gvisor icon indicating copy to clipboard operation
gvisor copied to clipboard

Published 20 hours ago verified publisher icon google

strace sendmsg(): errno=22 (invalid argument)

Open handpickencounter opened this issue 7 months ago • 2 comments

Description

When using Waypipe and Firefox (tor-browser)

performed checks: gvisor, waypipe & firefox/tor-browser: broken; this issue gvisor, waypipe & chromium/google-chrome/brave: fully functional bubblewrap, waypipe(unix socket is laundered through socat TCP to prevent memory sharing), firefox: fully functional therefore waypipe is not involved, problem is due to gvisor and firefox interaction.

gvisor strace prime candidate ( 0xb socket:[7] ) (wayland-0 is waypipe and not the host's compositor) :

WaylandProxy X connect(
  0xb socket:[7],
  0x7f1df25fed7a {Family: AF_UNIX, Addr: "/run/user/1000/wayland-0"},
  0x6e) = 0 (0x0) (8.587µs)

WaylandProxy E poll(
  0x7f1df25fedd0 [{FD: 0xa socket:[6], Events: POLLIN, REvents: ...},
      {FD: 0xb socket:[7], Events: POLLIN, REvents: ...},
      {FD: 0x8 socket:[3], Events: POLLIN, REvents: ...}],
  0x3,
  0x7530)

WaylandProxy X sendmsg(
  0xb socket:[7],
  0x7f1df25fecc0 {name=0x0, namelen=0, iovecs=0x7f1df25fecb0 {base=0x7f1df1c10000, len=24, "\x01\x00\x00\x00\x01\x00\f\x00\x02\x00\x00\x00\x01\x00\x00\x00\x00\x00\f\x00\x03\x00\x00\x00"},
      control={0x0 }, flags=0},
  0x40000040
) = 0 (0x0) errno=22 (invalid argument) (771ns)

I believe I isolated the correct one as it's the only "invalid argument" by WaylandProxy and is followed closely by: WaylandProxy E write(0x2 /dev/null, 0x7f1df25feb00 "Warning: WaylandMessage::Write() failed : Invalid argument\n", 0x3b)

some clarification: I believe WaylandProxy is Firefox and not waypipe because it only shows up when tor-browser is ran with --verbose. the one above outputs to /dev/null because that run was not with --verbose

Steps to reproduce

waypipe --socket /path/waypipe.sock client

inside bwrap (bubblewrap) pivot_root environment (which is Fedora 42):

/runsc \
-platform=kvm -rootless -ignore-cgroups -overlay2=none -network=host -host-uds=all host-fifo=open \
do -force-overlay=false -- \
/bin/unshare --map-user=1000 --map-group=1000 -- \
/bin/bash -li

waypipe --socket /path/waypipe.sock --display wayland-0 server -- firefox

output:

Warning: WaylandMessage::Write() failed : Invalid argument
Error: we don't have any display, WAYLAND_DISPLAY='wayland-0' DISPLAY='(null)'

runsc version

runsc version release-20250414.0-14-gcd8fcab3446c-dirty
spec: 1.1.0-rc.1

handpickencounter avatar Apr 19 '25 16:04 handpickencounter

The EINVAL is coming from https://github.com/google/gvisor/blob/f45c79e15a27236e4f0dd76a346a32b7873ae5fb/pkg/sentry/syscalls/linux/sys_socket.go#L976-L979

Here, we consider MSG_CMSG_CLOEXEC = 0x40000000 as unsupported. We need to add support for that.

ayushr2 avatar Apr 19 '25 17:04 ayushr2

MSG_CMSG_CLOEXEC is only a flag for recvmsg. I'm not sure why it is being set on sendmsg.

nlacasse avatar May 28 '25 21:05 nlacasse