[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1781280] Re: QEMU ignores all but the first control me

From: Jonas Schievink
Subject: [Qemu-devel] [Bug 1781280] Re: QEMU ignores all but the first control message sent over a Unix socket
Date: Tue, 17 Jul 2018 00:53:02 -0000

Fix has been committed as 1d3d1b23e1c8f52ec431ddaa8deea1322bc25cbf

** Changed in: qemu
       Status: New => Fix Committed

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

  QEMU ignores all but the first control message sent over a Unix socket

Status in QEMU:
  Fix Committed

Bug description:
  I've written a test program that sends both an SCM_CREDENTIALS and an
  SCM_RIGHTS cmsg in the same sendmsg call. On native x86-64, armv6 and
  armv7 Linux, this works as expected (the recvmsg receives both control
  messages). On QEMU (both qemu-x86_64 and qemu-arm), only the first
  message is received.

  I've traced the problem back to a glibc bug:

  This means that writing control messages into an uninitialized buffer
  makes CMSG_NXTHDR erroneously return NULL even though there's still
  space inside the allocated buffer. QEMU's logic inside
  `target_to_host_cmsg` is a bit questionable here, since it stops
  encoding cmsgs as soon as *either* the host or the target buffer
  reaches its end, so we lose the target's cmsgs when the host's buffer
  runs out. However, the host buffer should *never* reach its end before
  the target buffer does, so an assertion might be more useful there.
  Anyway, the actual fix for this bug is simply zeroing out the buffer
  created for the host. I've attached a patch doing that and verified
  that it fixes the issue.

  The test program I used can be found here: https://gist.github.com

To manage notifications about this bug go to:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]