Re: rtcansend 32-bit

[Jan Kiszka via Xenomai]

On 02.11.21 23:57, C Smith via Xenomai wrote:
> I added some printf/printk to rtcansend.c as well as rtcan_raw.c:
> 
> rtcan_raw.c:
>     /* Check size of buffer */
>     if (iov->iov_len != sizeof(can_frame_t)) {
>             printk("rtcan_raw.c, 850: sizeof(can_frame_t): %ld\n",
>                    sizeof(can_frame_t));
>                 printk("rtcan_raw.c, 852: iov->iov_len: %ld\n",
> iov->iov_len);
>             return -EMSGSIZE;
>     }
> 
> when running rtcansend (32-bit compile, which fails with EMSGSIZE):
>         [root@pc can]# /usr/xenomai/bin/rtcansend rtcan0 -s 0xde 0xad
>         sizeof(can_frame_t): 16
>         send: Message too long
> 
>         [root@pc can]# dmesg
>         [11275.197125] rtcan_raw.c, 850: sizeof(can_frame_t): 16
>         [11275.197133] rtcan_raw.c, 852: iov->iov_len: 34494267600
> 
> when running rtcansend (64-bit compile, sends out can msg OK):
>         [root@pc can]# /usr/xenomai/bin/rtcansend rtcan0 -s 0xde 0xad
>         sizeof(can_frame_t): 16
> 
>         [root@pc can]# dmesg
>         [12476.571032] rtcan_raw.c, 850: sizeof(can_frame_t): 16
>         [12476.571040] rtcan_raw.c, 852: iov->iov_len: 16
> 
> It looks like the struct user_msghdr *msg passed into rtcan_raw_sendmsg()
> is corrupt.
> I'm using Xenomai 3.1, with kernel 4.19.989 x86_64
> -C Smith

OK, my guess was wrong. Let me see where we corrupt this.

Brings https://gitlab.com/Xenomai/xenomai-hacker-space/-/issues/21 into
memory...

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux