Bug 232207 - sendfile(2) does not document potential for ENOTCAPABLE in ERRORS
Summary: sendfile(2) does not document potential for ENOTCAPABLE in ERRORS
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Allan Jude
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-12 21:18 UTC by Enji Cooper
Modified: 2019-02-12 02:58 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Enji Cooper freebsd_committer 2018-10-12 21:18:54 UTC
- Depending on file capabilities or socket capabilities and whether or not the kernel was compiled with capabilities, sendfile can return ENOTCAPABLE: 
- `sys_sendfile` uses copyinuio in `sendfile(..)` under the covers when reading in the hdtr structure. copyinuio can fail with EINVAL for the reasons noted in writev(2):

     [EINVAL]           The iovcnt argument was less than or equal to 0, or
                        greater than IOV_MAX.

     [EINVAL]           One of the iov_len values in the iov array was
                        negative.

     [EINVAL]           The sum of the iov_len values in the iov array
                        overflowed a 32-bit integer.

Furthermore, it uses `kern_writev(..)` when sending the trailers at the end of the operation, which means it's conditionally subject to the same errors as writev(2).
Comment 1 Enji Cooper freebsd_committer 2018-10-13 01:29:40 UTC
(In reply to Enji Cooper from comment #0)
> 
>     [EINVAL]           The iovcnt argument was less than or equal to 0, or
>                        greater than IOV_MAX.
>
>     [EINVAL]           One of the iov_len values in the iov array was
>                        negative.
>
>     [EINVAL]           The sum of the iov_len values in the iov array
>                        overflowed a 32-bit integer.

I did some more inspection, and I don't think this assumption is correct. It looks like the first ERROR case is handled

The ENOTCAPABLE part is definitely an issue. CAP_PREAD needs to be set on `fd` and CAP_SEND needs to be set on `s`.

I submitted a pull request for the ENOTCAPABLE documentation item: https://github.com/freebsd/freebsd/pull/170 .
Comment 2 commit-hook freebsd_committer 2018-10-13 02:20:59 UTC
A commit references this bug:

Author: allanjude
Date: Sat Oct 13 02:20:16 UTC 2018
New revision: 339343
URL: https://svnweb.freebsd.org/changeset/base/339343

Log:
  Document that sendfile(2) can return ENOTCAPABLE

  PR:		232207
  Submitted by:	Enji Cooper <yaneurabeya@gmail.com>
  Approved by:	re (rgrimes)

Changes:
  head/lib/libc/sys/sendfile.2
Comment 3 commit-hook freebsd_committer 2019-02-12 02:58:39 UTC
A commit references this bug:

Author: ngie
Date: Tue Feb 12 02:57:35 UTC 2019
New revision: 344038
URL: https://svnweb.freebsd.org/changeset/base/344038

Log:
  MFC r339343,r343444:

  r339343 (by allanjude):

  Document that sendfile(2) can return ENOTCAPABLE

  PR:		232207

  r343444:

  Document that `sendfile` will return an invalid value for `sbytes` if provided an invalid address

  This is meant to clarify the fact that the system call will not fail
  with -1/EFAULT, as one might expect, when reading the sendfile(2)
  manpage today.

  While here, pet the mandoc linter, when dealing with the section that
  describes valid values for `flags`.

  PR:		232210
  Approved by:	jtl (mentor)
  Differential Revision: https://reviews.freebsd.org/D19150

Changes:
_U  stable/11/
  stable/11/lib/libc/sys/sendfile.2