From owner-freebsd-emulation@freebsd.org  Mon Feb 25 18:45:05 2019
Return-Path: <owner-freebsd-emulation@freebsd.org>
Delivered-To: freebsd-emulation@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91D7415121B8
 for <freebsd-emulation@mailman.ysv.freebsd.org>;
 Mon, 25 Feb 2019 18:45:05 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 10AA072C96
 for <freebsd-emulation@freebsd.org>; Mon, 25 Feb 2019 18:45:05 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: by mailman.ysv.freebsd.org (Postfix)
 id BE21315121B7; Mon, 25 Feb 2019 18:45:04 +0000 (UTC)
Delivered-To: emulation@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB50215121B6
 for <emulation@mailman.ysv.freebsd.org>; Mon, 25 Feb 2019 18:45:04 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net
 [199.48.129.229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7928572C94
 for <emulation@FreeBSD.org>; Mon, 25 Feb 2019 18:45:03 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001)
 id 27CED3C475F; Mon, 25 Feb 2019 18:45:02 +0000 (UTC)
Date: Mon, 25 Feb 2019 18:45:02 +0000
From: Brooks Davis <brooks@freebsd.org>
To: Weike.Chen@Dell.com
Cc: emulation@FreeBSD.org
Subject: Re: Potential issues for linux socket syscall
Message-ID: <20190225184502.GC47081@spindle.one-eyed-alien.net>
References: <b2d310eaeb304bf1bdcaa49efe8c4f86@KULX13MDC127.APAC.DELL.COM>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="SkvwRMAIpAhPCcCJ"
Content-Disposition: inline
In-Reply-To: <b2d310eaeb304bf1bdcaa49efe8c4f86@KULX13MDC127.APAC.DELL.COM>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Rspamd-Queue-Id: 7928572C94
X-Spamd-Bar: -------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-7.49 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[];
 IP_SCORE(-3.60)[ip: (-9.36), ipnet: 199.48.128.0/22(-4.67), asn: 36236(-3.90),
 country: US(-0.07)]; 
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[freebsd.org];
 AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[cached: spindle.one-eyed-alien.net];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.98)[-0.979,0];
 R_SPF_NA(0.00)[]; SIGNED_PGP(-2.00)[];
 FORGED_SENDER(0.30)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+];
 ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US];
 FROM_NEQ_ENVFROM(0.00)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net]; 
 RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development of Emulators of other operating systems
 <freebsd-emulation.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-emulation>, 
 <mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation/>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
 <mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2019 18:45:05 -0000


--SkvwRMAIpAhPCcCJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 21, 2019 at 02:57:23AM +0000, Weike.Chen@Dell.com wrote:
>=20
> Hi Linux emulation experts,
>=20
> I find a potential issue on FreeBSD 12 official release for Linux emulati=
on syscall.
>=20
> The function 'linux_getsockname' in 'linux_socket.c' calls 'bsd_to_linux_=
sockaddr', and it calls 'bsd_to_linux_domain' to convert 'sa_family' from B=
SD domain to Linux domain.
>=20
> But after calling  'bsd_to_linux_sockaddr', 'linux_sa_put' is called, and=
 it calls 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to L=
inux domain again.
> But the 'sa_family' has already been converted.
> Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and converti=
ng twice will cause issue.=20

This code is definitely unsafe.  I'd opened a bug to track some of this
issues at little while ago at:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232920.

Would you mind pasting your analysis into that report?

Do you have a simple test case?  I only hit the issue while auditing
some general code and so was leary about trying to fix unfamiliar code
without one.

Thanks,
Brooks

--SkvwRMAIpAhPCcCJ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJcdDetAAoJEKzQXbSebgfAPIMH/RTQ/zcQyfmknlW/hH/ZorMo
PuZRG0QGje5enXEAwaxejbbxADonVjujYd0m1QNwizfsmmE1tmc6Lfz5gQ4adCqQ
MsVLl20xeRK9+CDfZ5n0nomrV1eoi9JTJnFVefeuvEOSO2oCL3DvCuLhjiUFWJyo
Run4NTbhMkViHKQSgKaZNeWY0su+XQ42lv/CsVCLF51PKhZNpN8weRwl2qRiR7Ee
sZnc24JJTwr9SKXeW5Xduesav7yewxPtM5iQBsbX2tY3oTFML7cBfPrwFBeG2qbI
KbW4EldfPWOlrj9D7UFNX+mOm8hyM16SpEWPGADhhXs8Nd8qvdBQWE4r6eDmAX0=
=O+P5
-----END PGP SIGNATURE-----

--SkvwRMAIpAhPCcCJ--