1 /* $NetBSD: t_mmap.c,v 1.10 2017/01/10 22:36:29 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jukka Ruohonen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c)2004 YAMAMOTO Takashi, 34 * All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 */ 57 #include <sys/cdefs.h> 58 __RCSID("$NetBSD: t_mmap.c,v 1.10 2017/01/10 22:36:29 christos Exp $"); 59 60 #include <sys/param.h> 61 #include <sys/mman.h> 62 #include <sys/stat.h> 63 #include <sys/socket.h> 64 #include <sys/sysctl.h> 65 #include <sys/wait.h> 66 67 #include <atf-c.h> 68 #include <errno.h> 69 #include <fcntl.h> 70 #include <signal.h> 71 #include <stdio.h> 72 #include <stdlib.h> 73 #include <string.h> 74 #include <unistd.h> 75 #include <paths.h> 76 #ifdef __NetBSD__ 77 #include <machine/disklabel.h> 78 #endif 79 80 #ifdef __FreeBSD__ 81 #include <sys/disklabel.h> 82 #include <stdint.h> 83 #endif 84 85 static long page = 0; 86 static char path[] = "mmap"; 87 static void map_check(void *, int); 88 static void map_sighandler(int); 89 static void testloan(void *, void *, char, int); 90 91 #define BUFSIZE (32 * 1024) /* enough size to trigger sosend_loan */ 92 93 static void 94 map_check(void *map, int flag) 95 { 96 97 if (flag != 0) { 98 ATF_REQUIRE(map == MAP_FAILED); 99 return; 100 } 101 102 ATF_REQUIRE(map != MAP_FAILED); 103 ATF_REQUIRE(munmap(map, page) == 0); 104 } 105 106 void 107 testloan(void *vp, void *vp2, char pat, int docheck) 108 { 109 char buf[BUFSIZE]; 110 char backup[BUFSIZE]; 111 ssize_t nwritten; 112 ssize_t nread; 113 int fds[2]; 114 int val; 115 116 val = BUFSIZE; 117 118 if (docheck != 0) 119 (void)memcpy(backup, vp, BUFSIZE); 120 121 if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, fds) != 0) 122 atf_tc_fail("socketpair() failed"); 123 124 val = BUFSIZE; 125 126 if (setsockopt(fds[1], SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)) != 0) 127 atf_tc_fail("setsockopt() failed, SO_RCVBUF"); 128 129 val = BUFSIZE; 130 131 if (setsockopt(fds[0], SOL_SOCKET, SO_SNDBUF, &val, sizeof(val)) != 0) 132 atf_tc_fail("setsockopt() failed, SO_SNDBUF"); 133 134 if (fcntl(fds[0], F_SETFL, O_NONBLOCK) != 0) 135 atf_tc_fail("fcntl() failed"); 136 137 nwritten = write(fds[0], (char *)vp + page, BUFSIZE - page); 138 139 if (nwritten == -1) 140 atf_tc_fail("write() failed"); 141 142 /* Break loan. */ 143 (void)memset(vp2, pat, BUFSIZE); 144 145 nread = read(fds[1], buf + page, BUFSIZE - page); 146 147 if (nread == -1) 148 atf_tc_fail("read() failed"); 149 150 if (nread != nwritten) 151 atf_tc_fail("too short read"); 152 153 if (docheck != 0 && memcmp(backup, buf + page, nread) != 0) 154 atf_tc_fail("data mismatch"); 155 156 ATF_REQUIRE(close(fds[0]) == 0); 157 ATF_REQUIRE(close(fds[1]) == 0); 158 } 159 160 static void 161 map_sighandler(int signo) 162 { 163 _exit(signo); 164 } 165 166 #ifdef __NetBSD__ 167 ATF_TC(mmap_block); 168 ATF_TC_HEAD(mmap_block, tc) 169 { 170 atf_tc_set_md_var(tc, "descr", "Test mmap(2) with a block device"); 171 atf_tc_set_md_var(tc, "require.user", "root"); 172 } 173 174 ATF_TC_BODY(mmap_block, tc) 175 { 176 static const int mib[] = { CTL_HW, HW_DISKNAMES }; 177 static const unsigned int miblen = __arraycount(mib); 178 char *map, *dk, *drives, dev[PATH_MAX]; 179 size_t len; 180 int fd = -1; 181 182 atf_tc_skip("The test case causes a panic (PR kern/38889, kern/46592)"); 183 184 ATF_REQUIRE(sysctl(mib, miblen, NULL, &len, NULL, 0) == 0); 185 drives = malloc(len); 186 ATF_REQUIRE(drives != NULL); 187 ATF_REQUIRE(sysctl(mib, miblen, drives, &len, NULL, 0) == 0); 188 for (dk = strtok(drives, " "); dk != NULL; dk = strtok(NULL, " ")) { 189 sprintf(dev, _PATH_DEV "%s%c", dk, 'a'+RAW_PART); 190 fprintf(stderr, "trying: %s\n", dev); 191 192 if ((fd = open(dev, O_RDONLY)) >= 0) { 193 (void)fprintf(stderr, "using %s\n", dev); 194 break; 195 } 196 } 197 free(drives); 198 199 if (fd < 0) 200 atf_tc_skip("failed to find suitable block device"); 201 202 map = mmap(NULL, 4096, PROT_READ, MAP_FILE, fd, 0); 203 ATF_REQUIRE(map != MAP_FAILED); 204 205 (void)fprintf(stderr, "first byte %x\n", *map); 206 ATF_REQUIRE(close(fd) == 0); 207 (void)fprintf(stderr, "first byte %x\n", *map); 208 209 ATF_REQUIRE(munmap(map, 4096) == 0); 210 } 211 #endif 212 213 ATF_TC(mmap_err); 214 ATF_TC_HEAD(mmap_err, tc) 215 { 216 atf_tc_set_md_var(tc, "descr", "Test error conditions of mmap(2)"); 217 } 218 219 ATF_TC_BODY(mmap_err, tc) 220 { 221 size_t addr = SIZE_MAX; 222 void *map; 223 224 errno = 0; 225 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, -1, 0); 226 227 ATF_REQUIRE(map == MAP_FAILED); 228 ATF_REQUIRE(errno == EBADF); 229 230 errno = 0; 231 map = mmap(&addr, page, PROT_READ, MAP_FIXED|MAP_PRIVATE, -1, 0); 232 233 ATF_REQUIRE(map == MAP_FAILED); 234 ATF_REQUIRE(errno == EINVAL); 235 236 errno = 0; 237 map = mmap(NULL, page, PROT_READ, MAP_ANON|MAP_PRIVATE, INT_MAX, 0); 238 239 ATF_REQUIRE(map == MAP_FAILED); 240 ATF_REQUIRE(errno == EINVAL); 241 } 242 243 ATF_TC_WITH_CLEANUP(mmap_loan); 244 ATF_TC_HEAD(mmap_loan, tc) 245 { 246 atf_tc_set_md_var(tc, "descr", "Test uvm page loanout with mmap(2)"); 247 } 248 249 ATF_TC_BODY(mmap_loan, tc) 250 { 251 char buf[BUFSIZE]; 252 char *vp, *vp2; 253 int fd; 254 255 fd = open(path, O_RDWR | O_CREAT, 0600); 256 ATF_REQUIRE(fd >= 0); 257 258 (void)memset(buf, 'x', sizeof(buf)); 259 (void)write(fd, buf, sizeof(buf)); 260 261 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 262 MAP_FILE | MAP_PRIVATE, fd, 0); 263 264 ATF_REQUIRE(vp != MAP_FAILED); 265 266 vp2 = vp; 267 268 testloan(vp, vp2, 'A', 0); 269 testloan(vp, vp2, 'B', 1); 270 271 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 272 273 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 274 MAP_FILE | MAP_SHARED, fd, 0); 275 276 vp2 = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 277 MAP_FILE | MAP_SHARED, fd, 0); 278 279 ATF_REQUIRE(vp != MAP_FAILED); 280 ATF_REQUIRE(vp2 != MAP_FAILED); 281 282 testloan(vp, vp2, 'E', 1); 283 284 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 285 ATF_REQUIRE(munmap(vp2, BUFSIZE) == 0); 286 } 287 288 ATF_TC_CLEANUP(mmap_loan, tc) 289 { 290 (void)unlink(path); 291 } 292 293 ATF_TC_WITH_CLEANUP(mmap_prot_1); 294 ATF_TC_HEAD(mmap_prot_1, tc) 295 { 296 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #1"); 297 } 298 299 ATF_TC_BODY(mmap_prot_1, tc) 300 { 301 void *map; 302 int fd; 303 304 /* 305 * Open a file write-only and try to 306 * map it read-only. This should fail. 307 */ 308 fd = open(path, O_WRONLY | O_CREAT, 0700); 309 310 if (fd < 0) 311 return; 312 313 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 314 315 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 316 map_check(map, 1); 317 318 map = mmap(NULL, 3, PROT_WRITE, MAP_FILE|MAP_PRIVATE, fd, 0); 319 map_check(map, 0); 320 321 ATF_REQUIRE(close(fd) == 0); 322 } 323 324 ATF_TC_CLEANUP(mmap_prot_1, tc) 325 { 326 (void)unlink(path); 327 } 328 329 ATF_TC(mmap_prot_2); 330 ATF_TC_HEAD(mmap_prot_2, tc) 331 { 332 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #2"); 333 } 334 335 ATF_TC_BODY(mmap_prot_2, tc) 336 { 337 char buf[2]; 338 void *map; 339 pid_t pid; 340 int sta; 341 342 /* 343 * Make a PROT_NONE mapping and try to access it. 344 * If we catch a SIGSEGV, all works as expected. 345 */ 346 map = mmap(NULL, page, PROT_NONE, MAP_ANON|MAP_PRIVATE, -1, 0); 347 ATF_REQUIRE(map != MAP_FAILED); 348 349 pid = fork(); 350 ATF_REQUIRE(pid >= 0); 351 352 if (pid == 0) { 353 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 354 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 355 } 356 357 (void)wait(&sta); 358 359 ATF_REQUIRE(WIFEXITED(sta) != 0); 360 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 361 ATF_REQUIRE(munmap(map, page) == 0); 362 } 363 364 ATF_TC_WITH_CLEANUP(mmap_prot_3); 365 ATF_TC_HEAD(mmap_prot_3, tc) 366 { 367 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #3"); 368 } 369 370 ATF_TC_BODY(mmap_prot_3, tc) 371 { 372 char buf[2]; 373 int fd, sta; 374 void *map; 375 pid_t pid; 376 377 /* 378 * Open a file, change the permissions 379 * to read-only, and try to map it as 380 * PROT_NONE. This should succeed, but 381 * the access should generate SIGSEGV. 382 */ 383 fd = open(path, O_RDWR | O_CREAT, 0700); 384 if (fd < 0) 385 #ifdef __FreeBSD__ 386 atf_tc_skip("opening %s failed; skipping testcase: %s", 387 path, strerror(errno)); 388 #else 389 return; 390 #endif 391 392 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 393 ATF_REQUIRE(close(fd) == 0); 394 ATF_REQUIRE(chmod(path, 0444) == 0); 395 396 fd = open(path, O_RDONLY); 397 ATF_REQUIRE(fd != -1); 398 399 map = mmap(NULL, 3, PROT_NONE, MAP_FILE | MAP_SHARED, fd, 0); 400 ATF_REQUIRE(map != MAP_FAILED); 401 402 pid = fork(); 403 404 ATF_REQUIRE(pid >= 0); 405 406 if (pid == 0) { 407 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 408 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 409 } 410 411 (void)wait(&sta); 412 413 ATF_REQUIRE(WIFEXITED(sta) != 0); 414 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 415 ATF_REQUIRE(munmap(map, 3) == 0); 416 #ifdef __FreeBSD__ 417 (void)close(fd); 418 #endif 419 } 420 421 ATF_TC_CLEANUP(mmap_prot_3, tc) 422 { 423 (void)unlink(path); 424 } 425 426 ATF_TC_WITH_CLEANUP(mmap_truncate); 427 ATF_TC_HEAD(mmap_truncate, tc) 428 { 429 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and ftruncate(2)"); 430 } 431 432 ATF_TC_BODY(mmap_truncate, tc) 433 { 434 char *map; 435 long i; 436 int fd; 437 438 fd = open(path, O_RDWR | O_CREAT, 0700); 439 440 if (fd < 0) 441 return; 442 443 /* 444 * See that ftruncate(2) works 445 * while the file is mapped. 446 */ 447 ATF_REQUIRE(ftruncate(fd, page) == 0); 448 449 map = mmap(NULL, page, PROT_READ | PROT_WRITE, MAP_FILE|MAP_PRIVATE, 450 fd, 0); 451 ATF_REQUIRE(map != MAP_FAILED); 452 453 for (i = 0; i < page; i++) 454 map[i] = 'x'; 455 456 ATF_REQUIRE(ftruncate(fd, 0) == 0); 457 ATF_REQUIRE(ftruncate(fd, page / 8) == 0); 458 ATF_REQUIRE(ftruncate(fd, page / 4) == 0); 459 ATF_REQUIRE(ftruncate(fd, page / 2) == 0); 460 ATF_REQUIRE(ftruncate(fd, page / 12) == 0); 461 ATF_REQUIRE(ftruncate(fd, page / 64) == 0); 462 463 #ifdef __FreeBSD__ 464 (void)munmap(map, page); 465 #endif 466 ATF_REQUIRE(close(fd) == 0); 467 } 468 469 ATF_TC_CLEANUP(mmap_truncate, tc) 470 { 471 (void)unlink(path); 472 } 473 474 ATF_TC_WITH_CLEANUP(mmap_truncate_signal); 475 ATF_TC_HEAD(mmap_truncate_signal, tc) 476 { 477 atf_tc_set_md_var(tc, "descr", 478 "Test mmap(2) ftruncate(2) causing signal"); 479 } 480 481 ATF_TC_BODY(mmap_truncate_signal, tc) 482 { 483 char *map; 484 long i; 485 int fd, sta; 486 pid_t pid; 487 488 #ifdef __FreeBSD__ 489 atf_tc_expect_fail("testcase fails with SIGSEGV on FreeBSD; bug # 211924"); 490 #endif 491 492 fd = open(path, O_RDWR | O_CREAT, 0700); 493 494 if (fd < 0) 495 return; 496 497 ATF_REQUIRE(write(fd, "foo\n", 5) == 5); 498 499 map = mmap(NULL, page, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 500 ATF_REQUIRE(map != MAP_FAILED); 501 502 sta = 0; 503 for (i = 0; i < 5; i++) 504 sta += map[i]; 505 ATF_REQUIRE(sta == 334); 506 507 ATF_REQUIRE(ftruncate(fd, 0) == 0); 508 pid = fork(); 509 ATF_REQUIRE(pid >= 0); 510 511 if (pid == 0) { 512 ATF_REQUIRE(signal(SIGBUS, map_sighandler) != SIG_ERR); 513 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 514 sta = 0; 515 for (i = 0; i < page; i++) 516 sta += map[i]; 517 /* child never will get this far, but the compiler will 518 not know, so better use the values calculated to 519 prevent the access to be optimized out */ 520 ATF_REQUIRE(i == 0); 521 ATF_REQUIRE(sta == 0); 522 #ifdef __FreeBSD__ 523 (void)munmap(map, page); 524 (void)close(fd); 525 #endif 526 return; 527 } 528 529 (void)wait(&sta); 530 531 ATF_REQUIRE(WIFEXITED(sta) != 0); 532 if (WEXITSTATUS(sta) == SIGSEGV) 533 atf_tc_fail("child process got SIGSEGV instead of SIGBUS"); 534 ATF_REQUIRE(WEXITSTATUS(sta) == SIGBUS); 535 ATF_REQUIRE(munmap(map, page) == 0); 536 ATF_REQUIRE(close(fd) == 0); 537 } 538 539 ATF_TC_CLEANUP(mmap_truncate_signal, tc) 540 { 541 (void)unlink(path); 542 } 543 544 ATF_TC(mmap_va0); 545 ATF_TC_HEAD(mmap_va0, tc) 546 { 547 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and vm.user_va0_disable"); 548 } 549 550 ATF_TC_BODY(mmap_va0, tc) 551 { 552 int flags = MAP_ANON | MAP_FIXED | MAP_PRIVATE; 553 size_t len = sizeof(int); 554 void *map; 555 int val; 556 557 /* 558 * Make an anonymous fixed mapping at zero address. If the address 559 * is restricted as noted in security(7), the syscall should fail. 560 */ 561 #ifdef __FreeBSD__ 562 if (sysctlbyname("security.bsd.map_at_zero", &val, &len, NULL, 0) != 0) 563 atf_tc_fail("failed to read security.bsd.map_at_zero"); 564 val = !val; /* 1 == enable map at zero */ 565 #endif 566 #ifdef __NetBSD__ 567 if (sysctlbyname("vm.user_va0_disable", &val, &len, NULL, 0) != 0) 568 atf_tc_fail("failed to read vm.user_va0_disable"); 569 #endif 570 571 map = mmap(NULL, page, PROT_EXEC, flags, -1, 0); 572 map_check(map, val); 573 574 map = mmap(NULL, page, PROT_READ, flags, -1, 0); 575 map_check(map, val); 576 577 map = mmap(NULL, page, PROT_WRITE, flags, -1, 0); 578 map_check(map, val); 579 580 map = mmap(NULL, page, PROT_READ|PROT_WRITE, flags, -1, 0); 581 map_check(map, val); 582 583 map = mmap(NULL, page, PROT_EXEC|PROT_READ|PROT_WRITE, flags, -1, 0); 584 map_check(map, val); 585 } 586 587 ATF_TP_ADD_TCS(tp) 588 { 589 page = sysconf(_SC_PAGESIZE); 590 ATF_REQUIRE(page >= 0); 591 592 #ifdef __NetBSD__ 593 ATF_TP_ADD_TC(tp, mmap_block); 594 #endif 595 ATF_TP_ADD_TC(tp, mmap_err); 596 ATF_TP_ADD_TC(tp, mmap_loan); 597 ATF_TP_ADD_TC(tp, mmap_prot_1); 598 ATF_TP_ADD_TC(tp, mmap_prot_2); 599 ATF_TP_ADD_TC(tp, mmap_prot_3); 600 ATF_TP_ADD_TC(tp, mmap_truncate); 601 ATF_TP_ADD_TC(tp, mmap_truncate_signal); 602 ATF_TP_ADD_TC(tp, mmap_va0); 603 604 return atf_no_error(); 605 } 606