From owner-svn-src-all@freebsd.org Tue Aug 18 14:17:15 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A003F3BDCD6; Tue, 18 Aug 2020 14:17:15 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BWCfM3mqmz47nx; Tue, 18 Aug 2020 14:17:15 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 64B4112CD9; Tue, 18 Aug 2020 14:17:15 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 07IEHF15097024; Tue, 18 Aug 2020 14:17:15 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 07IEHFt1097023; Tue, 18 Aug 2020 14:17:15 GMT (envelope-from markj@FreeBSD.org) Message-Id: <202008181417.07IEHFt1097023@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Tue, 18 Aug 2020 14:17:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r364346 - head/sys/compat/linux X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: head/sys/compat/linux X-SVN-Commit-Revision: 364346 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Aug 2020 14:17:15 -0000 Author: markj Date: Tue Aug 18 14:17:14 2020 New Revision: 364346 URL: https://svnweb.freebsd.org/changeset/base/364346 Log: Fix handling of ancillary data on non-AF_UNIX Linux sockets. After r340674, the "continue" would restart the loop without having updated clen, resulting in an infinite loop. Restore the old behaviour of simply ignoring all control messages on such sockets, since we currently only implement handling for AF_UNIX-specific messages. Reported by: syzkaller Reviewed by: tijl MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D26093 Modified: head/sys/compat/linux/linux_socket.c Modified: head/sys/compat/linux/linux_socket.c ============================================================================== --- head/sys/compat/linux/linux_socket.c Tue Aug 18 14:09:49 2020 (r364345) +++ head/sys/compat/linux/linux_socket.c Tue Aug 18 14:17:14 2020 (r364346) @@ -1067,7 +1067,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc * FreeBSD system call interface. */ if (sa_family != AF_UNIX) - continue; + goto next; if (cmsg->cmsg_type == SCM_CREDS) { len = sizeof(struct cmsgcred); @@ -1094,6 +1094,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc data = (char *)data + CMSG_SPACE(len); datalen += CMSG_SPACE(len); +next: if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len)) break;