1 /*
2 * Check decoding of msg_name* fields of struct msghdr array argument
3 * of sendmmsg and recvmmsg syscalls.
4 *
5 * Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "tests.h"
32
33 #include <errno.h>
34 #include <limits.h>
35 #include <stddef.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <sys/un.h>
40
41 #include "msghdr.h"
42
43 #define IOV_MAX1 (IOV_MAX + 1)
44
45 #ifndef TEST_NAME
46 # define TEST_NAME "mmsg_name"
47 #endif
48
49 static void
print_msghdr(const struct msghdr * const msg,const int user_msg_namelen)50 print_msghdr(const struct msghdr *const msg, const int user_msg_namelen)
51 {
52 const struct sockaddr_un *const un = msg->msg_name;
53 const int offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
54
55 printf("{msg_name=");
56 if (!un)
57 printf("NULL");
58 else if (user_msg_namelen < offsetof_sun_path) {
59 printf("%p", un);
60 } else {
61 printf("{sa_family=AF_UNIX");
62 if (user_msg_namelen > offsetof_sun_path) {
63 int len = user_msg_namelen < (int) msg->msg_namelen ?
64 user_msg_namelen : (int) msg->msg_namelen;
65 len -= offsetof_sun_path;
66 if (len > (int) sizeof(un->sun_path))
67 len = sizeof(un->sun_path);
68 printf(", sun_path=\"%.*s\"", len, un->sun_path);
69 }
70 printf("}");
71 }
72 printf(", msg_namelen=");
73 if (user_msg_namelen != (int) msg->msg_namelen) {
74 printf("%d->", user_msg_namelen);
75 }
76 printf("%d, msg_iov=[{iov_base=\"%c\", iov_len=1}]"
77 ", msg_iovlen=1, msg_controllen=0, msg_flags=0}",
78 (int) msg->msg_namelen, *(char *) msg->msg_iov[0].iov_base);
79 }
80
81 static void
test_mmsg_name(const int send_fd,const int recv_fd)82 test_mmsg_name(const int send_fd, const int recv_fd)
83 {
84 struct sockaddr_un *const send_addr =
85 tail_alloc(sizeof(*send_addr) * IOV_MAX1);
86 char *const send_buf = tail_alloc(sizeof(*send_buf) * IOV_MAX1);
87 struct iovec *const send_iov = tail_alloc(sizeof(*send_iov) * IOV_MAX1);
88 struct mmsghdr *const send_mh = tail_alloc(sizeof(*send_mh) * IOV_MAX1);
89
90 int i, rc;
91
92 for (i = 0; i < IOV_MAX1; ++i) {
93 int sun_len = i + 1 > (int) sizeof(send_addr[i].sun_path)
94 ? (int) sizeof(send_addr[i].sun_path)
95 : i + 1;
96
97 send_addr[i].sun_family = AF_UNIX;
98 memset(send_addr[i].sun_path, 'a' + i % 26, sun_len);
99
100 send_buf[i] = '0' + i % 10;
101
102 send_iov[i].iov_base = &send_buf[i];
103 send_iov[i].iov_len = sizeof(*send_buf);
104
105 send_mh[i].msg_hdr.msg_iov = &send_iov[i];
106 send_mh[i].msg_hdr.msg_iovlen = 1;
107 send_mh[i].msg_hdr.msg_name = &send_addr[i];
108 send_mh[i].msg_hdr.msg_namelen = i + 1;
109 send_mh[i].msg_hdr.msg_control = 0;
110 send_mh[i].msg_hdr.msg_controllen = 0;
111 send_mh[i].msg_hdr.msg_flags = 0;
112 }
113
114 rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
115 int saved_errno = errno;
116
117 printf("sendmmsg(%d, [", send_fd);
118 for (i = 0; i < IOV_MAX1; ++i) {
119 if (i)
120 printf(", ");
121 if (i >= IOV_MAX
122 # if !VERBOSE
123 || i >= DEFAULT_STRLEN
124 # endif
125 ) {
126 printf("...");
127 break;
128 }
129 printf("{msg_hdr=");
130 print_msghdr(&send_mh[i].msg_hdr, i + 1);
131 printf("}");
132 }
133 errno = saved_errno;
134 printf("], %u, MSG_DONTWAIT) = %d %s (%m)\n",
135 IOV_MAX1, rc, errno2name());
136
137 for (i = 0; i < IOV_MAX1; ++i) {
138 send_mh[i].msg_hdr.msg_name = 0;
139 send_mh[i].msg_hdr.msg_namelen = 0;
140 }
141
142 /*
143 * When recvmmsg is called with a valid descriptor
144 * but inaccessible memory, it causes segfaults on some architectures.
145 * As in these cases we test decoding of failed recvmmsg calls,
146 * it's ok to fail recvmmsg with any reason as long as
147 * it doesn't read that inaccessible memory.
148 */
149 rc = send_mmsg(-1, &send_mh[IOV_MAX], 2, MSG_DONTWAIT);
150 saved_errno = errno;
151 printf("sendmmsg(-1, [{msg_hdr=");
152 print_msghdr(&send_mh[IOV_MAX].msg_hdr, 0);
153 errno = saved_errno;
154 printf("}, %p], %u, MSG_DONTWAIT) = %d %s (%m)\n",
155 &send_mh[IOV_MAX1], 2, rc, errno2name());
156
157 rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
158 if (rc < 0)
159 perror_msg_and_skip("sendmmsg");
160
161 printf("sendmmsg(%d, [", send_fd);
162 for (i = 0; i < IOV_MAX1; ++i) {
163 if (i)
164 printf(", ");
165 if (i >= IOV_MAX
166 #if !VERBOSE
167 || i >= DEFAULT_STRLEN
168 #endif
169 ) {
170 printf("...");
171 break;
172 }
173 printf("{msg_hdr=");
174 print_msghdr(&send_mh[i].msg_hdr, 0);
175 printf("%s}", i < rc ? ", msg_len=1" : "");
176 }
177 printf("], %u, MSG_DONTWAIT) = %d\n", IOV_MAX1, rc);
178
179 struct sockaddr_un *const recv_addr =
180 tail_alloc(sizeof(*recv_addr) * IOV_MAX1);
181 char *const recv_buf = tail_alloc(sizeof(*recv_buf) * IOV_MAX1);
182 struct iovec *const recv_iov = tail_alloc(sizeof(*recv_iov) * IOV_MAX1);
183 struct mmsghdr *const recv_mh = tail_alloc(sizeof(*recv_mh) * IOV_MAX1);
184
185 for (i = 0; i < IOV_MAX1; ++i) {
186 recv_iov[i].iov_base = &recv_buf[i];
187 recv_iov[i].iov_len = sizeof(*recv_buf);
188
189 recv_mh[i].msg_hdr.msg_name = &recv_addr[i];
190 recv_mh[i].msg_hdr.msg_namelen = i;
191 recv_mh[i].msg_hdr.msg_iov = &recv_iov[i];
192 recv_mh[i].msg_hdr.msg_iovlen = 1;
193 recv_mh[i].msg_hdr.msg_control = 0;
194 recv_mh[i].msg_hdr.msg_controllen = 0;
195 recv_mh[i].msg_hdr.msg_flags = 0;
196 }
197
198 rc = recv_mmsg(recv_fd, recv_mh, IOV_MAX1, MSG_DONTWAIT, 0);
199 if (rc < 0)
200 perror_msg_and_skip("recvmmsg");
201
202 printf("recvmmsg(%d, [", recv_fd);
203 for (i = 0; i < rc; ++i) {
204 if (i)
205 printf(", ");
206 #if !VERBOSE
207 if (i >= DEFAULT_STRLEN) {
208 printf("...");
209 break;
210 }
211 #endif
212 printf("{msg_hdr=");
213 print_msghdr(&recv_mh[i].msg_hdr, i);
214 printf(", msg_len=1}");
215 }
216 printf("], %u, MSG_DONTWAIT, NULL) = %d\n", IOV_MAX1, rc);
217 }
218
219 int
main(void)220 main(void)
221 {
222 int fds[2];
223 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds))
224 perror_msg_and_skip("socketpair");
225
226 const struct sockaddr_un un = {
227 .sun_family = AF_UNIX,
228 .sun_path = TEST_NAME "-recvmmsg.test.send.socket"
229 };
230
231 (void) unlink(un.sun_path);
232 if (bind(fds[1], (const void *) &un, sizeof(un)))
233 perror_msg_and_skip("bind");
234 (void) unlink(un.sun_path);
235
236 test_mmsg_name(fds[1], fds[0]);
237
238 puts("+++ exited with 0 +++");
239 return 0;
240 }
241