From owner-freebsd-emulation@freebsd.org  Wed Feb 27 00:32:20 2019
Return-Path: <owner-freebsd-emulation@freebsd.org>
Delivered-To: freebsd-emulation@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D952A1509CFC
 for <freebsd-emulation@mailman.ysv.freebsd.org>;
 Wed, 27 Feb 2019 00:32:19 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 2D22F83B07
 for <freebsd-emulation@freebsd.org>; Wed, 27 Feb 2019 00:32:19 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: by mailman.ysv.freebsd.org (Postfix)
 id E51721509CFB; Wed, 27 Feb 2019 00:32:18 +0000 (UTC)
Delivered-To: emulation@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D23AE1509CFA
 for <emulation@mailman.ysv.freebsd.org>; Wed, 27 Feb 2019 00:32:18 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net
 [199.48.129.229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 74E7583B05
 for <emulation@FreeBSD.org>; Wed, 27 Feb 2019 00:32:18 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001)
 id 085263C475F; Wed, 27 Feb 2019 00:32:17 +0000 (UTC)
Date: Wed, 27 Feb 2019 00:32:16 +0000
From: Brooks Davis <brooks@freebsd.org>
To: Weike.Chen@Dell.com
Cc: emulation@FreeBSD.org
Subject: Re: Potential issues for linux socket syscall
Message-ID: <20190227003216.GI47081@spindle.one-eyed-alien.net>
References: <b2d310eaeb304bf1bdcaa49efe8c4f86@KULX13MDC127.APAC.DELL.COM>
 <20190225184502.GC47081@spindle.one-eyed-alien.net>
 <81956e2f64b843258fc49e33aaca7a2d@KULX13MDC127.APAC.DELL.COM>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="ewQ5hdP4CtoTt3oD"
Content-Disposition: inline
In-Reply-To: <81956e2f64b843258fc49e33aaca7a2d@KULX13MDC127.APAC.DELL.COM>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Rspamd-Queue-Id: 74E7583B05
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.99 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.99)[-0.992,0]; REPLY(-4.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development of Emulators of other operating systems
 <freebsd-emulation.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-emulation>, 
 <mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation/>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
 <mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 00:32:20 -0000


--ewQ5hdP4CtoTt3oD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 26, 2019 at 05:01:54AM +0000, Weike.Chen@Dell.com wrote:
> > From: Brooks Davis <brooks@freebsd.org>
> > Sent: Tuesday, February 26, 2019 2:45 AM
> > To: Chen, Weike <Weike_Chen@Dell.com>
> > Cc: emulation@FreeBSD.org
> > Subject: Re: Potential issues for linux socket syscall
> >=20
> > On Thu, Feb 21, 2019 at 02:57:23AM +0000, Weike.Chen@Dell.com wrote:
> > >
> > > Hi Linux emulation experts,
> > >
> > > I find a potential issue on FreeBSD 12 official release for Linux emu=
lation
> > syscall.
> > >
> > > The function 'linux_getsockname' in 'linux_socket.c' calls
> > 'bsd_to_linux_sockaddr', and it calls 'bsd_to_linux_domain' to convert
> > 'sa_family' from BSD domain to Linux domain.
> > >
> > > But after calling  'bsd_to_linux_sockaddr', 'linux_sa_put' is called,=
 and it calls
> > 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux d=
omain
> > again.
> > > But the 'sa_family' has already been converted.
> > > Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and conv=
erting
> > twice will cause issue.
> >=20
> > This code is definitely unsafe.  I'd opened a bug to track some of this=
 issues at
> > little while ago at:
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232920.
> >=20
> > Would you mind pasting your analysis into that report?
> I have past the analysis with the case and testing result on freebsd and =
linux.

Thanks!

-- Brooks

> > Do you have a simple test case?  I only hit the issue while auditing so=
me general
> > code and so was leary about trying to fix unfamiliar code without one.
> >=20
> > Thanks,
> > Brooks
>=20

--ewQ5hdP4CtoTt3oD
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJcddqQAAoJEKzQXbSebgfAfOsH/0yS0vhDT4zHAPUaFYJubNdU
/vhRbLI7QRyj89vcAN5ABRfFBhaccTNI4Sda4l+FWShhVdhUKvw8PNAHxUS+hQfH
5NdrPGTv6LL+6k1msC6LDQG16D77rxs3U9vlWzCpfSkhA580yws8U7XQQyoKYrYJ
MQkfw0qHooylxWJG6u3mf5REOK2Mzy9LAVqSz2asEXeKDzcrVGA4j8LbbCAvySRa
ej3K67fdX0BNso3bei78GkAU3s/Zjr4ux8MVpY6eH5k5Qqi5lptPvYsH6qEwP7Fm
8bb6EnFzoq79ojIdO21kp7Ku77f+zSCxV8k/eE3mcFaKm7QiTWkZ5prKkA73gQA=
=kSK3
-----END PGP SIGNATURE-----

--ewQ5hdP4CtoTt3oD--