| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
While it's no possible to inject swrap__close_nocancel() into
libc.so.6 directly, because it's no weak symbol, it seems to
be possible to inject it to other glibc libraries like
libpthread.so.0, which is better than nothing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
noop stubs
Applications with the need to call socket_wrapper_enabled() should link
against -lsocket_wrapper_noop in order to resolve the symbol at
link time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
swrap_remove_stale()
Except of closing the fd, both should do the same, even indicating a TCP
close in the pcap file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise we may deadlock with a backtrace like this:
swrap_accept():
...
SWRAP_LOCK_SI(si);
swrap_pcap_dump_packet() ->
write() ->
swrap_write() ->
SWRAP_LOCK_SI(si) -> abort()
This can happen if libc_open() called from swrap_pcap_get_fd()
return a stale fd. This may happen if glibc calls socket()
and closes it with __close_nocancel() instead of close().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
| |
For recvmsg() msg_control is a write only buffer, that is filled by the
kernel, but the kernel won't read from that buffer. So we shouldn't
read from (copy) it either.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
| |
We noticed the problem on 32 bit platforms and sending a single
application fd, the hidden pipe-fd doesn't fit into the padding
bytes. This can also happen on 64 bit platforms and an even number
of application fds.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
| |
Here the fds_out array is larger than the fds_in array, so we can
only copy the fds_in array using size_fds_in, leaving the last slot
of fds_out untouched, which is filled by fds_out[num_fds_in] = pipefd[0]
later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 0f8e90dd7e59c473be615dee08d445dca98fdab9
(src/socket_wrapper.c: fix mutex fork handling)
let us touch the whole sockets array on every fork,
because each element in the array has it's own mutex.
max_sockets=65535 * sizeof(struct socket_info_container)=592 = 38796720
This was designed for the use of robust shared mutexes
when moving the sockets array into a shared memory file.
Until we really move to shared memory, we can use a single
global mutex in order to avoid the copy on write leaking.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
There's no way to continue in a reliable way...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
accept()
This hopefully hides the strange behaviour of FreeBSD (at least 12.1)
for already disconnected AF_UNIX sockets.
The race is triggered when the following detects the usage of 'getpeername':
truss -o ./truss.out -f -H -a -e -D -s 160 ctest -V -R test_thread_echo_tcp_connect;
grep getpeername truss.out
In a simplified log the following is happening:
ECHO_SRV(parent): socket(PF_LOCAL,SOCK_STREAM,0) = 4 (0x4)
ECHO_SRV(parent): unlink("/tmp/w_E37bkf/T0A0007") ERR#2 'No such file or directory'
ECHO_SRV(parent): bind(4,{ AF_UNIX "/tmp/w_E37bkf/T0A0007" },106) = 0 (0x0)
ECHO_SRV(parent): listen(4,16) = 0 (0x0)
...
ECHO_SRV(parent): write(2,"SWRAP_ERROR[echo_srv (9792)] - swrap_accept: before accept(sa_socklen=106)\n",75) = 75 (0x4b)
ECHO_SRV(parent): accept4(0x4,0x7ffffffde158,0x7ffffffde150,0x0) = 5 (0x5)
ECHO_SRV(parent): write(2,"SWRAP_ERROR[echo_srv (9792)] - swrap_accept: after accept(sa_socklen=106, family=1)\n",84) = 84 (0x54)
ECHO_SRV(parent): getsockname(5,{ AF_UNIX "/tmp/w_E37bkf/T0A0007" },0x7ffffffde0c0) = 0 (0x0)
ECHO_SRV(parent): swrap_accept() returned a valid connection and a per connection child (pid=9793) handles it
TEST_THREAD: socket(PF_LOCAL,SOCK_STREAM,0) = 7 (0x7)
TEST_THREAD: bind(7,{ AF_UNIX "/tmp/w_E37bkf/T014D4F" },106) = 0 (0x0)
TEST_THREAD: connect(7,{ AF_UNIX "/tmp/w_E37bkf/T0A0007" },106) = 0 (0x0)
TEST_THREAD: close(7) = 0 (0x0)
ECHO_SRV(parent): wait4(-1,0x0,0x0,0x0) = 9793 (0x2641)
ECHO_SRV(parent): close(5) = 0 (0x0)
ECHO_SRV(parent): write(2,"SWRAP_ERROR[echo_srv (9792)] - swrap_accept: before accept(sa_socklen=106)\n",75) = 75 (0x4b)
ECHO_SRV(parent): accept4(0x4,0x7ffffffde158,0x7ffffffde150,0x0) = 5 (0x5)
TEST_THREAD: unlink("/tmp/w_E37bkf/T014D4F") = 0 (0x0)
ECHO_SRV(parent): write(2,"SWRAP_ERROR[echo_srv (9792)] - swrap_accept: after accept(sa_socklen=16, family=1)\n",83) = 83 (0x53)
ECHO_SRV(parent): getpeername(5,0x7ffffffde158,0x7ffffffde150) ERR#57 'Socket is not connected'
ECHO_SRV(parent): getsockname(5,{ AF_UNIX "/tmp/w_E37bkf/T0A0007" },0x7ffffffde0c0) = 0 (0x0)
ECHO_SRV(parent): getpeername(5,0x7ffffffde158,0x7ffffffde150) ERR#57 'Socket is not connected'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
disconnected sockets
Callers of accept() expect to get ECONNABORTED instead of a disconnected
socket.
Even on Linux we have a potential race calling libc_getsockname()
after accept(), so we map ENOTCONN to ECONNABORTED.
We should do all syscalls in order to have peer and sockname, before
doing in memory things like calling sockaddr_convert_from_un().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We only allow passing up to 6 fds in a single sendmsg call,
in order to keep the logic simple.
That's more than enough for Samba's use of fd-passing,
there we only pass a single fd and the fd will be
closed in the sender on success. It means it's ok
to keep the socket_info.io.pck_{snd,rcv} fields per process
and the PCAP generation will still work as expected.
If these constraints turn out to be a problem for other applications,
we need to change to a more complex design and move the socket_info array
into a shared memory file and use shared robust mutexes.
But for now we just want to support multi-channel testing in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11899
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
| |
cleanup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
| |
With fd-passing we'll have to modify the content of it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
| |
In order to implement fd-passing of socket_wrapper simulated sockets
we need to modify the msghdr structures from the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
| |
These are only valid on unix domain sockets and ignored otherwise (at
least on Linux).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
| |
Check for msg_controllen and msg_control data members from msghdr
structure needs to be validated on the received omsg pointer rather
than on newly created msghdr struture inside the wrapper.
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to use pthread_mutex_init in the child handler...
See https://sourceware.org/bugzilla/show_bug.cgi?id=2745
Valgrind tools like helgrind and drd don't understand this
(at least in 3.15.0), they require a pthread_mutex_unlock()
in the child in order work.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
pthread_once()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
| |
constructor/destructor if possible
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
explicitly
They are used to ask for the number of unacked bytes in the send queue,
with AF_UNIX sockets get strange result, on linux 5.3 I get more bytes
reported than I sent into the socket. All bytes reach the destination
directly, so we can just always report 0 unacked bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f317ebcdcdd626ed9e06de2eb60031306994c803)
|
| |
|
|
|
|
|
|
|
|
|
| |
We should only dereference the va args when the kernel already checked
they are valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c95b7cb1d7b9348472276edceff71889aa676d25)
|
| |
|
|
|
|
|
|
|
|
| |
This just implements a few basics, which are required by Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 300de6e099ea82ee5361918de8c3abb389e0782d)
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of failing when the path returned by realpath(3) is too long,
if SOCKET_WRAPPER_DIR_ALLOW_ORIG is set then fall back to the
original value. If this original path is too long or something else
fails then abort.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the socket wrapper directory path is too long to allow reliable
construction of the required Unix domain socket paths then
convert_in_un_alloc() can return ENFILE if paths are truncated in
unfortunate ways. This can be very hard to debug since, for example,
bind(2) should never return ENFILE.
Instead, abort if the path returned by realpath(3) is unusable.
The code structure is slightly weird but this accommodates an
additional change.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
| |
These include overflow checks but the results of the checks are not
yet used.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
If SOCKET_WRAPPER_DIR is set the intention is to use socket wrapper.
Returning NULL means socket wrapper is disabled. The only sure way to
avoid running without socket wrapper is to abort.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
supports it"
This reverts commit 300de6e099ea82ee5361918de8c3abb389e0782d.
This got merged automatically by gitlab without review.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit c95b7cb1d7b9348472276edceff71889aa676d25.
This got merged automatically by gitlab without review.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
SIOCOUTQ/TIOCOUTQ/FIONWRITE explicitly"
This reverts commit f317ebcdcdd626ed9e06de2eb60031306994c803.
This got merged automatically by gitlab without review.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
explicitly
They are used to ask for the number of unacked bytes in the send queue,
with AF_UNIX sockets get strange result, on linux 5.3 I get more bytes
reported than I sent into the socket. All bytes reach the destination
directly, so we can just always report 0 unacked bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
| |
We should only dereference the va args when the kernel already checked
they are valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
This just implements a few basics, which are required by Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
| |
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this 10.53.57.XX/8 addresses are used instead of
127.0.0.XX/8. Note the broadcast address is 127.255.255.255
or 10.255.255.255 (and not 10.53.57.255!).
Some applications, e.g. Samba have some special behavior for
loopback addresses.
This allows more realistic tests and triggers the more common
code paths.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
| |
This makes it easier to implement SOCKET_WRAPPER_IPV4_NETWORK in
the next step.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
|
|
|
| |
Maybe that's not FreeBSD only, but at least this fixes the interaction
of resolv_wrapper and socket_wrapper on FreeBSD 12.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
