From dff095f3bac7c61f574346c553486798d7fec426 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Tue, 25 Dec 2018 18:07:27 +0000
Subject: [PATCH] sys/fdpass.c: Allocate extra cmsg space to hack around a Qemu
 bug.

*shakes head sadly*
---
 sys/fdpass.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys/fdpass.c b/sys/fdpass.c
index 1db9210..15a4a2c 100644
--- a/sys/fdpass.c
+++ b/sys/fdpass.c
@@ -104,13 +104,19 @@ ssize_t fdpass_send(int sock, int fd, const void *p, size_t sz)
  *		otherwise it will.  At most one descriptor will be collected.
  */
 
+/* Qemu 2.8.1 clobbers 12 bytes beyond the end of the control-message
+ * buffer.  This is fixed in 2.12, but I'll bodge it for the sake of Debian
+ * stable.
+ */
+#define QEMU_SCRATCHSZ 16
+
 ssize_t fdpass_recv(int sock, int *fd, void *p, size_t sz)
 {
   struct iovec iov;
   struct msghdr msg;
   ssize_t rc;
 #ifndef HAVE_MSG_ACCRIGHTS
-  char buf[CMSG_SPACE(sizeof(fd))];
+  char buf[CMSG_SPACE(sizeof(fd)) + QEMU_SCRATCHSZ];
   struct cmsghdr *cmsg;
   int fdtmp;
 #endif
@@ -128,7 +134,7 @@ ssize_t fdpass_recv(int sock, int *fd, void *p, size_t sz)
 #else
   msg.msg_flags = 0;
   msg.msg_control = buf;
-  msg.msg_controllen = sizeof(buf);
+  msg.msg_controllen = sizeof(buf) - QEMU_SCRATCHSZ;
 #endif
   if ((rc = recvmsg(sock, &msg, 0)) < 0)
     return (rc);
@@ -151,4 +157,6 @@ ssize_t fdpass_recv(int sock, int *fd, void *p, size_t sz)
   return (rc);
 }
 
+#undef QEMU_SCRATCHSZ
+
 /*----- That's all, folks -------------------------------------------------*/
-- 
2.11.0