NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/60392 CVS commit: src/sys/rump/net/lib/libwg
The following reply was made to PR bin/60392; it has been noted by GNATS.
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc:
Subject: PR/60392 CVS commit: src/sys/rump/net/lib/libwg
Date: Thu, 2 Jul 2026 00:32:00 +0000
Module Name: src
Committed By: riastradh
Date: Thu Jul 2 00:32:00 UTC 2026
Modified Files:
src/sys/rump/net/lib/libwg: wg_user.c
Log Message:
wg-userspace(8): Ignore recvfrom errors.
On IPv6 networks, issuing sendto(2) when we've lost IPv6 connectivity
may eventually lead to the next recvfrom(2) failing with EHOSTDOWN.
Example ktrace:
8072 16529 rump_server 1782951176.090085182 CALL sendto(0xa,0x70fb4fa1b50c,0x60,0,0x70fb4f236b00,0x1c)
8072 16529 rump_server 1782951176.090085664 MISC msghdr: [name=0x70fb4f236b00, namelen=28, iov=0xffffc5126bfa8f50, iovlen=1, control=0x0, controllen=0, flags=0]
8072 16529 rump_server 1782951176.090086919 MISC mbsoname: [2601:...]
8072 16529 rump_server 1782951176.090093493 GIO fd 10 wrote 96 bytes
8072 16529 rump_server 1782951176.090094033 RET sendto 96/0x60
...
8072 23248 rump_server 1782951180.090105990 CALL recvfrom(0xa,0x70fb4efe203c,0x233a,0,0x70fb3f7cff50,0x70fb3f7cff4c)
8072 23248 rump_server 1782951180.090106339 MISC msghdr: [name=0x0, namelen=0, iov=0xffffc5126c63ff20, iovlen=1, control=0x0, controllen=0, flags=0]
8072 23248 rump_server 1782951180.090107309 RET recvfrom -1 errno 64 Host is down
In this case, wg_user_rcvthread mistakenly ignored the failing result
and blithely shoved the ssize_t -1 error indicator into
iov[1].iov_len and passed it on to rumpkern_recv_peer:
nn = recvfrom(wgu->wgu_sock6, wgu->wgu_rcvbuf,
sizeof(wgu->wgu_rcvbuf), 0, (struct sockaddr *)&sin6,
&len);
if (nn == -1 && errno == EAGAIN)
continue;
...
iov[1].iov_base = wgu->wgu_rcvbuf;
iov[1].iov_len = nn;
...
rumpkern_wg_recv_peer(wgu->wgu_sc, iov, 2);
rumpkern_wg_recv_peer then passed it through to m_copyback to fill a
newly allocated mbuf:
m = m_gethdr(M_DONTWAIT, MT_DATA);
if (m == NULL)
return;
m->m_len = m->m_pkthdr.len = 0;
m_copyback(m, 0, iov[1].iov_len, iov[1].iov_base);
And m_copyback takes int, not size_t. So the all-bits-set turned
into -1, which coincides with M_COPYALL, which means that we treat
this case as a zero-length mbuf, which was the actual source of the
phantom zero-length packets I initially thought were the cause of:
PR bin/60392: assertion "mbuflen >= sizeof(struct wg_msg)" failed
So several wrongs here made a right, turning several mistakes that
could have been buffer overruns into a harmless crash.
In any case, we don't really care that IPv6 is unreachable. We'll
just keep trying sendto until connectivity is restored, and then
wg(4) packets can flow again. So just ignore the recvfrom error.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/sys/rump/net/lib/libwg/wg_user.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index