svn commit: r351975 - stable/12/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Sat Sep 7 10:53:30 UTC 2019
Author: tuexen
Date: Sat Sep 7 10:53:29 2019
New Revision: 351975
URL: https://svnweb.freebsd.org/changeset/base/351975
Log:
MFC r349999:
Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.
This is an FreeBSD extension, not covered by Posix.
This issue was found by running syzkaller.
Modified:
stable/12/sys/netinet/sctp_output.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netinet/sctp_output.c
==============================================================================
--- stable/12/sys/netinet/sctp_output.c Sat Sep 7 10:51:33 2019 (r351974)
+++ stable/12/sys/netinet/sctp_output.c Sat Sep 7 10:53:29 2019 (r351975)
@@ -12652,6 +12652,12 @@ sctp_lower_sosend(struct socket *so,
sinfo_flags = inp->def_send.sinfo_flags;
sinfo_assoc_id = inp->def_send.sinfo_assoc_id;
}
+ if (flags & MSG_EOR) {
+ sinfo_flags |= SCTP_EOR;
+ }
+ if (flags & MSG_EOF) {
+ sinfo_flags |= SCTP_EOF;
+ }
if (sinfo_flags & SCTP_SENDALL) {
/* its a sendall */
error = sctp_sendall(inp, uio, top, srcv);
@@ -12819,9 +12825,17 @@ sctp_lower_sosend(struct socket *so,
}
} else
asoc = &stcb->asoc;
- if (srcv == NULL)
+ if (srcv == NULL) {
srcv = (struct sctp_sndrcvinfo *)&asoc->def_send;
- if (srcv->sinfo_flags & SCTP_ADDR_OVER) {
+ sinfo_flags = srcv->sinfo_flags;
+ if (flags & MSG_EOR) {
+ sinfo_flags |= SCTP_EOR;
+ }
+ if (flags & MSG_EOF) {
+ sinfo_flags |= SCTP_EOF;
+ }
+ }
+ if (sinfo_flags & SCTP_ADDR_OVER) {
if (addr)
net = sctp_findnet(stcb, addr);
else
@@ -12928,7 +12942,7 @@ sctp_lower_sosend(struct socket *so,
(SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
(SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
(asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
- if (srcv->sinfo_flags & SCTP_ABORT) {
+ if (sinfo_flags & SCTP_ABORT) {
;
} else {
SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
@@ -12941,7 +12955,7 @@ sctp_lower_sosend(struct socket *so,
p->td_ru.ru_msgsnd++;
}
/* Are we aborting? */
- if (srcv->sinfo_flags & SCTP_ABORT) {
+ if (sinfo_flags & SCTP_ABORT) {
struct mbuf *mm;
ssize_t tot_demand, tot_out = 0, max_out;
@@ -13145,7 +13159,7 @@ skip_preblock:
* case NOTE: uio will be null when top/mbuf is passed
*/
if (sndlen == 0) {
- if (srcv->sinfo_flags & SCTP_EOF) {
+ if (sinfo_flags & SCTP_EOF) {
got_all_of_the_send = 1;
goto dataless_eof;
} else {
@@ -13194,7 +13208,7 @@ skip_preblock:
}
sctp_snd_sb_alloc(stcb, sp->length);
atomic_add_int(&asoc->stream_queue_cnt, 1);
- if (srcv->sinfo_flags & SCTP_UNORDERED) {
+ if (sinfo_flags & SCTP_UNORDERED) {
SCTP_STAT_INCR(sctps_sends_with_unord);
}
TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
@@ -13269,15 +13283,15 @@ skip_preblock:
sctp_snd_sb_alloc(stcb, sndout);
atomic_add_int(&sp->length, sndout);
len += sndout;
- if (srcv->sinfo_flags & SCTP_SACK_IMMEDIATELY) {
+ if (sinfo_flags & SCTP_SACK_IMMEDIATELY) {
sp->sinfo_flags |= SCTP_SACK_IMMEDIATELY;
}
/* Did we reach EOR? */
if ((uio->uio_resid == 0) &&
((user_marks_eor == 0) ||
- (srcv->sinfo_flags & SCTP_EOF) ||
- (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
+ (sinfo_flags & SCTP_EOF) ||
+ (user_marks_eor && (sinfo_flags & SCTP_EOR)))) {
sp->msg_is_complete = 1;
} else {
sp->msg_is_complete = 0;
@@ -13479,7 +13493,7 @@ skip_preblock:
/* We send in a 0, since we do NOT have any locks */
error = sctp_msg_append(stcb, net, top, srcv, 0);
top = NULL;
- if (srcv->sinfo_flags & SCTP_EOF) {
+ if (sinfo_flags & SCTP_EOF) {
/*
* This should only happen for Panda for the mbuf
* send case, which does NOT yet support EEOR mode.
@@ -13494,7 +13508,7 @@ skip_preblock:
}
dataless_eof:
/* EOF thing ? */
- if ((srcv->sinfo_flags & SCTP_EOF) &&
+ if ((sinfo_flags & SCTP_EOF) &&
(got_all_of_the_send == 1)) {
SCTP_STAT_INCR(sctps_sends_with_eof);
error = 0;
More information about the svn-src-all
mailing list