From owner-svn-src-head@freebsd.org Mon Jul 15 23:08:56 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9200AC62E9; Mon, 15 Jul 2019 23:08:56 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D62A84B33; Mon, 15 Jul 2019 23:08:56 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from [IPv6:2a02:8109:1140:c3d:45d6:a5c2:b3fa:a44] (unknown [IPv6:2a02:8109:1140:c3d:45d6:a5c2:b3fa:a44]) (Authenticated sender: macmic) by drew.franken.de (Postfix) with ESMTPSA id C6B1E71E3F46D; Tue, 16 Jul 2019 01:08:52 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: svn commit: r349999 - head/sys/netinet From: Michael Tuexen In-Reply-To: Date: Tue, 16 Jul 2019 01:08:51 +0200 Cc: "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <1FA95CCB-CCD4-44AD-9346-95D1AA16B6E9@freebsd.org> References: <201907151454.x6FEs4g7020630@repo.freebsd.org> To: Oliver Pinter X-Mailer: Apple Mail (2.3445.104.11) X-Spam-Status: No, score=-1.6 required=5.0 tests=ALL_TRUSTED,BAYES_00, IP_LINK_PLUS,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,WEIRD_PORT autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jul 2019 23:08:56 -0000 > On 16. Jul 2019, at 00:55, Oliver Pinter = wrote: >=20 >=20 >=20 > On Monday, July 15, 2019, Michael Tuexen wrote: > Author: tuexen > Date: Mon Jul 15 14:54:04 2019 > New Revision: 349999 > URL: https://svnweb.freebsd.org/changeset/base/349999 >=20 > Log: > Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP. >=20 > This is an FreeBSD extension, not covered by Posix. >=20 > This issue was found by running syzkaller. >=20 > Aren't there syzkaller ids for these findings?=20 I don't think so. It was observed while resolving this issue: = http://212.201.121.91:10000/crash?id=3D6776fd17dd57519d11638604f246aacf5db= af5a2 Just to be clear: this patch is about adding a feature, not fixing a = bug. Best regards Michael > =20 >=20 > MFC after: 1 week >=20 > Modified: > head/sys/netinet/sctp_output.c >=20 > Modified: head/sys/netinet/sctp_output.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/netinet/sctp_output.c Mon Jul 15 14:52:52 2019 = (r349998) > +++ head/sys/netinet/sctp_output.c Mon Jul 15 14:54:04 2019 = (r349999) > @@ -12652,6 +12652,12 @@ sctp_lower_sosend(struct socket *so, > sinfo_flags =3D inp->def_send.sinfo_flags; > sinfo_assoc_id =3D inp->def_send.sinfo_assoc_id; > } > + if (flags & MSG_EOR) { > + sinfo_flags |=3D SCTP_EOR; > + } > + if (flags & MSG_EOF) { > + sinfo_flags |=3D SCTP_EOF; > + } > if (sinfo_flags & SCTP_SENDALL) { > /* its a sendall */ > error =3D sctp_sendall(inp, uio, top, srcv); > @@ -12819,9 +12825,17 @@ sctp_lower_sosend(struct socket *so, > } > } else > asoc =3D &stcb->asoc; > - if (srcv =3D=3D NULL) > + if (srcv =3D=3D NULL) { > srcv =3D (struct sctp_sndrcvinfo *)&asoc->def_send; > - if (srcv->sinfo_flags & SCTP_ADDR_OVER) { > + sinfo_flags =3D srcv->sinfo_flags; > + if (flags & MSG_EOR) { > + sinfo_flags |=3D SCTP_EOR; > + } > + if (flags & MSG_EOF) { > + sinfo_flags |=3D SCTP_EOF; > + } > + } > + if (sinfo_flags & SCTP_ADDR_OVER) { > if (addr) > net =3D sctp_findnet(stcb, addr); > else > @@ -12928,7 +12942,7 @@ sctp_lower_sosend(struct socket *so, > (SCTP_GET_STATE(stcb) =3D=3D SCTP_STATE_SHUTDOWN_RECEIVED) = || > (SCTP_GET_STATE(stcb) =3D=3D SCTP_STATE_SHUTDOWN_ACK_SENT) = || > (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { > - if (srcv->sinfo_flags & SCTP_ABORT) { > + if (sinfo_flags & SCTP_ABORT) { > ; > } else { > SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, = SCTP_FROM_SCTP_OUTPUT, ECONNRESET); > @@ -12941,7 +12955,7 @@ sctp_lower_sosend(struct socket *so, > p->td_ru.ru_msgsnd++; > } > /* Are we aborting? */ > - if (srcv->sinfo_flags & SCTP_ABORT) { > + if (sinfo_flags & SCTP_ABORT) { > struct mbuf *mm; > ssize_t tot_demand, tot_out =3D 0, max_out; >=20 > @@ -13145,7 +13159,7 @@ skip_preblock: > * case NOTE: uio will be null when top/mbuf is passed > */ > if (sndlen =3D=3D 0) { > - if (srcv->sinfo_flags & SCTP_EOF) { > + if (sinfo_flags & SCTP_EOF) { > got_all_of_the_send =3D 1; > goto dataless_eof; > } else { > @@ -13194,7 +13208,7 @@ skip_preblock: > } > sctp_snd_sb_alloc(stcb, sp->length); > atomic_add_int(&asoc->stream_queue_cnt, 1); > - if (srcv->sinfo_flags & SCTP_UNORDERED) { > + if (sinfo_flags & SCTP_UNORDERED) { > = SCTP_STAT_INCR(sctps_sends_with_unord); > } > TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); > @@ -13269,15 +13283,15 @@ skip_preblock: > sctp_snd_sb_alloc(stcb, sndout); > atomic_add_int(&sp->length, sndout); > len +=3D sndout; > - if (srcv->sinfo_flags & = SCTP_SACK_IMMEDIATELY) { > + if (sinfo_flags & = SCTP_SACK_IMMEDIATELY) { > sp->sinfo_flags |=3D = SCTP_SACK_IMMEDIATELY; > } >=20 > /* Did we reach EOR? */ > if ((uio->uio_resid =3D=3D 0) && > ((user_marks_eor =3D=3D 0) || > - (srcv->sinfo_flags & SCTP_EOF) || > - (user_marks_eor && = (srcv->sinfo_flags & SCTP_EOR)))) { > + (sinfo_flags & SCTP_EOF) || > + (user_marks_eor && (sinfo_flags & = SCTP_EOR)))) { > sp->msg_is_complete =3D 1; > } else { > sp->msg_is_complete =3D 0; > @@ -13479,7 +13493,7 @@ skip_preblock: > /* We send in a 0, since we do NOT have any locks */ > error =3D sctp_msg_append(stcb, net, top, srcv, 0); > top =3D NULL; > - if (srcv->sinfo_flags & SCTP_EOF) { > + if (sinfo_flags & SCTP_EOF) { > /* > * This should only happen for Panda for the = mbuf > * send case, which does NOT yet support EEOR = mode. > @@ -13494,7 +13508,7 @@ skip_preblock: > } > dataless_eof: > /* EOF thing ? */ > - if ((srcv->sinfo_flags & SCTP_EOF) && > + if ((sinfo_flags & SCTP_EOF) && > (got_all_of_the_send =3D=3D 1)) { > SCTP_STAT_INCR(sctps_sends_with_eof); > error =3D 0; > _______________________________________________ > svn-src-head@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to = "svn-src-head-unsubscribe@freebsd.org"