Date: Tue, 16 Jul 2019 01:08:51 +0200 From: Michael Tuexen <tuexen@freebsd.org> To: Oliver Pinter <oliver.pinter@hardenedbsd.org> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r349999 - head/sys/netinet Message-ID: <1FA95CCB-CCD4-44AD-9346-95D1AA16B6E9@freebsd.org> In-Reply-To: <CAPQ4ffsq9Eyt1h-wgPsvAiYE4KSEw_qW_qoR9KpQWPoKYcjngA@mail.gmail.com> References: <201907151454.x6FEs4g7020630@repo.freebsd.org> <CAPQ4ffsq9Eyt1h-wgPsvAiYE4KSEw_qW_qoR9KpQWPoKYcjngA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 16. Jul 2019, at 00:55, Oliver Pinter = <oliver.pinter@hardenedbsd.org> wrote: >=20 >=20 >=20 > On Monday, July 15, 2019, Michael Tuexen <tuexen@freebsd.org> wrote: > Author: tuexen > Date: Mon Jul 15 14:54:04 2019 > New Revision: 349999 > URL: https://svnweb.freebsd.org/changeset/base/349999 >=20 > Log: > Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP. >=20 > This is an FreeBSD extension, not covered by Posix. >=20 > This issue was found by running syzkaller. >=20 > Aren't there syzkaller ids for these findings?=20 I don't think so. It was observed while resolving this issue: = http://212.201.121.91:10000/crash?id=3D6776fd17dd57519d11638604f246aacf5db= af5a2 Just to be clear: this patch is about adding a feature, not fixing a = bug. Best regards Michael > =20 >=20 > MFC after: 1 week >=20 > Modified: > head/sys/netinet/sctp_output.c >=20 > Modified: head/sys/netinet/sctp_output.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/netinet/sctp_output.c Mon Jul 15 14:52:52 2019 = (r349998) > +++ head/sys/netinet/sctp_output.c Mon Jul 15 14:54:04 2019 = (r349999) > @@ -12652,6 +12652,12 @@ sctp_lower_sosend(struct socket *so, > sinfo_flags =3D inp->def_send.sinfo_flags; > sinfo_assoc_id =3D inp->def_send.sinfo_assoc_id; > } > + if (flags & MSG_EOR) { > + sinfo_flags |=3D SCTP_EOR; > + } > + if (flags & MSG_EOF) { > + sinfo_flags |=3D SCTP_EOF; > + } > if (sinfo_flags & SCTP_SENDALL) { > /* its a sendall */ > error =3D sctp_sendall(inp, uio, top, srcv); > @@ -12819,9 +12825,17 @@ sctp_lower_sosend(struct socket *so, > } > } else > asoc =3D &stcb->asoc; > - if (srcv =3D=3D NULL) > + if (srcv =3D=3D NULL) { > srcv =3D (struct sctp_sndrcvinfo *)&asoc->def_send; > - if (srcv->sinfo_flags & SCTP_ADDR_OVER) { > + sinfo_flags =3D srcv->sinfo_flags; > + if (flags & MSG_EOR) { > + sinfo_flags |=3D SCTP_EOR; > + } > + if (flags & MSG_EOF) { > + sinfo_flags |=3D SCTP_EOF; > + } > + } > + if (sinfo_flags & SCTP_ADDR_OVER) { > if (addr) > net =3D sctp_findnet(stcb, addr); > else > @@ -12928,7 +12942,7 @@ sctp_lower_sosend(struct socket *so, > (SCTP_GET_STATE(stcb) =3D=3D SCTP_STATE_SHUTDOWN_RECEIVED) = || > (SCTP_GET_STATE(stcb) =3D=3D SCTP_STATE_SHUTDOWN_ACK_SENT) = || > (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { > - if (srcv->sinfo_flags & SCTP_ABORT) { > + if (sinfo_flags & SCTP_ABORT) { > ; > } else { > SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, = SCTP_FROM_SCTP_OUTPUT, ECONNRESET); > @@ -12941,7 +12955,7 @@ sctp_lower_sosend(struct socket *so, > p->td_ru.ru_msgsnd++; > } > /* Are we aborting? */ > - if (srcv->sinfo_flags & SCTP_ABORT) { > + if (sinfo_flags & SCTP_ABORT) { > struct mbuf *mm; > ssize_t tot_demand, tot_out =3D 0, max_out; >=20 > @@ -13145,7 +13159,7 @@ skip_preblock: > * case NOTE: uio will be null when top/mbuf is passed > */ > if (sndlen =3D=3D 0) { > - if (srcv->sinfo_flags & SCTP_EOF) { > + if (sinfo_flags & SCTP_EOF) { > got_all_of_the_send =3D 1; > goto dataless_eof; > } else { > @@ -13194,7 +13208,7 @@ skip_preblock: > } > sctp_snd_sb_alloc(stcb, sp->length); > atomic_add_int(&asoc->stream_queue_cnt, 1); > - if (srcv->sinfo_flags & SCTP_UNORDERED) { > + if (sinfo_flags & SCTP_UNORDERED) { > = SCTP_STAT_INCR(sctps_sends_with_unord); > } > TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); > @@ -13269,15 +13283,15 @@ skip_preblock: > sctp_snd_sb_alloc(stcb, sndout); > atomic_add_int(&sp->length, sndout); > len +=3D sndout; > - if (srcv->sinfo_flags & = SCTP_SACK_IMMEDIATELY) { > + if (sinfo_flags & = SCTP_SACK_IMMEDIATELY) { > sp->sinfo_flags |=3D = SCTP_SACK_IMMEDIATELY; > } >=20 > /* Did we reach EOR? */ > if ((uio->uio_resid =3D=3D 0) && > ((user_marks_eor =3D=3D 0) || > - (srcv->sinfo_flags & SCTP_EOF) || > - (user_marks_eor && = (srcv->sinfo_flags & SCTP_EOR)))) { > + (sinfo_flags & SCTP_EOF) || > + (user_marks_eor && (sinfo_flags & = SCTP_EOR)))) { > sp->msg_is_complete =3D 1; > } else { > sp->msg_is_complete =3D 0; > @@ -13479,7 +13493,7 @@ skip_preblock: > /* We send in a 0, since we do NOT have any locks */ > error =3D sctp_msg_append(stcb, net, top, srcv, 0); > top =3D NULL; > - if (srcv->sinfo_flags & SCTP_EOF) { > + if (sinfo_flags & SCTP_EOF) { > /* > * This should only happen for Panda for the = mbuf > * send case, which does NOT yet support EEOR = mode. > @@ -13494,7 +13508,7 @@ skip_preblock: > } > dataless_eof: > /* EOF thing ? */ > - if ((srcv->sinfo_flags & SCTP_EOF) && > + if ((sinfo_flags & SCTP_EOF) && > (got_all_of_the_send =3D=3D 1)) { > SCTP_STAT_INCR(sctps_sends_with_eof); > error =3D 0; > _______________________________________________ > svn-src-head@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to = "svn-src-head-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1FA95CCB-CCD4-44AD-9346-95D1AA16B6E9>