summary refs log tree commit diff stats
path: root/results/classifier/zero-shot/118/socket/1781280
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/zero-shot/118/socket/1781280')
-rw-r--r--results/classifier/zero-shot/118/socket/178128044
1 files changed, 44 insertions, 0 deletions
diff --git a/results/classifier/zero-shot/118/socket/1781280 b/results/classifier/zero-shot/118/socket/1781280
new file mode 100644
index 000000000..f74cc92f7
--- /dev/null
+++ b/results/classifier/zero-shot/118/socket/1781280
@@ -0,0 +1,44 @@
+socket: 0.962
+x86: 0.881
+architecture: 0.876
+network: 0.851
+permissions: 0.825
+device: 0.794
+arm: 0.743
+graphic: 0.697
+performance: 0.679
+vnc: 0.627
+risc-v: 0.609
+peripherals: 0.574
+kernel: 0.569
+PID: 0.511
+TCG: 0.506
+boot: 0.498
+register: 0.495
+mistranslation: 0.460
+ppc: 0.459
+VMM: 0.455
+files: 0.455
+semantic: 0.444
+i386: 0.398
+debug: 0.363
+KVM: 0.340
+hypervisor: 0.282
+user-level: 0.174
+virtual: 0.079
+assembly: 0.055
+
+QEMU ignores all but the first control message sent over a Unix socket
+
+I've written a test program that sends both an SCM_CREDENTIALS and an SCM_RIGHTS cmsg in the same sendmsg call. On native x86-64, armv6 and armv7 Linux, this works as expected (the recvmsg receives both control messages). On QEMU (both qemu-x86_64 and qemu-arm), only the first message is received.
+
+I've traced the problem back to a glibc bug: https://sourceware.org/bugzilla/show_bug.cgi?id=13500
+
+This means that writing control messages into an uninitialized buffer makes CMSG_NXTHDR erroneously return NULL even though there's still space inside the allocated buffer. QEMU's logic inside `target_to_host_cmsg` is a bit questionable here, since it stops encoding cmsgs as soon as *either* the host or the target buffer reaches its end, so we lose the target's cmsgs when the host's buffer runs out. However, the host buffer should *never* reach its end before the target buffer does, so an assertion might be more useful there. Anyway, the actual fix for this bug is simply zeroing out the buffer created for the host. I've attached a patch doing that and verified that it fixes the issue.
+
+The test program I used can be found here: https://gist.github.com/jonas-schievink/cb6e6584a055539d2113f22d91068e2d
+
+
+
+Fix has been committed as 1d3d1b23e1c8f52ec431ddaa8deea1322bc25cbf
+