• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Check decoding of msg_name* fields of struct msghdr array argument
3  * of sendmmsg and recvmmsg syscalls.
4  *
5  * Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
6  * Copyright (c) 2016-2018 The strace developers.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. The name of the author may not be used to endorse or promote products
18  *    derived from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #include "tests.h"
33 
34 #include <errno.h>
35 #include <limits.h>
36 #include <stddef.h>
37 #include <stdio.h>
38 #include <string.h>
39 #include <unistd.h>
40 #include <sys/un.h>
41 
42 #include "msghdr.h"
43 
44 #define IOV_MAX1 (IOV_MAX + 1)
45 
46 #ifndef TEST_NAME
47 # define TEST_NAME "mmsg_name"
48 #endif
49 
50 static void
print_msghdr(const struct msghdr * const msg,const int user_msg_namelen)51 print_msghdr(const struct msghdr *const msg, const int user_msg_namelen)
52 {
53 	const struct sockaddr_un *const un = msg->msg_name;
54 	const int offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
55 
56 	printf("{msg_name=");
57 	if (!un)
58 		printf("NULL");
59 	else if (user_msg_namelen < offsetof_sun_path) {
60 		printf("%p", un);
61 	} else {
62 		printf("{sa_family=AF_UNIX");
63 		if (user_msg_namelen > offsetof_sun_path) {
64 			int len = user_msg_namelen < (int) msg->msg_namelen ?
65 				  user_msg_namelen : (int) msg->msg_namelen;
66 			len -= offsetof_sun_path;
67 			if (len > (int) sizeof(un->sun_path))
68 				len = sizeof(un->sun_path);
69 			printf(", sun_path=\"%.*s\"", len, un->sun_path);
70 		}
71 		printf("}");
72 	}
73 	printf(", msg_namelen=");
74 	if (user_msg_namelen != (int) msg->msg_namelen) {
75 		printf("%d->", user_msg_namelen);
76 	}
77 	printf("%d, msg_iov=[{iov_base=\"%c\", iov_len=1}]"
78 	       ", msg_iovlen=1, msg_controllen=0, msg_flags=0}",
79 	       (int) msg->msg_namelen, *(char *) msg->msg_iov[0].iov_base);
80 }
81 
82 static void
test_mmsg_name(const int send_fd,const int recv_fd)83 test_mmsg_name(const int send_fd, const int recv_fd)
84 {
85 	struct sockaddr_un *const send_addr =
86 		tail_alloc(sizeof(*send_addr) * IOV_MAX1);
87 	char *const send_buf = tail_alloc(sizeof(*send_buf) * IOV_MAX1);
88 	struct iovec *const send_iov = tail_alloc(sizeof(*send_iov) * IOV_MAX1);
89 	struct mmsghdr *const send_mh = tail_alloc(sizeof(*send_mh) * IOV_MAX1);
90 
91 	int i, rc;
92 
93 	for (i = 0; i < IOV_MAX1; ++i) {
94 		int sun_len = i + 1 > (int) sizeof(send_addr[i].sun_path)
95 				    ? (int) sizeof(send_addr[i].sun_path)
96 				    : i + 1;
97 
98 		send_addr[i].sun_family = AF_UNIX;
99 		memset(send_addr[i].sun_path, 'a' + i % 26, sun_len);
100 
101 		send_buf[i] = '0' + i % 10;
102 
103 		send_iov[i].iov_base = &send_buf[i];
104 		send_iov[i].iov_len = sizeof(*send_buf);
105 
106 		send_mh[i].msg_hdr.msg_iov = &send_iov[i];
107 		send_mh[i].msg_hdr.msg_iovlen = 1;
108 		send_mh[i].msg_hdr.msg_name = &send_addr[i];
109 		send_mh[i].msg_hdr.msg_namelen = i + 1;
110 		send_mh[i].msg_hdr.msg_control = 0;
111 		send_mh[i].msg_hdr.msg_controllen = 0;
112 		send_mh[i].msg_hdr.msg_flags = 0;
113 	}
114 
115 	rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
116 	int saved_errno = errno;
117 
118 	printf("sendmmsg(%d, [", send_fd);
119 	for (i = 0; i < IOV_MAX1; ++i) {
120 		if (i)
121 			printf(", ");
122 		if (i >= IOV_MAX
123 # if !VERBOSE
124 			|| i >= DEFAULT_STRLEN
125 # endif
126 		   ) {
127 			printf("...");
128 			break;
129 		}
130 		printf("{msg_hdr=");
131 		print_msghdr(&send_mh[i].msg_hdr, i + 1);
132 		printf("}");
133 	}
134 	errno = saved_errno;
135 	printf("], %u, MSG_DONTWAIT) = %d %s (%m)\n",
136 	       IOV_MAX1, rc, errno2name());
137 
138 	for (i = 0; i < IOV_MAX1; ++i) {
139 		send_mh[i].msg_hdr.msg_name = 0;
140 		send_mh[i].msg_hdr.msg_namelen = 0;
141 	}
142 
143 	/*
144 	 * When recvmmsg is called with a valid descriptor
145 	 * but inaccessible memory, it causes segfaults on some architectures.
146 	 * As in these cases we test decoding of failed recvmmsg calls,
147 	 * it's ok to fail recvmmsg with any reason as long as
148 	 * it doesn't read that inaccessible memory.
149 	 */
150 	rc = send_mmsg(-1, &send_mh[IOV_MAX], 2, MSG_DONTWAIT);
151 	saved_errno = errno;
152 	printf("sendmmsg(-1, [{msg_hdr=");
153 	print_msghdr(&send_mh[IOV_MAX].msg_hdr, 0);
154 	errno = saved_errno;
155 	printf("}, ... /* %p */], %u, MSG_DONTWAIT) = %d %s (%m)\n",
156 	       &send_mh[IOV_MAX1], 2, rc, errno2name());
157 
158 	rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
159 	if (rc < 0)
160 		perror_msg_and_skip("sendmmsg");
161 
162 	printf("sendmmsg(%d, [", send_fd);
163 	for (i = 0; i < IOV_MAX1; ++i) {
164 		if (i)
165 			printf(", ");
166 		if (i >= IOV_MAX
167 #if !VERBOSE
168 			|| i >= DEFAULT_STRLEN
169 #endif
170 		   ) {
171 			printf("...");
172 			break;
173 		}
174 		printf("{msg_hdr=");
175 		print_msghdr(&send_mh[i].msg_hdr, 0);
176 		printf("%s}", i < rc ? ", msg_len=1" : "");
177 	}
178 	printf("], %u, MSG_DONTWAIT) = %d\n", IOV_MAX1, rc);
179 
180 	struct sockaddr_un *const recv_addr =
181 		tail_alloc(sizeof(*recv_addr) * IOV_MAX1);
182 	char *const recv_buf = tail_alloc(sizeof(*recv_buf) * IOV_MAX1);
183 	struct iovec *const recv_iov = tail_alloc(sizeof(*recv_iov) * IOV_MAX1);
184 	struct mmsghdr *const recv_mh = tail_alloc(sizeof(*recv_mh) * IOV_MAX1);
185 
186 	for (i = 0; i < IOV_MAX1; ++i) {
187 		recv_iov[i].iov_base = &recv_buf[i];
188 		recv_iov[i].iov_len = sizeof(*recv_buf);
189 
190 		recv_mh[i].msg_hdr.msg_name = &recv_addr[i];
191 		recv_mh[i].msg_hdr.msg_namelen = i;
192 		recv_mh[i].msg_hdr.msg_iov = &recv_iov[i];
193 		recv_mh[i].msg_hdr.msg_iovlen = 1;
194 		recv_mh[i].msg_hdr.msg_control = 0;
195 		recv_mh[i].msg_hdr.msg_controllen = 0;
196 		recv_mh[i].msg_hdr.msg_flags = 0;
197 	}
198 
199 	rc = recv_mmsg(recv_fd, recv_mh, IOV_MAX1, MSG_DONTWAIT, 0);
200 	if (rc < 0)
201 		perror_msg_and_skip("recvmmsg");
202 
203 	printf("recvmmsg(%d, [", recv_fd);
204 	for (i = 0; i < rc; ++i) {
205 		if (i)
206 			printf(", ");
207 #if !VERBOSE
208 		if (i >= DEFAULT_STRLEN) {
209 			printf("...");
210 			break;
211 		}
212 #endif
213 		printf("{msg_hdr=");
214 		print_msghdr(&recv_mh[i].msg_hdr, i);
215 		printf(", msg_len=1}");
216 	}
217 	printf("], %u, MSG_DONTWAIT, NULL) = %d\n", IOV_MAX1, rc);
218 }
219 
220 int
main(void)221 main(void)
222 {
223 	int fds[2];
224 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds))
225 		perror_msg_and_skip("socketpair");
226 
227 	const struct sockaddr_un un = {
228 		.sun_family = AF_UNIX,
229 		.sun_path = TEST_NAME "-recvmmsg.test.send.socket"
230 	};
231 
232 	(void) unlink(un.sun_path);
233 	if (bind(fds[1], (const void *) &un, sizeof(un)))
234 		perror_msg_and_skip("bind");
235 	(void) unlink(un.sun_path);
236 
237 	test_mmsg_name(fds[1], fds[0]);
238 
239 	puts("+++ exited with 0 +++");
240 	return 0;
241 }
242