From nobody Sun Sep 12 09:13:52 2021
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7908217A7883;
	Sun, 12 Sep 2021 09:13:55 +0000 (UTC)
	(envelope-from avg@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4H6kSM2f28z3Qyj;
	Sun, 12 Sep 2021 09:13:55 +0000 (UTC)
	(envelope-from avg@freebsd.org)
Received: from [192.168.0.88] (unknown [195.64.148.76])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client did not present a certificate)
	(Authenticated sender: avg/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id C0A7F27AC8;
	Sun, 12 Sep 2021 09:13:54 +0000 (UTC)
	(envelope-from avg@freebsd.org)
From: Andriy Gapon <avg@freebsd.org>
Subject: Re: recvmsg() "short receive" after FIONREAD
To: Mark Johnston <markj@freebsd.org>
Cc: "net@FreeBSD.org" <net@freebsd.org>, hackers@freebsd.org
References: <500a2272-c1b3-3f97-0096-9fe8117c4b95@FreeBSD.org>
 <6f455869-cbdd-ee20-f2f8-f633e22071e9@FreeBSD.org> <YTuznrhho4qGXqu8@nuc>
 <cdd2328e-e6aa-f0fc-a77a-adae03759f18@FreeBSD.org>
 <4a2165c5-b97b-8fb7-9ada-0acae3197824@FreeBSD.org>
 <b309f8a5-c550-905b-4340-0b7005ea6fe3@FreeBSD.org> <YTy5kRl0kDl495Po@nuc>
 <fcf10f8a-1672-4a21-c64b-55044cac81c5@FreeBSD.org>
 <4499e2b0-d1e7-5bee-519c-783fb930fc06@FreeBSD.org>
 <82143b59-a0e6-c23e-8b47-29d8d41eb5b4@FreeBSD.org> <YTz4OJEsBRcuVSaN@nuc>
Message-ID: <c0a47189-4bd1-a572-6cf2-6eba29c53392@FreeBSD.org>
Date: Sun, 12 Sep 2021 12:13:52 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Firefox/78.0 Thunderbird/78.14.0
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
In-Reply-To: <YTz4OJEsBRcuVSaN@nuc>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-ThisMailContainsUnwantedMimeParts: N

On 11/09/2021 21:40, Mark Johnston wrote:
> On Sat, Sep 11, 2021 at 09:25:42PM +0300, Andriy Gapon wrote:
>> So, this is what I've got:
>> diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c
>> index e53b0367960b..11ee03703407 100644
>> --- a/sys/kern/sys_socket.c
>> +++ b/sys/kern/sys_socket.c
>> @@ -210,7 +210,12 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, struct
>> ucred *active_cred,
>>    		if (SOLISTENING(so)) {
>>    			error = EINVAL;
>>    		} else {
>> -			*(int *)data = sbavail(&so->so_rcv);
>> +			struct sockbuf *sb;
>> +
>> +			sb = &so->so_rcv;
>> +			SOCKBUF_LOCK(sb);
>> +			*(int *)data = sbavail(sb) - sb->sb_ctl;
>> +			SOCKBUF_UNLOCK(sb);
>>    		}
>>    		break;
> 
> It should use SOCK_RECVBUF_LOCK() (see
> https://cgit.freebsd.org/src/commit/?id=74a68313b503940158a2e8e8f02626d7cdbdaff9
> ):
> 
> 	sb = &so->so_rcv;
> 	SOCK_RECVBUF_LOCK(so);
> 	if (SOLISTENING(so))
> 		error = EINVAL;
> 	else
> 		*(int *)data = sbavail(sb) - sb->sb_ctl;
> 	SOCK_RECVBUF_UNLOCK(so);
> 
> Otherwise a concurrent listen(2) will clobber the pointer used by
> SOCKBUF_LOCK().
> 

Oh, I see now.  I haven't pulled that version yet, so I could not find 
SOCK_RECVBUF_LOCK in my tree :-)

Since you have the change and you did all the thinking work anyway, could you 
please commit it?
Thanks!

-- 
Andriy Gapon