Page MenuHomeFreeBSD
Differential D52651

rpcbind: Fix a coredump that occurs when rpcinfo is done
ClosedPublic
Actions

Authored by rmacklem on Sat, Sep 20, 11:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 9, 7:20 PM
Unknown Object (File)
Thu, Oct 9, 7:20 PM
Unknown Object (File)
Thu, Oct 9, 7:20 PM
Unknown Object (File)
Thu, Oct 9, 4:50 PM
Unknown Object (File)
Fri, Oct 3, 11:55 AM
Unknown Object (File)
Fri, Oct 3, 11:01 AM
Unknown Object (File)
Wed, Oct 1, 6:45 PM
Unknown Object (File)
Tue, Sep 30, 9:21 AM
View All 14 Files
Subscribers
imp

Details

Reviewers
glebius
markj
Commits
rG70730cd21c9f: rpc_generic.c: Fix a rpcbind core dump when rpcinfo is done
Summary

Commit c5d671b added netlink support to
server side rpcbind. However it did not add
a case for AF_NETLINK to __rpc_taddr2uaddr_af().
(Reported as PR#289625.)

As such, without this patch the r_addr field of the
netlink rbllist is NULL, which causes a crash in
svc_sendreply() for a Dump query (what rpcinfo
does).

This patch fixes the crash, but I have no idea what
the correct string for a netlink address should be?

Test Plan

Tested by linking rpcbind to a patched rpc_generic.c.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

rmacklem created this revision.Sat, Sep 20, 11:10 PM
Herald added a subscriber: imp. · View Herald TranscriptSat, Sep 20, 11:10 PM
rmacklem requested review of this revision.Sat, Sep 20, 11:10 PM
rmacklem edited the summary of this revision. (Show Details)
glebius added a comment.Wed, Sep 24, 6:36 AM

What code does call into this function with netlink argument? IMHO, this transport layer abstraction of RPC is a big code bloat where most of the code is never executed. Of course a crash if it happens needs to be fixed.

rmacklem added a comment.Thu, Sep 25, 10:05 PM
In D52651#1203905, @glebius wrote:

What code does call into this function with netlink argument? IMHO, this transport layer abstraction of RPC is a big code bloat where most of the code is never executed. Of course a crash if it happens needs to be fixed.

Yea, it's old Sun RPC code written back when ISO TP4 was going to
replace TCP very soon.

Before the netlink patch, rpcinfo generated:

program version netid     address                service    owner
 100000    4    tcp       0.0.0.0.0.111          rpcbind    superuser
 100000    3    tcp       0.0.0.0.0.111          rpcbind    superuser
 100000    2    tcp       0.0.0.0.0.111          rpcbind    superuser
 100000    4    udp       0.0.0.0.0.111          rpcbind    superuser
 100000    3    udp       0.0.0.0.0.111          rpcbind    superuser
 100000    2    udp       0.0.0.0.0.111          rpcbind    superuser
 100000    4    tcp6      ::.0.111               rpcbind    superuser
 100000    3    tcp6      ::.0.111               rpcbind    superuser
 100000    4    udp6      ::.0.111               rpcbind    superuser
 100000    3    udp6      ::.0.111               rpcbind    superuser
 100000    4    local     /var/run/rpcbind.sock  rpcbind    superuser
 100000    3    local     /var/run/rpcbind.sock  rpcbind    superuser
 100000    2    local     /var/run/rpcbind.sock  rpcbind    superuser

Now, with this patch:

program version netid     address                service    owner
 100000    4    netlink   netlink                rpcbind    superuser
 100000    3    netlink   netlink                rpcbind    superuser
 100000    4    tcp       0.0.0.0.0.111          rpcbind    superuser
 100000    3    tcp       0.0.0.0.0.111          rpcbind    superuser
 100000    2    tcp       0.0.0.0.0.111          rpcbind    superuser
 100000    4    udp       0.0.0.0.0.111          rpcbind    superuser
 100000    3    udp       0.0.0.0.0.111          rpcbind    superuser
 100000    2    udp       0.0.0.0.0.111          rpcbind    superuser
 100000    4    tcp6      ::.0.111               rpcbind    superuser
 100000    3    tcp6      ::.0.111               rpcbind    superuser
 100000    4    udp6      ::.0.111               rpcbind    superuser
 100000    3    udp6      ::.0.111               rpcbind    superuser
 100000    4    local     /var/run/rpcbind.sock  rpcbind    superuser
 100000    3    local     /var/run/rpcbind.sock  rpcbind    superuser
 100000    2    local     /var/run/rpcbind.sock  rpcbind    superuser

So, this patch adds the two netlink entries at the top.
I'm not sure they mean anything here, so I think it
might be better to change the patch so it just skips
over them.

What do you think?

rmacklem added a comment.Thu, Sep 25, 10:49 PM
In D52651#1203905, @glebius wrote:

What code does call into this function with netlink argument? IMHO, this transport layer abstraction of RPC is a big code bloat where most of the code is never executed. Of course a crash if it happens needs to be fixed.

Even if you think rpcinfo should not get the
"netlink" entries, the proposed patch (with
some string for address, I don't care what it is)
is needed, since callers do not expect r_addr to be NULL.

rmacklem added a comment.Sat, Sep 27, 7:24 PM

Just fyi. Unless I hear otherwise I am going to commit
this patch Monday, so that it can be MFC'd to stable/15.
It stops rpcbind from crashing. If others don't like the
choice of address string for netlink, that can be changed
later.

glebius requested changes to this revision.Sun, Sep 28, 7:30 AM

I see, in

lib/libc/rpc/rpc_generic.c
625

The result would be the same in case of rpcbind. It already has "netlink" hardcoded there.

This revision now requires changes to proceed.Sun, Sep 28, 7:30 AM
rmacklem added inline comments.Sun, Sep 28, 1:35 PM
lib/libc/rpc/rpc_generic.c
625

So, tell me what string you want here
today, since I am committing it tomorrow.
I don't care what it is.

"netlink-local"
"local"
"local-addr"
or ??

glebius added inline comments.Sun, Sep 28, 2:17 PM
lib/libc/rpc/rpc_generic.c
625

No hardcoded string, but treat nbuf->buf as NULL terminated string. See suggested edit above ^^

glebius added a comment.Sun, Sep 28, 2:24 PM
if (asprintf(&ret, "%s", (char *)nbuf->buf) < 0)
rmacklem marked 2 inline comments as done.Sun, Sep 28, 2:44 PM
rmacklem added inline comments.
lib/libc/rpc/rpc_generic.c
625

Ok. Sorry. I didn't look at the code, just the
comment.

I've changed the patch to do the above.

Thanks.

glebius accepted this revision.Sun, Sep 28, 2:44 PM
This revision is now accepted and ready to land.Sun, Sep 28, 2:44 PM
Closed by commit rG70730cd21c9f: rpc_generic.c: Fix a rpcbind core dump when rpcinfo is done (authored by rmacklem). · Explain WhySun, Sep 28, 3:01 PM
This revision was automatically updated to reflect the committed changes.
rmacklem marked an inline comment as done.
rmacklem added a commit: rG70730cd21c9f: rpc_generic.c: Fix a rpcbind core dump when rpcinfo is done.

Revision Contents
Changeset List

PathSize
lib/
libc/
rpc/
4 lines

Diff 162997

View Options

lib/libc/rpc/rpc_generic.c

Loading...