svn commit: r349999 - head/sys/netinet
Michael Tuexen
tuexen at freebsd.org
Mon Jul 15 23:08:56 UTC 2019
> On 16. Jul 2019, at 00:55, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
>
>
>
> On Monday, July 15, 2019, Michael Tuexen <tuexen at freebsd.org> wrote:
> Author: tuexen
> Date: Mon Jul 15 14:54:04 2019
> New Revision: 349999
> URL: https://svnweb.freebsd.org/changeset/base/349999
>
> Log:
> Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.
>
> This is an FreeBSD extension, not covered by Posix.
>
> This issue was found by running syzkaller.
>
> Aren't there syzkaller ids for these findings?
I don't think so. It was observed while resolving this issue:
http://212.201.121.91:10000/crash?id=6776fd17dd57519d11638604f246aacf5dbaf5a2
Just to be clear: this patch is about adding a feature, not fixing a bug.
Best regards
Michael
>
>
> MFC after: 1 week
>
> Modified:
> head/sys/netinet/sctp_output.c
>
> Modified: head/sys/netinet/sctp_output.c
> ==============================================================================
> --- head/sys/netinet/sctp_output.c Mon Jul 15 14:52:52 2019 (r349998)
> +++ head/sys/netinet/sctp_output.c Mon Jul 15 14:54:04 2019 (r349999)
> @@ -12652,6 +12652,12 @@ sctp_lower_sosend(struct socket *so,
> sinfo_flags = inp->def_send.sinfo_flags;
> sinfo_assoc_id = inp->def_send.sinfo_assoc_id;
> }
> + if (flags & MSG_EOR) {
> + sinfo_flags |= SCTP_EOR;
> + }
> + if (flags & MSG_EOF) {
> + sinfo_flags |= SCTP_EOF;
> + }
> if (sinfo_flags & SCTP_SENDALL) {
> /* its a sendall */
> error = sctp_sendall(inp, uio, top, srcv);
> @@ -12819,9 +12825,17 @@ sctp_lower_sosend(struct socket *so,
> }
> } else
> asoc = &stcb->asoc;
> - if (srcv == NULL)
> + if (srcv == NULL) {
> srcv = (struct sctp_sndrcvinfo *)&asoc->def_send;
> - if (srcv->sinfo_flags & SCTP_ADDR_OVER) {
> + sinfo_flags = srcv->sinfo_flags;
> + if (flags & MSG_EOR) {
> + sinfo_flags |= SCTP_EOR;
> + }
> + if (flags & MSG_EOF) {
> + sinfo_flags |= SCTP_EOF;
> + }
> + }
> + if (sinfo_flags & SCTP_ADDR_OVER) {
> if (addr)
> net = sctp_findnet(stcb, addr);
> else
> @@ -12928,7 +12942,7 @@ sctp_lower_sosend(struct socket *so,
> (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
> (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
> (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
> - if (srcv->sinfo_flags & SCTP_ABORT) {
> + if (sinfo_flags & SCTP_ABORT) {
> ;
> } else {
> SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
> @@ -12941,7 +12955,7 @@ sctp_lower_sosend(struct socket *so,
> p->td_ru.ru_msgsnd++;
> }
> /* Are we aborting? */
> - if (srcv->sinfo_flags & SCTP_ABORT) {
> + if (sinfo_flags & SCTP_ABORT) {
> struct mbuf *mm;
> ssize_t tot_demand, tot_out = 0, max_out;
>
> @@ -13145,7 +13159,7 @@ skip_preblock:
> * case NOTE: uio will be null when top/mbuf is passed
> */
> if (sndlen == 0) {
> - if (srcv->sinfo_flags & SCTP_EOF) {
> + if (sinfo_flags & SCTP_EOF) {
> got_all_of_the_send = 1;
> goto dataless_eof;
> } else {
> @@ -13194,7 +13208,7 @@ skip_preblock:
> }
> sctp_snd_sb_alloc(stcb, sp->length);
> atomic_add_int(&asoc->stream_queue_cnt, 1);
> - if (srcv->sinfo_flags & SCTP_UNORDERED) {
> + if (sinfo_flags & SCTP_UNORDERED) {
> SCTP_STAT_INCR(sctps_sends_with_unord);
> }
> TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
> @@ -13269,15 +13283,15 @@ skip_preblock:
> sctp_snd_sb_alloc(stcb, sndout);
> atomic_add_int(&sp->length, sndout);
> len += sndout;
> - if (srcv->sinfo_flags & SCTP_SACK_IMMEDIATELY) {
> + if (sinfo_flags & SCTP_SACK_IMMEDIATELY) {
> sp->sinfo_flags |= SCTP_SACK_IMMEDIATELY;
> }
>
> /* Did we reach EOR? */
> if ((uio->uio_resid == 0) &&
> ((user_marks_eor == 0) ||
> - (srcv->sinfo_flags & SCTP_EOF) ||
> - (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
> + (sinfo_flags & SCTP_EOF) ||
> + (user_marks_eor && (sinfo_flags & SCTP_EOR)))) {
> sp->msg_is_complete = 1;
> } else {
> sp->msg_is_complete = 0;
> @@ -13479,7 +13493,7 @@ skip_preblock:
> /* We send in a 0, since we do NOT have any locks */
> error = sctp_msg_append(stcb, net, top, srcv, 0);
> top = NULL;
> - if (srcv->sinfo_flags & SCTP_EOF) {
> + if (sinfo_flags & SCTP_EOF) {
> /*
> * This should only happen for Panda for the mbuf
> * send case, which does NOT yet support EEOR mode.
> @@ -13494,7 +13508,7 @@ skip_preblock:
> }
> dataless_eof:
> /* EOF thing ? */
> - if ((srcv->sinfo_flags & SCTP_EOF) &&
> + if ((sinfo_flags & SCTP_EOF) &&
> (got_all_of_the_send == 1)) {
> SCTP_STAT_INCR(sctps_sends_with_eof);
> error = 0;
> _______________________________________________
> svn-src-head at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-head
> To unsubscribe, send any mail to "svn-src-head-unsubscribe at freebsd.org"
More information about the svn-src-all
mailing list