D57665.id180060.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D57665.id180060.diff
View Options

	diff --git a/share/man/man9/socket.9 b/share/man/man9/socket.9
	--- a/share/man/man9/socket.9
	+++ b/share/man/man9/socket.9
	@@ -24,7 +24,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd September 6, 2022
	+.Dd March 9, 2026
	.Dt SOCKET 9
	.Os
	.Sh NAME
	@@ -146,6 +146,8 @@
	.Ft int
	.Fn sooptcopyin "struct sockopt sopt" "void buf" "size_t len" "size_t minlen"
	.Ft int
	+.Fn sooptcopyinptr "struct sockopt sopt" "void buf" "size_t len" "size_t minlen"
	+.Ft int
	.Fn sooptcopyout "struct sockopt sopt" "const void buf" "size_t len"
	.Sh DESCRIPTION
	The kernel
	@@ -577,6 +579,13 @@
	are useful for transferring
	.Vt struct sockopt
	data between user and kernel code.
	+They do not preserve pointer provenance.
	+If the copied data contains pointers, the
	+.Fn sooptcopyinptr
	+function must be used for copy in.
	+There is no
	+.Fn sooptcopyoutptr
	+as no consumers have been found.
	.Sh SEE ALSO
	.Xr bind 2 ,
	.Xr close 2 ,
	diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
	--- a/sys/kern/uipc_socket.c
	+++ b/sys/kern/uipc_socket.c
	@@ -3810,8 +3810,9 @@
	* here, these functions are also called by the protocol-level pr_ctloutput()
	* routines.
	*/
	-int
	-sooptcopyin(struct sockopt sopt, void buf, size_t len, size_t minlen)
	+static int
	+_sooptcopyin(struct sockopt sopt, void buf, size_t len, size_t minlen,
	+ bool copycaps)
	{
	size_t valsize;

	@@ -3826,13 +3827,34 @@
	if (valsize > len)
	sopt->sopt_valsize = valsize = len;

	- if (sopt->sopt_td != NULL)
	- return (copyin(sopt->sopt_val, buf, valsize));
	+ if (sopt->sopt_td != NULL) {
	+ if (copycaps)
	+ return (copyinptr(sopt->sopt_val, buf, valsize));
	+ else
	+ return (copyin(sopt->sopt_val, buf, valsize));
	+ }

	- bcopy(sopt->sopt_val, buf, valsize);
	+ if (copycaps)
	+ bcopy(sopt->sopt_val, buf, valsize);
	+ else
	+ bcopy_data(sopt->sopt_val, buf, valsize);
	return (0);
	}

	+int
	+sooptcopyin(struct sockopt sopt, void buf, size_t len, size_t minlen)
	+{
	+ return (_sooptcopyin(sopt, buf, len, minlen, false));
	+}
	+
	+#ifdef __CHERI__
	+int
	+sooptcopyinptr(struct sockopt sopt, void buf, size_t len, size_t minlen)
	+{
	+ return (_sooptcopyin(sopt, buf, len, minlen, true));
	+}
	+#endif
	+
	/*
	* Kernel version of setsockopt(2).
	*
	@@ -4111,7 +4133,7 @@
	if (sopt->sopt_td != NULL)
	error = copyout(buf, sopt->sopt_val, valsize);
	else
	- bcopy(buf, sopt->sopt_val, valsize);
	+ bcopy_data(buf, sopt->sopt_val, valsize);
	}
	return (error);
	}
	diff --git a/sys/sys/sockopt.h b/sys/sys/sockopt.h
	--- a/sys/sys/sockopt.h
	+++ b/sys/sys/sockopt.h
	@@ -59,6 +59,12 @@
	int sogetopt(struct socket so, struct sockopt sopt);
	int __result_use_check sooptcopyin(struct sockopt sopt, void buf, size_t len,
	size_t minlen);
	+#ifdef __CHERI__
	+int __result_use_check sooptcopyinptr(struct sockopt sopt, void buf,
	+ size_t len, size_t minlen);
	+#else
	+#define sooptcopyinptr sooptcopyin
	+#endif
	int __result_use_check sooptcopyout(struct sockopt sopt, const void buf,
	size_t len);
	int soopt_getm(struct sockopt sopt, struct mbuf *mp);

File Metadata

Mime Type: text/plain
Expires: Thu, Jun 25, 8:06 AM (13 h, 35 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 34315095
Default Alt Text: D57665.id180060.diff (3 KB)

D57665.id180060.diffNo OneTemporaryActions

D57665.id180060.diffView Options

File Metadata

Event Timeline

D57665.id180060.diff
No OneTemporary
Actions

D57665.id180060.diff
View Options