Hi Victor,

wouldn't it be enough to port the PROTO_CMSG_DATA_ONLY check to the sendmsg path?

UDP sockets should have PROTO_CMSG_DATA_ONLY set.

I guess that would fix your current problem.

Whitelisting more (or even all) would need more work, but can be done
later.

metze

Am 23.11.20 um 16:29 schrieb Victor Stewart:
> so currently all cmsg headers are disabled through sendmsg and recvmsg
> operations through io_uring because of
> https://www.exploit-db.com/exploits/47779
> 
> i think it's time we start whitelisting the good guys though? GSO and
> GRO are hugely important for QUIC servers, and together offer a higher
> throughput gain than io_uring alone (rate of data transit
> considering), thus io_uring is the lesser performance choice for QUIC
> servers at the moment.
> 
> RE http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf,
> GSO is about +~63% and GRO +~82%.
> 
> this patch closes that loophole.
> 
> Victor Stewart (1);
>    net/socket.c: add __sys_whitelisted_cmsghdrs()
> 
>    net/socket.c | 15 ++++++++++++---
>    1 file changed, 12 insertions(+), 3 deletions(-)
>