Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Jul 2019 00:55:40 +0200
From:      Oliver Pinter <oliver.pinter@hardenedbsd.org>
To:        Michael Tuexen <tuexen@freebsd.org>
Cc:        "src-committers@freebsd.org" <src-committers@freebsd.org>,  "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,  "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>
Subject:   Re: svn commit: r349999 - head/sys/netinet
Message-ID:  <CAPQ4ffsq9Eyt1h-wgPsvAiYE4KSEw_qW_qoR9KpQWPoKYcjngA@mail.gmail.com>
In-Reply-To: <201907151454.x6FEs4g7020630@repo.freebsd.org>
References:  <201907151454.x6FEs4g7020630@repo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, July 15, 2019, Michael Tuexen <tuexen@freebsd.org> wrote:

> Author: tuexen
> Date: Mon Jul 15 14:54:04 2019
> New Revision: 349999
> URL: https://svnweb.freebsd.org/changeset/base/349999
>
> Log:
>   Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.
>
>   This is an FreeBSD extension, not covered by Posix.
>
>   This issue was found by running syzkaller.


Aren't there syzkaller ids for these findings?


>
>   MFC after:            1 week
>
> Modified:
>   head/sys/netinet/sctp_output.c
>
> Modified: head/sys/netinet/sctp_output.c
> ============================================================
> ==================
> --- head/sys/netinet/sctp_output.c      Mon Jul 15 14:52:52 2019
> (r349998)
> +++ head/sys/netinet/sctp_output.c      Mon Jul 15 14:54:04 2019
> (r349999)
> @@ -12652,6 +12652,12 @@ sctp_lower_sosend(struct socket *so,
>                 sinfo_flags = inp->def_send.sinfo_flags;
>                 sinfo_assoc_id = inp->def_send.sinfo_assoc_id;
>         }
> +       if (flags & MSG_EOR) {
> +               sinfo_flags |= SCTP_EOR;
> +       }
> +       if (flags & MSG_EOF) {
> +               sinfo_flags |= SCTP_EOF;
> +       }
>         if (sinfo_flags & SCTP_SENDALL) {
>                 /* its a sendall */
>                 error = sctp_sendall(inp, uio, top, srcv);
> @@ -12819,9 +12825,17 @@ sctp_lower_sosend(struct socket *so,
>                 }
>         } else
>                 asoc = &stcb->asoc;
> -       if (srcv == NULL)
> +       if (srcv == NULL) {
>                 srcv = (struct sctp_sndrcvinfo *)&asoc->def_send;
> -       if (srcv->sinfo_flags & SCTP_ADDR_OVER) {
> +               sinfo_flags = srcv->sinfo_flags;
> +               if (flags & MSG_EOR) {
> +                       sinfo_flags |= SCTP_EOR;
> +               }
> +               if (flags & MSG_EOF) {
> +                       sinfo_flags |= SCTP_EOF;
> +               }
> +       }
> +       if (sinfo_flags & SCTP_ADDR_OVER) {
>                 if (addr)
>                         net = sctp_findnet(stcb, addr);
>                 else
> @@ -12928,7 +12942,7 @@ sctp_lower_sosend(struct socket *so,
>             (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
>             (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
>             (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
> -               if (srcv->sinfo_flags & SCTP_ABORT) {
> +               if (sinfo_flags & SCTP_ABORT) {
>                         ;
>                 } else {
>                         SCTP_LTRACE_ERR_RET(NULL, stcb, NULL,
> SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
> @@ -12941,7 +12955,7 @@ sctp_lower_sosend(struct socket *so,
>                 p->td_ru.ru_msgsnd++;
>         }
>         /* Are we aborting? */
> -       if (srcv->sinfo_flags & SCTP_ABORT) {
> +       if (sinfo_flags & SCTP_ABORT) {
>                 struct mbuf *mm;
>                 ssize_t tot_demand, tot_out = 0, max_out;
>
> @@ -13145,7 +13159,7 @@ skip_preblock:
>          * case NOTE: uio will be null when top/mbuf is passed
>          */
>         if (sndlen == 0) {
> -               if (srcv->sinfo_flags & SCTP_EOF) {
> +               if (sinfo_flags & SCTP_EOF) {
>                         got_all_of_the_send = 1;
>                         goto dataless_eof;
>                 } else {
> @@ -13194,7 +13208,7 @@ skip_preblock:
>                         }
>                         sctp_snd_sb_alloc(stcb, sp->length);
>                         atomic_add_int(&asoc->stream_queue_cnt, 1);
> -                       if (srcv->sinfo_flags & SCTP_UNORDERED) {
> +                       if (sinfo_flags & SCTP_UNORDERED) {
>                                 SCTP_STAT_INCR(sctps_sends_with_unord);
>                         }
>                         TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
> @@ -13269,15 +13283,15 @@ skip_preblock:
>                                 sctp_snd_sb_alloc(stcb, sndout);
>                                 atomic_add_int(&sp->length, sndout);
>                                 len += sndout;
> -                               if (srcv->sinfo_flags &
> SCTP_SACK_IMMEDIATELY) {
> +                               if (sinfo_flags & SCTP_SACK_IMMEDIATELY) {
>                                         sp->sinfo_flags |=
> SCTP_SACK_IMMEDIATELY;
>                                 }
>
>                                 /* Did we reach EOR? */
>                                 if ((uio->uio_resid == 0) &&
>                                     ((user_marks_eor == 0) ||
> -                                   (srcv->sinfo_flags & SCTP_EOF) ||
> -                                   (user_marks_eor && (srcv->sinfo_flags
> & SCTP_EOR)))) {
> +                                   (sinfo_flags & SCTP_EOF) ||
> +                                   (user_marks_eor && (sinfo_flags &
> SCTP_EOR)))) {
>                                         sp->msg_is_complete = 1;
>                                 } else {
>                                         sp->msg_is_complete = 0;
> @@ -13479,7 +13493,7 @@ skip_preblock:
>                 /* We send in a 0, since we do NOT have any locks */
>                 error = sctp_msg_append(stcb, net, top, srcv, 0);
>                 top = NULL;
> -               if (srcv->sinfo_flags & SCTP_EOF) {
> +               if (sinfo_flags & SCTP_EOF) {
>                         /*
>                          * This should only happen for Panda for the mbuf
>                          * send case, which does NOT yet support EEOR mode.
> @@ -13494,7 +13508,7 @@ skip_preblock:
>         }
>  dataless_eof:
>         /* EOF thing ? */
> -       if ((srcv->sinfo_flags & SCTP_EOF) &&
> +       if ((sinfo_flags & SCTP_EOF) &&
>             (got_all_of_the_send == 1)) {
>                 SCTP_STAT_INCR(sctps_sends_with_eof);
>                 error = 0;
> _______________________________________________
> svn-src-head@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-head
> To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4ffsq9Eyt1h-wgPsvAiYE4KSEw_qW_qoR9KpQWPoKYcjngA>