Date: Tue, 10 Jan 2017 11:48:01 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 215933] SCM_RIGHTS messages being lost, socket data being lost as well, with example code.. Message-ID: <bug-215933-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215933 Bug ID: 215933 Summary: SCM_RIGHTS messages being lost, socket data being lost as well, with example code.. Product: Base System Version: 10.3-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: ian@niw.com.au Created attachment 178701 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D178701&action= =3Dedit Minimal example code to demonstrate the bug I have a reproducible situation where an entire message including SCM_RIGHT= S is lost when transmitting over a unix domain socket. This situation occurs when the total transmitted data alligns with the size= of the socket buffer. The attached code reproduces this on many platforms including freebsd 8.4, and 10.3. The attached code sends a variable size message without an attached fd, followed by a fixed small size message containing a SCM_RIGHTS message. Som= e of these messages go missing in the kernel. dtrace summing the total of the 'sendmsg' syscalls against the 'recvmsg' syscalls confirms this. Typical output from the attached example is as follows Master sent a total of 18203750 bytes Slave done received a total of 18203190 bytes, dropped 35 frames (Guessed original based on fdesc frame only frame drops 18203750).. The output from the dtrace script which counts the raw syscall return values for sendmsg and recvmsg is as follows Sent=3D18203750 rcvd=3D18203190 This indicates that 35 16 byte messages with an attached file descriptor we= re lost while being transmitted over a unix domain socket. There was no error returned to the sending end. My wild guess is that when the 'data' portion of the message with SCM_RIGHTS fits in the socket buffer, but the 'extra' data for the SCM_RIGHTS does not, the return value indicates a success (bytes total matches requested), but t= he messages is dropped because the SCM_RIGHTS extra data overflows. The output from the example program shows a combined receive very close to = the socket buffer size for every drop. The following dtrace script was used to verify the behaviour at the syscall level. #pragma D option quiet BEGIN { totalsent=3D0; totalrcvd=3D0; } syscall::sendmsg:return /execname =3D=3D "scm_rights_thrash"/ { totalsent+=3Darg1; } syscall::recvmsg:return /execname =3D=3D "scm_rights_thrash"/ { totalrcvd+=3Darg1; } END { printf("Sent=3D%d rcvd=3D%d\n",totalsent,totalrcvd); } --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215933-8>