[1882] in linux-net channel archive
Re: general protection violation in sendmsg
daemon@ATHENA.MIT.EDU (Carsten Paeth)
Thu Feb 8 02:22:24 1996
To: alf@bolzen.in-berlin.de
Date: Thu, 8 Feb 1996 04:40:45 +0100 (MET)
From: "Carsten Paeth" <calle@calle.in-berlin.de>
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <m0tkIv4-000PRCC@wysiwyg.in-berlin.de> from "Alfred Schweder" at Feb 8, 96 00:04:57 am
>
> Begin forwarded message:
>
> Return-Path: <Postmaster@wysiwyg.in-berlin.de>
> Received: by wysiwyg.in-berlin.de (Smail3.1.28.1 #1) id m0tkIsU-000PRDa; Thu, 8 Feb 96 00:02 GMT+0100
> From: lenneis@statrix2.wu-wien.ac.at (Joerg Lenneis)
> Subject: general protection violation in sendmsg
> To: linux-net@vger.rutgers.edu
> Date: Wed, 7 Feb 1996 19:46:45 +0100 (MET)
>
> I think there is a bug somewhere in the implementation of the sendmsg system
> call. I get the following error from the kernel (1.3.59 plus Mark 6 patches from
> Alan Cox):
This bug is also in mark5 I think.
In mark6 there is not the full xx_sendmsg.patch in
only the part for raw_sendmsg (I mailed Alan, but ..),
I don't look at 1.3.60, but I will after a little sleep ....
--- net/ipv4/udp.c.orig Thu Feb 8 04:37:40 1996
+++ net/ipv4/udp.c Thu Feb 8 04:37:51 1996
@@ -429,7 +429,7 @@
return -ENOBUFS;
memcpy_fromiovec(buf, msg->msg_iov, len);
fs=get_fs();
- set_fs(get_fs());
+ set_fs(get_ds());
err=udp_sendto(sk,buf,len, noblock, flags, msg->msg_name, msg->msg_namelen);
set_fs(fs);
kfree_s(buf,len);
calle
--
calle@calle.in-berlin.de
>
> general protection: 0000
> CPU: 0
> EIP: 0010:[<001546da>]
> EFLAGS: 00010212
> eax: bffff7f4 ebx: bffff7f4 ecx: 00000000 edx: 00e1e60c
> esi: 00e1e60c edi: 00000000 ebp: 00000000 esp: 00c7ae0c
> ds: 0018 es: 0018 fs: 0018 gs: 002b ss: 0018
> Process sender (pid: 102, process nr: 21, stackpage=00c7a000)
> Stack: 0000002b 00e5a018 00c7aeb4 00000400 00000400 00000000 00e5a000 00e1e60c
> 00154837 00e1e60c 00e5a018 00000400 00000000 00000000 bffff7f4 00000010
> 00e1e60c 00000000 00000000 00000400 001567b1 00e1e60c 00c7aeb4 00000400
> Call Trace: [<00154837>] [<001567b1>] [<00156700>] [<0013ca9b>] [<0013bca1>] [<0013d15a>] [<0015583a>]
> [<0013c847>] [<0013cf9e>] [<0010abbe>]
> Code: 66 8b 03 66 85 c0 74 06 66 83 f8 02 75 07 66 83 7b 02 00 75
>
>
> This happens in the function udp_sendto in the code section
>
> ...........
> if (usin)
> {
>
> if (addr_len < sizeof(sin))
> return(-EINVAL);
> if (usin->sin_family && usin->sin_family != AF_INET)
> return(-EINVAL);
> if (usin->sin_port == 0)
> return(-EINVAL);
> }
> else
> ...........
>
>
> usin is a struct sockaddr_in *. As soon as it is accessed in "if (usin)" the
> error occurs. I have tried the same piece of code using the sendto system call
> and that works, so I guess somewhere along the calling sequence something weird
> happens to the usin argument. The following piece of source reproduces the error:
>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <sys/uio.h>
> #include <stdlib.h>
> #include <string.h>
>
> #define BUFSIZE 128
>
>
> main () {
> struct sockaddr_in sa;
> struct sockaddr_in ta;
>
> char buf1[BUFSIZE];
> char buf2[BUFSIZE];
>
> int s;
>
> struct msghdr msg;
> struct iovec iov[2];
>
> if (( s = socket ( AF_INET, SOCK_DGRAM, 0 )) < 0 ) {
> perror ("socket");
> exit(1);
> }
>
> bzero ( (char*) &sa, sizeof(sa));
> sa.sin_family=AF_INET;
> sa.sin_addr.s_addr= inet_addr("137.208.6.45");
> sa.sin_port = htons(9998);
>
> bzero ( (char*) &ta, sizeof(sa));
> ta.sin_family=AF_INET;
> ta.sin_addr.s_addr= inet_addr("137.208.6.33");
> ta.sin_port = htons(9999);
>
> if (bind(s, (struct sockaddr* )&sa, sizeof(sa))<0){
> perror("bind");
> exit(1);
> }
>
> msg.msg_name = (char *) &ta;
> msg.msg_namelen = sizeof(ta);
> msg.msg_iov = iov;
> msg.msg_iovlen = 2;
> msg.msg_accrights = NULL;
>
> iov[0].iov_base = buf1;
> iov[0].iov_len = BUFSIZE;
> iov[1].iov_base = buf2;
> iov[1].iov_len = BUFSIZE;
>
> if(sendmsg(s, &msg, 0) < 0) {
> perror ( "Sendmsg");
> exit(1);
> }
> }
>
>
> --
> Joerg Lenneis
>
> University of Economics and Business Adminstration
> Department for Applied Statistics and Data Processing
> Augasse 2-6, 1090 Vienna, Austria
>
> Tel. *43/1/31336 4758
> email: lenneis@wu-wien.ac.at
>
