Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unix: Non-mutable bufs in send_vectored_with_ancillary_to #79753

Closed
wants to merge 1 commit into from

Conversation

lukaslihotzki
Copy link

send_vectored_with_ancillary_to uses struct msghdr internally, which contains a *mut iovec. That's why this function currently takes a mutable reference to bufs. However, these buffers aren't actually modified on sendmsg, so let this function take a non-mutable reference instead and cast the raw iovec pointer to mutable as an implementation detail.

@rust-highfive
Copy link
Collaborator

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @withoutboats (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see the contribution instructions for more information.

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Dec 5, 2020
@jyn514
Copy link
Member

jyn514 commented Dec 6, 2020

However, these buffers aren't actually modified on sendmsg

How do you know this is true? Isn't it up to the implementation?

@lukaslihotzki
Copy link
Author

I don't know how to directly prove that sendmsg does not change the buffers. But generally, syscalls don't modify buffers unless it is written explicitly.

write_vectored has a similar problem. It receives non-mutable IoSlices and casts them to struct iovec, which (in C) contains a non-const data pointer (iov_base). Based on C constness, the kernel could modify these buffers. How it was proven the buffers aren't modified there?

@jyn514
Copy link
Member

jyn514 commented Dec 6, 2020

Oh I see - the syscall accepts a const pointer, but the struct itself contains a mutable pointer, which is part of the type definition, not the function signature. Hmm, that makes sense - C doesn't have tools for saying "this pointer is only mut when the struct is".

I'm not 100% comfortable with changing the cast (since it's better to err on the side of caution when dealing with UB) but I won't block it if someone else approves.

@jyn514 jyn514 added A-io Area: `std::io`, `std::fs`, `std::net` and `std::path` T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. labels Dec 6, 2020
@lukaslihotzki
Copy link
Author

If we can't figure out the semantics of sendmsg here, how can we expect the users of this function to figure them out themselves? Rust should expose a safe API with clear semantics. Either specify that the buffers are unchanged (by making the reference non-mutable, this PR) or specify explicitly that the buffers may be overwritten during send and should be rewritten before sending or reading them again. There is no reason to assume that buffers are overwritten during send, so the first option is preferable. If we don't do the cast here, users may do it in their code which needs unsafe again and is more difficult to track if this assumption turns out to be wrong.

For example, the fd-queue crate can be ported to send_vectored_with_ancillary calls (instead of the unsafe manual sendmsg that is used now). Then, write_vectored calls need to be mapped to send_vectored_with_ancillary calls. Without this PR, fd-queue will need to decide whether to cast or to copy the buffers.

Additionally, if the kernel was allowed to overwrite the buffer with arbitrary data, could send_vectored_with_ancillary be a safe function?

@LinkTed
Copy link
Contributor

LinkTed commented Dec 27, 2020

@lukaslihotzki any updates?

@lukaslihotzki
Copy link
Author

I have asked a question on Stack Overflow.

@crlf0710 crlf0710 added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jan 15, 2021
@JohnCSimon
Copy link
Member

Ping from triage
@lukaslihotzki - can you please post your status on this CR. Thank you.

@rustbot label: -S-waiting-on-review +S-waiting-on-author

@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Feb 1, 2021
@Dylan-DPC-zz
Copy link

@lukaslihotzki Closing this due to inactivity. If you find a way how to resolve this, feel free to open a new pull request and we can move it forward from there. Thanks for taking the time to contribute.

@Dylan-DPC-zz Dylan-DPC-zz added S-inactive Status: Inactive and waiting on the author. This is often applied to closed PRs. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Feb 2, 2021
Dylan-DPC-zz pushed a commit to Dylan-DPC-zz/rust that referenced this pull request Mar 2, 2021
unix: Non-mutable bufs in send_vectored_with_ancillary_to

This is the same PR as [rust-lang#79753](rust-lang#79753). It was closed because of inactivity. Therefore, I create a new one. ``@lukaslihotzki``
Dylan-DPC-zz pushed a commit to Dylan-DPC-zz/rust that referenced this pull request Mar 3, 2021
unix: Non-mutable bufs in send_vectored_with_ancillary_to

This is the same PR as [rust-lang#79753](rust-lang#79753). It was closed because of inactivity. Therefore, I create a new one. ```@lukaslihotzki```
JohnTitor added a commit to JohnTitor/rust that referenced this pull request Mar 3, 2021
unix: Non-mutable bufs in send_vectored_with_ancillary_to

This is the same PR as [rust-lang#79753](rust-lang#79753). It was closed because of inactivity. Therefore, I create a new one. ````@lukaslihotzki````
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-io Area: `std::io`, `std::fs`, `std::net` and `std::path` S-inactive Status: Inactive and waiting on the author. This is often applied to closed PRs. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants