On Wed, 2021-11-03 at 11:46 +0100, Jan Kiszka via Xenomai wrote:
> On 03.11.21 07:59, Jan Kiszka wrote:
> > On 02.11.21 23:57, C Smith via Xenomai wrote:
> > > I added some printf/printk to rtcansend.c as well as rtcan_raw.c:
> > >
> > > rtcan_raw.c:
> > > /* Check size of buffer */
> > > if (iov->iov_len != sizeof(can_frame_t)) {
> > > printk("rtcan_raw.c, 850: sizeof(can_frame_t): %ld\n",
> > > sizeof(can_frame_t));
> > > printk("rtcan_raw.c, 852: iov->iov_len: %ld\n",
> > > iov->iov_len);
> > > return -EMSGSIZE;
> > > }
> > >
> > > when running rtcansend (32-bit compile, which fails with EMSGSIZE):
> > > [root@pc can]# /usr/xenomai/bin/rtcansend rtcan0 -s 0xde 0xad
> > > sizeof(can_frame_t): 16
> > > send: Message too long
> > >
> > > [root@pc can]# dmesg
> > > [11275.197125] rtcan_raw.c, 850: sizeof(can_frame_t): 16
> > > [11275.197133] rtcan_raw.c, 852: iov->iov_len: 34494267600
> > >
> > > when running rtcansend (64-bit compile, sends out can msg OK):
> > > [root@pc can]# /usr/xenomai/bin/rtcansend rtcan0 -s 0xde 0xad
> > > sizeof(can_frame_t): 16
> > >
> > > [root@pc can]# dmesg
> > > [12476.571032] rtcan_raw.c, 850: sizeof(can_frame_t): 16
> > > [12476.571040] rtcan_raw.c, 852: iov->iov_len: 16
> > >
> > > It looks like the struct user_msghdr *msg passed into rtcan_raw_sendmsg()
> > > is corrupt.
> > > I'm using Xenomai 3.1, with kernel 4.19.989 x86_64
> > > -C Smith
> >
> > OK, my guess was wrong. Let me see where we corrupt this.
> >
> > Brings https://gitlab.com/Xenomai/xenomai-hacker-space/-/issues/21 into
> > memory...
> >
>
> Found it: We are lacking use of rtdm_get_iovec in rtcan - in contrast to
> RTnet (see e.g. rt_packet_sendmsg). Would you feel like looking into
> such a change?
Just a note: rtcan_raw_sendmsg() and rtcan_raw_recvmsg() are both
affected. Both should be using rtdm_get_iovec().
>
> Jan
>
