Bug 206544

Summary: sendmsg(2) (sendto(2) too?) can fail with EINVAL; isn't documented in manpage
Product: Documentation Reporter: Enji Cooper <ngie>
Component: Manual PagesAssignee: freebsd-doc (Nobody) <doc>
Status: Open ---    
Severity: Affects Some People CC: doc, net, peterj
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206543
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238813
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=99356

Description Enji Cooper freebsd_committer freebsd_triage 2016-01-23 22:33:03 UTC
769 static int
 770 sendit(td, s, mp, flags)
 771         struct thread *td;
 772         int s;
 773         struct msghdr *mp;
 774         int flags;
 775 {
 ...
 796         if (mp->msg_control) {
 797                 if (mp->msg_controllen < sizeof(struct cmsghdr)
 798 #ifdef COMPAT_OLDSOCK
 799                     && mp->msg_flags != MSG_COMPAT
 800 #endif
 801                 ) {
 802                         error = EINVAL;
 803                         goto bad;
 804                 }

The behavior on line 802 is not documented anywhere in send(2). It was driving me nuts trying to figure out what was going on in tools/regression/unix_cmsg:t_cmsg_len because the test fails on amd64 because that conditional is tripped -_-...
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-01-23 22:49:28 UTC
A commit references this bug:

Author: ngie
Date: Sat Jan 23 22:49:14 UTC 2016
New revision: 294646
URL: https://svnweb.freebsd.org/changeset/base/294646

Log:
  Don't run the t_cmsg_len testcase on 64-bit architectures

  It always fails when trying to send through the sendit(9) private KPI in the
  kernel due to a size mismatch between the msghdr and data being sent [*], which
  suspiciously seems like it's related to sizeof pointers instead of scalars, or
  something of that ilk

  MFC after: 1 week
  PR: 206543, 206544 [*]
  Sponsored by: EMC / Isilon Storage Division

Changes:
_U  head/
  head/tools/regression/sockets/unix_cmsg/unix_cmsg.c
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-01-23 22:53:36 UTC
Reporter is Committer, assign accordingly.

@Ngie, please set mfc-* flags to + once they are committed in those branches. Don't forget to include the relevant PR: line :)
Comment 3 Enji Cooper freebsd_committer freebsd_triage 2016-01-23 22:55:51 UTC
(In reply to Kubilay Kocak from comment #2)

Hi koobs@!

The change I proposed isn't going to fix the missing documentation. I can add it later (will remain CCed on the bug), but I want to start a quick discussion first with appropriate parties.

Reassigning to freebsd-net and removing "In Progress" :).
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2016-01-23 23:32:14 UTC
(In reply to NGie Cooper from comment #3)

Ah thanks. Could you then update (terse'ify) the summary to describe either:

* A summary of the 'issue', OR
* A summary of the action/fix/change that is needed

That way we can annotate/classify the issue accordingly.

Am I understanding correctly that r294646 referenced in comment 1 was to temporarily disable a test due to the issue described here, until its resolved, by a change (patch) that will be added here in due course?
Comment 5 Enji Cooper freebsd_committer freebsd_triage 2016-01-23 23:34:56 UTC
Bug 206543 is tracking the test issue. I've updated the description to be more terse :).
Comment 6 Munna 2019-06-25 18:45:08 UTC
MARKED AS SPAM
Comment 7 Peter Jeremy freebsd_committer freebsd_triage 2023-10-02 23:23:43 UTC
I've bumped into the lack of documentation as well, though the triggers were hidden far more deeply in the kernel:
1) An incorrect cmsg_len will typically trigger EINVAL.
2) Using IPv6-level messages (i.e. cmsg_level==IPPROTO_IPV6) with at IPv4-mapped IPv6 connection will trigger EINVAL in at least some cases.

This appears to be a duplicate of bug 99356.  I won't close it as a duplicate because there's different analysis in both bugs.