From nobody Thu Mar 28 17:42:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1531265660970287.4162153831429; Tue, 10 Jul 2018 16:34:20 -0700 (PDT) Received: from localhost ([::1]:50108 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fd293-0002ZR-Uu for importer@patchew.org; Tue, 10 Jul 2018 19:34:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51522) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fd27w-0002G9-P6 for qemu-devel@nongnu.org; Tue, 10 Jul 2018 19:33:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fd27r-00084P-T9 for qemu-devel@nongnu.org; Tue, 10 Jul 2018 19:33:00 -0400 Received: from mail-ed1-x543.google.com ([2a00:1450:4864:20::543]:45341) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fd27r-000840-MU for qemu-devel@nongnu.org; Tue, 10 Jul 2018 19:32:55 -0400 Received: by mail-ed1-x543.google.com with SMTP id i20-v6so4757671eds.12 for ; Tue, 10 Jul 2018 16:32:55 -0700 (PDT) Received: from archbox.localdomain (dslb-092-076-157-094.092.076.pools.vodafone-ip.de. [92.76.157.94]) by smtp.gmail.com with ESMTPSA id o34-v6sm8721563edb.83.2018.07.10.16.32.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jul 2018 16:32:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=XaTRXUcZC8HVrPAV80K7EwONhnHX7bpdKu5D07qf4FE=; b=gZKttgGtTB8IfHpL+cIRqV0JikP5c/owXk+KPWuvyzDZ6uJxJJFuP4FKkTxyE/zlMY Cbh+hgQbmBiQWpBbfKJBZfMNzmmiDdbqZQ74ormgLVglNthMD+S8CJmhjl/IZZfjx0UO vBBFBli2803Q4zwPhHFymwc8N0S7VpIrt7Aiirn8kWJcoWA9Ckh+IMTlYWbvHrTnysx8 323dkyV/IwooA0KybrMWbC20bEpCrugTyqapj0B3MU7VNfb88ux8ywpUwxFPYNzrWTkx EuaNId0ztUTOW6HOlqhEZgzeLMxl5Ypmz1bjMG2xp17NIebWdjCmVohdYlV80tV4Hljl aOsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=XaTRXUcZC8HVrPAV80K7EwONhnHX7bpdKu5D07qf4FE=; b=N1hlsqY02cJUHHLptM7BrZln0FjjKtPZ9lg5hgUvrrOptzL5pfrVluD48JSimGvl1J /tHj/kzkIN7xizk4zE8FU4KzpE3E9M8m2sj5o8XayGNJ592m18Y9ElMg+NfXS2ZFJeDn gfktJNMhyLJh9KIvNcNrCQQzQ+xdxUbD/VAxeo005Em6bFk8Ir1WXhI59w6L47fLkKm6 qopjh+Q1VQdt2LWYumgxPTjreyziOA8wCydTZB1gUTCsZ7QaWNhbycrj4n+gl8qZAxV/ bTsubKMajfK7oSiJdI9WVuDRMAjjbqkUl+mSkzNUKLLdQpd+s8Ohj7KvJfgWoZ5foxYp iOxQ== X-Gm-Message-State: APt69E2v0Zc3t0aUaTAChs9ACa4KsGIyvQXQqpfHryH+svU1X36K1PiV RnqHCHfQICiSr8V/+eCKh/rqrA== X-Google-Smtp-Source: AAOMgpcRN/3z19oFb3yCwYQXSTYwhmT8nOYl/U96v3BIHg+p+64/0sgykBwmQ8kMsBNnBkkztcK4bg== X-Received: by 2002:a50:f78a:: with SMTP id h10-v6mr27970357edn.37.1531265574415; Tue, 10 Jul 2018 16:32:54 -0700 (PDT) From: Jonas Schievink To: qemu-devel@nongnu.org Date: Wed, 11 Jul 2018 01:32:29 +0200 Message-Id: <20180710233229.9311-1-jonasschievink@gmail.com> X-Mailer: git-send-email 2.18.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::543 Subject: [Qemu-devel] [PATCH] Zero out the host's `msg_control` buffer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jonas Schievink Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" (Apparently I messed up my git config for the last email so it didn't send the correct name - please bear with me, this is my first time submitting a patch to a mailing list. I've also added a link to the upstream bug in the commit description.) If this is not done, qemu would drop any control message after the first one. This is because glibc's `CMSG_NXTHDR` macro accesses the uninitialized cmsghdr's length field in order to find out if the message fits into the `msg_control` buffer, wrongly assuming that it doesn't because the length field contains garbage. Accessing the length field is fine for completed messages we receive from the kernel, but is - as far as I know - not needed since the kernel won't return such an invalid cmsghdr in the first place. This is tracked as this glibc bug: https://sourceware.org/bugzilla/show_bug.cgi?id=3D13500 It's probably also a good idea to bail with an error if `CMSG_NXTHDR` returns NULL but `TARGET_CMSG_NXTHDR` doesn't (ie. we still expect cmsgs). Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index e4b1b7d7da..77ce173b27 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3845,6 +3845,8 @@ static abi_long do_sendrecvmsg_locked(int fd, struct = target_msghdr *msgp, msg.msg_control =3D alloca(msg.msg_controllen); msg.msg_flags =3D tswap32(msgp->msg_flags); =20 + memset(msg.msg_control, 0, msg.msg_controllen); + count =3D tswapal(msgp->msg_iovlen); target_vec =3D tswapal(msgp->msg_iov); =20 --=20 2.18.0