[libc-commits] [libc] [libc] Fix sendmsg iovec unpoisoning (PR #115057)
Michael Jones via libc-commits
libc-commits at lists.llvm.org
Tue Nov 5 12:39:45 PST 2024
https://github.com/michaelrj-google updated https://github.com/llvm/llvm-project/pull/115057
>From 357f0fd1547573e0743b8984c8392725c4d36e0a Mon Sep 17 00:00:00 2001
From: Michael Jones <michaelrj at google.com>
Date: Tue, 5 Nov 2024 12:24:46 -0800
Subject: [PATCH 1/2] [libc] Fix sendmsg iovec unpoisoning
The unpoisoning for sendmsg had a typo where it would not unpoison all
of the elements in the iovec, causing msan errors. This patch fixes
that.
---
libc/src/sys/socket/linux/recvmsg.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libc/src/sys/socket/linux/recvmsg.cpp b/libc/src/sys/socket/linux/recvmsg.cpp
index 60bbc84877b850..43929da87e16d2 100644
--- a/libc/src/sys/socket/linux/recvmsg.cpp
+++ b/libc/src/sys/socket/linux/recvmsg.cpp
@@ -40,9 +40,11 @@ LLVM_LIBC_FUNCTION(ssize_t, recvmsg,
}
// Unpoison the msghdr, as well as all its components.
+ MSAN_UNPOISON(msg, sizeof(struct msghdr));
MSAN_UNPOISON(msg->msg_name, msg->msg_namelen);
+
for (size_t i = 0; i < msg->msg_iovlen; ++i) {
- MSAN_UNPOISON(msg->msg_iov->iov_base, msg->msg_iov->iov_len);
+ MSAN_UNPOISON(msg->msg_iov[i].iov_base, msg->msg_iov[i].iov_len);
}
MSAN_UNPOISON(msg->msg_control, msg->msg_controllen);
>From 27bfa5b418e48004aa3ae2ac3fdce1a24095d084 Mon Sep 17 00:00:00 2001
From: Michael Jones <michaelrj at google.com>
Date: Tue, 5 Nov 2024 12:39:23 -0800
Subject: [PATCH 2/2] just msghdr instead of struct msghdr
---
libc/src/sys/socket/linux/recvmsg.cpp | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libc/src/sys/socket/linux/recvmsg.cpp b/libc/src/sys/socket/linux/recvmsg.cpp
index 43929da87e16d2..e42b6346f330a0 100644
--- a/libc/src/sys/socket/linux/recvmsg.cpp
+++ b/libc/src/sys/socket/linux/recvmsg.cpp
@@ -20,8 +20,7 @@
namespace LIBC_NAMESPACE_DECL {
-LLVM_LIBC_FUNCTION(ssize_t, recvmsg,
- (int sockfd, struct msghdr *msg, int flags)) {
+LLVM_LIBC_FUNCTION(ssize_t, recvmsg, (int sockfd, msghdr *msg, int flags)) {
#ifdef SYS_recvmsg
ssize_t ret =
LIBC_NAMESPACE::syscall_impl<ssize_t>(SYS_recvmsg, sockfd, msg, flags);
@@ -40,7 +39,7 @@ LLVM_LIBC_FUNCTION(ssize_t, recvmsg,
}
// Unpoison the msghdr, as well as all its components.
- MSAN_UNPOISON(msg, sizeof(struct msghdr));
+ MSAN_UNPOISON(msg, sizeof(msghdr));
MSAN_UNPOISON(msg->msg_name, msg->msg_namelen);
for (size_t i = 0; i < msg->msg_iovlen; ++i) {
More information about the libc-commits
mailing list