xref: /freebsd/tests/sys/kern/kern_copyin.c (revision 5c2bc3db201a4fe8d7911cf816bea104d5dc2138) 
1 /*-
2  * Copyright (c) 2015, 2020 The FreeBSD Foundation
3  *
4  * This software was developed by Konstantin Belousov <kib@FreeBSD.org>
5  * under sponsorship from the FreeBSD Foundation.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/param.h>
30 #include <sys/exec.h>
31 #include <sys/sysctl.h>
32 #include <sys/user.h>
33 #include <sys/mman.h>
34 
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <limits.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <unistd.h>
41 #include <atf-c.h>
42 #include <vm/vm.h>
43 #include <vm/pmap.h>
44 #include <machine/vmparam.h>
45 
46 static int scratch_file;
47 
48 static int
49 copyin_checker(uintptr_t uaddr, size_t len)
50 {
51 	ssize_t ret;
52 
53 	ret = write(scratch_file, (const void *)uaddr, len);
54 	return (ret == -1 ? errno : 0);
55 }
56 
57 #if __SIZEOF_POINTER__ == 8
58 /*
59  * A slightly more direct path to calling copyin(), but without the ability
60  * to specify a length.
61  */
62 static int
63 copyin_checker2(uintptr_t uaddr)
64 {
65 	int ret;
66 
67 	ret = fcntl(scratch_file, F_GETLK, (const void *)uaddr);
68 	return (ret == -1 ? errno : 0);
69 }
70 #endif
71 
72 static int
73 get_vm_layout(struct kinfo_vm_layout *kvm)
74 {
75 	size_t len;
76 	int mib[4];
77 
78 	mib[0] = CTL_KERN;
79 	mib[1] = KERN_PROC;
80 	mib[2] = KERN_PROC_VM_LAYOUT;
81 	mib[3] = getpid();
82 	len = sizeof(*kvm);
83 
84 	return (sysctl(mib, nitems(mib), kvm, &len, NULL, 0));
85 }
86 
87 #define	FMAX	ULONG_MAX
88 #if __SIZEOF_POINTER__ == 8
89 /* PR 257193 */
90 #define	ADDR_SIGNED	0x800000c000000000
91 #endif
92 
93 ATF_TC_WITHOUT_HEAD(kern_copyin);
94 ATF_TC_BODY(kern_copyin, tc)
95 {
96 	char template[] = "copyin.XXXXXX";
97 	struct kinfo_vm_layout kvm;
98 	uintptr_t maxuser;
99 	long page_size;
100 	void *addr;
101 	int error;
102 
103 	addr = MAP_FAILED;
104 
105 	error = get_vm_layout(&kvm);
106 	ATF_REQUIRE(error == 0);
107 
108 	page_size = sysconf(_SC_PAGESIZE);
109 	ATF_REQUIRE(page_size != (long)-1);
110 
111 	maxuser = kvm.kvm_max_user_addr;
112 	scratch_file = mkstemp(template);
113 	ATF_REQUIRE(scratch_file != -1);
114 	unlink(template);
115 
116 	/*
117 	 * Since the shared page address can be randomized we need to make
118 	 * sure that something is mapped at the top of the user address space.
119 	 * Otherwise reading bytes from maxuser-X will fail rendering this test
120 	 * useless.
121 	 */
122 	if (kvm.kvm_shp_addr + kvm.kvm_shp_size < maxuser) {
123 		addr = mmap((void *)(maxuser - page_size), page_size, PROT_READ,
124 		    MAP_ANON | MAP_FIXED, -1, 0);
125 		ATF_REQUIRE(addr != MAP_FAILED);
126 	}
127 
128 	ATF_CHECK(copyin_checker(0, 0) == 0);
129 	ATF_CHECK(copyin_checker(maxuser - 10, 9) == 0);
130 	ATF_CHECK(copyin_checker(maxuser - 10, 10) == 0);
131 	ATF_CHECK(copyin_checker(maxuser - 10, 11) == EFAULT);
132 	ATF_CHECK(copyin_checker(maxuser - 1, 1) == 0);
133 	ATF_CHECK(copyin_checker(maxuser, 0) == 0);
134 	ATF_CHECK(copyin_checker(maxuser, 1) == EFAULT);
135 	ATF_CHECK(copyin_checker(maxuser, 2) == EFAULT);
136 	ATF_CHECK(copyin_checker(maxuser + 1, 0) == 0);
137 	ATF_CHECK(copyin_checker(maxuser + 1, 2) == EFAULT);
138 	ATF_CHECK(copyin_checker(FMAX - 10, 9) == EFAULT);
139 	ATF_CHECK(copyin_checker(FMAX - 10, 10) == EFAULT);
140 	ATF_CHECK(copyin_checker(FMAX - 10, 11) == EFAULT);
141 #if __SIZEOF_POINTER__ == 8
142 	ATF_CHECK(copyin_checker(ADDR_SIGNED, 1) == EFAULT);
143 	ATF_CHECK(copyin_checker2(ADDR_SIGNED) == EFAULT);
144 #endif
145 
146 	if (addr != MAP_FAILED)
147 		munmap(addr, PAGE_SIZE);
148 }
149 
150 ATF_TP_ADD_TCS(tp)
151 {
152 
153 	ATF_TP_ADD_TC(tp, kern_copyin);
154 	return (atf_no_error());
155 }
156