2011-06-17 16:35:11 +02:00
|
|
|
/*
|
2014-02-18 15:01:39 +01:00
|
|
|
* Copyright (C) 2011-2014 Felix Fietkau <nbd@openwrt.org>
|
2011-06-17 16:35:11 +02:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Lesser General Public License version 2.1
|
|
|
|
|
* as published by the Free Software Foundation
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
2010-12-06 03:51:58 +01:00
|
|
|
#include <sys/socket.h>
|
2014-02-18 15:01:39 +01:00
|
|
|
#ifdef FreeBSD
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#endif
|
2010-12-06 03:51:58 +01:00
|
|
|
|
|
|
|
|
#include "ubusd.h"
|
|
|
|
|
|
2019-12-11 10:04:36 +01:00
|
|
|
#define USES_EXTERNAL_BUFFER ~0U
|
|
|
|
|
|
2011-02-07 02:41:56 +01:00
|
|
|
static struct ubus_msg_buf *ubus_msg_ref(struct ubus_msg_buf *ub)
|
2010-12-06 03:51:58 +01:00
|
|
|
{
|
2017-02-02 16:59:49 +01:00
|
|
|
struct ubus_msg_buf *new_ub;
|
2019-12-11 10:04:36 +01:00
|
|
|
if (ub->refcount == USES_EXTERNAL_BUFFER) {
|
2017-02-02 16:59:49 +01:00
|
|
|
new_ub = ubus_msg_new(ub->data, ub->len, false);
|
|
|
|
|
if (!new_ub)
|
|
|
|
|
return NULL;
|
|
|
|
|
memcpy(&new_ub->hdr, &ub->hdr, sizeof(struct ubus_msghdr));
|
|
|
|
|
new_ub->fd = ub->fd;
|
|
|
|
|
return new_ub;
|
|
|
|
|
}
|
2010-12-06 03:51:58 +01:00
|
|
|
|
|
|
|
|
ub->refcount++;
|
|
|
|
|
return ub;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct ubus_msg_buf *ubus_msg_new(void *data, int len, bool shared)
|
|
|
|
|
{
|
|
|
|
|
struct ubus_msg_buf *ub;
|
|
|
|
|
int buflen = sizeof(*ub);
|
|
|
|
|
|
|
|
|
|
if (!shared)
|
|
|
|
|
buflen += len;
|
|
|
|
|
|
|
|
|
|
ub = calloc(1, buflen);
|
|
|
|
|
if (!ub)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2014-02-18 15:01:39 +01:00
|
|
|
ub->fd = -1;
|
|
|
|
|
|
2010-12-06 03:51:58 +01:00
|
|
|
if (shared) {
|
2019-12-11 10:04:36 +01:00
|
|
|
ub->refcount = USES_EXTERNAL_BUFFER;
|
2010-12-06 03:51:58 +01:00
|
|
|
ub->data = data;
|
|
|
|
|
} else {
|
|
|
|
|
ub->refcount = 1;
|
|
|
|
|
ub->data = (void *) (ub + 1);
|
|
|
|
|
if (data)
|
|
|
|
|
memcpy(ub + 1, data, len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ub->len = len;
|
|
|
|
|
return ub;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void ubus_msg_free(struct ubus_msg_buf *ub)
|
|
|
|
|
{
|
|
|
|
|
switch (ub->refcount) {
|
|
|
|
|
case 1:
|
2019-12-11 10:04:36 +01:00
|
|
|
case USES_EXTERNAL_BUFFER:
|
2014-02-18 15:01:39 +01:00
|
|
|
if (ub->fd >= 0)
|
|
|
|
|
close(ub->fd);
|
|
|
|
|
|
2010-12-06 03:51:58 +01:00
|
|
|
free(ub);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
ub->refcount--;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-12 10:05:48 +01:00
|
|
|
ssize_t ubus_msg_writev(int fd, struct ubus_msg_buf *ub, size_t offset)
|
2010-12-06 03:51:58 +01:00
|
|
|
{
|
2019-12-27 14:48:32 +01:00
|
|
|
uint8_t fd_buf[CMSG_SPACE(sizeof(int))] = { 0 };
|
2014-02-18 15:01:39 +01:00
|
|
|
static struct iovec iov[2];
|
2019-12-27 14:48:32 +01:00
|
|
|
struct msghdr msghdr = { 0 };
|
2019-04-16 11:13:44 +02:00
|
|
|
struct ubus_msghdr hdr;
|
2019-12-27 14:48:32 +01:00
|
|
|
struct cmsghdr *cmsg;
|
iron out all extra compiler warnings
clang-9 on x86/64 has reported following warnings/errors:
libubus-acl.c:123:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
libubus-io.c:108:18: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
libubus-io.c:395:56: error: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
libubus-req.c:441:4: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:119:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_acl.c:152:5: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:348:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:352:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:357:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:362:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:367:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:447:16: error: comparison of integers of different signs: 'int' and '__size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ubusd_acl.c:502:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:123:13: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:170:15: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:262:43: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:287:30: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_event.c:170:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_obj.c:71:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-11 10:36:36 +01:00
|
|
|
ssize_t ret;
|
2019-12-27 14:48:32 +01:00
|
|
|
int *pfd;
|
2014-02-18 15:01:39 +01:00
|
|
|
|
2019-12-27 14:48:32 +01:00
|
|
|
msghdr.msg_iov = iov;
|
|
|
|
|
msghdr.msg_iovlen = ARRAY_SIZE(iov);
|
|
|
|
|
msghdr.msg_control = fd_buf;
|
|
|
|
|
msghdr.msg_controllen = sizeof(fd_buf);
|
|
|
|
|
|
|
|
|
|
cmsg = CMSG_FIRSTHDR(&msghdr);
|
|
|
|
|
cmsg->cmsg_type = SCM_RIGHTS;
|
|
|
|
|
cmsg->cmsg_level = SOL_SOCKET;
|
|
|
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
|
|
|
|
|
|
|
|
|
|
pfd = (int *) CMSG_DATA(cmsg);
|
|
|
|
|
msghdr.msg_controllen = cmsg->cmsg_len;
|
|
|
|
|
|
|
|
|
|
*pfd = ub->fd;
|
2019-04-16 11:13:44 +02:00
|
|
|
if (ub->fd < 0 || offset) {
|
2014-02-18 15:01:39 +01:00
|
|
|
msghdr.msg_control = NULL;
|
|
|
|
|
msghdr.msg_controllen = 0;
|
|
|
|
|
}
|
2010-12-06 03:51:58 +01:00
|
|
|
|
|
|
|
|
if (offset < sizeof(ub->hdr)) {
|
2016-02-15 05:09:38 +01:00
|
|
|
hdr.version = ub->hdr.version;
|
|
|
|
|
hdr.type = ub->hdr.type;
|
|
|
|
|
hdr.seq = cpu_to_be16(ub->hdr.seq);
|
|
|
|
|
hdr.peer = cpu_to_be32(ub->hdr.peer);
|
|
|
|
|
|
|
|
|
|
iov[0].iov_base = ((char *) &hdr) + offset;
|
|
|
|
|
iov[0].iov_len = sizeof(hdr) - offset;
|
2010-12-06 03:51:58 +01:00
|
|
|
iov[1].iov_base = (char *) ub->data;
|
|
|
|
|
iov[1].iov_len = ub->len;
|
|
|
|
|
} else {
|
|
|
|
|
offset -= sizeof(ub->hdr);
|
2019-04-16 11:13:44 +02:00
|
|
|
iov[0].iov_base = ((char *) ub->data) + offset;
|
|
|
|
|
iov[0].iov_len = ub->len - offset;
|
|
|
|
|
msghdr.msg_iovlen = 1;
|
2010-12-06 03:51:58 +01:00
|
|
|
}
|
2019-04-16 11:13:44 +02:00
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
ret = sendmsg(fd, &msghdr, 0);
|
|
|
|
|
} while (ret < 0 && errno == EINTR);
|
|
|
|
|
|
|
|
|
|
return ret;
|
2010-12-06 03:51:58 +01:00
|
|
|
}
|
|
|
|
|
|
ubusd: convert tx_queue to linked list
ubusd maintains a per-client tx_queue containing references to message
buffers that have not been sent yet (due to the socket blocking). This
is a fixed-size, 64-element queue.
When more than 64 elements are queued, subsequent elements are simply
dropped. Thus, a client that is waiting for those messages will block
indefinitely. In particular, this happens when more than +- 250 objects
are registered on the bus and either "ubus list" or "ubus wait_for" is
called. The responses to these requests consist of a message buffer per
object. Since in practice, ubusd will not yield between the sends of
these message buffers, the client has no time to process them and
eventually the output socket blocks. After 64 more objects, the rest is
dropped, including the final message that indicates termination. Thus,
the client waits indefinitely for the termination message.
To solve this, turn the tx_queue into a variable-sized linked list
instead of a fixed-size queue.
To maintain the linked list, an additional structure ubus_msg_buf_list
is created. It is not possible to add the linked list to ubus_msg_buf,
because that is shared between clients.
Note that this infinite tx_queue opens the door to a DoS attack. You can
open a client and a server connection, then send messages from the
client to the server without ever reading anything on the server side.
This will eventually lead to an out-of-memory. However, such a DoS
already existed anyway, it just requires opening multiple server
connections and filling up the fixed-size queue on each one. To protect
against such DoS attacks, we'd need to:
- keep a global maximum queue size that applies to all rx and tx queues
together;
- stop reading from any connection when the maximum is reached;
- close any connection when it hasn't become writeable after some
timeout.
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=1525
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-25 22:45:01 +01:00
|
|
|
void ubus_msg_list_free(struct ubus_msg_buf_list *ubl)
|
|
|
|
|
{
|
|
|
|
|
list_del_init(&ubl->list);
|
|
|
|
|
ubus_msg_free(ubl->msg);
|
|
|
|
|
free(ubl);
|
|
|
|
|
}
|
|
|
|
|
|
2011-02-05 20:50:08 +01:00
|
|
|
static void ubus_msg_enqueue(struct ubus_client *cl, struct ubus_msg_buf *ub)
|
|
|
|
|
{
|
ubusd: convert tx_queue to linked list
ubusd maintains a per-client tx_queue containing references to message
buffers that have not been sent yet (due to the socket blocking). This
is a fixed-size, 64-element queue.
When more than 64 elements are queued, subsequent elements are simply
dropped. Thus, a client that is waiting for those messages will block
indefinitely. In particular, this happens when more than +- 250 objects
are registered on the bus and either "ubus list" or "ubus wait_for" is
called. The responses to these requests consist of a message buffer per
object. Since in practice, ubusd will not yield between the sends of
these message buffers, the client has no time to process them and
eventually the output socket blocks. After 64 more objects, the rest is
dropped, including the final message that indicates termination. Thus,
the client waits indefinitely for the termination message.
To solve this, turn the tx_queue into a variable-sized linked list
instead of a fixed-size queue.
To maintain the linked list, an additional structure ubus_msg_buf_list
is created. It is not possible to add the linked list to ubus_msg_buf,
because that is shared between clients.
Note that this infinite tx_queue opens the door to a DoS attack. You can
open a client and a server connection, then send messages from the
client to the server without ever reading anything on the server side.
This will eventually lead to an out-of-memory. However, such a DoS
already existed anyway, it just requires opening multiple server
connections and filling up the fixed-size queue on each one. To protect
against such DoS attacks, we'd need to:
- keep a global maximum queue size that applies to all rx and tx queues
together;
- stop reading from any connection when the maximum is reached;
- close any connection when it hasn't become writeable after some
timeout.
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=1525
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-25 22:45:01 +01:00
|
|
|
struct ubus_msg_buf_list *ubl;
|
|
|
|
|
|
2021-03-25 22:45:02 +01:00
|
|
|
if (cl->txq_len + ub->len > UBUS_CLIENT_MAX_TXQ_LEN)
|
|
|
|
|
return;
|
|
|
|
|
|
ubusd: convert tx_queue to linked list
ubusd maintains a per-client tx_queue containing references to message
buffers that have not been sent yet (due to the socket blocking). This
is a fixed-size, 64-element queue.
When more than 64 elements are queued, subsequent elements are simply
dropped. Thus, a client that is waiting for those messages will block
indefinitely. In particular, this happens when more than +- 250 objects
are registered on the bus and either "ubus list" or "ubus wait_for" is
called. The responses to these requests consist of a message buffer per
object. Since in practice, ubusd will not yield between the sends of
these message buffers, the client has no time to process them and
eventually the output socket blocks. After 64 more objects, the rest is
dropped, including the final message that indicates termination. Thus,
the client waits indefinitely for the termination message.
To solve this, turn the tx_queue into a variable-sized linked list
instead of a fixed-size queue.
To maintain the linked list, an additional structure ubus_msg_buf_list
is created. It is not possible to add the linked list to ubus_msg_buf,
because that is shared between clients.
Note that this infinite tx_queue opens the door to a DoS attack. You can
open a client and a server connection, then send messages from the
client to the server without ever reading anything on the server side.
This will eventually lead to an out-of-memory. However, such a DoS
already existed anyway, it just requires opening multiple server
connections and filling up the fixed-size queue on each one. To protect
against such DoS attacks, we'd need to:
- keep a global maximum queue size that applies to all rx and tx queues
together;
- stop reading from any connection when the maximum is reached;
- close any connection when it hasn't become writeable after some
timeout.
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=1525
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-25 22:45:01 +01:00
|
|
|
ubl = calloc(1, sizeof(struct ubus_msg_buf_list));
|
|
|
|
|
if (!ubl)
|
2011-02-05 20:50:08 +01:00
|
|
|
return;
|
|
|
|
|
|
ubusd: convert tx_queue to linked list
ubusd maintains a per-client tx_queue containing references to message
buffers that have not been sent yet (due to the socket blocking). This
is a fixed-size, 64-element queue.
When more than 64 elements are queued, subsequent elements are simply
dropped. Thus, a client that is waiting for those messages will block
indefinitely. In particular, this happens when more than +- 250 objects
are registered on the bus and either "ubus list" or "ubus wait_for" is
called. The responses to these requests consist of a message buffer per
object. Since in practice, ubusd will not yield between the sends of
these message buffers, the client has no time to process them and
eventually the output socket blocks. After 64 more objects, the rest is
dropped, including the final message that indicates termination. Thus,
the client waits indefinitely for the termination message.
To solve this, turn the tx_queue into a variable-sized linked list
instead of a fixed-size queue.
To maintain the linked list, an additional structure ubus_msg_buf_list
is created. It is not possible to add the linked list to ubus_msg_buf,
because that is shared between clients.
Note that this infinite tx_queue opens the door to a DoS attack. You can
open a client and a server connection, then send messages from the
client to the server without ever reading anything on the server side.
This will eventually lead to an out-of-memory. However, such a DoS
already existed anyway, it just requires opening multiple server
connections and filling up the fixed-size queue on each one. To protect
against such DoS attacks, we'd need to:
- keep a global maximum queue size that applies to all rx and tx queues
together;
- stop reading from any connection when the maximum is reached;
- close any connection when it hasn't become writeable after some
timeout.
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=1525
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-25 22:45:01 +01:00
|
|
|
INIT_LIST_HEAD(&ubl->list);
|
|
|
|
|
ubl->msg = ubus_msg_ref(ub);
|
|
|
|
|
|
2021-06-30 20:12:46 +02:00
|
|
|
list_add_tail(&ubl->list, &cl->tx_queue);
|
2021-03-25 22:45:02 +01:00
|
|
|
cl->txq_len += ub->len;
|
2011-02-05 20:50:08 +01:00
|
|
|
}
|
|
|
|
|
|
2010-12-06 03:51:58 +01:00
|
|
|
/* takes the msgbuf reference */
|
ubusd: don't free messages in ubus_send_msg() anymore
This makes it clear that `ubus_msg_send()` is only
about sending and queue-ing messages, and has nothing
to do with free-ing.
It can be a bit misleading/confusing when trying to go
through the code and make assumptions about whether a
buffer is free'd in ubus_send_msg(), or is free'd outside.
In `ubusd_proto_receive_message()` the `ubus_msg_free()`
is now called before the `if (ret == -1)` check.
That way, all callbacks will have their messages free'd,
which is what's desired, but confusing, because:
* ubusd_handle_invoke() called ubus_msg_free() before returning -1
* ubusd_handle_notify() called ubus_msg_free() before returning -1
* ubusd_handle_response() called ubus_msg_send(,,free=true) before returning -1
* ubus_msg_send() would call ubus_msg_send(,,free=false)
* all other callback callers would `ubus_msg_send(,,free=true)`
(free the buffers in ubus_msg_send() )
In all other places, where `ubus_msg_send(,,free=true)`
an explicit `ubus_msg_free()` was added.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-07-05 15:20:51 +02:00
|
|
|
void ubus_msg_send(struct ubus_client *cl, struct ubus_msg_buf *ub)
|
2010-12-06 03:51:58 +01:00
|
|
|
{
|
iron out all extra compiler warnings
clang-9 on x86/64 has reported following warnings/errors:
libubus-acl.c:123:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
libubus-io.c:108:18: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
libubus-io.c:395:56: error: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
libubus-req.c:441:4: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:119:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_acl.c:152:5: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:348:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:352:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:357:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:362:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:367:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:447:16: error: comparison of integers of different signs: 'int' and '__size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ubusd_acl.c:502:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:123:13: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:170:15: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:262:43: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:287:30: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_event.c:170:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_obj.c:71:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-11 10:36:36 +01:00
|
|
|
ssize_t written;
|
2010-12-06 03:51:58 +01:00
|
|
|
|
2015-11-19 22:32:11 +01:00
|
|
|
if (ub->hdr.type != UBUS_MSG_MONITOR)
|
|
|
|
|
ubusd_monitor_message(cl, ub, true);
|
|
|
|
|
|
ubusd: convert tx_queue to linked list
ubusd maintains a per-client tx_queue containing references to message
buffers that have not been sent yet (due to the socket blocking). This
is a fixed-size, 64-element queue.
When more than 64 elements are queued, subsequent elements are simply
dropped. Thus, a client that is waiting for those messages will block
indefinitely. In particular, this happens when more than +- 250 objects
are registered on the bus and either "ubus list" or "ubus wait_for" is
called. The responses to these requests consist of a message buffer per
object. Since in practice, ubusd will not yield between the sends of
these message buffers, the client has no time to process them and
eventually the output socket blocks. After 64 more objects, the rest is
dropped, including the final message that indicates termination. Thus,
the client waits indefinitely for the termination message.
To solve this, turn the tx_queue into a variable-sized linked list
instead of a fixed-size queue.
To maintain the linked list, an additional structure ubus_msg_buf_list
is created. It is not possible to add the linked list to ubus_msg_buf,
because that is shared between clients.
Note that this infinite tx_queue opens the door to a DoS attack. You can
open a client and a server connection, then send messages from the
client to the server without ever reading anything on the server side.
This will eventually lead to an out-of-memory. However, such a DoS
already existed anyway, it just requires opening multiple server
connections and filling up the fixed-size queue on each one. To protect
against such DoS attacks, we'd need to:
- keep a global maximum queue size that applies to all rx and tx queues
together;
- stop reading from any connection when the maximum is reached;
- close any connection when it hasn't become writeable after some
timeout.
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=1525
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-03-25 22:45:01 +01:00
|
|
|
if (list_empty(&cl->tx_queue)) {
|
2011-02-05 20:50:08 +01:00
|
|
|
written = ubus_msg_writev(cl->sock.fd, ub, 0);
|
|
|
|
|
|
|
|
|
|
if (written < 0)
|
|
|
|
|
written = 0;
|
2010-12-06 03:51:58 +01:00
|
|
|
|
iron out all extra compiler warnings
clang-9 on x86/64 has reported following warnings/errors:
libubus-acl.c:123:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
libubus-io.c:108:18: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
libubus-io.c:395:56: error: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
libubus-req.c:441:4: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:119:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_acl.c:152:5: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:348:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:352:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:357:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:362:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:367:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
ubusd_acl.c:447:16: error: comparison of integers of different signs: 'int' and '__size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ubusd_acl.c:502:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:123:13: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:170:15: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:262:43: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd.c:287:30: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_event.c:170:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ubusd_obj.c:71:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-11 10:36:36 +01:00
|
|
|
if (written >= (ssize_t) (ub->len + sizeof(ub->hdr)))
|
ubusd: don't free messages in ubus_send_msg() anymore
This makes it clear that `ubus_msg_send()` is only
about sending and queue-ing messages, and has nothing
to do with free-ing.
It can be a bit misleading/confusing when trying to go
through the code and make assumptions about whether a
buffer is free'd in ubus_send_msg(), or is free'd outside.
In `ubusd_proto_receive_message()` the `ubus_msg_free()`
is now called before the `if (ret == -1)` check.
That way, all callbacks will have their messages free'd,
which is what's desired, but confusing, because:
* ubusd_handle_invoke() called ubus_msg_free() before returning -1
* ubusd_handle_notify() called ubus_msg_free() before returning -1
* ubusd_handle_response() called ubus_msg_send(,,free=true) before returning -1
* ubus_msg_send() would call ubus_msg_send(,,free=false)
* all other callback callers would `ubus_msg_send(,,free=true)`
(free the buffers in ubus_msg_send() )
In all other places, where `ubus_msg_send(,,free=true)`
an explicit `ubus_msg_free()` was added.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-07-05 15:20:51 +02:00
|
|
|
return;
|
2017-01-19 13:51:04 +01:00
|
|
|
|
2011-02-05 20:50:08 +01:00
|
|
|
cl->txq_ofs = written;
|
2021-03-25 22:45:02 +01:00
|
|
|
cl->txq_len = -written;
|
2010-12-06 03:51:58 +01:00
|
|
|
|
|
|
|
|
/* get an event once we can write to the socket again */
|
|
|
|
|
uloop_fd_add(&cl->sock, ULOOP_READ | ULOOP_WRITE | ULOOP_EDGE_TRIGGER);
|
|
|
|
|
}
|
2011-02-05 20:50:08 +01:00
|
|
|
ubus_msg_enqueue(cl, ub);
|
|
|
|
|
}
|
