1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2022 Gleb Smirnoff <glebius@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/event.h> 29 #include <sys/ioctl.h> 30 #include <sys/select.h> 31 #include <sys/socket.h> 32 #include <sys/stat.h> 33 #include <sys/sysctl.h> 34 #include <sys/time.h> 35 #include <sys/un.h> 36 37 #include <aio.h> 38 #include <errno.h> 39 #include <fcntl.h> 40 #include <signal.h> 41 #include <stdio.h> 42 #include <stdlib.h> 43 44 #include <atf-c.h> 45 46 static struct itimerval itv = { 47 .it_interval = { 0, 0 }, 48 .it_value = { 1, 0 }, /* one second */ 49 }; 50 static sig_atomic_t timer_done = 0; 51 static void 52 sigalarm(int sig __unused) 53 { 54 55 timer_done = 1; 56 } 57 58 static struct sigaction sigact = { 59 .sa_handler = sigalarm, 60 }; 61 62 static struct sockaddr_un sun = { 63 .sun_family = AF_LOCAL, 64 .sun_len = sizeof(sun), 65 .sun_path = "unix_dgram_listener", 66 }; 67 68 /* 69 * Fill socket to a state when next send(len) would fail. 70 * 71 * Note that every datagram is prepended with sender address, 72 * size of struct sockaddr. 73 */ 74 static void 75 fill(int fd, void *buf, ssize_t len) 76 { 77 unsigned long recvspace; 78 size_t llen = sizeof(unsigned long); 79 ssize_t sent; 80 81 ATF_REQUIRE(sysctlbyname("net.local.dgram.recvspace", &recvspace, 82 &llen, NULL, 0) == 0); 83 for (sent = 0; 84 sent + len + sizeof(struct sockaddr) < recvspace; 85 sent += len + sizeof(struct sockaddr)) 86 ATF_REQUIRE(send(fd, buf, len, 0) == len); 87 } 88 89 ATF_TC_WITHOUT_HEAD(basic); 90 ATF_TC_BODY(basic, tc) 91 { 92 struct msghdr msg; 93 struct iovec iov[1]; 94 unsigned long maxdgram; 95 size_t llen = sizeof(unsigned long); 96 int fd[2]; 97 char *buf; 98 99 /* Allocate and initialize: 100 * - fd[0] to send, fd[1] to receive 101 * - buf[maxdgram] for data 102 */ 103 ATF_REQUIRE(sysctlbyname("net.local.dgram.maxdgram", &maxdgram, 104 &llen, NULL, 0) == 0); 105 ATF_REQUIRE(socketpair(PF_UNIX, SOCK_DGRAM, 0, fd) != -1); 106 buf = malloc(maxdgram + 1); 107 ATF_REQUIRE(buf); 108 msg = (struct msghdr ){ 109 .msg_iov = iov, 110 .msg_iovlen = 1, 111 }; 112 iov[0] = (struct iovec ){ 113 .iov_base = buf, 114 }; 115 116 /* Fail to send > maxdgram. */ 117 ATF_REQUIRE(send(fd[0], buf, maxdgram + 1, 0) == -1); 118 ATF_REQUIRE(errno == EMSGSIZE); 119 120 /* Send maxdgram. */ 121 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == (ssize_t)maxdgram); 122 123 /* Exercise MSG_PEEK, full and truncated.. */ 124 ATF_REQUIRE(recv(fd[1], buf, maxdgram, MSG_PEEK) == (ssize_t)maxdgram); 125 iov[0].iov_len = 42; 126 ATF_REQUIRE(recvmsg(fd[1], &msg, MSG_PEEK) == 42); 127 ATF_REQUIRE(msg.msg_flags == (MSG_PEEK | MSG_TRUNC)); 128 129 /* Receive maxdgram. */ 130 iov[0].iov_len = maxdgram; 131 ATF_REQUIRE(recvmsg(fd[1], &msg, 0) == (ssize_t)maxdgram); 132 ATF_REQUIRE(msg.msg_flags == 0); 133 134 /* Receive truncated message. */ 135 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == (ssize_t)maxdgram); 136 iov[0].iov_len = maxdgram / 2; 137 ATF_REQUIRE(recvmsg(fd[1], &msg, 0) == (ssize_t)maxdgram / 2); 138 ATF_REQUIRE(msg.msg_flags == MSG_TRUNC); 139 140 /* Empty: block. */ 141 ATF_REQUIRE(sigaction(SIGALRM, &sigact, NULL) == 0); 142 ATF_REQUIRE(timer_done == 0); 143 ATF_REQUIRE(setitimer(ITIMER_REAL, &itv, NULL) == 0); 144 ATF_REQUIRE(recv(fd[1], buf, maxdgram, 0) == -1); 145 ATF_REQUIRE(errno == EINTR); 146 ATF_REQUIRE(timer_done == 1); 147 148 /* Don't block with MSG_DONTWAIT. */ 149 ATF_REQUIRE(recv(fd[1], buf, maxdgram, MSG_DONTWAIT) == -1); 150 ATF_REQUIRE(errno == EAGAIN); 151 152 /* Don't block with O_NONBLOCK. */ 153 ATF_REQUIRE(fcntl(fd[1], F_SETFL, O_NONBLOCK) != -1); 154 ATF_REQUIRE(recv(fd[1], buf, maxdgram, 0) == -1); 155 ATF_REQUIRE(errno == EAGAIN); 156 157 /* Fail with ENOBUFS on full socket. */ 158 fill(fd[0], buf, maxdgram); 159 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == -1); 160 ATF_REQUIRE(errno == ENOBUFS); 161 162 /* 163 * Fail with ENOBUFS with O_NONBLOCK set, too. See 71e70c25c00 164 * for explanation why this behavior needs to be preserved. 165 */ 166 ATF_REQUIRE(fcntl(fd[0], F_SETFL, O_NONBLOCK) != -1); 167 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == -1); 168 ATF_REQUIRE(errno == ENOBUFS); 169 170 /* Remote side closed -> ECONNRESET. */ 171 close(fd[1]); 172 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == -1); 173 ATF_REQUIRE(errno == ECONNRESET); 174 } 175 176 ATF_TC_WITHOUT_HEAD(one2many); 177 ATF_TC_BODY(one2many, tc) 178 { 179 int one, many[3], two; 180 #define BUFSIZE 1024 181 char buf[BUFSIZE], goodboy[BUFSIZE], flooder[BUFSIZE], notconn[BUFSIZE]; 182 183 /* Establish one to many connection. */ 184 ATF_REQUIRE((one = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0); 185 ATF_REQUIRE(bind(one, (struct sockaddr *)&sun, sizeof(sun)) == 0); 186 /* listen(2) shall fail. */ 187 ATF_REQUIRE(listen(one, -1) != 0); 188 for (int i = 0; i < 3; i++) { 189 ATF_REQUIRE((many[i] = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0); 190 ATF_REQUIRE(connect(many[i], (struct sockaddr *)&sun, 191 sizeof(sun)) == 0); 192 } 193 194 /* accept() on UNIX/DGRAM is invalid. */ 195 ATF_REQUIRE(accept(one, NULL, NULL) == -1); 196 ATF_REQUIRE(errno == EINVAL); 197 198 /* 199 * Connecting a bound socket to self: a strange, useless, but 200 * historically existing edge case that is not explicitly described 201 * in SuS, neither is forbidden there. Works on FreeBSD and Linux. 202 */ 203 ATF_REQUIRE(connect(one, (struct sockaddr *)&sun, sizeof(sun)) == 0); 204 ATF_REQUIRE(send(one, buf, 42, 0) == 42); 205 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == 42); 206 207 /* 208 * Interaction between concurrent senders. New feature in FreeBSD 14. 209 * 210 * One sender can not fill the receive side. Other senders can 211 * continue operation. Senders who don't fill their buffers are 212 * prioritized over flooders. Connected senders are prioritized over 213 * unconnected. 214 * 215 * Disconnecting a sender that has queued data optionally preserves 216 * the data. Allow the data to migrate to peers buffer only if the 217 * latter is empty. Otherwise discard it, to prevent against 218 * connect-fill-close attack. 219 */ 220 #define FLOODER 13 /* for connected flooder on many[0] */ 221 #define GOODBOY 42 /* for a good boy on many[1] */ 222 #define NOTCONN 66 /* for sendto(2) via two */ 223 goodboy[0] = GOODBOY; 224 flooder[0] = FLOODER; 225 notconn[0] = NOTCONN; 226 227 /* Connected priority over sendto(2). */ 228 ATF_REQUIRE((two = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0); 229 ATF_REQUIRE(sendto(two, notconn, BUFSIZE, 0, (struct sockaddr *)&sun, 230 sizeof(sun)) == BUFSIZE); 231 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE); 232 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 233 ATF_REQUIRE(buf[0] == GOODBOY); /* message from good boy comes first */ 234 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 235 ATF_REQUIRE(buf[0] == NOTCONN); /* only then message from sendto(2) */ 236 237 /* Casual sender priority over a flooder. */ 238 fill(many[0], flooder, sizeof(flooder)); 239 ATF_REQUIRE(send(many[0], flooder, BUFSIZE, 0) == -1); 240 ATF_REQUIRE(errno == ENOBUFS); 241 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE); 242 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 243 ATF_REQUIRE(buf[0] == GOODBOY); /* message from good boy comes first */ 244 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 245 ATF_REQUIRE(buf[0] == FLOODER); /* only then message from flooder */ 246 247 /* Once seen, a message can't be deprioritized by any other message. */ 248 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_PEEK) == sizeof(buf)); 249 ATF_REQUIRE(buf[0] == FLOODER); /* message from the flooder seen */ 250 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE); 251 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_PEEK) == sizeof(buf)); 252 ATF_REQUIRE(buf[0] == FLOODER); /* should be the same message */ 253 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 254 ATF_REQUIRE(buf[0] == FLOODER); /* now we read it out... */ 255 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 256 ATF_REQUIRE(buf[0] == GOODBOY); /* ... and next one is the good boy */ 257 258 /* Disconnect in presence of data from not connected. */ 259 ATF_REQUIRE(sendto(two, notconn, BUFSIZE, 0, (struct sockaddr *)&sun, 260 sizeof(sun)) == BUFSIZE); 261 close(many[0]); 262 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 263 ATF_REQUIRE(buf[0] == NOTCONN); /* message from sendto() */ 264 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_DONTWAIT) == -1); 265 ATF_REQUIRE(errno == EAGAIN); /* data from many[0] discarded */ 266 267 /* Disconnect in absence of data from not connected. */ 268 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE); 269 close(many[1]); 270 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf)); 271 ATF_REQUIRE(buf[0] == GOODBOY); /* message from many[1] preserved */ 272 273 /* Check that nothing leaks on close(2). */ 274 ATF_REQUIRE(send(many[2], buf, 42, 0) == 42); 275 ATF_REQUIRE(send(many[2], buf, 42, 0) == 42); 276 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_PEEK) == 42); 277 ATF_REQUIRE(sendto(two, notconn, 42, 0, (struct sockaddr *)&sun, 278 sizeof(sun)) == 42); 279 close(one); 280 } 281 282 /* 283 * Check that various mechanism report socket as readable and having 284 * 42 bytes of data. 285 */ 286 static void 287 test42(int fd) 288 { 289 290 /* ioctl(FIONREAD) */ 291 int data; 292 293 ATF_REQUIRE(ioctl(fd, FIONREAD, &data) != -1); 294 ATF_REQUIRE(data == 42); 295 296 /* select(2) */ 297 fd_set rfds; 298 299 FD_ZERO(&rfds); 300 FD_SET(fd, &rfds); 301 ATF_REQUIRE(select(fd + 1, &rfds, NULL, NULL, NULL) == 1); 302 ATF_REQUIRE(FD_ISSET(fd, &rfds)); 303 304 /* kevent(2) */ 305 struct kevent ev; 306 int kq; 307 308 ATF_REQUIRE((kq = kqueue()) != -1); 309 EV_SET(&ev, fd, EVFILT_READ, EV_ADD, NOTE_LOWAT, 41, NULL); 310 ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0); 311 ATF_REQUIRE(kevent(kq, NULL, 0, &ev, 1, NULL) == 1); 312 ATF_REQUIRE(ev.filter == EVFILT_READ); 313 ATF_REQUIRE(ev.data == 42); 314 315 /* aio(4) */ 316 char buf[50]; 317 struct aiocb aio = { 318 .aio_nbytes = 50, 319 .aio_fildes = fd, 320 .aio_buf = buf, 321 }, *aiop; 322 323 ATF_REQUIRE(aio_read(&aio) == 0); 324 ATF_REQUIRE(aio_waitcomplete(&aiop, NULL) == 42); 325 ATF_REQUIRE(aiop == &aio); 326 } 327 328 /* 329 * Send data and control in connected & unconnected mode and check that 330 * various event mechanisms see the data, but don't count control bytes. 331 */ 332 ATF_TC_WITHOUT_HEAD(event); 333 ATF_TC_BODY(event, tc) 334 { 335 int fd[2]; 336 char buf[50]; 337 struct iovec iov = { 338 .iov_base = buf, 339 .iov_len = 42, 340 }; 341 struct cmsghdr cmsg = { 342 .cmsg_len = CMSG_LEN(0), 343 .cmsg_level = SOL_SOCKET, 344 .cmsg_type = SCM_TIMESTAMP, 345 }; 346 struct msghdr msghdr = { 347 .msg_iov = &iov, 348 .msg_iovlen = 1, 349 .msg_control = &cmsg, 350 .msg_controllen = CMSG_LEN(0), 351 }; 352 353 /* Connected socket */ 354 ATF_REQUIRE(socketpair(PF_UNIX, SOCK_DGRAM, 0, fd) != -1); 355 ATF_REQUIRE(sendmsg(fd[0], &msghdr, 0) == 42); 356 test42(fd[1]); 357 close(fd[0]); 358 close(fd[1]); 359 360 /* Not-connected send */ 361 ATF_REQUIRE((fd[0] = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0); 362 ATF_REQUIRE((fd[1] = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0); 363 ATF_REQUIRE(bind(fd[0], (struct sockaddr *)&sun, sizeof(sun)) == 0); 364 ATF_REQUIRE(sendto(fd[1], buf, 42, 0, (struct sockaddr *)&sun, 365 sizeof(sun)) == 42); 366 test42(fd[0]); 367 } 368 369 ATF_TC_WITHOUT_HEAD(selfgetpeername); 370 ATF_TC_BODY(selfgetpeername, tc) 371 { 372 struct sockaddr_un sun; 373 const char *name; 374 socklen_t len; 375 int sd; 376 377 name = "selfgetpeername"; 378 379 sd = socket(PF_UNIX, SOCK_DGRAM, 0); 380 ATF_REQUIRE(sd != -1); 381 382 memset(&sun, 0, sizeof(sun)); 383 sun.sun_len = sizeof(sun); 384 sun.sun_family = AF_UNIX; 385 snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", name); 386 ATF_REQUIRE(bind(sd, (struct sockaddr *)&sun, sizeof(sun)) == 0); 387 ATF_REQUIRE(connect(sd, (struct sockaddr *)&sun, sizeof(sun)) == 0); 388 389 len = sizeof(sun); 390 ATF_REQUIRE(getpeername(sd, (struct sockaddr *)&sun, &len) == 0); 391 ATF_REQUIRE(strcmp(sun.sun_path, name) == 0); 392 393 ATF_REQUIRE(close(sd) == 0); 394 } 395 396 ATF_TC_WITHOUT_HEAD(fchmod); 397 ATF_TC_BODY(fchmod, tc) 398 { 399 struct stat sb; 400 struct sockaddr_un sun; 401 int error, sd; 402 403 memset(&sun, 0, sizeof(sun)); 404 sun.sun_len = sizeof(sun); 405 sun.sun_family = AF_UNIX; 406 strlcpy(sun.sun_path, "sock", sizeof(sun.sun_path)); 407 408 sd = socket(PF_UNIX, SOCK_DGRAM, 0); 409 ATF_REQUIRE(sd != -1); 410 411 error = fchmod(sd, 0600 | S_ISUID); 412 ATF_REQUIRE_ERRNO(EINVAL, error == -1); 413 414 umask(0022); 415 error = fchmod(sd, 0766); 416 ATF_REQUIRE(error == 0); 417 418 error = bind(sd, (struct sockaddr *)&sun, sizeof(sun)); 419 ATF_REQUIRE(error == 0); 420 421 error = stat(sun.sun_path, &sb); 422 ATF_REQUIRE(error == 0); 423 ATF_REQUIRE_MSG((sb.st_mode & 0777) == 0744, 424 "sb.st_mode = %o", sb.st_mode); 425 426 error = fchmod(sd, 0666); 427 ATF_REQUIRE_ERRNO(EINVAL, error == -1); 428 429 ATF_REQUIRE(close(sd) == 0); 430 } 431 432 ATF_TP_ADD_TCS(tp) 433 { 434 ATF_TP_ADD_TC(tp, basic); 435 ATF_TP_ADD_TC(tp, one2many); 436 ATF_TP_ADD_TC(tp, event); 437 ATF_TP_ADD_TC(tp, selfgetpeername); 438 ATF_TP_ADD_TC(tp, fchmod); 439 440 return (atf_no_error()); 441 } 442