[v5,2/3] linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350)
Checks
| Context |
Check |
Description |
| dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
Commit Message
The __convert_scm_timestamps only updates the control message last
pointer for SOL_SOCKET type, so if the message control buffer contains
multiple ancillary message types the converted timestamp one might
overwrite a valid message.
The test checks if the extra ancillary space is correctly handled
by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
time_t converted message the control buffer should be marked with
MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
ancillary data.
Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
4.15 kernel.
Co-authored-by: Fabian Vogt <fvogt@suse.de>
---
sysdeps/unix/sysv/linux/Makefile | 3 +
.../unix/sysv/linux/convert_scm_timestamps.c | 14 +-
.../sysv/linux/tst-socket-timestamp-time64.c | 1 +
.../unix/sysv/linux/tst-socket-timestamp.c | 338 ++++++++++++++++++
4 files changed, 350 insertions(+), 6 deletions(-)
create mode 100644 sysdeps/unix/sysv/linux/tst-socket-timestamp-time64.c
create mode 100644 sysdeps/unix/sysv/linux/tst-socket-timestamp.c
Comments
* Adhemerval Zanella:
> + /* If there is no timestamp in the ancillary data, recvmsg should set
> + the flag to indicate it. */
I think this comment is outdated. The rest looks okay to me.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Thanks,
Florian
On 28/01/2022 10:22, Florian Weimer wrote:
> * Adhemerval Zanella:
>
>> + /* If there is no timestamp in the ancillary data, recvmsg should set
>> + the flag to indicate it. */
>
> I think this comment is outdated. The rest looks okay to me.
Indeed, I though I had removed all the outdated comments.
>
> Reviewed-by: Florian Weimer <fweimer@redhat.com>
Thanks.
>
> Thanks,
> Florian
>
The 01/27/2022 17:15, Adhemerval Zanella via Libc-alpha wrote:
> The __convert_scm_timestamps only updates the control message last
> pointer for SOL_SOCKET type, so if the message control buffer contains
> multiple ancillary message types the converted timestamp one might
> overwrite a valid message.
>
> The test checks if the extra ancillary space is correctly handled
> by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
> time_t converted message the control buffer should be marked with
> MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
> ancillary data.
>
> Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
> 4.15 kernel.
>
> Co-authored-by: Fabian Vogt <fvogt@suse.de>
note: the time64 recvmsg test started to fail on 32bit
arm after i updated my aarch64 kernel to 5.18
FAIL: socket/tst-socket-timestamp-time64
../sysdeps/unix/sysv/linux/tst-socket-timestamp.c:136: numeric comparison failure
left: 0 (0x0); from: timestamp
right: 1 (0x1); from: exp_timestamp
> +static void
> +do_recvmsg_slack_ancillary (bool use_multi_call, int s, void *cmsg,
> + size_t slack, size_t tsize, int exp_payload)
> +{
> + int payload;
> + struct iovec iov =
> + {
> + .iov_base = &payload,
> + .iov_len = sizeof (payload)
> + };
> + size_t msg_controllen = CMSG_SPACE (tsize) + slack;
> + char *msg_control = cmsg - msg_controllen;
> + memset (msg_control, 0x55, msg_controllen);
> + struct mmsghdr mmhdr =
> + {
> + .msg_hdr =
> + {
> + .msg_name = NULL,
> + .msg_namelen = 0,
> + .msg_iov = &iov,
> + .msg_iovlen = 1,
> + .msg_control = msg_control,
> + .msg_controllen = msg_controllen
> + },
> + };
> +
> + int r;
> + if (use_multi_call)
> + {
> + r = recvmmsg (s, &mmhdr, 1, 0, NULL);
> + if (r >= 0)
> + r = mmhdr.msg_len;
> + }
> + else
> + r = recvmsg (s, &mmhdr.msg_hdr, 0);
> + TEST_COMPARE (r, sizeof (int));
> + TEST_COMPARE (payload, exp_payload);
> +
> + if (cmsg == NULL)
> + return;
> +
> + /* A timestamp is expected if 32-bit timestamp are used (support in every
> + configuration) or if underlying kernel support 64-bit timestamps.
> + Otherwise recvmsg will need extra space do add the 64-bit timestamp. */
> + bool exp_timestamp;
> + if (sizeof (time_t) == 4 || support_64_timestamp)
> + exp_timestamp = true;
> + else
> + exp_timestamp = slack >= CMSG_SPACE (tsize);
> +
> + bool timestamp = false;
> + for (struct cmsghdr *cmsg = CMSG_FIRSTHDR (&mmhdr.msg_hdr);
> + cmsg != NULL;
> + cmsg = CMSG_NXTHDR (&mmhdr.msg_hdr, cmsg))
> + {
> + if (cmsg->cmsg_level != SOL_SOCKET)
> + continue;
> + if (cmsg->cmsg_type == SCM_TIMESTAMP
> + && cmsg->cmsg_len == CMSG_LEN (sizeof (struct timeval)))
in strace i see
recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\0\0\0", iov_len=4}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_TIMESTAMP, cmsg_data={tv_sec=1664533412, tv_usec=56794}}], msg_controllen=20, msg_flags=0}, 0) = 4
i.e. cmsg->cmsg_len == 20, but CMSG_LEN (sizeof (struct timeval)) is 28.
in the loop sometimes i also see a second cmsg where
cmsg->cmsg_type == SO_TIMESTAMP_NEW and cmsg->cmsg_len == 28,
but then the type does not match.
same behaviour with recvmmsg_time64 (but my strace is too
old to show that).
not sure how to debug this further.
> + {
> + struct timeval tv;
> + memcpy (&tv, CMSG_DATA (cmsg), sizeof (tv));
> + if (test_verbose)
> + printf ("SCM_TIMESTAMP: {%jd, %jd}\n", (intmax_t)tv.tv_sec,
> + (intmax_t)tv.tv_usec);
> + timestamp = true;
> + }
> + else if (cmsg->cmsg_type == SCM_TIMESTAMPNS
> + && cmsg->cmsg_len == CMSG_LEN (sizeof (struct timespec)))
> + {
> + struct timespec ts;
> + memcpy (&ts, CMSG_DATA (cmsg), sizeof (ts));
> + if (test_verbose)
> + printf ("SCM_TIMESTAMPNS: {%jd, %jd}\n", (intmax_t)ts.tv_sec,
> + (intmax_t)ts.tv_nsec);
> + timestamp = true;
> + }
> + }
> +
> + TEST_COMPARE (timestamp, exp_timestamp);
this fails with false != true.
The 09/30/2022 11:47, Szabolcs Nagy via Libc-alpha wrote:
> The 01/27/2022 17:15, Adhemerval Zanella via Libc-alpha wrote:
> > The __convert_scm_timestamps only updates the control message last
> > pointer for SOL_SOCKET type, so if the message control buffer contains
> > multiple ancillary message types the converted timestamp one might
> > overwrite a valid message.
> >
> > The test checks if the extra ancillary space is correctly handled
> > by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
> > time_t converted message the control buffer should be marked with
> > MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
> > ancillary data.
> >
> > Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
> > 4.15 kernel.
> >
> > Co-authored-by: Fabian Vogt <fvogt@suse.de>
>
> note: the time64 recvmsg test started to fail on 32bit
> arm after i updated my aarch64 kernel to 5.18
sorry the kernel is
Linux 8a7948402d35 5.15.0-48-generic #54~20.04.1-Ubuntu SMP Thu Sep 1 16:20:53 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
>
> FAIL: socket/tst-socket-timestamp-time64
>
> ../sysdeps/unix/sysv/linux/tst-socket-timestamp.c:136: numeric comparison failure
> left: 0 (0x0); from: timestamp
> right: 1 (0x1); from: exp_timestamp
>
>
> > +static void
> > +do_recvmsg_slack_ancillary (bool use_multi_call, int s, void *cmsg,
> > + size_t slack, size_t tsize, int exp_payload)
> > +{
> > + int payload;
> > + struct iovec iov =
> > + {
> > + .iov_base = &payload,
> > + .iov_len = sizeof (payload)
> > + };
> > + size_t msg_controllen = CMSG_SPACE (tsize) + slack;
> > + char *msg_control = cmsg - msg_controllen;
> > + memset (msg_control, 0x55, msg_controllen);
> > + struct mmsghdr mmhdr =
> > + {
> > + .msg_hdr =
> > + {
> > + .msg_name = NULL,
> > + .msg_namelen = 0,
> > + .msg_iov = &iov,
> > + .msg_iovlen = 1,
> > + .msg_control = msg_control,
> > + .msg_controllen = msg_controllen
> > + },
> > + };
> > +
> > + int r;
> > + if (use_multi_call)
> > + {
> > + r = recvmmsg (s, &mmhdr, 1, 0, NULL);
> > + if (r >= 0)
> > + r = mmhdr.msg_len;
> > + }
> > + else
> > + r = recvmsg (s, &mmhdr.msg_hdr, 0);
> > + TEST_COMPARE (r, sizeof (int));
> > + TEST_COMPARE (payload, exp_payload);
> > +
> > + if (cmsg == NULL)
> > + return;
> > +
> > + /* A timestamp is expected if 32-bit timestamp are used (support in every
> > + configuration) or if underlying kernel support 64-bit timestamps.
> > + Otherwise recvmsg will need extra space do add the 64-bit timestamp. */
> > + bool exp_timestamp;
> > + if (sizeof (time_t) == 4 || support_64_timestamp)
> > + exp_timestamp = true;
> > + else
> > + exp_timestamp = slack >= CMSG_SPACE (tsize);
> > +
> > + bool timestamp = false;
> > + for (struct cmsghdr *cmsg = CMSG_FIRSTHDR (&mmhdr.msg_hdr);
> > + cmsg != NULL;
> > + cmsg = CMSG_NXTHDR (&mmhdr.msg_hdr, cmsg))
> > + {
> > + if (cmsg->cmsg_level != SOL_SOCKET)
> > + continue;
> > + if (cmsg->cmsg_type == SCM_TIMESTAMP
> > + && cmsg->cmsg_len == CMSG_LEN (sizeof (struct timeval)))
>
>
> in strace i see
>
> recvmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\0\0\0", iov_len=4}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_TIMESTAMP, cmsg_data={tv_sec=1664533412, tv_usec=56794}}], msg_controllen=20, msg_flags=0}, 0) = 4
>
> i.e. cmsg->cmsg_len == 20, but CMSG_LEN (sizeof (struct timeval)) is 28.
>
> in the loop sometimes i also see a second cmsg where
> cmsg->cmsg_type == SO_TIMESTAMP_NEW and cmsg->cmsg_len == 28,
> but then the type does not match.
>
> same behaviour with recvmmsg_time64 (but my strace is too
> old to show that).
>
> not sure how to debug this further.
>
> > + {
> > + struct timeval tv;
> > + memcpy (&tv, CMSG_DATA (cmsg), sizeof (tv));
> > + if (test_verbose)
> > + printf ("SCM_TIMESTAMP: {%jd, %jd}\n", (intmax_t)tv.tv_sec,
> > + (intmax_t)tv.tv_usec);
> > + timestamp = true;
> > + }
> > + else if (cmsg->cmsg_type == SCM_TIMESTAMPNS
> > + && cmsg->cmsg_len == CMSG_LEN (sizeof (struct timespec)))
> > + {
> > + struct timespec ts;
> > + memcpy (&ts, CMSG_DATA (cmsg), sizeof (ts));
> > + if (test_verbose)
> > + printf ("SCM_TIMESTAMPNS: {%jd, %jd}\n", (intmax_t)ts.tv_sec,
> > + (intmax_t)ts.tv_nsec);
> > + timestamp = true;
> > + }
> > + }
> > +
> > + TEST_COMPARE (timestamp, exp_timestamp);
>
> this fails with false != true.
On 30/09/22 08:05, Szabolcs Nagy wrote:
> The 09/30/2022 11:47, Szabolcs Nagy via Libc-alpha wrote:
>> The 01/27/2022 17:15, Adhemerval Zanella via Libc-alpha wrote:
>>> The __convert_scm_timestamps only updates the control message last
>>> pointer for SOL_SOCKET type, so if the message control buffer contains
>>> multiple ancillary message types the converted timestamp one might
>>> overwrite a valid message.
>>>
>>> The test checks if the extra ancillary space is correctly handled
>>> by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
>>> time_t converted message the control buffer should be marked with
>>> MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
>>> ancillary data.
>>>
>>> Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
>>> 4.15 kernel.
>>>
>>> Co-authored-by: Fabian Vogt <fvogt@suse.de>
>>
>> note: the time64 recvmsg test started to fail on 32bit
>> arm after i updated my aarch64 kernel to 5.18
>
> sorry the kernel is
> Linux 8a7948402d35 5.15.0-48-generic #54~20.04.1-Ubuntu SMP Thu Sep 1 16:20:53 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
I just check on exactly same kernel (ubuntu 22) on a aarch64 VM and I could not
reproduce it:
$ uname -a
Linux ubuntu-aarch64 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:31:33 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
$ file socket/tst-socket-timestamp
socket/tst-socket-timestamp: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, with debug_info, not stripped
$ file socket/tst-socket-timestamp-time64
socket/tst-socket-timestamp-time64: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, with debug_info, not stripped
$ ./testrun.sh socket/tst-socket-timestamp
$ ./testrun.sh socket/tst-socket-timestamp-time64
$
I used gcc 12.1.1, maybe it is a compiler issue?
The 09/30/2022 08:24, Adhemerval Zanella Netto wrote:
> On 30/09/22 08:05, Szabolcs Nagy wrote:
> > The 09/30/2022 11:47, Szabolcs Nagy via Libc-alpha wrote:
> >> The 01/27/2022 17:15, Adhemerval Zanella via Libc-alpha wrote:
> >>> The __convert_scm_timestamps only updates the control message last
> >>> pointer for SOL_SOCKET type, so if the message control buffer contains
> >>> multiple ancillary message types the converted timestamp one might
> >>> overwrite a valid message.
> >>>
> >>> The test checks if the extra ancillary space is correctly handled
> >>> by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
> >>> time_t converted message the control buffer should be marked with
> >>> MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
> >>> ancillary data.
> >>>
> >>> Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
> >>> 4.15 kernel.
> >>>
> >>> Co-authored-by: Fabian Vogt <fvogt@suse.de>
> >>
> >> note: the time64 recvmsg test started to fail on 32bit
> >> arm after i updated my aarch64 kernel to 5.18
> >
> > sorry the kernel is
> > Linux 8a7948402d35 5.15.0-48-generic #54~20.04.1-Ubuntu SMP Thu Sep 1 16:20:53 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
>
> I just check on exactly same kernel (ubuntu 22) on a aarch64 VM and I could not
> reproduce it:
>
> $ uname -a
> Linux ubuntu-aarch64 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:31:33 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
> $ file socket/tst-socket-timestamp
> socket/tst-socket-timestamp: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, with debug_info, not stripped
> $ file socket/tst-socket-timestamp-time64
> socket/tst-socket-timestamp-time64: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, with debug_info, not stripped
> $ ./testrun.sh socket/tst-socket-timestamp
> $ ./testrun.sh socket/tst-socket-timestamp-time64
> $
>
> I used gcc 12.1.1, maybe it is a compiler issue?
sorry it was my fault: old kernel headers.
On 30/09/22 09:31, Szabolcs Nagy wrote:
> The 09/30/2022 08:24, Adhemerval Zanella Netto wrote:
>> On 30/09/22 08:05, Szabolcs Nagy wrote:
>>> The 09/30/2022 11:47, Szabolcs Nagy via Libc-alpha wrote:
>>>> The 01/27/2022 17:15, Adhemerval Zanella via Libc-alpha wrote:
>>>>> The __convert_scm_timestamps only updates the control message last
>>>>> pointer for SOL_SOCKET type, so if the message control buffer contains
>>>>> multiple ancillary message types the converted timestamp one might
>>>>> overwrite a valid message.
>>>>>
>>>>> The test checks if the extra ancillary space is correctly handled
>>>>> by recvmsg/recvmmsg, where if there is no extra space for the 64-bit
>>>>> time_t converted message the control buffer should be marked with
>>>>> MSG_TRUNC. It also check if recvmsg/recvmmsg handle correctly multiple
>>>>> ancillary data.
>>>>>
>>>>> Checked on x86_64-linux and on i686-linux-gnu on both 5.11 and
>>>>> 4.15 kernel.
>>>>>
>>>>> Co-authored-by: Fabian Vogt <fvogt@suse.de>
>>>>
>>>> note: the time64 recvmsg test started to fail on 32bit
>>>> arm after i updated my aarch64 kernel to 5.18
>>>
>>> sorry the kernel is
>>> Linux 8a7948402d35 5.15.0-48-generic #54~20.04.1-Ubuntu SMP Thu Sep 1 16:20:53 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
>>
>> I just check on exactly same kernel (ubuntu 22) on a aarch64 VM and I could not
>> reproduce it:
>>
>> $ uname -a
>> Linux ubuntu-aarch64 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:31:33 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
>> $ file socket/tst-socket-timestamp
>> socket/tst-socket-timestamp: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, with debug_info, not stripped
>> $ file socket/tst-socket-timestamp-time64
>> socket/tst-socket-timestamp-time64: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 3.2.0, with debug_info, not stripped
>> $ ./testrun.sh socket/tst-socket-timestamp
>> $ ./testrun.sh socket/tst-socket-timestamp-time64
>> $
>>
>> I used gcc 12.1.1, maybe it is a compiler issue?
>
> sorry it was my fault: old kernel headers.
Right, but I am puzzled since it should not matter (at least glibc should handle it).
What was miscompiled due wrong kernel header?
On Fri, Sep 30, 2022, at 2:51 PM, Adhemerval Zanella Netto via Libc-alpha wrote:
> On 30/09/22 09:31, Szabolcs Nagy wrote:
>>>
>>> I used gcc 12.1.1, maybe it is a compiler issue?
>>
>> sorry it was my fault: old kernel headers.
>
> Right, but I am puzzled since it should not matter (at least glibc
> should handle it).
> What was miscompiled due wrong kernel header?
Using SIOCGSTAMP/SIOCGSTAMPNS wtih 64-bit time_t requires kernel
headers after this 2019 commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0768e17073dc52
Arnd
On 30/09/22 10:09, Arnd Bergmann wrote:
> On Fri, Sep 30, 2022, at 2:51 PM, Adhemerval Zanella Netto via Libc-alpha wrote:
>> On 30/09/22 09:31, Szabolcs Nagy wrote:
>>>>
>>>> I used gcc 12.1.1, maybe it is a compiler issue?
>>>
>>> sorry it was my fault: old kernel headers.
>>
>> Right, but I am puzzled since it should not matter (at least glibc
>> should handle it).
>> What was miscompiled due wrong kernel header?
>
> Using SIOCGSTAMP/SIOCGSTAMPNS wtih 64-bit time_t requires kernel
> headers after this 2019 commit:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0768e17073dc52
>
> Arnd
But glibc does not use these definition internally or on tests.
On Fri, Sep 30, 2022, at 3:46 PM, Adhemerval Zanella Netto via Libc-alpha wrote:
> On 30/09/22 10:09, Arnd Bergmann wrote:
>> On Fri, Sep 30, 2022, at 2:51 PM, Adhemerval Zanella Netto via Libc-alpha wrote:
>>> On 30/09/22 09:31, Szabolcs Nagy wrote:
>>>>>
>>>>> I used gcc 12.1.1, maybe it is a compiler issue?
>>>>
>>>> sorry it was my fault: old kernel headers.
>>>
>>> Right, but I am puzzled since it should not matter (at least glibc
>>> should handle it).
>>> What was miscompiled due wrong kernel header?
>>
>> Using SIOCGSTAMP/SIOCGSTAMPNS wtih 64-bit time_t requires kernel
>> headers after this 2019 commit:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0768e17073dc52
>
> But glibc does not use these definition internally or on tests.
My mistake. SO_TIMESTAMPNS was a different commit, this is the one
you need then:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=887feae36a
Arnd
On 30/09/22 11:56, Arnd Bergmann wrote:
> On Fri, Sep 30, 2022, at 3:46 PM, Adhemerval Zanella Netto via Libc-alpha wrote:
>> On 30/09/22 10:09, Arnd Bergmann wrote:
>>> On Fri, Sep 30, 2022, at 2:51 PM, Adhemerval Zanella Netto via Libc-alpha wrote:
>>>> On 30/09/22 09:31, Szabolcs Nagy wrote:
>>>>>>
>>>>>> I used gcc 12.1.1, maybe it is a compiler issue?
>>>>>
>>>>> sorry it was my fault: old kernel headers.
>>>>
>>>> Right, but I am puzzled since it should not matter (at least glibc
>>>> should handle it).
>>>> What was miscompiled due wrong kernel header?
>>>
>>> Using SIOCGSTAMP/SIOCGSTAMPNS wtih 64-bit time_t requires kernel
>>> headers after this 2019 commit:
>>>
>>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0768e17073dc52
>>
>> But glibc does not use these definition internally or on tests.
>
> My mistake. SO_TIMESTAMPNS was a different commit, this is the one
> you need then:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=887feae36a
>
> Arnd
Right, so if we need an update kernel to actually build and test glibc
correctly I think it would be better to internally define SO_TIMESTAMPNS
instead of rely on kernel headers.
@@ -277,6 +277,9 @@ sysdep_routines += cmsg_nxthdr
CFLAGS-recvmmsg.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-sendmmsg.c = -fexceptions -fasynchronous-unwind-tables
+tests += tst-socket-timestamp
+tests-time64 += tst-socket-timestamp-time64
+
tests-special += $(objpfx)tst-socket-consts.out
$(objpfx)tst-socket-consts.out: ../sysdeps/unix/sysv/linux/tst-socket-consts.py
PYTHONPATH=../scripts \
@@ -54,6 +54,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
cmsg != NULL;
cmsg = CMSG_NXTHDR (msg, cmsg))
{
+ last = cmsg;
+
if (cmsg->cmsg_level != SOL_SOCKET)
continue;
@@ -75,11 +77,9 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
tvts[1] = tmp[1];
break;
}
-
- last = cmsg;
}
- if (last == NULL || type == 0)
+ if (type == 0)
return;
if (CMSG_SPACE (sizeof tvts) > msgsize - msg->msg_controllen)
@@ -88,10 +88,12 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
return;
}
+ /* Zero memory for the new cmsghdr, so reading cmsg_len field
+ by CMSG_NXTHDR does not trigger UB. */
+ memset (msg->msg_control + msg->msg_controllen, 0,
+ CMSG_SPACE (sizeof tvts));
msg->msg_controllen += CMSG_SPACE (sizeof tvts);
- cmsg = CMSG_NXTHDR(msg, last);
- if (cmsg == NULL)
- return;
+ cmsg = CMSG_NXTHDR (msg, last);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = type;
cmsg->cmsg_len = CMSG_LEN (sizeof tvts);
new file mode 100644
@@ -0,0 +1 @@
+#include "tst-socket-timestamp.c"
new file mode 100644
@@ -0,0 +1,338 @@
+/* Check recvmsg/recvmmsg 64-bit timestamp support.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <array_length.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/next_to_fault.h>
+#include <support/support.h>
+#include <support/test-driver.h>
+#include <support/xunistd.h>
+#include <support/xsocket.h>
+#include <sys/mman.h>
+
+/* Some extra space added for ancillary data, it might be used to convert
+ 32-bit timestamp to 64-bit for _TIME_BITS=64. */
+enum { slack_max_size = 64 };
+static const int slack[] = { 0, 4, 8, 16, 32, slack_max_size };
+
+static bool support_64_timestamp;
+/* AF_INET socket and address used to receive data. */
+static int srv;
+static struct sockaddr_in srv_addr;
+
+static int
+do_sendto (const struct sockaddr_in *addr, int nmsgs)
+{
+ int s = xsocket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ xconnect (s, (const struct sockaddr *) addr, sizeof (*addr));
+
+ for (int i = 0; i < nmsgs; i++)
+ xsendto (s, &i, sizeof (i), 0, (const struct sockaddr *) addr,
+ sizeof (*addr));
+
+ xclose (s);
+
+ return 0;
+}
+
+static void
+do_recvmsg_slack_ancillary (bool use_multi_call, int s, void *cmsg,
+ size_t slack, size_t tsize, int exp_payload)
+{
+ int payload;
+ struct iovec iov =
+ {
+ .iov_base = &payload,
+ .iov_len = sizeof (payload)
+ };
+ size_t msg_controllen = CMSG_SPACE (tsize) + slack;
+ char *msg_control = cmsg - msg_controllen;
+ memset (msg_control, 0x55, msg_controllen);
+ struct mmsghdr mmhdr =
+ {
+ .msg_hdr =
+ {
+ .msg_name = NULL,
+ .msg_namelen = 0,
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ .msg_control = msg_control,
+ .msg_controllen = msg_controllen
+ },
+ };
+
+ int r;
+ if (use_multi_call)
+ {
+ r = recvmmsg (s, &mmhdr, 1, 0, NULL);
+ if (r >= 0)
+ r = mmhdr.msg_len;
+ }
+ else
+ r = recvmsg (s, &mmhdr.msg_hdr, 0);
+ TEST_COMPARE (r, sizeof (int));
+ TEST_COMPARE (payload, exp_payload);
+
+ if (cmsg == NULL)
+ return;
+
+ /* A timestamp is expected if 32-bit timestamp are used (support in every
+ configuration) or if underlying kernel support 64-bit timestamps.
+ Otherwise recvmsg will need extra space do add the 64-bit timestamp. */
+ bool exp_timestamp;
+ if (sizeof (time_t) == 4 || support_64_timestamp)
+ exp_timestamp = true;
+ else
+ exp_timestamp = slack >= CMSG_SPACE (tsize);
+
+ bool timestamp = false;
+ for (struct cmsghdr *cmsg = CMSG_FIRSTHDR (&mmhdr.msg_hdr);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR (&mmhdr.msg_hdr, cmsg))
+ {
+ if (cmsg->cmsg_level != SOL_SOCKET)
+ continue;
+ if (cmsg->cmsg_type == SCM_TIMESTAMP
+ && cmsg->cmsg_len == CMSG_LEN (sizeof (struct timeval)))
+ {
+ struct timeval tv;
+ memcpy (&tv, CMSG_DATA (cmsg), sizeof (tv));
+ if (test_verbose)
+ printf ("SCM_TIMESTAMP: {%jd, %jd}\n", (intmax_t)tv.tv_sec,
+ (intmax_t)tv.tv_usec);
+ timestamp = true;
+ }
+ else if (cmsg->cmsg_type == SCM_TIMESTAMPNS
+ && cmsg->cmsg_len == CMSG_LEN (sizeof (struct timespec)))
+ {
+ struct timespec ts;
+ memcpy (&ts, CMSG_DATA (cmsg), sizeof (ts));
+ if (test_verbose)
+ printf ("SCM_TIMESTAMPNS: {%jd, %jd}\n", (intmax_t)ts.tv_sec,
+ (intmax_t)ts.tv_nsec);
+ timestamp = true;
+ }
+ }
+
+ TEST_COMPARE (timestamp, exp_timestamp);
+}
+
+/* Check if the extra ancillary space is correctly handled by recvmsg and
+ recvmmsg with different extra space for the ancillaty buffer. */
+static void
+do_test_slack_space (void)
+{
+ /* Setup the ancillary data buffer with an extra page with PROT_NONE to
+ check the possible timestamp conversion on some systems. */
+ struct support_next_to_fault nf =
+ support_next_to_fault_allocate (slack_max_size);
+ void *msgbuf = nf.buffer + slack_max_size;
+
+ /* Enable the timestamp using struct timeval precision. */
+ {
+ int r = setsockopt (srv, SOL_SOCKET, SO_TIMESTAMP, &(int){1},
+ sizeof (int));
+ TEST_VERIFY_EXIT (r != -1);
+ }
+ /* Check recvmsg. */
+ do_sendto (&srv_addr, array_length (slack));
+ for (int s = 0; s < array_length (slack); s++)
+ {
+ memset (nf.buffer, 0x55, nf.length);
+ do_recvmsg_slack_ancillary (false, srv, msgbuf, slack[s],
+ sizeof (struct timeval), s);
+ }
+ /* Check recvmmsg. */
+ do_sendto (&srv_addr, array_length (slack));
+ for (int s = 0; s < array_length (slack); s++)
+ {
+ memset (nf.buffer, 0x55, nf.length);
+ do_recvmsg_slack_ancillary (true, srv, msgbuf, slack[s],
+ sizeof (struct timeval), s);
+ }
+
+ /* Now enable timestamp using a higher precision, it overwrites the previous
+ precision. */
+ {
+ int r = setsockopt (srv, SOL_SOCKET, SO_TIMESTAMPNS, &(int){1},
+ sizeof (int));
+ TEST_VERIFY_EXIT (r != -1);
+ }
+ /* Check recvmsg. */
+ do_sendto (&srv_addr, array_length (slack));
+ for (int s = 0; s < array_length (slack); s++)
+ do_recvmsg_slack_ancillary (false, srv, msgbuf, slack[s],
+ sizeof (struct timespec), s);
+ /* Check recvmmsg. */
+ do_sendto (&srv_addr, array_length (slack));
+ for (int s = 0; s < array_length (slack); s++)
+ do_recvmsg_slack_ancillary (true, srv, msgbuf, slack[s],
+ sizeof (struct timespec), s);
+
+ support_next_to_fault_free (&nf);
+}
+
+/* Check if the converted 64-bit timestamp is correctly appended when there
+ are multiple ancillary messages. */
+static void
+do_recvmsg_multiple_ancillary (bool use_multi_call, int s, void *cmsg,
+ size_t cmsgsize, int exp_msg)
+{
+ int msg;
+ struct iovec iov =
+ {
+ .iov_base = &msg,
+ .iov_len = sizeof (msg)
+ };
+ size_t msgs = cmsgsize;
+ struct mmsghdr mmhdr =
+ {
+ .msg_hdr =
+ {
+ .msg_name = NULL,
+ .msg_namelen = 0,
+ .msg_iov = &iov,
+ .msg_iovlen = 1,
+ .msg_controllen = msgs,
+ .msg_control = cmsg,
+ },
+ };
+
+ int r;
+ if (use_multi_call)
+ {
+ r = recvmmsg (s, &mmhdr, 1, 0, NULL);
+ if (r >= 0)
+ r = mmhdr.msg_len;
+ }
+ else
+ r = recvmsg (s, &mmhdr.msg_hdr, 0);
+ TEST_COMPARE (r, sizeof (int));
+ TEST_COMPARE (msg, exp_msg);
+
+ if (cmsg == NULL)
+ return;
+
+ bool timestamp = false;
+ bool origdstaddr = false;
+ for (struct cmsghdr *cmsg = CMSG_FIRSTHDR (&mmhdr.msg_hdr);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR (&mmhdr.msg_hdr, cmsg))
+ {
+ if (cmsg->cmsg_level == SOL_IP
+ && cmsg->cmsg_type == IP_ORIGDSTADDR
+ && cmsg->cmsg_len >= CMSG_LEN (sizeof (struct sockaddr_in)))
+ {
+ struct sockaddr_in sa;
+ memcpy (&sa, CMSG_DATA (cmsg), sizeof (sa));
+ if (test_verbose)
+ {
+ char str[INET_ADDRSTRLEN];
+ inet_ntop (AF_INET, &sa.sin_addr, str, INET_ADDRSTRLEN);
+ printf ("IP_ORIGDSTADDR: %s:%d\n", str, ntohs (sa.sin_port));
+ }
+ origdstaddr = sa.sin_addr.s_addr == srv_addr.sin_addr.s_addr
+ && sa.sin_port == srv_addr.sin_port;
+ }
+ if (cmsg->cmsg_level == SOL_SOCKET
+ && cmsg->cmsg_type == SCM_TIMESTAMP
+ && cmsg->cmsg_len >= CMSG_LEN (sizeof (struct timeval)))
+ {
+ struct timeval tv;
+ memcpy (&tv, CMSG_DATA (cmsg), sizeof (tv));
+ if (test_verbose)
+ printf ("SCM_TIMESTAMP: {%jd, %jd}\n", (intmax_t)tv.tv_sec,
+ (intmax_t)tv.tv_usec);
+ timestamp = true;
+ }
+ }
+
+ /* If there is no timestamp in the ancillary data, recvmsg should set
+ the flag to indicate it. */
+ TEST_COMPARE (timestamp, true);
+ TEST_COMPARE (origdstaddr, true);
+}
+
+static void
+do_test_multiple_ancillary (void)
+{
+ {
+ int r = setsockopt (srv, SOL_SOCKET, SO_TIMESTAMP, &(int){1},
+ sizeof (int));
+ TEST_VERIFY_EXIT (r != -1);
+ }
+ {
+ int r = setsockopt (srv, IPPROTO_IP, IP_RECVORIGDSTADDR, &(int){1},
+ sizeof (int));
+ TEST_VERIFY_EXIT (r != -1);
+ }
+
+ /* Enougth data for default SO_TIMESTAMP, the IP_RECVORIGDSTADDR, and the
+ extra 64-bit SO_TIMESTAMP. */
+ enum { msgbuflen = CMSG_SPACE (2 * sizeof (uint64_t))
+ + CMSG_SPACE (sizeof (struct sockaddr_in))
+ + CMSG_SPACE (2 * sizeof (uint64_t)) };
+ char msgbuf[msgbuflen];
+
+ enum { nmsgs = 8 };
+ /* Check recvmsg. */
+ do_sendto (&srv_addr, nmsgs);
+ for (int s = 0; s < nmsgs; s++)
+ do_recvmsg_multiple_ancillary (false, srv, msgbuf, msgbuflen, s);
+ /* Check recvmmsg. */
+ do_sendto (&srv_addr, nmsgs);
+ for (int s = 0; s < nmsgs; s++)
+ do_recvmsg_multiple_ancillary (true, srv, msgbuf, msgbuflen, s);
+}
+
+static int
+do_test (void)
+{
+ srv = xsocket (AF_INET, SOCK_DGRAM, 0);
+ srv_addr = (struct sockaddr_in) {
+ .sin_family = AF_INET,
+ .sin_addr = {.s_addr = htonl (INADDR_LOOPBACK) },
+ };
+ xbind (srv, (struct sockaddr *) &srv_addr, sizeof (srv_addr));
+ {
+ socklen_t sa_len = sizeof (srv_addr);
+ xgetsockname (srv, (struct sockaddr *) &srv_addr, &sa_len);
+ TEST_VERIFY (sa_len == sizeof (srv_addr));
+ }
+
+ TEST_COMPARE (recvmsg (-1, NULL, 0), -1);
+ TEST_COMPARE (errno, EBADF);
+ TEST_COMPARE (recvmmsg (-1, NULL, 0, 0, NULL), -1);
+ TEST_COMPARE (errno, EBADF);
+
+ /* If underlying kernel does not support */
+ support_64_timestamp = support_socket_so_timestamp_time64 (srv);
+
+ do_test_slack_space ();
+ do_test_multiple_ancillary ();
+
+ xclose (srv);
+
+ return 0;
+}
+
+#include <support/test-driver.c>