public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg()
@ 2021-09-18 7:08 yi.zhao at windriver dot com
2021-09-22 7:26 ` [Bug libc/28350] ping receives " yi.zhao at windriver dot com
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: yi.zhao at windriver dot com @ 2021-09-18 7:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Bug ID: 28350
Summary: ping SIGABRT on lib32-qemux86-64 caused by recvmsg()
Product: glibc
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: yi.zhao at windriver dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
The ping received signal SIGABRT on lib32-qemux86-64 or lib32-qemuarm64 (64bit
kernel + 32bit lib) with glibc 2.34.
Kernel: 5.10
Glibc: 2.34
ping: iputils-20210722
root@qemux86-64:~# uname -a
Linux qemux86-64 5.10.53-yocto-standard #1 SMP PREEMPT Sun Jul 25 15:15:01 UTC
2021 x86_64 x86_64 x86_64 GNU/Linux
root@qemux86-64:~#
root@qemux86-64:~# iptables -F
root@qemux86-64:~# iptables -A INPUT -p icmp --icmp-type 8 -j REJECT
root@qemux86-64:~# ping -c1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
Aborted
root@qemux86-64:~#
On glibc 2.33, it works well:
root@qemux86-64:~# iptables -F
root@qemux86-64:~# iptables -A INPUT -p icmp --icmp-type 8 -j REJECT
root@qemux86-64:~# ping -c1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
>From 127.0.0.1 icmp_seq=1 Destination Port Unreachable
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
This issue is introduced by glibc commit
13c51549e2077f2f3bf84e8fd0b46d8b0c615912:
commit 13c51549e2077f2f3bf84e8fd0b46d8b0c615912
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon Sep 7 17:08:46 2020 -0300
linux: Add fallback for 64-bit time_t SO_TIMESTAMP{NS}
Here are some gdb outputs:
$ gdb ping
Reading symbols from ping...
Reading symbols from /bin/.debug/ping.iputils...
(gdb) set args -c1 127.0.0.1
(gdb) b ping4_receive_error_msg
Breakpoint 1 at 0x5ae0: file ../git/ping/ping.c, line 1293.
(gdb) r
Starting program: /bin/ping -c1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
Breakpoint 1, ping4_receive_error_msg (rts=0xffffaa20, sock=0xffffa9f0) at
../git/ping/ping.c:1293
1293 {
(gdb) n
1304 int saved_errno = errno;
(gdb) n
1306 iov.iov_base = &icmph;
(gdb) p saved_errno
$1 = 111
(gdb) n
1308 msg.msg_name = (void *)⌖
(gdb)
1310 msg.msg_iov = &iov;
(gdb)
1312 msg.msg_flags = 0;
(gdb)
1313 msg.msg_control = cbuf;
(gdb)
1314 msg.msg_controllen = sizeof(cbuf);
(gdb)
1316 res = recvmsg(sock->fd, &msg, MSG_ERRQUEUE | MSG_DONTWAIT);
(gdb) s
__libc_recvmsg (fd=3, msg=0xffff9120, flags=8256) at
../sysdeps/unix/sysv/linux/recvmsg.c:25
25 {
(gdb) n
28 socklen_t orig_controllen = msg != NULL ? msg->msg_controllen : 0;
(gdb) p *msg
$2 = {msg_name = 0xffff913c, msg_namelen = 16, msg_iov = 0xffff9110, msg_iovlen
= 1, msg_control = 0xffff914c, msg_controllen = 512, msg_flags = 0}
(gdb) n
34 r = SOCKETCALL_CANCEL (recvmsg, fd, msg, flags);
(gdb) n
38 if (r >= 0 && orig_controllen != 0)
(gdb) n
39 __convert_scm_timestamps (msg, orig_controllen);
(gdb) p *msg
$3 = {msg_name = 0xffff913c, msg_namelen = 16, msg_iov = 0xffff9110, msg_iovlen
= 1, msg_control = 0xffff914c, msg_controllen = 64, msg_flags = 8224}
(gdb) n
42 return r;
(gdb) p *msg
$4 = {msg_name = 0xffff913c, msg_namelen = 16, msg_iov = 0xffff9110, msg_iovlen
= 1, msg_control = 0xffff914c, msg_controllen = 92, msg_flags = 8224}
(gdb) n
ping4_receive_error_msg (rts=0xffffaa20, sock=0xffffa9f0) at
../git/ping/ping.c:1317
1317 if (res < 0) {
(gdb) p res
$5 = 8
(gdb) n
1324 for (cmsgh = CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =
CMSG_NXTHDR(&msg, cmsgh)) {
(gdb) n
1325 if (cmsgh->cmsg_level == SOL_IP) {
(gdb) p *cmsgh
$6 = {cmsg_len = 20, cmsg_level = 1, cmsg_type = 29, __cmsg_data = 0xffff9158
"]\212EaG@\016"}
(gdb) n
1324 for (cmsgh = CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =
CMSG_NXTHDR(&msg, cmsgh)) {
(gdb) n
1325 if (cmsgh->cmsg_level == SOL_IP) {
(gdb) p *cmsgh
$7 = {cmsg_len = 28, cmsg_level = 1, cmsg_type = 63, __cmsg_data = 0xffff916c
"]\212Ea"}
(gdb) n
1324 for (cmsgh = CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =
CMSG_NXTHDR(&msg, cmsgh)) {
(gdb) n
1325 if (cmsgh->cmsg_level == SOL_IP) {
(gdb) p *cmsgh
$8 = {cmsg_len = 2, cmsg_level = 16777343, cmsg_type = 0, __cmsg_data =
0xffff9188 ""}
(gdb) n
1324 for (cmsgh = CMSG_FIRSTHDR(&msg); cmsgh; cmsgh =
CMSG_NXTHDR(&msg, cmsgh)) {
(gdb) n
1330 if (e == NULL)
(gdb) n
1331 abort();
(gdb) n
Program received signal SIGABRT, Aborted.
0xf7fc9549 in __kernel_vsyscall ()
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
@ 2021-09-22 7:26 ` yi.zhao at windriver dot com
2021-09-22 10:20 ` fweimer at redhat dot com
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: yi.zhao at windriver dot com @ 2021-09-22 7:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Yi Zhao <yi.zhao at windriver dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ping SIGABRT on |ping receives SIGABRT on
|lib32-qemux86-64 caused by |lib32-qemux86-64 caused by
|recvmsg() |recvmsg()
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
2021-09-22 7:26 ` [Bug libc/28350] ping receives " yi.zhao at windriver dot com
@ 2021-09-22 10:20 ` fweimer at redhat dot com
2021-09-22 13:02 ` sam at gentoo dot org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: fweimer at redhat dot com @ 2021-09-22 10:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://github.com/systemd/
| |systemd/issues/20741
Flags| |security-
CC| |fweimer at redhat dot com
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
We need to disable recvmsg time64 emulation for time32 calls, it causes too
many issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
2021-09-22 7:26 ` [Bug libc/28350] ping receives " yi.zhao at windriver dot com
2021-09-22 10:20 ` fweimer at redhat dot com
@ 2021-09-22 13:02 ` sam at gentoo dot org
2021-09-22 13:02 ` sam at gentoo dot org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: sam at gentoo dot org @ 2021-09-22 13:02 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
` (2 preceding siblings ...)
2021-09-22 13:02 ` sam at gentoo dot org
@ 2021-09-22 13:02 ` sam at gentoo dot org
2021-09-27 18:15 ` adhemerval.zanella at linaro dot org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: sam at gentoo dot org @ 2021-09-22 13:02 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dilfridge at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
` (3 preceding siblings ...)
2021-09-22 13:02 ` sam at gentoo dot org
@ 2021-09-27 18:15 ` adhemerval.zanella at linaro dot org
2021-12-22 18:39 ` adhemerval.zanella at linaro dot org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2021-09-27 18:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adhemerval.zanella at linaro dot o
| |rg
--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
(In reply to Florian Weimer from comment #1)
> We need to disable recvmsg time64 emulation for time32 calls, it causes too
> many issues.
I don't think we need to resort on this change, the issue is in fact that
__convert_scm_timestamps does not correctly update the last cmsg. With the
following patch it fixes the regression:
diff --git a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
index 00c934c413..4da2c60799 100644
--- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
+++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
@@ -55,7 +55,10 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t
msgsize)
cmsg = CMSG_NXTHDR (msg, cmsg))
{
if (cmsg->cmsg_level != SOL_SOCKET)
- continue;
+ {
+ last = cmsg;
+ continue;
+ }
switch (cmsg->cmsg_type)
{
I will work on a patch along with a testcase.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
` (4 preceding siblings ...)
2021-09-27 18:15 ` adhemerval.zanella at linaro dot org
@ 2021-12-22 18:39 ` adhemerval.zanella at linaro dot org
2022-01-12 13:30 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2021-12-22 18:39 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |adhemerval.zanella at linaro dot o
| |rg
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
` (5 preceding siblings ...)
2021-12-22 18:39 ` adhemerval.zanella at linaro dot org
@ 2022-01-12 13:30 ` cvs-commit at gcc dot gnu.org
2022-01-12 13:40 ` cvs-commit at gcc dot gnu.org
2022-01-28 21:21 ` adhemerval.zanella at linaro dot org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-01-12 13:30 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Adhemerval Zanella
<azanella@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21e0f45c7d73df6fe30c77ffcc9f81410e2ee369
commit 21e0f45c7d73df6fe30c77ffcc9f81410e2ee369
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon Sep 27 16:07:08 2021 -0300
linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ
#28350)
The __convert_scm_timestamps() only updates the control message last
pointer for SOL_SOCKET type, so if the message control buffer contains
multiple ancillary message types the converted timestamp one might
overwrite a valid message.
The test check if the extra ancillary space is correctly handled
by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
time_t converted message the control buffer should be marked with
MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
ancillary data.
Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
4.15 kernel.
Co-authored-by: Fabian Vogt <fvogt@suse.de>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
` (6 preceding siblings ...)
2022-01-12 13:30 ` cvs-commit at gcc dot gnu.org
@ 2022-01-12 13:40 ` cvs-commit at gcc dot gnu.org
2022-01-28 21:21 ` adhemerval.zanella at linaro dot org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-01-12 13:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Adhemerval Zanella
<azanella@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=572e0c855495bfbcd2323584a243430e6b7c8bb3
commit 572e0c855495bfbcd2323584a243430e6b7c8bb3
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed Jan 12 10:35:06 2022 -0300
Revert "linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349,
BZ #28350)"
This reverts commit 21e0f45c7d73df6fe30c77ffcc9f81410e2ee369.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libc/28350] ping receives SIGABRT on lib32-qemux86-64 caused by recvmsg()
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
` (7 preceding siblings ...)
2022-01-12 13:40 ` cvs-commit at gcc dot gnu.org
@ 2022-01-28 21:21 ` adhemerval.zanella at linaro dot org
8 siblings, 0 replies; 10+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2022-01-28 21:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28350
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Target Milestone|--- |2.35
Resolution|--- |FIXED
--- Comment #5 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Fixed on 2.35.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-01-28 21:21 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-18 7:08 [Bug libc/28350] New: ping SIGABRT on lib32-qemux86-64 caused by recvmsg() yi.zhao at windriver dot com
2021-09-22 7:26 ` [Bug libc/28350] ping receives " yi.zhao at windriver dot com
2021-09-22 10:20 ` fweimer at redhat dot com
2021-09-22 13:02 ` sam at gentoo dot org
2021-09-22 13:02 ` sam at gentoo dot org
2021-09-27 18:15 ` adhemerval.zanella at linaro dot org
2021-12-22 18:39 ` adhemerval.zanella at linaro dot org
2022-01-12 13:30 ` cvs-commit at gcc dot gnu.org
2022-01-12 13:40 ` cvs-commit at gcc dot gnu.org
2022-01-28 21:21 ` adhemerval.zanella at linaro dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).