Fix sendmsg on macOS when passing a zero entry cmsgs array. #623
Conversation
| @@ -279,12 +277,18 @@ pub fn sendmsg<'a>(fd: RawFd, iov: &[IoVec<&'a [u8]>], cmsgs: &[ControlMessage<' | |||
| None => (0 as *const _, 0), | |||
| }; | |||
|
|
|||
| let cmsg_ptr = if capacity > 0 { | |||
There was a problem hiding this comment.
Is this not supposed to be len?
There was a problem hiding this comment.
I think, if anything, cmsg_buffer should be allocated with capacity rather than len.
There was a problem hiding this comment.
I'm not certain on this API, so I just wanted to confirm that len was correct.
|
Since you have a simple test case, can you add it as a test to the test suite? That way this will never regress after this fix. |
|
Also we need an entry in |
|
Thanks for the feedback. I've pushed an updated version.
Done.
Done. |
|
This looks pretty good to me, but right now we're blocking on a fix for #634. |
|
@kinetiknz I actually wanted to request that you add a summary of what's going on in your test, either inline or at the top. I don't understand this subsystem, so being able to roughly understand it without having to dig through the low-level code would be appreciated. |
I added a bit of a description to the top of the test. Let me know if that makes sense. I've found another couple of issues in this area of the code while updating this PR with your feedback. I'll send another PR for those soon. |
|
Can you rebase this? We've fixed the mount tests and enabled some more platforms, but I think this is RTM otherwise. |
|
Thanks for the update. Rebased patch pushed. |
test/sys/test_socket.rs
Outdated
| for _ in msg.cmsgs() { | ||
| panic!("unexpected cmsg"); | ||
| } | ||
| assert_eq!(msg.flags & (MSG_TRUNC | MSG_CTRUNC), MsgFlags::empty()); |
There was a problem hiding this comment.
This would be more clear if it was written as:
assert!(!msg.flags.intersects(MSG_TRUNC | MSG_CTRUNC));
There was a problem hiding this comment.
Fixed there and in test_scm_rights, where it was copied from.
|
This LGTM, @asomers wanna take a look over this as well and merge it if so? |
|
bors r+ |
Merge conflict |
|
@kinetiknz please rebase your PR. |
Done. I assume I don't have access to get bors to retry the merge. |
|
I don't think you could even if you specified me as a reviewer. Don't worry, though, I pay close attention to our massive backlog of PRs! bors r+ |
623: Fix sendmsg on macOS when passing a zero entry cmsgs array. r=Susurrus
On macOS, trying to call `sendmsg` with a zero entry cmsgs buffer, e.g.:
sendmsg(fd, [IoVec::from_slice(buf)], &[], MsgFlags::empty(), None)
...fails with `EINVAL`. This occurs due to the pointer value for zero capacity `Vec`s being 0x1 rather than 0x0, to distinguish allocated-but-zero-size from nullptr. The [kernel validates](https://github.com/opensource-apple/xnu/blob/dc0628e187c3148723505cf1f1d35bb948d3195b/bsd/kern/uipc_syscalls.c#L1304) both the `msghdr.msg_control` and `msghdr.msg_controllen` fields and rejects `msghdr.msg_control == 0x1` as invalid.
This doesn't show up on Linux because the [kernel validates](https://github.com/torvalds/linux/blob/9705596d08ac87c18aee32cc97f2783b7d14624e/net/core/scm.c#L139) `msghdr.msg_controllen` first and ignores the value of `msghdr.msg_control` if the length was 0.
Timed out |
|
There's just a big backlog of PRs right now which is why bors timed out. Given that builds currently take almost two hours, I'm tempted to suggest we should double our timeout for bors again. @asomers any opinion on this? bors r+ |
623: Fix sendmsg on macOS when passing a zero entry cmsgs array. r=Susurrus
On macOS, trying to call `sendmsg` with a zero entry cmsgs buffer, e.g.:
sendmsg(fd, [IoVec::from_slice(buf)], &[], MsgFlags::empty(), None)
...fails with `EINVAL`. This occurs due to the pointer value for zero capacity `Vec`s being 0x1 rather than 0x0, to distinguish allocated-but-zero-size from nullptr. The [kernel validates](https://github.com/opensource-apple/xnu/blob/dc0628e187c3148723505cf1f1d35bb948d3195b/bsd/kern/uipc_syscalls.c#L1304) both the `msghdr.msg_control` and `msghdr.msg_controllen` fields and rejects `msghdr.msg_control == 0x1` as invalid.
This doesn't show up on Linux because the [kernel validates](https://github.com/torvalds/linux/blob/9705596d08ac87c18aee32cc97f2783b7d14624e/net/core/scm.c#L139) `msghdr.msg_controllen` first and ignores the value of `msghdr.msg_control` if the length was 0.
|
@Susurrus I think that's reasonable. I'll open a new issue for it. |
Build succeeded |
On macOS, trying to call
sendmsgwith a zero entry cmsgs buffer, e.g.:...fails with
EINVAL. This occurs due to the pointer value for zero capacityVecs being 0x1 rather than 0x0, to distinguish allocated-but-zero-size from nullptr. The kernel validates both themsghdr.msg_controlandmsghdr.msg_controllenfields and rejectsmsghdr.msg_control == 0x1as invalid.This doesn't show up on Linux because the kernel validates
msghdr.msg_controllenfirst and ignores the value ofmsghdr.msg_controlif the length was 0.