From owner-freebsd-emulation@freebsd.org  Tue Feb 26 05:03:24 2019
Return-Path: <owner-freebsd-emulation@freebsd.org>
Delivered-To: freebsd-emulation@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB962150A7A4
 for <freebsd-emulation@mailman.ysv.freebsd.org>;
 Tue, 26 Feb 2019 05:03:24 +0000 (UTC)
 (envelope-from Weike.Chen@dell.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 4DB8E6A85D
 for <freebsd-emulation@freebsd.org>; Tue, 26 Feb 2019 05:03:23 +0000 (UTC)
 (envelope-from Weike.Chen@dell.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 0C234150A7A0; Tue, 26 Feb 2019 05:03:23 +0000 (UTC)
Delivered-To: emulation@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2337150A79F
 for <emulation@mailman.ysv.freebsd.org>; Tue, 26 Feb 2019 05:03:22 +0000 (UTC)
 (envelope-from Weike.Chen@dell.com)
Received: from esa1.dell-outbound.iphmx.com (esa1.dell-outbound.iphmx.com
 [68.232.153.90])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.dell-outbound.iphmx.com",
 Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 23C376A85B;
 Tue, 26 Feb 2019 05:03:21 +0000 (UTC)
 (envelope-from Weike.Chen@dell.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=dell.com; i=@dell.com; q=dns/txt; s=smtpout;
 t=1551157400; x=1582693400;
 h=from:to:cc:subject:date:message-id:references:
 in-reply-to:content-transfer-encoding:mime-version;
 bh=WqDUMn89PSRNB3iYfjcvV4NpKXqKb4wn3ux+byDX6zU=;
 b=Al0cxkVAjO1LwMLrFPpFAEuKd1iDYicTMOWCcqoDo93V71H8++QkA5j1
 5GfuweLUPIYsjSL/3jGFsZO8zKzVgSoiQwhvnx7RdYBmog7u8Vhr2ED+l
 Ly7Zuot3QpKXpGgcm2CUs36Are8Lc6RBYYRdUdccjz+joaSBO12P5ar1W g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2EEAACUx3RchieV50NkGgEBAQEBAgE?=
 =?us-ascii?q?BAQEHAgEBAQGBUwMBAQEBCwGCaoEDJwqMd40JmB6BewsBASMLhD4ChA0iNgc?=
 =?us-ascii?q?NAQMBAQIBAQIBAQIQAQEBCgkLCCkjDII6IhxNawEBAQEBASMCDWMBAQEBAgE?=
 =?us-ascii?q?SKDEOBQsCAQgRBAEBAR4QTwgBAQQOBQgagn4BgWoID58oPQJtgQGJBwEBAYI?=
 =?us-ascii?q?eijcFjEiCFoN1LoMeBBiCFIUUAqNiBwKHQoseIZMXkCqMQQIEAgQFAhSBTgK?=
 =?us-ascii?q?CBnCDPII2iGiFP0ABMQGPHoEfAQE?=
X-IPAS-Result: =?us-ascii?q?A2EEAACUx3RchieV50NkGgEBAQEBAgEBAQEHAgEBAQGBU?=
 =?us-ascii?q?wMBAQEBCwGCaoEDJwqMd40JmB6BewsBASMLhD4ChA0iNgcNAQMBAQIBAQIBA?=
 =?us-ascii?q?QIQAQEBCgkLCCkjDII6IhxNawEBAQEBASMCDWMBAQEBAgESKDEOBQsCAQgRB?=
 =?us-ascii?q?AEBAR4QTwgBAQQOBQgagn4BgWoID58oPQJtgQGJBwEBAYIeijcFjEiCFoN1L?=
 =?us-ascii?q?oMeBBiCFIUUAqNiBwKHQoseIZMXkCqMQQIEAgQFAhSBTgKCBnCDPII2iGiFP?=
 =?us-ascii?q?0ABMQGPHoEfAQE?=
Received: from mx0a-00154901.pphosted.com ([67.231.149.39])
 by esa1.dell-outbound.iphmx.com with ESMTP/TLS/AES256-SHA256;
 25 Feb 2019 23:01:58 -0600
Received: from pps.filterd (m0133268.ppops.net [127.0.0.1])
 by mx0a-00154901.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id
 x1Q4vMk3112440; Tue, 26 Feb 2019 00:01:59 -0500
Received: from esa3.dell-outbound2.iphmx.com (esa3.dell-outbound2.iphmx.com
 [68.232.154.63])
 by mx0a-00154901.pphosted.com with ESMTP id 2qu19xwxf5-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
 Tue, 26 Feb 2019 00:01:59 -0500
From: <Weike.Chen@Dell.com>
Received: from ausxippc101.us.dell.com ([143.166.85.207])
 by esa3.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA256;
 26 Feb 2019 11:01:52 +0600
X-LoopCount0: from 10.166.132.195
X-IronPort-AV: E=Sophos;i="5.58,414,1544508000"; d="scan'208";a="1201751098"
To: <brooks@freebsd.org>
CC: <emulation@FreeBSD.org>
Subject: RE: Potential issues for linux socket syscall
Thread-Topic: Potential issues for linux socket syscall
Thread-Index: AdTJkRnjdwi27OiDRimGEvJTL1Wi7QDZg9EAACY/FrA=
Date: Tue, 26 Feb 2019 05:01:54 +0000
Message-ID: <81956e2f64b843258fc49e33aaca7a2d@KULX13MDC127.APAC.DELL.COM>
References: <b2d310eaeb304bf1bdcaa49efe8c4f86@KULX13MDC127.APAC.DELL.COM>
 <20190225184502.GC47081@spindle.one-eyed-alien.net>
In-Reply-To: <20190225184502.GC47081@spindle.one-eyed-alien.net>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.93.131.111]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
 definitions=2019-02-26_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1810050000 definitions=main-1902260036
X-Rspamd-Queue-Id: 23C376A85B
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.94 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.94)[-0.943,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development of Emulators of other operating systems
 <freebsd-emulation.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-emulation>, 
 <mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation/>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
 <mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 05:03:25 -0000

> From: Brooks Davis <brooks@freebsd.org>
> Sent: Tuesday, February 26, 2019 2:45 AM
> To: Chen, Weike <Weike_Chen@Dell.com>
> Cc: emulation@FreeBSD.org
> Subject: Re: Potential issues for linux socket syscall
>=20
> On Thu, Feb 21, 2019 at 02:57:23AM +0000, Weike.Chen@Dell.com wrote:
> >
> > Hi Linux emulation experts,
> >
> > I find a potential issue on FreeBSD 12 official release for Linux emula=
tion
> syscall.
> >
> > The function 'linux_getsockname' in 'linux_socket.c' calls
> 'bsd_to_linux_sockaddr', and it calls 'bsd_to_linux_domain' to convert
> 'sa_family' from BSD domain to Linux domain.
> >
> > But after calling  'bsd_to_linux_sockaddr', 'linux_sa_put' is called, a=
nd it calls
> 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux dom=
ain
> again.
> > But the 'sa_family' has already been converted.
> > Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and conver=
ting
> twice will cause issue.
>=20
> This code is definitely unsafe.  I'd opened a bug to track some of this i=
ssues at
> little while ago at:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232920.
>=20
> Would you mind pasting your analysis into that report?
I have past the analysis with the case and testing result on freebsd and li=
nux.

>=20
> Do you have a simple test case?  I only hit the issue while auditing some=
 general
> code and so was leary about trying to fix unfamiliar code without one.
>=20
> Thanks,
> Brooks