From nobody Thu Sep 08 07:38:20 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MNWFf10shz4bQSW; Thu, 8 Sep 2022 07:38:30 +0000 (UTC) (envelope-from dchagin@heemeyer.club) Received: from heemeyer.club (heemeyer.club [195.93.173.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4MNWFd67JNz3c4f; Thu, 8 Sep 2022 07:38:29 +0000 (UTC) (envelope-from dchagin@heemeyer.club) Received: from heemeyer.club (localhost [127.0.0.1]) by heemeyer.club (8.17.1/8.16.1) with ESMTP id 2887cKs6031990; Thu, 8 Sep 2022 10:38:21 +0300 (MSK) (envelope-from dchagin@heemeyer.club) Received: (from dchagin@localhost) by heemeyer.club (8.17.1/8.16.1/Submit) id 2887cKeP031989; Thu, 8 Sep 2022 10:38:20 +0300 (MSK) (envelope-from dchagin) Date: Thu, 8 Sep 2022 10:38:20 +0300 From: Dmitry Chagin To: Mateusz Guzik Cc: Dmitry Chagin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 3a99aac66f8d - main - linux(4): Check the socket before any others sanity checks Message-ID: References: <202205282053.24SKrGta099233@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Rspamd-Queue-Id: 4MNWFd67JNz3c4f X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Wed, Sep 07, 2022 at 05:47:36PM +0200, Mateusz Guzik wrote: > On 5/28/22, Dmitry Chagin wrote: > > The branch main has been updated by dchagin: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=3a99aac66f8d12386e8382aaf29d2e82e6b5353b > > > > commit 3a99aac66f8d12386e8382aaf29d2e82e6b5353b > > Author: Dmitry Chagin > > AuthorDate: 2022-05-28 20:29:12 +0000 > > Commit: Dmitry Chagin > > CommitDate: 2022-05-28 20:29:12 +0000 > > > > linux(4): Check the socket before any others sanity checks > > > > Strictly speaking, this check is performed by the kern_recvit(), but in > > the Linux emulation layer before calling the kernel we do other sanity > > checks and conversions from Linux types to the native types. This > > changes > > an order of the error returning that is critical for some buggy Linux > > applications. > > > > For recvmmsg() syscall this fixes a panic in case when the > > user-supplied > > vlen value is 0, then error is not initialized and garbage passed to > > the > > bsd_to_linux_errno(). > > > > MFC after: 2 weeks > > --- > > sys/compat/linux/linux_socket.c | 13 +++++++++++++ > > 1 file changed, 13 insertions(+) > > > > diff --git a/sys/compat/linux/linux_socket.c > > b/sys/compat/linux/linux_socket.c > > index b5ec32835981..8aa425bc14c0 100644 > > --- a/sys/compat/linux/linux_socket.c > > +++ b/sys/compat/linux/linux_socket.c > > @@ -1731,7 +1731,14 @@ int > > linux_recvmsg(struct thread *td, struct linux_recvmsg_args *args) > > { > > struct msghdr bsd_msg; > > + struct file *fp; > > + int error; > > > > + error = getsock_cap(td, args->s, &cap_recv_rights, > > + &fp, NULL, NULL); > > + if (error != 0) > > + return (error); > > + fdrop(fp, td); > > return (linux_recvmsg_common(td, args->s, PTRIN(args->msg), > > args->flags, &bsd_msg)); > > } > > but linux_recvmsg_common starts with performing literally the same op, > what's the point of this bit? > > Note if it was really fixing anything it would be racy against > malicious userspace which can replace fds in the middle. > ihi, thanks, I'll look a little later, really busy preparing for the competition > > @@ -1742,9 +1749,14 @@ linux_recvmmsg_common(struct thread *td, l_int s, > > struct l_mmsghdr *msg, > > { > > struct msghdr bsd_msg; > > struct timespec ts; > > + struct file *fp; > > l_uint retval; > > int error, datagrams; > > > > + error = getsock_cap(td, s, &cap_recv_rights, > > + &fp, NULL, NULL); > > + if (error != 0) > > + return (error); > > datagrams = 0; > > while (datagrams < vlen) { > > error = linux_recvmsg_common(td, s, &msg->msg_hdr, > > @@ -1780,6 +1792,7 @@ linux_recvmmsg_common(struct thread *td, l_int s, > > struct l_mmsghdr *msg, > > } > > if (error == 0) > > td->td_retval[0] = datagrams; > > + fdrop(fp, td); > > return (error); > > } > > > > > > > -- > Mateusz Guzik