From nobody Wed Sep 07 15:47:36 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MN68W59Qbz4bTvN; Wed, 7 Sep 2022 15:47:39 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MN68W2B2rz3tXg; Wed, 7 Sep 2022 15:47:39 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: by mail-lf1-x12b.google.com with SMTP id p7so23110292lfu.3; Wed, 07 Sep 2022 08:47:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date; bh=9Wh4ath8Kqdo0730b0BD6ub6mi74FmWFnvb0TXJ/7/4=; b=fI9iOevMpirvzOU1HmliOl7nhIEI5AlefmtPQM0G9uBS3422oOsfPNvvXT8j0DJaTm FHU6imLbPAH+23KEHZI9JnAatmBsaTuVIBbwmG+PJdjx1QEpS1f6t2JZEIy626XENp8E 6x59y/ZGaPFGPkWWyEEEdsFCEph1UKA7T4YdjgXd7IrGznVjbkwIHF/5CKy/r6hpjqS6 CTD92IA8x9M0w+fL3GkFClQpnGEY3NWCDOx6wfr9r5srL8LI2H/6SSsN5lto9c8ZhrwN IKdqkMhCZXL29LOTEUZdqXKZalKk8OREGdTCQUFdJevsqrXYdtzC5BrL13e6IqgWzfZF ww6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=9Wh4ath8Kqdo0730b0BD6ub6mi74FmWFnvb0TXJ/7/4=; b=rP0IiqCR1Hu5tPgkZazVkHmSaAbqB8ZpMXUtYpbeF8ow4OXA49WwLbcTA2qyr1kgbB 8fHJkYKgueDkcD9ZTPiRpbdqtwh85UfY8va4FDkXnZByiobE1S4pM8HgKYwEDrEPZOmI ISoKYc3JP9LwF/yHBaRyPsjxdsXNw43LiH/uhgL9UsLTcm/UrVWyXTZwFoHC9bJCw5ic gEYcOvFBYdyM8WYbT5RXKGYroV2JOxCUqJwOhVAHsoGAIh6RBB6Ufa3SZka1dLhxOQnX YNMX5j2k+Gk1tsRWwn+v6k233nIT4h2pFqjldCs+Zo/WFlPh+KqfpX+dQTrAm6AkdoUW p6MA== X-Gm-Message-State: ACgBeo2UvH8s5FOlVQoiM87k2rZL+ZDHdvMNvfOXyAgL9xjNvLYTf0UE RJOjAjlsERelNJfLZ8Si06tU7rYj22qJGi7VUGloAjnY X-Google-Smtp-Source: AA6agR7/oW/iZC2BTJtNK5Q9f+Jdyx1vjJd9xI35imNSWuBHHUlbTSRn61NPVT1qasOj9NaWA4RTnA3ILZh6B/tfMMU= X-Received: by 2002:a05:6512:1289:b0:492:ca81:9a8 with SMTP id u9-20020a056512128900b00492ca8109a8mr1441091lfs.457.1662565657617; Wed, 07 Sep 2022 08:47:37 -0700 (PDT) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Received: by 2002:a05:6520:14d:b0:211:6cae:be17 with HTTP; Wed, 7 Sep 2022 08:47:36 -0700 (PDT) In-Reply-To: <202205282053.24SKrGta099233@gitrepo.freebsd.org> References: <202205282053.24SKrGta099233@gitrepo.freebsd.org> From: Mateusz Guzik Date: Wed, 7 Sep 2022 17:47:36 +0200 Message-ID: Subject: Re: git: 3a99aac66f8d - main - linux(4): Check the socket before any others sanity checks To: Dmitry Chagin Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4MN68W2B2rz3tXg X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=fI9iOevM; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mjguzik@gmail.com designates 2a00:1450:4864:20::12b as permitted sender) smtp.mailfrom=mjguzik@gmail.com X-Spamd-Result: default: False [-3.24 / 15.00]; NEURAL_HAM_LONG(-0.94)[-0.943]; NEURAL_HAM_SHORT(-0.86)[-0.863]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_MEDIUM(-0.44)[-0.438]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org,dev-commits-src-main@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::12b:from]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N On 5/28/22, Dmitry Chagin wrote: > The branch main has been updated by dchagin: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3a99aac66f8d12386e8382aaf29d2e82e6b5353b > > commit 3a99aac66f8d12386e8382aaf29d2e82e6b5353b > Author: Dmitry Chagin > AuthorDate: 2022-05-28 20:29:12 +0000 > Commit: Dmitry Chagin > CommitDate: 2022-05-28 20:29:12 +0000 > > linux(4): Check the socket before any others sanity checks > > Strictly speaking, this check is performed by the kern_recvit(), but in > the Linux emulation layer before calling the kernel we do other sanity > checks and conversions from Linux types to the native types. This > changes > an order of the error returning that is critical for some buggy Linux > applications. > > For recvmmsg() syscall this fixes a panic in case when the > user-supplied > vlen value is 0, then error is not initialized and garbage passed to > the > bsd_to_linux_errno(). > > MFC after: 2 weeks > --- > sys/compat/linux/linux_socket.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/sys/compat/linux/linux_socket.c > b/sys/compat/linux/linux_socket.c > index b5ec32835981..8aa425bc14c0 100644 > --- a/sys/compat/linux/linux_socket.c > +++ b/sys/compat/linux/linux_socket.c > @@ -1731,7 +1731,14 @@ int > linux_recvmsg(struct thread *td, struct linux_recvmsg_args *args) > { > struct msghdr bsd_msg; > + struct file *fp; > + int error; > > + error = getsock_cap(td, args->s, &cap_recv_rights, > + &fp, NULL, NULL); > + if (error != 0) > + return (error); > + fdrop(fp, td); > return (linux_recvmsg_common(td, args->s, PTRIN(args->msg), > args->flags, &bsd_msg)); > } but linux_recvmsg_common starts with performing literally the same op, what's the point of this bit? Note if it was really fixing anything it would be racy against malicious userspace which can replace fds in the middle. > @@ -1742,9 +1749,14 @@ linux_recvmmsg_common(struct thread *td, l_int s, > struct l_mmsghdr *msg, > { > struct msghdr bsd_msg; > struct timespec ts; > + struct file *fp; > l_uint retval; > int error, datagrams; > > + error = getsock_cap(td, s, &cap_recv_rights, > + &fp, NULL, NULL); > + if (error != 0) > + return (error); > datagrams = 0; > while (datagrams < vlen) { > error = linux_recvmsg_common(td, s, &msg->msg_hdr, > @@ -1780,6 +1792,7 @@ linux_recvmmsg_common(struct thread *td, l_int s, > struct l_mmsghdr *msg, > } > if (error == 0) > td->td_retval[0] = datagrams; > + fdrop(fp, td); > return (error); > } > > -- Mateusz Guzik