Date: Wed, 27 Feb 2019 00:32:16 +0000 From: Brooks Davis <brooks@freebsd.org> To: Weike.Chen@Dell.com Cc: emulation@FreeBSD.org Subject: Re: Potential issues for linux socket syscall Message-ID: <20190227003216.GI47081@spindle.one-eyed-alien.net> In-Reply-To: <81956e2f64b843258fc49e33aaca7a2d@KULX13MDC127.APAC.DELL.COM> References: <b2d310eaeb304bf1bdcaa49efe8c4f86@KULX13MDC127.APAC.DELL.COM> <20190225184502.GC47081@spindle.one-eyed-alien.net> <81956e2f64b843258fc49e33aaca7a2d@KULX13MDC127.APAC.DELL.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
--ewQ5hdP4CtoTt3oD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 26, 2019 at 05:01:54AM +0000, Weike.Chen@Dell.com wrote: > > From: Brooks Davis <brooks@freebsd.org> > > Sent: Tuesday, February 26, 2019 2:45 AM > > To: Chen, Weike <Weike_Chen@Dell.com> > > Cc: emulation@FreeBSD.org > > Subject: Re: Potential issues for linux socket syscall > >=20 > > On Thu, Feb 21, 2019 at 02:57:23AM +0000, Weike.Chen@Dell.com wrote: > > > > > > Hi Linux emulation experts, > > > > > > I find a potential issue on FreeBSD 12 official release for Linux emu= lation > > syscall. > > > > > > The function 'linux_getsockname' in 'linux_socket.c' calls > > 'bsd_to_linux_sockaddr', and it calls 'bsd_to_linux_domain' to convert > > 'sa_family' from BSD domain to Linux domain. > > > > > > But after calling 'bsd_to_linux_sockaddr', 'linux_sa_put' is called,= and it calls > > 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux d= omain > > again. > > > But the 'sa_family' has already been converted. > > > Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and conv= erting > > twice will cause issue. > >=20 > > This code is definitely unsafe. I'd opened a bug to track some of this= issues at > > little while ago at: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232920. > >=20 > > Would you mind pasting your analysis into that report? > I have past the analysis with the case and testing result on freebsd and = linux. Thanks! -- Brooks > > Do you have a simple test case? I only hit the issue while auditing so= me general > > code and so was leary about trying to fix unfamiliar code without one. > >=20 > > Thanks, > > Brooks >=20 --ewQ5hdP4CtoTt3oD Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJcddqQAAoJEKzQXbSebgfAfOsH/0yS0vhDT4zHAPUaFYJubNdU /vhRbLI7QRyj89vcAN5ABRfFBhaccTNI4Sda4l+FWShhVdhUKvw8PNAHxUS+hQfH 5NdrPGTv6LL+6k1msC6LDQG16D77rxs3U9vlWzCpfSkhA580yws8U7XQQyoKYrYJ MQkfw0qHooylxWJG6u3mf5REOK2Mzy9LAVqSz2asEXeKDzcrVGA4j8LbbCAvySRa ej3K67fdX0BNso3bei78GkAU3s/Zjr4ux8MVpY6eH5k5Qqi5lptPvYsH6qEwP7Fm 8bb6EnFzoq79ojIdO21kp7Ku77f+zSCxV8k/eE3mcFaKm7QiTWkZ5prKkA73gQA= =kSK3 -----END PGP SIGNATURE----- --ewQ5hdP4CtoTt3oD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190227003216.GI47081>