Re: general protection violation in sendmsg

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Raj Mathur: "Configuration of jumperless Ethernet cards"
• Previous message: Mark W. Eichin: "Re: Proxy ARP, strange ideas."

This bug is also in mark5 I think.
In mark6 there is not the full xx_sendmsg.patch in
only the part for raw_sendmsg (I mailed Alan, but ..),
I don't look at 1.3.60, but I will after a little sleep ....

--- net/ipv4/udp.c.orig Thu Feb 8 04:37:40 1996
+++ net/ipv4/udp.c Thu Feb 8 04:37:51 1996
@@ -429,7 +429,7 @@
return -ENOBUFS;
memcpy_fromiovec(buf, msg->msg_iov, len);
fs=get_fs();
- set_fs(get_fs());
+ set_fs(get_ds());
err=udp_sendto(sk,buf,len, noblock, flags, msg->msg_name, msg->msg_namelen);
set_fs(fs);
kfree_s(buf,len);

calle

--
calle@calle.in-berlin.de

> 
> general protection: 0000
> CPU:    0
> EIP:    0010:[<001546da>]
> EFLAGS: 00010212
> eax: bffff7f4   ebx: bffff7f4   ecx: 00000000   edx: 00e1e60c
> esi: 00e1e60c   edi: 00000000   ebp: 00000000   esp: 00c7ae0c
> ds: 0018   es: 0018   fs: 0018   gs: 002b   ss: 0018
> Process sender (pid: 102, process nr: 21, stackpage=00c7a000)
> Stack: 0000002b 00e5a018 00c7aeb4 00000400 00000400 00000000 00e5a000 00e1e60c
>        00154837 00e1e60c 00e5a018 00000400 00000000 00000000 bffff7f4 00000010
>        00e1e60c 00000000 00000000 00000400 001567b1 00e1e60c 00c7aeb4 00000400
> Call Trace: [<00154837>] [<001567b1>] [<00156700>] [<0013ca9b>] [<0013bca1>] [<0013d15a>] [<0015583a>]
>        [<0013c847>] [<0013cf9e>] [<0010abbe>]
> Code: 66 8b 03 66 85 c0 74 06 66 83 f8 02 75 07 66 83 7b 02 00 75
> 
> 
> This happens in the function udp_sendto in the code section
> 
> 	...........
>         if (usin)
>         {
> 
>                 if (addr_len < sizeof(sin))
>                         return(-EINVAL);
>                 if (usin->sin_family && usin->sin_family != AF_INET)
>                         return(-EINVAL);
>                 if (usin->sin_port == 0)
>                         return(-EINVAL);
>         }
>         else
> 	...........
> 
> 
> usin is a struct sockaddr_in *. As soon as it is accessed in "if (usin)" the
> error occurs. I have tried the same piece of code using the sendto system call
> and that works, so I guess somewhere along the calling sequence something weird
> happens to the usin argument. The following piece of source reproduces the error:
> 
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <sys/uio.h>
> #include <stdlib.h>
> #include <string.h>
> 
> #define BUFSIZE 128
> 
> 
> main () {
>      struct sockaddr_in sa;
>      struct sockaddr_in ta;
> 
>      char buf1[BUFSIZE];
>      char buf2[BUFSIZE];
> 
>      int s;
> 
>      struct msghdr msg;
>      struct iovec iov[2];
> 
>      if (( s = socket ( AF_INET, SOCK_DGRAM, 0 )) < 0 ) {
> 	  perror ("socket");
> 	  exit(1);
>      }
> 
>      bzero ( (char*) &sa, sizeof(sa));
>      sa.sin_family=AF_INET;
>      sa.sin_addr.s_addr= inet_addr("137.208.6.45");
>      sa.sin_port =  htons(9998);
> 
>      bzero ( (char*) &ta, sizeof(sa));
>      ta.sin_family=AF_INET;
>      ta.sin_addr.s_addr= inet_addr("137.208.6.33");
>      ta.sin_port =  htons(9999);
> 
>      if (bind(s, (struct sockaddr* )&sa, sizeof(sa))<0){
> 	  perror("bind");
> 	  exit(1);
>      }
> 
>      msg.msg_name = (char *) &ta;
>      msg.msg_namelen =  sizeof(ta);
>      msg.msg_iov = iov;
>      msg.msg_iovlen = 2;
>      msg.msg_accrights = NULL;
> 
>      iov[0].iov_base = buf1;
>      iov[0].iov_len = BUFSIZE;
>      iov[1].iov_base = buf2;
>      iov[1].iov_len = BUFSIZE;
> 
>      if(sendmsg(s, &msg, 0) < 0) {
> 	  perror ( "Sendmsg");
> 	  exit(1);
>      }
> }
> 
> 
> --
> Joerg Lenneis
> 
> University of Economics and Business Adminstration
> Department for Applied Statistics and Data Processing
> Augasse 2-6, 1090 Vienna, Austria
> 
> Tel. *43/1/31336 4758
> email: lenneis@wu-wien.ac.at
> 

• Next message: Raj Mathur: "Configuration of jumperless Ethernet cards"
• Previous message: Mark W. Eichin: "Re: Proxy ARP, strange ideas."