1 /*
2 * Check decoding of select/_newselect syscalls.
3 *
4 * Copyright (c) 2015-2018 Dmitry V. Levin <ldv@altlinux.org>
5 * Copyright (c) 2015-2017 The strace developers.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /*
32 * Based on test by Dr. David Alan Gilbert <dave@treblig.org>
33 */
34
35 #include <errno.h>
36 #include <limits.h>
37 #include <stdint.h>
38 #include <stdio.h>
39 #include <string.h>
40 #include <unistd.h>
41 #include <sys/select.h>
42
43 static const char *errstr;
44
45 static long
xselect(const kernel_ulong_t nfds,const kernel_ulong_t rs,const kernel_ulong_t ws,const kernel_ulong_t es,const kernel_ulong_t tv)46 xselect(const kernel_ulong_t nfds,
47 const kernel_ulong_t rs,
48 const kernel_ulong_t ws,
49 const kernel_ulong_t es,
50 const kernel_ulong_t tv)
51 #ifndef xselect
52 {
53 long rc = syscall(TEST_SYSCALL_NR,
54 F8ILL_KULONG_MASK | nfds, rs, ws, es, tv);
55 errstr = sprintrc(rc);
56 return rc;
57 }
58 #else
59 ;
60 #endif
61
62 #define XSELECT(expected_, ...) \
63 do { \
64 long rc = xselect(__VA_ARGS__); \
65 if (rc != (expected_)) \
66 perror_msg_and_fail(TEST_SYSCALL_STR \
67 ": expected %d" \
68 ", returned %ld", \
69 (expected_), rc); \
70 } while (0) \
71 /* End of XSELECT definition. */
72
73 int
main(void)74 main(void)
75 {
76 #ifdef PATH_TRACING_FD
77 skip_if_unavailable("/proc/self/fd/");
78 #endif
79
80 for (int i = 3; i < FD_SETSIZE; ++i) {
81 #ifdef PATH_TRACING_FD
82 if (i == PATH_TRACING_FD)
83 continue;
84 #endif
85 (void) close(i);
86 }
87
88 int fds[2];
89 if (pipe(fds))
90 perror_msg_and_fail("pipe");
91
92 static const int smallset_size = sizeof(kernel_ulong_t) * 8;
93 const int nfds = fds[1] + 1;
94 if (nfds > smallset_size)
95 error_msg_and_fail("nfds[%d] > smallset_size[%d]\n",
96 nfds, smallset_size);
97
98 struct timeval tv_in = { 0, 123 };
99 struct timeval *const tv = tail_memdup(&tv_in, sizeof(tv_in));
100 const uintptr_t a_tv = (uintptr_t) tv;
101
102 TAIL_ALLOC_OBJECT_VAR_PTR(kernel_ulong_t, l_rs);
103 fd_set *const rs = (void *) l_rs;
104 const uintptr_t a_rs = (uintptr_t) rs;
105
106 TAIL_ALLOC_OBJECT_VAR_PTR(kernel_ulong_t, l_ws);
107 fd_set *const ws = (void *) l_ws;
108 const uintptr_t a_ws = (uintptr_t) ws;
109
110 TAIL_ALLOC_OBJECT_VAR_PTR(kernel_ulong_t, l_es);
111 fd_set *const es = (void *) l_es;
112 const uintptr_t a_es = (uintptr_t) es;
113
114 long rc;
115
116 /*
117 * An equivalent of nanosleep.
118 */
119 if (xselect(0, 0, 0, 0, a_tv)) {
120 if (errno == ENOSYS)
121 perror_msg_and_skip(TEST_SYSCALL_STR);
122 else
123 perror_msg_and_fail(TEST_SYSCALL_STR);
124 }
125 #ifndef PATH_TRACING_FD
126 printf("%s(0, NULL, NULL, NULL, {tv_sec=%lld, tv_usec=%llu})"
127 " = 0 (Timeout)\n",
128 TEST_SYSCALL_STR, (long long) tv_in.tv_sec,
129 zero_extend_signed_to_ull(tv_in.tv_usec));
130 #endif
131
132 /* EFAULT on tv argument */
133 XSELECT(-1, 0, 0, 0, 0, a_tv + 1);
134 #ifndef PATH_TRACING_FD
135 printf("%s(0, NULL, NULL, NULL, %#lx) = %s\n",
136 TEST_SYSCALL_STR, (unsigned long) a_tv + 1, errstr);
137 #endif
138
139 /*
140 * Start with a nice simple select with the same set.
141 */
142 for (int i = nfds; i <= smallset_size; ++i) {
143 *l_rs = (1UL << fds[0]) | (1UL << fds[1]);
144 XSELECT(1, i, a_rs, a_rs, a_rs, 0);
145 #ifndef PATH_TRACING_FD
146 printf("%s(%d, [%d %d], [%d %d], [%d %d], NULL) = 1 ()\n",
147 TEST_SYSCALL_STR, i, fds[0], fds[1],
148 fds[0], fds[1], fds[0], fds[1]);
149 #else
150 *l_rs = (1UL << fds[0]) | (1UL << fds[1]) |
151 (1UL << PATH_TRACING_FD);
152 XSELECT(i > PATH_TRACING_FD ? 3 : 1, i, a_rs, a_rs, a_rs, 0);
153 if (i > PATH_TRACING_FD) {
154 printf("%s(%d, [%d %d %d], [%d %d %d], [%d %d %d]"
155 ", NULL) = 3 ()\n",
156 TEST_SYSCALL_STR, i,
157 fds[0], fds[1], PATH_TRACING_FD,
158 fds[0], fds[1], PATH_TRACING_FD,
159 fds[0], fds[1], PATH_TRACING_FD);
160 }
161 #endif
162 }
163
164 /*
165 * Odd timeout.
166 */
167 *l_rs = (1UL << fds[0]) | (1UL << fds[1]);
168 tv_in.tv_sec = 0xdeadbeefU;
169 tv_in.tv_usec = 0xfacefeedU;
170 memcpy(tv, &tv_in, sizeof(tv_in));
171 rc = xselect(nfds, a_rs, a_rs, a_rs, a_tv);
172 if (rc < 0) {
173 #ifndef PATH_TRACING_FD
174 printf("%s(%d, [%d %d], [%d %d], [%d %d]"
175 ", {tv_sec=%lld, tv_usec=%llu}) = %s\n",
176 TEST_SYSCALL_STR, nfds, fds[0], fds[1],
177 fds[0], fds[1], fds[0], fds[1],
178 (long long) tv_in.tv_sec,
179 zero_extend_signed_to_ull(tv_in.tv_usec),
180 errstr);
181 #endif /* !PATH_TRACING_FD */
182 } else {
183 #ifndef PATH_TRACING_FD
184 printf("%s(%d, [%d %d], [%d %d], [%d %d]"
185 ", {tv_sec=%lld, tv_usec=%llu}) = %ld"
186 " (left {tv_sec=%lld, tv_usec=%llu})\n",
187 TEST_SYSCALL_STR, nfds, fds[0], fds[1],
188 fds[0], fds[1], fds[0], fds[1],
189 (long long) tv_in.tv_sec,
190 zero_extend_signed_to_ull(tv_in.tv_usec),
191 rc, (long long) tv->tv_sec,
192 zero_extend_signed_to_ull(tv->tv_usec));
193 #endif /* !PATH_TRACING_FD */
194 }
195
196 /*
197 * Very odd timeout.
198 */
199 *l_rs = (1UL << fds[0]) | (1UL << fds[1]);
200 tv_in.tv_sec = (time_t) 0xcafef00ddeadbeefLL;
201 tv_in.tv_usec = (suseconds_t) 0xbadc0dedfacefeedLL;
202 memcpy(tv, &tv_in, sizeof(tv_in));
203 rc = xselect(nfds, a_rs, a_rs, a_rs, a_tv);
204 if (rc < 0) {
205 #ifndef PATH_TRACING_FD
206 printf("%s(%d, [%d %d], [%d %d], [%d %d]"
207 ", {tv_sec=%lld, tv_usec=%llu}) = %s\n",
208 TEST_SYSCALL_STR, nfds, fds[0], fds[1],
209 fds[0], fds[1], fds[0], fds[1],
210 (long long) tv_in.tv_sec,
211 zero_extend_signed_to_ull(tv_in.tv_usec),
212 errstr);
213 #endif /* PATH_TRACING_FD */
214 } else {
215 #ifndef PATH_TRACING_FD
216 printf("%s(%d, [%d %d], [%d %d], [%d %d]"
217 ", {tv_sec=%lld, tv_usec=%llu}) = %ld"
218 " (left {tv_sec=%lld, tv_usec=%llu})\n",
219 TEST_SYSCALL_STR, nfds, fds[0], fds[1],
220 fds[0], fds[1], fds[0], fds[1],
221 (long long) tv_in.tv_sec,
222 zero_extend_signed_to_ull(tv_in.tv_usec),
223 rc, (long long) tv->tv_sec,
224 zero_extend_signed_to_ull(tv->tv_usec));
225 #endif /* PATH_TRACING_FD */
226 }
227
228 /*
229 * Another simple one, with a timeout.
230 */
231 for (int i = nfds; i <= smallset_size; ++i) {
232 *l_rs = (1UL << fds[0]) | (1UL << fds[1]);
233 *l_ws = (1UL << 1) | (1UL << 2) |
234 (1UL << fds[0]) | (1UL << fds[1]);
235 *l_es = 0;
236 tv_in.tv_sec = 0xc0de1;
237 tv_in.tv_usec = 0xc0de2;
238 memcpy(tv, &tv_in, sizeof(tv_in));
239 XSELECT(3, i, a_rs, a_ws, a_es, a_tv);
240 #ifndef PATH_TRACING_FD
241 printf("%s(%d, [%d %d], [%d %d %d %d], []"
242 ", {tv_sec=%lld, tv_usec=%llu}) = 3 (out [1 2 %d]"
243 ", left {tv_sec=%lld, tv_usec=%llu})\n",
244 TEST_SYSCALL_STR, i, fds[0], fds[1],
245 1, 2, fds[0], fds[1],
246 (long long) tv_in.tv_sec,
247 zero_extend_signed_to_ull(tv_in.tv_usec),
248 fds[1],
249 (long long) tv->tv_sec,
250 zero_extend_signed_to_ull(tv->tv_usec));
251 #else
252 *l_rs = (1UL << fds[0]) | (1UL << fds[1]) |
253 (1UL << PATH_TRACING_FD);
254 *l_ws = (1UL << 1) | (1UL << 2) |
255 (1UL << fds[0]) | (1UL << fds[1]);
256 tv_in.tv_sec = 0xc0de1;
257 tv_in.tv_usec = 0xc0de2;
258 memcpy(tv, &tv_in, sizeof(tv_in));
259 XSELECT(3 + (i > PATH_TRACING_FD), i, a_rs, a_ws, a_es, a_tv);
260 if (i > PATH_TRACING_FD) {
261 printf("%s(%d, [%d %d %d], [%d %d %d %d], []"
262 ", {tv_sec=%lld, tv_usec=%llu})"
263 " = 4 (in [%d], out [1 2 %d]"
264 ", left {tv_sec=%lld, tv_usec=%llu})\n",
265 TEST_SYSCALL_STR, i,
266 fds[0], fds[1], PATH_TRACING_FD,
267 1, 2, fds[0], fds[1],
268 (long long) tv_in.tv_sec,
269 zero_extend_signed_to_ull(tv_in.tv_usec),
270 PATH_TRACING_FD, fds[1],
271 (long long) tv->tv_sec,
272 zero_extend_signed_to_ull(tv->tv_usec));
273 }
274
275 *l_rs = (1UL << fds[0]) | (1UL << fds[1]);
276 *l_ws = (1UL << 1) | (1UL << 2) |
277 (1UL << fds[0]) | (1UL << fds[1]) |
278 (1UL << PATH_TRACING_FD);
279 tv_in.tv_sec = 0xc0de1;
280 tv_in.tv_usec = 0xc0de2;
281 memcpy(tv, &tv_in, sizeof(tv_in));
282 XSELECT(3 + (i > PATH_TRACING_FD), i, a_rs, a_ws, a_es, a_tv);
283 if (i > PATH_TRACING_FD) {
284 printf("%s(%d, [%d %d], [%d %d %d %d %d], []"
285 ", {tv_sec=%lld, tv_usec=%llu})"
286 " = 4 (out [1 2 %d %d]"
287 ", left {tv_sec=%lld, tv_usec=%llu})\n",
288 TEST_SYSCALL_STR, i,
289 fds[0], fds[1],
290 1, 2, fds[0], fds[1], PATH_TRACING_FD,
291 (long long) tv_in.tv_sec,
292 zero_extend_signed_to_ull(tv_in.tv_usec),
293 fds[1], PATH_TRACING_FD,
294 (long long) tv->tv_sec,
295 zero_extend_signed_to_ull(tv->tv_usec));
296 }
297
298 *l_rs = (1UL << fds[0]) | (1UL << fds[1]);
299 *l_ws = (1UL << 1) | (1UL << 2) |
300 (1UL << fds[0]) | (1UL << fds[1]);
301 *l_es = (1UL << PATH_TRACING_FD);
302 tv_in.tv_sec = 0xc0de1;
303 tv_in.tv_usec = 0xc0de2;
304 memcpy(tv, &tv_in, sizeof(tv_in));
305 XSELECT(3, i, a_rs, a_ws, a_es, a_tv);
306 if (i > PATH_TRACING_FD) {
307 printf("%s(%d, [%d %d], [%d %d %d %d], [%d]"
308 ", {tv_sec=%lld, tv_usec=%llu}) = 3 (out [1 2 %d]"
309 ", left {tv_sec=%lld, tv_usec=%llu})\n",
310 TEST_SYSCALL_STR, i,
311 fds[0], fds[1],
312 1, 2, fds[0], fds[1], PATH_TRACING_FD,
313 (long long) tv_in.tv_sec,
314 zero_extend_signed_to_ull(tv_in.tv_usec),
315 fds[1],
316 (long long) tv->tv_sec,
317 zero_extend_signed_to_ull(tv->tv_usec));
318 }
319
320 #endif /* PATH_TRACING_FD */
321 }
322
323 /*
324 * Now the crash case that trinity found, negative nfds
325 * but with a pointer to a large chunk of valid memory.
326 */
327 static fd_set set[0x1000000 / sizeof(fd_set)];
328 FD_SET(fds[1], set);
329 XSELECT(-1, -1U, 0, (uintptr_t) set, 0, 0);
330 #ifndef PATH_TRACING_FD
331 printf("%s(-1, NULL, %p, NULL, NULL) = %s\n",
332 TEST_SYSCALL_STR, set, errstr);
333 #endif
334
335 /*
336 * Big sets, nfds exceeds FD_SETSIZE limit.
337 */
338 const size_t big_size = sizeof(fd_set) + sizeof(long);
339 fd_set *const big_rs = tail_alloc(big_size);
340 const uintptr_t a_big_rs = (uintptr_t) big_rs;
341
342 fd_set *const big_ws = tail_alloc(big_size);
343 const uintptr_t a_big_ws = (uintptr_t) big_ws;
344
345 for (unsigned int i = FD_SETSIZE; i <= big_size * 8; ++i) {
346 memset(big_rs, 0, big_size);
347 memset(big_ws, 0, big_size);
348 FD_SET(fds[0], big_rs);
349 tv->tv_sec = 0;
350 tv->tv_usec = 10 + (i - FD_SETSIZE);
351 XSELECT(0, i, a_big_rs, a_big_ws, 0, a_tv);
352 #ifndef PATH_TRACING_FD
353 printf("%s(%d, [%d], [], NULL, {tv_sec=0, tv_usec=%d})"
354 " = 0 (Timeout)\n",
355 TEST_SYSCALL_STR, i, fds[0], 10 + (i - FD_SETSIZE));
356 #else
357 FD_SET(fds[0], big_rs);
358 FD_SET(PATH_TRACING_FD, big_rs);
359 tv->tv_sec = 0;
360 tv->tv_usec = 10 + (i - FD_SETSIZE);
361 XSELECT(1, i, a_big_rs, a_big_ws, 0, a_tv);
362 printf("%s(%d, [%d %d], [], NULL, {tv_sec=0, tv_usec=%d})"
363 " = 1 (in [%d], left {tv_sec=0, tv_usec=%llu})\n",
364 TEST_SYSCALL_STR, i, fds[0], PATH_TRACING_FD,
365 10 + (i - FD_SETSIZE), PATH_TRACING_FD,
366 zero_extend_signed_to_ull(tv->tv_usec));
367 #endif /* PATH_TRACING_FD */
368 }
369
370 /*
371 * Huge sets, nfds equals to INT_MAX.
372 */
373 FD_SET(fds[0], set);
374 FD_SET(fds[1], set);
375 tv->tv_sec = 0;
376 tv->tv_usec = 123;
377 XSELECT(0, INT_MAX, (uintptr_t) set, (uintptr_t) &set[1],
378 (uintptr_t) &set[2], a_tv);
379 #ifndef PATH_TRACING_FD
380 printf("%s(%d, [%d %d], [], [], {tv_sec=0, tv_usec=123})"
381 " = 0 (Timeout)\n",
382 TEST_SYSCALL_STR, INT_MAX, fds[0], fds[1]);
383 #else
384 FD_SET(fds[0], set);
385 FD_SET(fds[1], set);
386 FD_SET(PATH_TRACING_FD, set);
387 tv->tv_sec = 0;
388 tv->tv_usec = 123;
389 XSELECT(1, INT_MAX, (uintptr_t) set, (uintptr_t) &set[1],
390 (uintptr_t) &set[2], a_tv);
391 printf("%s(%d, [%d %d %d], [], [], {tv_sec=0, tv_usec=123})"
392 " = 1 (in [%d], left {tv_sec=0, tv_usec=%llu})\n",
393 TEST_SYSCALL_STR, INT_MAX, fds[0], fds[1], PATH_TRACING_FD,
394 PATH_TRACING_FD, zero_extend_signed_to_ull(tv->tv_usec));
395 #endif /* PATH_TRACING_FD */
396
397 /*
398 * Small sets, nfds exceeds FD_SETSIZE limit.
399 * The kernel seems to be fine with it but strace cannot follow.
400 */
401 *l_rs = (1UL << fds[0]) | (1UL << fds[1])
402 #ifdef PATH_TRACING_FD
403 | (1UL << PATH_TRACING_FD)
404 #endif
405 ;
406 *l_ws = (1UL << fds[0]);
407 *l_es = (1UL << fds[0]) | (1UL << fds[1])
408 #ifdef PATH_TRACING_FD
409 | (1UL << PATH_TRACING_FD)
410 #endif
411 ;
412 tv->tv_sec = 0;
413 tv->tv_usec = 123;
414 rc = xselect(FD_SETSIZE + 1, a_rs, a_ws, a_es, a_tv);
415 if (rc < 0) {
416 #ifndef PATH_TRACING_FD
417 printf("%s(%d, %p, %p, %p, {tv_sec=0, tv_usec=123}) = %s\n",
418 TEST_SYSCALL_STR, FD_SETSIZE + 1, rs, ws, es, errstr);
419 #endif
420 } else {
421 #ifndef PATH_TRACING_FD
422 printf("%s(%d, %p, %p, %p, {tv_sec=0, tv_usec=123})"
423 " = 0 (Timeout)\n",
424 TEST_SYSCALL_STR, FD_SETSIZE + 1, rs, ws, es);
425 #endif
426 }
427
428 /*
429 * Small sets, one of allocated descriptors exceeds smallset_size.
430 */
431 if (dup2(fds[1], smallset_size) != smallset_size)
432 perror_msg_and_fail("dup2");
433 #ifdef PATH_TRACING_FD
434 FD_SET(PATH_TRACING_FD, rs);
435 FD_SET(PATH_TRACING_FD, ws);
436 FD_SET(PATH_TRACING_FD, es);
437 #endif
438 XSELECT(-1, smallset_size + 1, a_rs, a_ws, a_es, 0);
439 #ifndef PATH_TRACING_FD
440 printf("%s(%d, %p, %p, %p, NULL) = %s\n",
441 TEST_SYSCALL_STR, smallset_size + 1, rs, ws, es, errstr);
442 #endif
443
444 /*
445 * Small and big sets,
446 * one of allocated descriptors exceeds smallset_size.
447 */
448 memset(big_rs, 0, big_size);
449 FD_SET(fds[0], big_rs);
450 FD_SET(smallset_size, big_rs);
451 memset(big_ws, 0, big_size);
452 FD_SET(fds[1], big_ws);
453 FD_SET(smallset_size, big_ws);
454 XSELECT(-1, smallset_size + 1, a_big_rs, a_big_ws, a_es, 0);
455 #ifndef PATH_TRACING_FD
456 printf("%s(%d, [%d %d], [%d %d], %p, NULL) = %s\n",
457 TEST_SYSCALL_STR, smallset_size + 1,
458 fds[0], smallset_size,
459 fds[1], smallset_size,
460 es, errstr);
461 #endif /* !PATH_TRACING_FD */
462 XSELECT(-1, smallset_size + 1, a_es, a_big_ws, a_big_rs, 0);
463 #ifndef PATH_TRACING_FD
464 printf("%s(%d, %p, [%d %d], [%d %d], NULL) = %s\n",
465 TEST_SYSCALL_STR, smallset_size + 1,
466 es,
467 fds[1], smallset_size,
468 fds[0], smallset_size,
469 errstr);
470 #endif /* !PATH_TRACING_FD */
471
472 puts("+++ exited with 0 +++");
473 return 0;
474 }
475