From nobody Thu Mar 28 19:06:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 153126338116788.36153468512703; Tue, 10 Jul 2018 15:56:21 -0700 (PDT) Received: from localhost ([::1]:50032 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fd1YR-0003wi-JL for importer@patchew.org; Tue, 10 Jul 2018 18:56:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39325) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fd0zz-0004cg-19 for qemu-devel@nongnu.org; Tue, 10 Jul 2018 18:20:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fd0zr-0001ZE-KQ for qemu-devel@nongnu.org; Tue, 10 Jul 2018 18:20:42 -0400 Received: from mail-ed1-x543.google.com ([2a00:1450:4864:20::543]:45056) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fd0zr-0001YU-4m for qemu-devel@nongnu.org; Tue, 10 Jul 2018 18:20:35 -0400 Received: by mail-ed1-x543.google.com with SMTP id i20-v6so4670608eds.12 for ; Tue, 10 Jul 2018 15:20:33 -0700 (PDT) Received: from archbox.localdomain (dslb-092-076-157-094.092.076.pools.vodafone-ip.de. [92.76.157.94]) by smtp.gmail.com with ESMTPSA id f18-v6sm27923edq.36.2018.07.10.15.20.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jul 2018 15:20:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=OAi3fKfY7GZfHTTiZteJaDm2RrG80FdDWWJfx2z9Nto=; b=mp1WJtai6VSgyKXQqR8XIB+ceGwW7lCsm70SQRa61oB474FvHUoPzQz65Cp2ZKylCq YiZTpqgYsxfviB48CSrJt31mH744uuX+6mcu060AyxIc6BGJBW6Uzl9+AKSTI0abPDF6 /ekDbTP0tBis7pb+/rP5+eKo4BRWcVglm26O2fTsc3mOadSx8m6FRjvkY+u1Ht1IEMmM 8lKJqvG3PCsv2HineJZFYymFi8zKASAfWnX1AH4fPWULql9oBNR/MKxpn84tYSQC6Hm0 lQ3S2n4FJFJnSVkB5OOY0vjSBhxFOx3A84pum+ltxj4nw6CkDRLvVCbgNRS4uDbeIIEs gHFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=OAi3fKfY7GZfHTTiZteJaDm2RrG80FdDWWJfx2z9Nto=; b=e31Qq3j/NaJw8esER7mX5rC5lyYRGbujX5aSSxBl6aCSSaI7wfN+EQ5P117Y4EUfTf k/ItNq+Rcrpp6P61ZBXxKsmdaM9zRJEUi0E6vAoCI5DWROMY2JwRViXQwMnPUO29VNNM 8Jmi6etRV7TMFDKbNTXy3bvR6TST6//JDcATCFSsdIeMTsScRqYuapf56iIoVVlW86rz DvJQRVYjevr1rE/On5BASWdjlnq4fgPt0p5DlXlG4F+929Ch0q2n8ihwiHLeDvPktaJG cigvJvfEL2LSd9upPHc+8d1GqJvmg6CxNXCizlWHdoapAY4QC5JJoeZH0gCUvDPhFAxr TlPg== X-Gm-Message-State: APt69E1tB5o/4dTJU58q3W6rcnbL+ftmnPlVkySrMH+7hKcqICPx/Y7n iVD0FEcJeiumoTX2YrQeYm9Dwg== X-Google-Smtp-Source: AAOMgpcU4W+5MVywg7FiyZutlEi/EJaWMPt7ZOf792b69aoMj8wsf8qnZRMQwEwyesXBBy+MTVcI1Q== X-Received: by 2002:a50:a804:: with SMTP id j4-v6mr29734425edc.61.1531261232118; Tue, 10 Jul 2018 15:20:32 -0700 (PDT) From: jonasschievink@gmail.com To: qemu-devel@nongnu.org Date: Wed, 11 Jul 2018 00:20:27 +0200 Message-Id: <20180710222027.31188-1-jonasschievink@gmail.com> X-Mailer: git-send-email 2.18.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::543 X-Mailman-Approved-At: Tue, 10 Jul 2018 18:55:07 -0400 Subject: [Qemu-devel] [PATCH] Zero out the host's `msg_control` buffer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jonas Schievink Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Jonas Schievink If this is not done, qemu would drop any control message after the first one. This is because glibc's `CMSG_NXTHDR` macro accesses the uninitialized cmsghdr's length field in order to find out if the message fits into the `msg_control` buffer. This is fine for completed messages we receive from the kernel, but is - as far as I know - not needed since the kernel won't return such an invalid cmsghdr in the first place. It's probably also a good idea to bail with an error if `CMSG_NXTHDR` returns NULL but `TARGET_CMSG_NXTHDR` doesn't (ie. we still expect cmsgs). --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index e4b1b7d7da..77ce173b27 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3845,6 +3845,8 @@ static abi_long do_sendrecvmsg_locked(int fd, struct = target_msghdr *msgp, msg.msg_control =3D alloca(msg.msg_controllen); msg.msg_flags =3D tswap32(msgp->msg_flags); =20 + memset(msg.msg_control, 0, msg.msg_controllen); + count =3D tswapal(msgp->msg_iovlen); target_vec =3D tswapal(msgp->msg_iov); =20 --=20 2.18.0