HomeFreeBSD

Improve handling of control message truncation.

Description

Improve handling of control message truncation.

If a recvmsg(2) or recvmmsg(2) caller doesn't provide sufficient space
for all control messages, the kernel sets MSG_CTRUNC in the message
flags to indicate truncation of the control messages. In the case
of SCM_RIGHTS messages, however, we were failing to dispose of the
rights that had already been externalized into the recipient's file
descriptor table. Add a new function and mbuf type to handle this
cleanup task, and use it any time we fail to copy control messages
out to the recipient. To simplify cleanup, control message truncation
is now only performed at control message boundaries.

The change also fixes a few related bugs:

  • Rights could be leaked to the recipient process if an error occurred while copying out a message's contents.
  • We failed to set MSG_CTRUNC if the truncation occurred on a control message boundary, e.g., if the caller received two control messages and provided only the exact amount of buffer space needed for the first.

PR: 131876
Reviewed by: ed (previous version)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16561

Details

Committed
markjAug 7 2018, 4:36 PM
Reviewer
ed
Differential Revision
D16561: Free rights in truncated control messages.
Parents
rS337422: libc: fix cases of undefined behavior.
Branches
Unknown
Tags
Unknown