From nobody Fri May 17 03:39:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620833927; cv=none; d=zohomail.com; s=zohoarc; b=UV/QKdw3XF4G1H/LYOLs3yxbKXkZoQ1u1XVszxMlISQxn8KYPm03MjMz00b+j6Y9RX/+xcW7WP/SHnhG/y1MkkMtCut4KIgW3DSa2pnfZGhDlPhBu4Ir7RF/f3IOyLsZMWtj3V5rozCrXGN6ghIY1SkGtpJ8W6DPBfWXIPm2pS4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620833927; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=BWJ5jwhKRKM4dPmzEgfCr0owtOZEAzvwL7BVTs36R7o=; b=S6I6w7CQuicLpKl7imSRUGr9Iidq1GTg/UxW3WU5gl6EfMP4gyuaTdhDnPfG5fIiGV3FQFnMSeu3gKML9CmCzI1fk1laZnrIE2k7b67QimQO41bCiqdQlKtLBD7HGkjISuk7L/F6Pql+yvPSNxRhaeJzJIgIQrlXOqu3SM1DF08= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1620833927629818.6715369975353; Wed, 12 May 2021 08:38:47 -0700 (PDT) Received: from localhost ([::1]:47352 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lgqwg-0008Tn-Af for importer@patchew.org; Wed, 12 May 2021 11:38:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50894) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lgqv1-0006Me-BB for qemu-devel@nongnu.org; Wed, 12 May 2021 11:37:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:59188) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lgquz-0003ZZ-Pb for qemu-devel@nongnu.org; Wed, 12 May 2021 11:37:03 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-500-wSLHC3z8NsGXjEE09ofriQ-1; Wed, 12 May 2021 11:36:59 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DD5B3107ACCA for ; Wed, 12 May 2021 15:36:57 +0000 (UTC) Received: from localhost.redhat.com (ovpn-114-167.ams2.redhat.com [10.36.114.167]) by smtp.corp.redhat.com (Postfix) with ESMTP id 948A26091A; Wed, 12 May 2021 15:36:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620833821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BWJ5jwhKRKM4dPmzEgfCr0owtOZEAzvwL7BVTs36R7o=; b=eK+YHLSrj8wLJt8E62Ar7BmH2MnP215v11Y/eFAeA5EhmO75OMemw9ISCDXVVUzfDMLJ9k 2tmeD2Hxd5vUoZdJufa+R5UAevbJmQAzBMdVtID6yM7rT9TizV7g6gbOraZfe4Jlu7ro58 MfbIQ3mNxW33NemDvJKSb0ww3Q0dZ54= X-MC-Unique: wSLHC3z8NsGXjEE09ofriQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v2 1/2] net/tap: fix FreeBSD portability problem receiving TAP FD Date: Wed, 12 May 2021 16:36:53 +0100 Message-Id: <20210512153654.1178035-2-berrange@redhat.com> In-Reply-To: <20210512153654.1178035-1-berrange@redhat.com> References: <20210512153654.1178035-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.7, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Connor Kuehl , Jason Wang , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) The CMSG_LEN and CMSG_SPACE macros must not be assumed to return the same value. The msg_controllen field must be initialized using CMSG_SPACE when using SCM_RIGHTS. This ought to fix any FD receive issues users might be hitting on 64-bit FeeBSD / NetBSD platforms. The flaw was noticed first in GNULIB https://lists.gnu.org/archive/html/bug-gnulib/2021-02/msg00066.html and QEMU's code has the same logic bug. Reviewed-by: Connor Kuehl Signed-off-by: Daniel P. Berrang=C3=A9 --- net/tap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tap.c b/net/tap.c index bae895e287..276a9077fc 100644 --- a/net/tap.c +++ b/net/tap.c @@ -467,7 +467,7 @@ static int recv_fd(int c) cmsg->cmsg_level =3D SOL_SOCKET; cmsg->cmsg_type =3D SCM_RIGHTS; cmsg->cmsg_len =3D CMSG_LEN(sizeof(fd)); - msg.msg_controllen =3D cmsg->cmsg_len; + msg.msg_controllen =3D CMSG_SPACE(sizeof(fd)); =20 iov.iov_base =3D req; iov.iov_len =3D sizeof(req); --=20 2.31.1 From nobody Fri May 17 03:39:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620834031; cv=none; d=zohomail.com; s=zohoarc; b=GAi6fG5HTrigb/1NWyYSTe9b7l54WZ1+/Yz//Y78cufUeGKgz5dNNTjetmTB3bECYBFV58FAboLf2GzBmPbHlPn5se2eNK79r+canWEyRRS1Td8ITBXQdbPbPunWyao6PopFBxE/D7tg3Ba61WreLMNrqSv5UaM9VW/g428Hzr8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620834031; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=1n3KODK3Ybt7IqzNcGCAD2DSDPe/IpshwjtaaPsS4XY=; b=np6gd8geOOg9n1FDpaczg4AkTPqJtsIyEUbjHDP3mFVsO4TBSOSEIsRMammtbREqUYFx70TKJlTuENsyUvlGRApZTGg7MPMlsNvB5A+oU4eaxtEr6Yq0wXqydfAnSjYKz60tW2OupKJ7Fwl2L9YafP3qe2y1KQN9UdUk+nGwlto= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1620834031391898.1872579434461; Wed, 12 May 2021 08:40:31 -0700 (PDT) Received: from localhost ([::1]:52246 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lgqyL-0003Wr-HC for importer@patchew.org; Wed, 12 May 2021 11:40:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50916) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lgqv2-0006Q1-FY for qemu-devel@nongnu.org; Wed, 12 May 2021 11:37:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:36081) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lgqv0-0003Zp-L7 for qemu-devel@nongnu.org; Wed, 12 May 2021 11:37:04 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-10-mburayS6Mja7J-1V5CqRew-1; Wed, 12 May 2021 11:37:00 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B9B6B189C44A for ; Wed, 12 May 2021 15:36:59 +0000 (UTC) Received: from localhost.redhat.com (ovpn-114-167.ams2.redhat.com [10.36.114.167]) by smtp.corp.redhat.com (Postfix) with ESMTP id 492CB6EF48; Wed, 12 May 2021 15:36:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620833822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1n3KODK3Ybt7IqzNcGCAD2DSDPe/IpshwjtaaPsS4XY=; b=YdUTUK2ezH3gAFuvF4tNmhfVqGwp7gWBtB5jF5PNSEaesn0Ci76Wqx+ZsBe8vW9X+h4v/p UrNqgdmnaSQyKsBskRXbtXSxc47kfTJkAxMDsTdJlro86Jmij6u8D+yZPULxKxyiqsosQo tzM0LctaU9IjKHRVpA8zIst755gA3tw= X-MC-Unique: mburayS6Mja7J-1V5CqRew-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v2 2/2] net/tap: fix error reporting when bridge helper forgets to send an FD Date: Wed, 12 May 2021 16:36:54 +0100 Message-Id: <20210512153654.1178035-3-berrange@redhat.com> In-Reply-To: <20210512153654.1178035-1-berrange@redhat.com> References: <20210512153654.1178035-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.7, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Connor Kuehl , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jason Wang , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) The recv_fd() method returns -1 on error, 0 on end of file, or an FD number on success. Technically 0 is also a valid FD number, so the return value is ambiguous. The caller doesn't even consider the possibility of 0 meaning end of file, so just blindly assume it is a valid FD. IOW if the bridge helper exits with 0 status code and forgets to send an FD, QEMU will accidentally try to use STDIN as a TAP FD. Fortunately we get an error shortly thereafter $ qemu-system-x86_64 -netdev bridge,br=3Dbr99,helper=3D/bin/true,id=3Dns0 qemu-system-x86_64: -netdev bridge,br=3Dbr99,helper=3D/bin/true,id=3Dns0: Unable to query TUNGETIFF on FD 0: Inappropriate ioctl for device It is better if we correctly diagnose this broken bridge helper though. To do this we need to return the FD in an output parameter to remove the ambiguity and then fix the caller to check for the end of file condition. With this done we now get $ qemu-system-x86_64 -netdev bridge,br=3Dbr99,helper=3D/bin/true,id=3Dns0 qemu-system-x86_64: -netdev bridge,br=3Dbr99,helper=3D/bin/true,id=3Dns0: bridge helper did not send a file descriptor Fixes: https://gitlab.com/qemu-project/qemu/-/issues/166 Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Connor Kuehl Signed-off-by: Daniel P. Berrang=C3=A9 --- net/tap.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/net/tap.c b/net/tap.c index 276a9077fc..92761546b7 100644 --- a/net/tap.c +++ b/net/tap.c @@ -450,9 +450,11 @@ static void launch_script(const char *setup_script, co= nst char *ifname, } } =20 -static int recv_fd(int c) +/* + * Returns: -1 on error, 0 on end of file, 1 if an FD was received + */ +static int recv_fd(int c, int *fd) { - int fd; uint8_t msgbuf[CMSG_SPACE(sizeof(fd))]; struct msghdr msg =3D { .msg_control =3D msgbuf, @@ -476,12 +478,12 @@ static int recv_fd(int c) msg.msg_iovlen =3D 1; =20 len =3D recvmsg(c, &msg, 0); - if (len > 0) { - memcpy(&fd, CMSG_DATA(cmsg), sizeof(fd)); - return fd; + if (len <=3D 0) { + return len; } =20 - return len; + memcpy(fd, CMSG_DATA(cmsg), sizeof(*fd)); + return 1; } =20 static int net_bridge_run_helper(const char *helper, const char *bridge, @@ -564,14 +566,15 @@ static int net_bridge_run_helper(const char *helper, = const char *bridge, _exit(1); =20 } else { - int fd; + int ret; + int fd =3D -1; int saved_errno; =20 close(sv[1]); =20 do { - fd =3D recv_fd(sv[0]); - } while (fd =3D=3D -1 && errno =3D=3D EINTR); + ret =3D recv_fd(sv[0], &fd); + } while (ret =3D=3D -1 && errno =3D=3D EINTR); saved_errno =3D errno; =20 close(sv[0]); @@ -580,7 +583,7 @@ static int net_bridge_run_helper(const char *helper, co= nst char *bridge, /* loop */ } sigprocmask(SIG_SETMASK, &oldmask, NULL); - if (fd < 0) { + if (ret < 0) { error_setg_errno(errp, saved_errno, "failed to recv file descriptor"); return -1; @@ -589,6 +592,17 @@ static int net_bridge_run_helper(const char *helper, c= onst char *bridge, error_setg(errp, "bridge helper failed"); return -1; } + + /* + * ret =3D=3D 0 means EOF, and if status =3D=3D 0 then helper + * exited cleanly but forgot to send us an FD. Oops... + */ + if (ret =3D=3D 0) { + error_setg(errp, + "bridge helper '%s' did not send a file descriptor", + helper); + return -1; + } return fd; } } --=20 2.31.1