Date: Thu, 14 Jun 2018 16:49:16 -0700 From: Matthew Macy <mmacy@freebsd.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r334960 - head/sys/kern Message-ID: <CAPrugNrH%2Bim6VKJOs=rhfhCOp8q4cwcsikVBLFu%2BM_v2O=Gm9w@mail.gmail.com> In-Reply-To: <20180614230713.GV1005@FreeBSD.org> References: <201806111631.w5BGVh2M051386@repo.freebsd.org> <20180614230713.GV1005@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 2d6dc845938..35bcad41a59 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -2175,6 +2175,7 @@ soreceive_stream(struct socket *so, struct
sockaddr **psa, struct uio *uio,
struct sockbuf *sb;
struct mbuf *m, *n = NULL;
+ MPASS(controlp == NULL);
/* We only do stream sockets. */
if (so->so_type != SOCK_STREAM)
return (EINVAL);
mmacy@VogonPoetry [~|16:38|56] ssh -Y 192.168.1.40
Edit /etc/motd to change this login announcement.
mmacy@entropy [~|16:40|1] xterm &
<panic>
#14 0xffffffff80bcf580 in soreceive_stream (so=0xfffff800441fb790,
psa=0xfffffe09b09b7758, uio=0xfffffe09b09b7790, mp0=0x0,
controlp=0xfffffe09b09b7778, flagsp=0xfffffe09b09b78f4)
at /usr/home/mmacy/devel/freebsd/sys/kern/uipc_socket.c:2178
#15 0xffffffff80bd0ba2 in soreceive (so=0xfffff800441fb790,
psa=0xfffffe09b09b7758, uio=0xfffffe09b09b7790, mp0=0x0,
controlp=0xfffffe09b09b7778, flagsp=0xfffffe09b09b78f4)
at /usr/home/mmacy/devel/freebsd/sys/kern/uipc_socket.c:2567
#16 0xffffffff80bd8e06 in kern_recvit (td=0xfffff8000c8ee000, s=3,
mp=0xfffffe09b09b78c8, fromseg=UIO_USERSPACE, controlp=0x0) at
/usr/home/mmacy/devel/freebsd/sys/kern/uipc_syscalls.c:945
#17 0xffffffff80bd93c7 in recvit (td=0xfffff8000c8ee000, s=3,
mp=0xfffffe09b09b78c8, namelenp=0x0) at
/usr/home/mmacy/devel/freebsd/sys/kern/uipc_syscalls.c:1053
#18 0xffffffff80bd9515 in sys_recvmsg (td=0xfffff8000c8ee000,
uap=0xfffff8000c8ee3c0) at
/usr/home/mmacy/devel/freebsd/sys/kern/uipc_syscalls.c:1169
#19 0xffffffff810cde03 in syscallenter (td=0xfffff8000c8ee000) at
/usr/home/mmacy/devel/freebsd/sys/amd64/amd64/../../kern/subr_syscall.c:135
#20 0xffffffff810cd64d in amd64_syscall (td=0xfffff8000c8ee000,
traced=0) at /usr/home/mmacy/devel/freebsd/sys/amd64/amd64/trap.c:1007
#16 0xffffffff80bd8e06 in kern_recvit (td=0xfffff8000c8ee000, s=3,
mp=0xfffffe09b09b78c8, fromseg=UIO_USERSPACE, controlp=0x0) at
/usr/home/mmacy/devel/freebsd/sys/kern/uipc_syscalls.c:945
945 error = soreceive(so, &fromsa, &auio, NULL,
(kgdb) list
940 #ifdef KTRACE
941 if (KTRPOINT(td, KTR_GENIO))
942 ktruio = cloneuio(&auio);
943 #endif
944 len = auio.uio_resid;
945 error = soreceive(so, &fromsa, &auio, NULL,
946 (mp->msg_control || controlp) ? &control : NULL,
947 &mp->msg_flags);
948 if (error != 0) {
949 if (auio.uio_resid != len && (error == ERESTART ||
(kgdb) p mp->msg_control
$1 = (void *) 0x7fffffffe2e0
int
sys_recvmsg(struct thread *td, struct recvmsg_args *uap)
{
struct msghdr msg;
struct iovec *uiov, *iov;
int error;
error = copyin(uap->msg, &msg, sizeof (msg));
if (error != 0)
return (error);
....
TL;DR X is passing in a msghdr with a control pointer. It isn't used
for anything but returning EINVAL for it is a bug.
-M
On Thu, Jun 14, 2018 at 4:07 PM, Gleb Smirnoff <glebius@freebsd.org> wrote:
> Hi,
>
> On Mon, Jun 11, 2018 at 04:31:43PM +0000, Matt Macy wrote:
> M> Author: mmacy
> M> Date: Mon Jun 11 16:31:42 2018
> M> New Revision: 334960
> M> URL: https://svnweb.freebsd.org/changeset/base/334960
> M>
> M> Log:
> M> soreceive_stream: correctly handle edge cases
> M>
> M> - non NULL controlp is not an error, returning EINVAL
> M> would cause X forwarding to fail
>
> Can you please provide reference for a code that uses
> control messages with a stream socket?
>
> The removed return was in action since FreeBSD 7.0 and
> everything with X forwarding was working, AFAIK.
>
> --
> Gleb Smirnoff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPrugNrH%2Bim6VKJOs=rhfhCOp8q4cwcsikVBLFu%2BM_v2O=Gm9w>