Re: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TA

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TA

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD
Date:	Wed, 12 May 2021 18:35:57 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1

On 5/12/21 5:36 PM, Daniel P. Berrangé wrote:
> The CMSG_LEN and CMSG_SPACE macros must not be assumed to return the
> same value. The msg_controllen field must be initialized using
> CMSG_SPACE when using SCM_RIGHTS.
> 
> This ought to fix any FD receive issues users might be hitting on
> 64-bit FeeBSD / NetBSD platforms. The flaw was noticed first in
> GNULIB
> 
>    https://lists.gnu.org/archive/html/bug-gnulib/2021-02/msg00066.html
> 
> and QEMU's code has the same logic bug.
> 
> Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  net/tap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/tap.c b/net/tap.c
> index bae895e287..276a9077fc 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -467,7 +467,7 @@ static int recv_fd(int c)
>      cmsg->cmsg_level = SOL_SOCKET;
>      cmsg->cmsg_type = SCM_RIGHTS;
>      cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
> -    msg.msg_controllen = cmsg->cmsg_len;
> +    msg.msg_controllen = CMSG_SPACE(sizeof(fd));
>  
>      iov.iov_base = req;
>      iov.iov_len = sizeof(req);
> 

Possibly more:

-- >8 --
diff --git a/contrib/ivshmem-client/ivshmem-client.c
b/contrib/ivshmem-client/ivshmem-client.c
index 182c79d27cf..f4ee226deba 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -44 +44 @@ ivshmem_client_read_one_msg(IvshmemClient *client, int64_t
*index, int *fd)
-    msg.msg_controllen = sizeof(msg_control);
+    msg.msg_controllen = CMSG_SPACE(sizeof(msg_control));
diff --git a/contrib/ivshmem-server/ivshmem-server.c
b/contrib/ivshmem-server/ivshmem-server.c
index 39a6ffdb5df..209eb120716 100644
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -55 +55 @@ ivshmem_server_send_one_msg(int sock_fd, int64_t peer_id,
int fd)
-        msg.msg_controllen = sizeof(msg_control);
+        msg.msg_controllen = CMSG_SPACE(sizeof(msg_control));
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c
b/contrib/vhost-user-gpu/vhost-user-gpu.c
index f73f292c9f7..e72a59b135a 100644
--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
@@ -161 +161 @@ vg_sock_fd_write(int sock, const void *buf, ssize_t
buflen, int fd)
-        msg.msg_controllen = sizeof(cmsgu.control);
+        msg.msg_controllen = CMSG_SPACE(sizeof(cmsgu.control));
diff --git a/io/channel-socket.c b/io/channel-socket.c
index de259f7eed2..753d0d2f8ef 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -498 +498 @@ static ssize_t qio_channel_socket_readv(QIOChannel *ioc,
-        msg.msg_controllen = sizeof(control);
+        msg.msg_controllen = CMSG_SPACE(sizeof(control));
diff --git a/net/tap.c b/net/tap.c
index bae895e2874..05ab4c8a530 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -459 +459 @@ static int recv_fd(int c)
-        .msg_controllen = sizeof(msgbuf),
+        .msg_controllen = CMSG_SPACE(sizeof(msgbuf)),
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index a26e1663f02..983b4347523 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -189 +189 @@ static int send_fd(int c, int fd)
-        .msg_controllen = sizeof(msgbuf),
+        .msg_controllen = CMSG_SPACE(sizeof(msgbuf)),
@@ -199 +199 @@ static int send_fd(int c, int fd)
-    msg.msg_controllen = cmsg->cmsg_len;
+    msg.msg_controllen = CMSG_SPACE(sizeof(fd));
diff --git a/subprojects/libvhost-user/libvhost-user.c
b/subprojects/libvhost-user/libvhost-user.c
index fab7ca17ee1..f083db4ea16 100644
--- a/subprojects/libvhost-user/libvhost-user.c
+++ b/subprojects/libvhost-user/libvhost-user.c
@@ -281 +281 @@ vu_message_read_default(VuDev *dev, int conn_fd,
VhostUserMsg *vmsg)
-        .msg_controllen = sizeof(control),
+        .msg_controllen = CMSG_SPACE(sizeof(control)),
diff --git a/tests/qemu-iotests/socket_scm_helper.c
b/tests/qemu-iotests/socket_scm_helper.c
index eb76d31aa94..aeba41edea0 100644
--- a/tests/qemu-iotests/socket_scm_helper.c
+++ b/tests/qemu-iotests/socket_scm_helper.c
@@ -42 +42 @@ static int send_fd(int fd, int fd_to_send)
-    msg.msg_controllen = sizeof(control);
+    msg.msg_controllen = CMSG_SPACE(sizeof(control));
---

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/2] net/tap: minor fixes to interaction with the bridge helper, Daniel P . Berrangé, 2021/05/12
- [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD, Daniel P . Berrangé, 2021/05/12
  - Re: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD, Philippe Mathieu-Daudé <=
    - Re: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD, Daniel P . Berrangé, 2021/05/14
- [PATCH v2 2/2] net/tap: fix error reporting when bridge helper forgets to send an FD, Daniel P . Berrangé, 2021/05/12

Prev by Date: Re: [PULL 0/5] Miscellaneous patches for 2021-05-12
Next by Date: Re: [PULL 2/5] Remove the deprecated moxie target
Previous by thread: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD
Next by thread: Re: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD
Index(es):
- Date
- Thread