Page MenuHomeFreeBSD

Fix Linux recvmsg(2) when msg_namelen returned is 0
ClosedPublic

Authored by trasz on Jun 21 2020, 7:13 PM.

Details

Summary

Fix Linux recvmsg(2) when msg_namelen returned is 0. Previously it would fail with EINVAL, breaking some of the Python regression tests.

Note that the code doesn't seem to be copying out the new length in either (success or failure) case. This will be addressed separately.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 31863
Build 29422: arc lint + arc unit

Event Timeline

trasz created this revision.Jun 21 2020, 7:13 PM
trasz requested review of this revision.Jun 21 2020, 7:13 PM
trasz retitled this revision from Fix Linux recvmsg(2) when msg_namelen returned is 0. Previously it would fail with EINVAL, breaking some of the Python regression tests. to Fix Linux recvmsg(2) when msg_namelen returned is 0.Jun 21 2020, 8:34 PM
trasz edited the summary of this revision. (Show Details)
trasz added a reviewer: Linux Emulation.
emaste added a subscriber: emaste.Jun 21 2020, 8:54 PM
emaste added inline comments.
sys/compat/linux/linux_socket.c
1202

what's msg_namelen's type?

trasz added inline comments.Jun 21 2020, 11:57 PM
sys/compat/linux/linux_socket.c
1202

It's socklen_t.

trasz added a reviewer: kib.Jun 22 2020, 1:10 PM
kib added inline comments.Jun 22 2020, 2:35 PM
sys/compat/linux/linux_socket.c
1188

Is it fine to not check msg_namelen there ?

1202

Fix the style while there, msg_name != NULL ?

emaste added inline comments.Jun 22 2020, 4:36 PM
sys/compat/linux/linux_socket.c
1202

should it be > 0 not != 0?

trasz updated this revision to Diff 73793.Jun 27 2020, 11:49 PM

Fix various issues.

trasz marked 2 inline comments as done.Jun 27 2020, 11:50 PM
trasz added inline comments.
sys/compat/linux/linux_socket.c
1202

Not sure if the check is needed, but better safe than sorry.

kib added inline comments.Jul 1 2020, 12:14 AM
sys/compat/linux/linux_socket.c
1189

Is msg_namelen user-controlled ? Does it allow for arbitrary-sized allocations controlled by user ?

1202

Isn't msg_namelen > 0 recheck is redundant ?

trasz added inline comments.Jul 1 2020, 11:04 AM
sys/compat/linux/linux_socket.c
1189

Hah, good catch!

1202

It isn't, that's the whole point of this change: kern_recvit() updates it. I guess I should add a comment about it.

trasz updated this revision to Diff 74058.Jul 3 2020, 8:16 PM

Add comment explaining the second check, and cap the buffer size.

trasz added a comment.Jul 4 2020, 11:24 AM

(Tinderboxed.)

kib added inline comments.Jul 4 2020, 2:47 PM
sys/compat/linux/linux_socket.c
1205

What should the code do if msg->msg_name != NULL but msg->msg_namelen == 0 (after the kern_recvit()) ?

trasz added inline comments.Jul 4 2020, 5:57 PM
sys/compat/linux/linux_socket.c
1205

My guess is it should copyout the new length. But right now the code does not copyout the length in any case, and like previously, I prefer the small steps approach. I'll mention it in the commit message.

trasz edited the summary of this revision. (Show Details)Jul 4 2020, 5:58 PM
kib accepted this revision.Jul 4 2020, 6:38 PM
This revision is now accepted and ready to land.Jul 4 2020, 6:38 PM
This revision was automatically updated to reflect the committed changes.