From 927ea16dd384f675a2ce1456be457a371109c488 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Wed, 1 Sep 2021 11:46:02 -0700
Subject: unix: handle a case when a buffer is overflowed

Reported-by: syzbot+1aab6800bd14829609b8@syzkaller.appspotmail.com
PiperOrigin-RevId: 394279838
---
 pkg/sentry/socket/unix/transport/queue.go |  2 +-
 test/syscalls/linux/socket_unix_stream.cc | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/pkg/sentry/socket/unix/transport/queue.go b/pkg/sentry/socket/unix/transport/queue.go
index e4de44498..a9cedcf5f 100644
--- a/pkg/sentry/socket/unix/transport/queue.go
+++ b/pkg/sentry/socket/unix/transport/queue.go
@@ -133,7 +133,7 @@ func (q *queue) Enqueue(ctx context.Context, data [][]byte, c ControlMessages, f
 	free := q.limit - q.used
 
 	if l > free && truncate {
-		if free == 0 {
+		if free <= 0 {
 			// Message can't fit right now.
 			q.mu.Unlock()
 			return 0, false, syserr.ErrWouldBlock
diff --git a/test/syscalls/linux/socket_unix_stream.cc b/test/syscalls/linux/socket_unix_stream.cc
index 6e9f70f8c..2f3cfc3f3 100644
--- a/test/syscalls/linux/socket_unix_stream.cc
+++ b/test/syscalls/linux/socket_unix_stream.cc
@@ -181,6 +181,21 @@ TEST_P(StreamUnixSocketPairTest, SetSocketSendBuf) {
   ASSERT_EQ(quarter_sz, val);
 }
 
+TEST_P(StreamUnixSocketPairTest, SendBufferOverflow) {
+  auto sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair());
+  auto s = sockets->first_fd();
+
+  constexpr int kBufSz = 4096;
+  std::vector<char> buf(kBufSz * 4);
+  ASSERT_THAT(RetryEINTR(send)(s, buf.data(), buf.size(), MSG_DONTWAIT),
+              SyscallSucceeds());
+  // The new buffer size should be smaller that the amount of data in the queue.
+  ASSERT_THAT(setsockopt(s, SOL_SOCKET, SO_SNDBUF, &kBufSz, sizeof(kBufSz)),
+              SyscallSucceeds());
+  ASSERT_THAT(RetryEINTR(send)(s, buf.data(), buf.size(), MSG_DONTWAIT),
+              SyscallFailsWithErrno(EAGAIN));
+}
+
 TEST_P(StreamUnixSocketPairTest, IncreasedSocketSendBufUnblocksWrites) {
   auto sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair());
   int sock = sockets->first_fd();
-- 
cgit v1.2.3