1 /*
2 * Check decoding of msg_name* fields of struct msghdr array argument
3 * of sendmmsg and recvmmsg syscalls.
4 *
5 * Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
6 * Copyright (c) 2016-2018 The strace developers.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the author may not be used to endorse or promote products
18 * derived from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "tests.h"
33
34 #include <errno.h>
35 #include <limits.h>
36 #include <stddef.h>
37 #include <stdio.h>
38 #include <string.h>
39 #include <unistd.h>
40 #include <sys/un.h>
41
42 #include "msghdr.h"
43
44 #define IOV_MAX1 (IOV_MAX + 1)
45
46 #ifndef TEST_NAME
47 # define TEST_NAME "mmsg_name"
48 #endif
49
50 static void
print_msghdr(const struct msghdr * const msg,const int user_msg_namelen)51 print_msghdr(const struct msghdr *const msg, const int user_msg_namelen)
52 {
53 const struct sockaddr_un *const un = msg->msg_name;
54 const int offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
55
56 printf("{msg_name=");
57 if (!un)
58 printf("NULL");
59 else if (user_msg_namelen < offsetof_sun_path) {
60 printf("%p", un);
61 } else {
62 printf("{sa_family=AF_UNIX");
63 if (user_msg_namelen > offsetof_sun_path) {
64 int len = user_msg_namelen < (int) msg->msg_namelen ?
65 user_msg_namelen : (int) msg->msg_namelen;
66 len -= offsetof_sun_path;
67 if (len > (int) sizeof(un->sun_path))
68 len = sizeof(un->sun_path);
69 printf(", sun_path=\"%.*s\"", len, un->sun_path);
70 }
71 printf("}");
72 }
73 printf(", msg_namelen=");
74 if (user_msg_namelen != (int) msg->msg_namelen) {
75 printf("%d->", user_msg_namelen);
76 }
77 printf("%d, msg_iov=[{iov_base=\"%c\", iov_len=1}]"
78 ", msg_iovlen=1, msg_controllen=0, msg_flags=0}",
79 (int) msg->msg_namelen, *(char *) msg->msg_iov[0].iov_base);
80 }
81
82 static void
test_mmsg_name(const int send_fd,const int recv_fd)83 test_mmsg_name(const int send_fd, const int recv_fd)
84 {
85 struct sockaddr_un *const send_addr =
86 tail_alloc(sizeof(*send_addr) * IOV_MAX1);
87 char *const send_buf = tail_alloc(sizeof(*send_buf) * IOV_MAX1);
88 struct iovec *const send_iov = tail_alloc(sizeof(*send_iov) * IOV_MAX1);
89 struct mmsghdr *const send_mh = tail_alloc(sizeof(*send_mh) * IOV_MAX1);
90
91 int i, rc;
92
93 for (i = 0; i < IOV_MAX1; ++i) {
94 int sun_len = i + 1 > (int) sizeof(send_addr[i].sun_path)
95 ? (int) sizeof(send_addr[i].sun_path)
96 : i + 1;
97
98 send_addr[i].sun_family = AF_UNIX;
99 memset(send_addr[i].sun_path, 'a' + i % 26, sun_len);
100
101 send_buf[i] = '0' + i % 10;
102
103 send_iov[i].iov_base = &send_buf[i];
104 send_iov[i].iov_len = sizeof(*send_buf);
105
106 send_mh[i].msg_hdr.msg_iov = &send_iov[i];
107 send_mh[i].msg_hdr.msg_iovlen = 1;
108 send_mh[i].msg_hdr.msg_name = &send_addr[i];
109 send_mh[i].msg_hdr.msg_namelen = i + 1;
110 send_mh[i].msg_hdr.msg_control = 0;
111 send_mh[i].msg_hdr.msg_controllen = 0;
112 send_mh[i].msg_hdr.msg_flags = 0;
113 }
114
115 rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
116 int saved_errno = errno;
117
118 printf("sendmmsg(%d, [", send_fd);
119 for (i = 0; i < IOV_MAX1; ++i) {
120 if (i)
121 printf(", ");
122 if (i >= IOV_MAX
123 # if !VERBOSE
124 || i >= DEFAULT_STRLEN
125 # endif
126 ) {
127 printf("...");
128 break;
129 }
130 printf("{msg_hdr=");
131 print_msghdr(&send_mh[i].msg_hdr, i + 1);
132 printf("}");
133 }
134 errno = saved_errno;
135 printf("], %u, MSG_DONTWAIT) = %d %s (%m)\n",
136 IOV_MAX1, rc, errno2name());
137
138 for (i = 0; i < IOV_MAX1; ++i) {
139 send_mh[i].msg_hdr.msg_name = 0;
140 send_mh[i].msg_hdr.msg_namelen = 0;
141 }
142
143 /*
144 * When recvmmsg is called with a valid descriptor
145 * but inaccessible memory, it causes segfaults on some architectures.
146 * As in these cases we test decoding of failed recvmmsg calls,
147 * it's ok to fail recvmmsg with any reason as long as
148 * it doesn't read that inaccessible memory.
149 */
150 rc = send_mmsg(-1, &send_mh[IOV_MAX], 2, MSG_DONTWAIT);
151 saved_errno = errno;
152 printf("sendmmsg(-1, [{msg_hdr=");
153 print_msghdr(&send_mh[IOV_MAX].msg_hdr, 0);
154 errno = saved_errno;
155 printf("}, ... /* %p */], %u, MSG_DONTWAIT) = %d %s (%m)\n",
156 &send_mh[IOV_MAX1], 2, rc, errno2name());
157
158 rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
159 if (rc < 0)
160 perror_msg_and_skip("sendmmsg");
161
162 printf("sendmmsg(%d, [", send_fd);
163 for (i = 0; i < IOV_MAX1; ++i) {
164 if (i)
165 printf(", ");
166 if (i >= IOV_MAX
167 #if !VERBOSE
168 || i >= DEFAULT_STRLEN
169 #endif
170 ) {
171 printf("...");
172 break;
173 }
174 printf("{msg_hdr=");
175 print_msghdr(&send_mh[i].msg_hdr, 0);
176 printf("%s}", i < rc ? ", msg_len=1" : "");
177 }
178 printf("], %u, MSG_DONTWAIT) = %d\n", IOV_MAX1, rc);
179
180 struct sockaddr_un *const recv_addr =
181 tail_alloc(sizeof(*recv_addr) * IOV_MAX1);
182 char *const recv_buf = tail_alloc(sizeof(*recv_buf) * IOV_MAX1);
183 struct iovec *const recv_iov = tail_alloc(sizeof(*recv_iov) * IOV_MAX1);
184 struct mmsghdr *const recv_mh = tail_alloc(sizeof(*recv_mh) * IOV_MAX1);
185
186 for (i = 0; i < IOV_MAX1; ++i) {
187 recv_iov[i].iov_base = &recv_buf[i];
188 recv_iov[i].iov_len = sizeof(*recv_buf);
189
190 recv_mh[i].msg_hdr.msg_name = &recv_addr[i];
191 recv_mh[i].msg_hdr.msg_namelen = i;
192 recv_mh[i].msg_hdr.msg_iov = &recv_iov[i];
193 recv_mh[i].msg_hdr.msg_iovlen = 1;
194 recv_mh[i].msg_hdr.msg_control = 0;
195 recv_mh[i].msg_hdr.msg_controllen = 0;
196 recv_mh[i].msg_hdr.msg_flags = 0;
197 }
198
199 rc = recv_mmsg(recv_fd, recv_mh, IOV_MAX1, MSG_DONTWAIT, 0);
200 if (rc < 0)
201 perror_msg_and_skip("recvmmsg");
202
203 printf("recvmmsg(%d, [", recv_fd);
204 for (i = 0; i < rc; ++i) {
205 if (i)
206 printf(", ");
207 #if !VERBOSE
208 if (i >= DEFAULT_STRLEN) {
209 printf("...");
210 break;
211 }
212 #endif
213 printf("{msg_hdr=");
214 print_msghdr(&recv_mh[i].msg_hdr, i);
215 printf(", msg_len=1}");
216 }
217 printf("], %u, MSG_DONTWAIT, NULL) = %d\n", IOV_MAX1, rc);
218 }
219
220 int
main(void)221 main(void)
222 {
223 int fds[2];
224 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds))
225 perror_msg_and_skip("socketpair");
226
227 const struct sockaddr_un un = {
228 .sun_family = AF_UNIX,
229 .sun_path = TEST_NAME "-recvmmsg.test.send.socket"
230 };
231
232 (void) unlink(un.sun_path);
233 if (bind(fds[1], (const void *) &un, sizeof(un)))
234 perror_msg_and_skip("bind");
235 (void) unlink(un.sun_path);
236
237 test_mmsg_name(fds[1], fds[0]);
238
239 puts("+++ exited with 0 +++");
240 return 0;
241 }
242