[PATCH net-next v3 0/4] net: move .getsockopt away from __user buffers

[Breno Leitao]

Currently, the .getsockopt callback requires __user pointers:

  int (*getsockopt)(struct socket *sock, int level,
                    int optname, char __user *optval, int __user *optlen);

This prevents kernel callers (io_uring, BPF) from using getsockopt on
levels other than SOL_SOCKET, since they pass kernel pointers.

Following Linus' suggestion [0], this series introduces sockopt_t, a
type-safe wrapper around iov_iter, and a getsockopt_iter callback that
works with both user and kernel buffers. AF_PACKET and CAN raw are
converted as initial users, with selftests covering the trickiest
conversion patterns.

[0] https://lore.kernel.org/all/CAHk-=whmzrO-BMU=uSVXbuoLi-3tJsO=0kHj1BCPBE3F2kVhTA@xxxxxxxxxxxxxx/

Updates from v2 to v3:

* Use two iov in sockopt_t instead of a single one:
  a) .iter_in that is populated by the caller and will be read-only in
  the protocols callback.

  b) .iter_out will be populated by the protocol and it will be sent
  back to the caller.

  - This will avoid changing the protocol reset and changing the data
    source at the callback, making the driver callback implementation
    and converstion saner.

* created sockptr_to_sockopt() to convert sockptr to sockopt, making the
  call to getsockopt_iter straight-forward

Link: https://lore.kernel.org/all/CAHk-=whmzrO-BMU=uSVXbuoLi-3tJsO=0kHj1BCPBE3F2kVhTA@xxxxxxxxxxxxxx/ [0]
---
Changes in v3:
- Create Two iov in sockopt_t instead of a single one (Stanislav Fomichev)
- Implement the sockptr_to_sockopt() helper (Stanislav Fomichev)
- Link to v2: https://patch.msgid.link/20260401-getsockopt-v2-0-611df6771aff@xxxxxxxxxx

Changes in v2:
- Restore optlen even on error path (getsockopt_iter fails)
- Move af_packet.c and can instead of netlink (given these are the most
  complicate ones).
- Link to v1: https://patch.msgid.link/20260130-getsockopt-v1-0-9154fcff6f95@xxxxxxxxxx

---
Breno Leitao (4):
      net: add getsockopt_iter callback to proto_ops
      net: call getsockopt_iter if available
      af_packet: convert to getsockopt_iter
      can: raw: convert to getsockopt_iter

 include/linux/net.h    | 23 +++++++++++++++++++++
 net/can/raw.c          | 28 ++++++++++++--------------
 net/packet/af_packet.c | 15 +++++++-------
 net/socket.c           | 54 +++++++++++++++++++++++++++++++++++++++++++++++---
 4 files changed, 94 insertions(+), 26 deletions(-)
---
base-commit: 9c14d60a50c4b726a3613a02e8b74778e9964891
change-id: 20260130-getsockopt-9f36625eedcb

Best regards,
--  
Breno Leitao <leitao@xxxxxxxxxx>