[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1781280] Re: QEMU ignores all but the first control me
[Qemu-devel] [Bug 1781280] Re: QEMU ignores all but the first control message sent over a Unix socket
Tue, 17 Jul 2018 00:53:02 -0000
Fix has been committed as 1d3d1b23e1c8f52ec431ddaa8deea1322bc25cbf
** Changed in: qemu
Status: New => Fix Committed
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
QEMU ignores all but the first control message sent over a Unix socket
Status in QEMU:
I've written a test program that sends both an SCM_CREDENTIALS and an
SCM_RIGHTS cmsg in the same sendmsg call. On native x86-64, armv6 and
armv7 Linux, this works as expected (the recvmsg receives both control
messages). On QEMU (both qemu-x86_64 and qemu-arm), only the first
message is received.
I've traced the problem back to a glibc bug:
This means that writing control messages into an uninitialized buffer
makes CMSG_NXTHDR erroneously return NULL even though there's still
space inside the allocated buffer. QEMU's logic inside
`target_to_host_cmsg` is a bit questionable here, since it stops
encoding cmsgs as soon as *either* the host or the target buffer
reaches its end, so we lose the target's cmsgs when the host's buffer
runs out. However, the host buffer should *never* reach its end before
the target buffer does, so an assertion might be more useful there.
Anyway, the actual fix for this bug is simply zeroing out the buffer
created for the host. I've attached a patch doing that and verified
that it fixes the issue.
The test program I used can be found here: https://gist.github.com
To manage notifications about this bug go to: