optlen,
- optname == TLS_TX);
+ rc = do_tls_getsockopt_conf(sk, opt, optname == TLS_TX);
break;
case TLS_TX_ZEROCOPY_RO:
- rc = do_tls_getsockopt_tx_zc(sk, optval, optlen);
+ rc = do_tls_getsockopt_tx_zc(sk, opt);
break;
case TLS_RX_EXPECT_NO_PAD:
- rc = do_tls_getsockopt_no_pad(sk, optval, optlen);
+ rc = do_tls_getsockopt_no_pad(sk, opt);
break;
case TLS_TX_MAX_PAYLOAD_LEN:
- rc = do_tls_getsockopt_tx_payload_len(sk, optval, optlen);
+ rc = do_tls_getsockopt_tx_payload_len(sk, opt);
break;
default:
rc = -ENOPROTOOPT;
@@ -591,12 +574,25 @@ static int tls_getsockopt(struct sock *sk, int level, int optname,
char __user *optval, int __user *optlen)
{
struct tls_context *ctx = tls_get_ctx(sk);
+ sockopt_t opt;
+ int err;
if (level != SOL_TLS)
return ctx->sk_proto->getsockopt(sk, level,
optname, optval, optlen);
- return do_tls_getsockopt(sk, optname, optval, optlen);
+ err = sockopt_init_user(&opt, optval, optlen);
+ if (err)
+ return err;
+
+ err = do_tls_getsockopt(sk, optname, &opt);
+ if (err)
+ return err;
+
+ if (put_user(opt.optlen, optlen))
+ return -EFAULT;
+
+ return 0;
}
static int validate_crypto_info(const struct tls_crypto_info *crypto_info,
--
2.53.0-Meta
next prev parent reply other threads:[~2026-07-16 13:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-16 12:59 [PATCH net-next 0/7] net: convert rawv6, ieee802154, phonet and tls getsockopt to sockopt_t Breno Leitao
2026-07-16 12:59 ` [PATCH net-next 1/7] ipv6: raw: drop unused level argument from do_rawv6_getsockopt Breno Leitao
2026-07-16 13:00 ` [PATCH net-next 2/7] ipv6: raw: convert do_rawv6_getsockopt to sockopt_t Breno Leitao
2026-07-16 13:00 ` [PATCH net-next 3/7] ieee802154: convert dgram getsockopt " Breno Leitao
2026-07-16 13:00 ` [PATCH net-next 4/7] phonet: pep: do not write beyond optlen in getsockopt Breno Leitao
2026-07-16 13:00 ` [PATCH net-next 5/7] phonet: pep: convert getsockopt to sockopt_t Breno Leitao
2026-07-16 13:00 ` Breno Leitao [this message]
2026-07-16 13:00 ` [PATCH net-next 7/7] selftests: net: getsockopt_iter: cover rawv6, ieee802154, phonet and tls Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260716-getsockopt_phase4-v1-6-4f45cb12dce7@debian.org \
--to=leitao@debian.org \
--cc=alex.aring@gmail.com \
--cc=courmisch@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kernel-team@meta.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=miquel.raynal@bootlin.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=remi.denis-courmont@nokia.com \
--cc=sd@queasysnail.net \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=stefan@datenfreihafen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox