There are some undocumented limits that apply to control messages over unix domain sockets, and SCM_RIGHTS messages in particular. - Control messages must fit in an mbuf cluster, which is MCLBYTES (2KB) in size. - Control message data must be natively aligned, so 64-bit kernels are limited to fewer rights per message than 32-bit kernels. This can be problematic when running 32-bit applications on a 64-bit kernel. - SCM_RIGHTS message contents must be translated to an internalized format before they can be transmitted. Specifically, a 4-byte file descriptor is converted to a pointer, and internalized messages must fit in an mbuf cluster as well. So even though we can pack (2048-16)/sizeof(int) FDs in a single SCM_RIGHTS message on amd64, the kernel can only handle (2048-16)/sizeof(void *) FDs.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=23402c83f4fc2db45f0435ed106791828a6522df commit 23402c83f4fc2db45f0435ed106791828a6522df Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2022-05-25 20:28:40 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2022-05-25 20:28:40 +0000 tests/unix_passfd: sending many and too many SCM_RIGHTS o Exercise bounds checking when sending large set of file descriptors, that can't fit into single control mbuf. o Exercise resource limits checks when receiving a large sets. o Check that socket isn't left in a completely stuck state when we can't receive SCM_RIGHTS due to limits. Current SOCK_STREAM socket would free the control, but leave the data in. This seems to be a legit behavior for a stream socket, as we don't want holes in the data. PR: 239250 Reviewed by: markj Differential revision: https://reviews.freebsd.org/D35315 tests/sys/kern/unix_passfd_test.c | 69 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-)