1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2022 Gleb Smirnoff <glebius@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/event.h>
29 #include <sys/ioctl.h>
30 #include <sys/select.h>
31 #include <sys/socket.h>
32 #include <sys/stat.h>
33 #include <sys/sysctl.h>
34 #include <sys/time.h>
35 #include <sys/un.h>
36
37 #include <aio.h>
38 #include <errno.h>
39 #include <fcntl.h>
40 #include <signal.h>
41 #include <stdio.h>
42 #include <stdlib.h>
43
44 #include <atf-c.h>
45
46 static struct itimerval itv = {
47 .it_interval = { 0, 0 },
48 .it_value = { 1, 0 }, /* one second */
49 };
50 static sig_atomic_t timer_done = 0;
51 static void
sigalarm(int sig __unused)52 sigalarm(int sig __unused)
53 {
54
55 timer_done = 1;
56 }
57
58 static struct sigaction sigact = {
59 .sa_handler = sigalarm,
60 };
61
62 static struct sockaddr_un sun = {
63 .sun_family = AF_LOCAL,
64 .sun_len = sizeof(sun),
65 .sun_path = "unix_dgram_listener",
66 };
67
68 /*
69 * Fill socket to a state when next send(len) would fail.
70 *
71 * Note that every datagram is prepended with sender address,
72 * size of struct sockaddr.
73 */
74 static void
fill(int fd,void * buf,ssize_t len)75 fill(int fd, void *buf, ssize_t len)
76 {
77 unsigned long recvspace;
78 size_t llen = sizeof(unsigned long);
79 ssize_t sent;
80
81 ATF_REQUIRE(sysctlbyname("net.local.dgram.recvspace", &recvspace,
82 &llen, NULL, 0) == 0);
83 for (sent = 0;
84 sent + len + sizeof(struct sockaddr) < recvspace;
85 sent += len + sizeof(struct sockaddr))
86 ATF_REQUIRE(send(fd, buf, len, 0) == len);
87 }
88
89 ATF_TC_WITHOUT_HEAD(basic);
ATF_TC_BODY(basic,tc)90 ATF_TC_BODY(basic, tc)
91 {
92 struct msghdr msg;
93 struct iovec iov[1];
94 unsigned long maxdgram;
95 size_t llen = sizeof(unsigned long);
96 int fd[2];
97 char *buf;
98
99 /* Allocate and initialize:
100 * - fd[0] to send, fd[1] to receive
101 * - buf[maxdgram] for data
102 */
103 ATF_REQUIRE(sysctlbyname("net.local.dgram.maxdgram", &maxdgram,
104 &llen, NULL, 0) == 0);
105 ATF_REQUIRE(socketpair(PF_UNIX, SOCK_DGRAM, 0, fd) != -1);
106 buf = malloc(maxdgram + 1);
107 ATF_REQUIRE(buf);
108 msg = (struct msghdr ){
109 .msg_iov = iov,
110 .msg_iovlen = 1,
111 };
112 iov[0] = (struct iovec ){
113 .iov_base = buf,
114 };
115
116 /* Fail to send > maxdgram. */
117 ATF_REQUIRE(send(fd[0], buf, maxdgram + 1, 0) == -1);
118 ATF_REQUIRE(errno == EMSGSIZE);
119
120 /* Send maxdgram. */
121 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == (ssize_t)maxdgram);
122
123 /* Exercise MSG_PEEK, full and truncated.. */
124 ATF_REQUIRE(recv(fd[1], buf, maxdgram, MSG_PEEK) == (ssize_t)maxdgram);
125 iov[0].iov_len = 42;
126 ATF_REQUIRE(recvmsg(fd[1], &msg, MSG_PEEK) == 42);
127 ATF_REQUIRE(msg.msg_flags == (MSG_PEEK | MSG_TRUNC));
128
129 /* Receive maxdgram. */
130 iov[0].iov_len = maxdgram;
131 ATF_REQUIRE(recvmsg(fd[1], &msg, 0) == (ssize_t)maxdgram);
132 ATF_REQUIRE(msg.msg_flags == 0);
133
134 /* Receive truncated message. */
135 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == (ssize_t)maxdgram);
136 iov[0].iov_len = maxdgram / 2;
137 ATF_REQUIRE(recvmsg(fd[1], &msg, 0) == (ssize_t)maxdgram / 2);
138 ATF_REQUIRE(msg.msg_flags == MSG_TRUNC);
139
140 /* Empty: block. */
141 ATF_REQUIRE(sigaction(SIGALRM, &sigact, NULL) == 0);
142 ATF_REQUIRE(timer_done == 0);
143 ATF_REQUIRE(setitimer(ITIMER_REAL, &itv, NULL) == 0);
144 ATF_REQUIRE(recv(fd[1], buf, maxdgram, 0) == -1);
145 ATF_REQUIRE(errno == EINTR);
146 ATF_REQUIRE(timer_done == 1);
147
148 /* Don't block with MSG_DONTWAIT. */
149 ATF_REQUIRE(recv(fd[1], buf, maxdgram, MSG_DONTWAIT) == -1);
150 ATF_REQUIRE(errno == EAGAIN);
151
152 /* Don't block with O_NONBLOCK. */
153 ATF_REQUIRE(fcntl(fd[1], F_SETFL, O_NONBLOCK) != -1);
154 ATF_REQUIRE(recv(fd[1], buf, maxdgram, 0) == -1);
155 ATF_REQUIRE(errno == EAGAIN);
156
157 /* Fail with ENOBUFS on full socket. */
158 fill(fd[0], buf, maxdgram);
159 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == -1);
160 ATF_REQUIRE(errno == ENOBUFS);
161
162 /*
163 * Fail with ENOBUFS with O_NONBLOCK set, too. See 71e70c25c00
164 * for explanation why this behavior needs to be preserved.
165 */
166 ATF_REQUIRE(fcntl(fd[0], F_SETFL, O_NONBLOCK) != -1);
167 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == -1);
168 ATF_REQUIRE(errno == ENOBUFS);
169
170 /* Remote side closed -> ECONNRESET. */
171 close(fd[1]);
172 ATF_REQUIRE(send(fd[0], buf, maxdgram, 0) == -1);
173 ATF_REQUIRE(errno == ECONNRESET);
174 }
175
176 ATF_TC_WITHOUT_HEAD(one2many);
ATF_TC_BODY(one2many,tc)177 ATF_TC_BODY(one2many, tc)
178 {
179 int one, many[3], two;
180 #define BUFSIZE 1024
181 char buf[BUFSIZE], goodboy[BUFSIZE], flooder[BUFSIZE], notconn[BUFSIZE];
182
183 /* Establish one to many connection. */
184 ATF_REQUIRE((one = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0);
185 ATF_REQUIRE(bind(one, (struct sockaddr *)&sun, sizeof(sun)) == 0);
186 /* listen(2) shall fail. */
187 ATF_REQUIRE(listen(one, -1) != 0);
188 for (int i = 0; i < 3; i++) {
189 ATF_REQUIRE((many[i] = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0);
190 ATF_REQUIRE(connect(many[i], (struct sockaddr *)&sun,
191 sizeof(sun)) == 0);
192 }
193
194 /* accept() on UNIX/DGRAM is invalid. */
195 ATF_REQUIRE(accept(one, NULL, NULL) == -1);
196 ATF_REQUIRE(errno == EINVAL);
197
198 /*
199 * Connecting a bound socket to self: a strange, useless, but
200 * historically existing edge case that is not explicitly described
201 * in SuS, neither is forbidden there. Works on FreeBSD and Linux.
202 */
203 ATF_REQUIRE(connect(one, (struct sockaddr *)&sun, sizeof(sun)) == 0);
204 ATF_REQUIRE(send(one, buf, 42, 0) == 42);
205 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == 42);
206
207 /*
208 * Interaction between concurrent senders. New feature in FreeBSD 14.
209 *
210 * One sender can not fill the receive side. Other senders can
211 * continue operation. Senders who don't fill their buffers are
212 * prioritized over flooders. Connected senders are prioritized over
213 * unconnected.
214 *
215 * Disconnecting a sender that has queued data optionally preserves
216 * the data. Allow the data to migrate to peers buffer only if the
217 * latter is empty. Otherwise discard it, to prevent against
218 * connect-fill-close attack.
219 */
220 #define FLOODER 13 /* for connected flooder on many[0] */
221 #define GOODBOY 42 /* for a good boy on many[1] */
222 #define NOTCONN 66 /* for sendto(2) via two */
223 goodboy[0] = GOODBOY;
224 flooder[0] = FLOODER;
225 notconn[0] = NOTCONN;
226
227 /* Connected priority over sendto(2). */
228 ATF_REQUIRE((two = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0);
229 ATF_REQUIRE(sendto(two, notconn, BUFSIZE, 0, (struct sockaddr *)&sun,
230 sizeof(sun)) == BUFSIZE);
231 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE);
232 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
233 ATF_REQUIRE(buf[0] == GOODBOY); /* message from good boy comes first */
234 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
235 ATF_REQUIRE(buf[0] == NOTCONN); /* only then message from sendto(2) */
236
237 /* Casual sender priority over a flooder. */
238 fill(many[0], flooder, sizeof(flooder));
239 ATF_REQUIRE(send(many[0], flooder, BUFSIZE, 0) == -1);
240 ATF_REQUIRE(errno == ENOBUFS);
241 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE);
242 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
243 ATF_REQUIRE(buf[0] == GOODBOY); /* message from good boy comes first */
244 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
245 ATF_REQUIRE(buf[0] == FLOODER); /* only then message from flooder */
246
247 /* Once seen, a message can't be deprioritized by any other message. */
248 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_PEEK) == sizeof(buf));
249 ATF_REQUIRE(buf[0] == FLOODER); /* message from the flooder seen */
250 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE);
251 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_PEEK) == sizeof(buf));
252 ATF_REQUIRE(buf[0] == FLOODER); /* should be the same message */
253 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
254 ATF_REQUIRE(buf[0] == FLOODER); /* now we read it out... */
255 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
256 ATF_REQUIRE(buf[0] == GOODBOY); /* ... and next one is the good boy */
257
258 /* Disconnect in presence of data from not connected. */
259 ATF_REQUIRE(sendto(two, notconn, BUFSIZE, 0, (struct sockaddr *)&sun,
260 sizeof(sun)) == BUFSIZE);
261 close(many[0]);
262 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
263 ATF_REQUIRE(buf[0] == NOTCONN); /* message from sendto() */
264 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_DONTWAIT) == -1);
265 ATF_REQUIRE(errno == EAGAIN); /* data from many[0] discarded */
266
267 /* Disconnect in absence of data from not connected. */
268 ATF_REQUIRE(send(many[1], goodboy, BUFSIZE, 0) == BUFSIZE);
269 close(many[1]);
270 ATF_REQUIRE(recv(one, buf, sizeof(buf), 0) == sizeof(buf));
271 ATF_REQUIRE(buf[0] == GOODBOY); /* message from many[1] preserved */
272
273 /* Check that nothing leaks on close(2). */
274 ATF_REQUIRE(send(many[2], buf, 42, 0) == 42);
275 ATF_REQUIRE(send(many[2], buf, 42, 0) == 42);
276 ATF_REQUIRE(recv(one, buf, sizeof(buf), MSG_PEEK) == 42);
277 ATF_REQUIRE(sendto(two, notconn, 42, 0, (struct sockaddr *)&sun,
278 sizeof(sun)) == 42);
279 close(one);
280 }
281
282 /*
283 * Check that various mechanism report socket as readable and having
284 * 42 bytes of data.
285 */
286 static void
test42(int fd)287 test42(int fd)
288 {
289
290 /* ioctl(FIONREAD) */
291 int data;
292
293 ATF_REQUIRE(ioctl(fd, FIONREAD, &data) != -1);
294 ATF_REQUIRE(data == 42);
295
296 /* select(2) */
297 fd_set rfds;
298
299 FD_ZERO(&rfds);
300 FD_SET(fd, &rfds);
301 ATF_REQUIRE(select(fd + 1, &rfds, NULL, NULL, NULL) == 1);
302 ATF_REQUIRE(FD_ISSET(fd, &rfds));
303
304 /* kevent(2) */
305 struct kevent ev;
306 int kq;
307
308 ATF_REQUIRE((kq = kqueue()) != -1);
309 EV_SET(&ev, fd, EVFILT_READ, EV_ADD, NOTE_LOWAT, 41, NULL);
310 ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0);
311 ATF_REQUIRE(kevent(kq, NULL, 0, &ev, 1, NULL) == 1);
312 ATF_REQUIRE(ev.filter == EVFILT_READ);
313 ATF_REQUIRE(ev.data == 42);
314
315 /* aio(4) */
316 char buf[50];
317 struct aiocb aio = {
318 .aio_nbytes = 50,
319 .aio_fildes = fd,
320 .aio_buf = buf,
321 }, *aiop;
322
323 ATF_REQUIRE(aio_read(&aio) == 0);
324 ATF_REQUIRE(aio_waitcomplete(&aiop, NULL) == 42);
325 ATF_REQUIRE(aiop == &aio);
326 }
327
328 /*
329 * Send data and control in connected & unconnected mode and check that
330 * various event mechanisms see the data, but don't count control bytes.
331 */
332 ATF_TC_WITHOUT_HEAD(event);
ATF_TC_BODY(event,tc)333 ATF_TC_BODY(event, tc)
334 {
335 int fd[2];
336 char buf[50];
337 struct iovec iov = {
338 .iov_base = buf,
339 .iov_len = 42,
340 };
341 struct cmsghdr cmsg = {
342 .cmsg_len = CMSG_LEN(0),
343 .cmsg_level = SOL_SOCKET,
344 .cmsg_type = SCM_TIMESTAMP,
345 };
346 struct msghdr msghdr = {
347 .msg_iov = &iov,
348 .msg_iovlen = 1,
349 .msg_control = &cmsg,
350 .msg_controllen = CMSG_LEN(0),
351 };
352
353 /* Connected socket */
354 ATF_REQUIRE(socketpair(PF_UNIX, SOCK_DGRAM, 0, fd) != -1);
355 ATF_REQUIRE(sendmsg(fd[0], &msghdr, 0) == 42);
356 test42(fd[1]);
357 close(fd[0]);
358 close(fd[1]);
359
360 /* Not-connected send */
361 ATF_REQUIRE((fd[0] = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0);
362 ATF_REQUIRE((fd[1] = socket(PF_UNIX, SOCK_DGRAM, 0)) > 0);
363 ATF_REQUIRE(bind(fd[0], (struct sockaddr *)&sun, sizeof(sun)) == 0);
364 ATF_REQUIRE(sendto(fd[1], buf, 42, 0, (struct sockaddr *)&sun,
365 sizeof(sun)) == 42);
366 test42(fd[0]);
367 }
368
369 ATF_TC_WITHOUT_HEAD(selfgetpeername);
ATF_TC_BODY(selfgetpeername,tc)370 ATF_TC_BODY(selfgetpeername, tc)
371 {
372 struct sockaddr_un sun;
373 const char *name;
374 socklen_t len;
375 int sd;
376
377 name = "selfgetpeername";
378
379 sd = socket(PF_UNIX, SOCK_DGRAM, 0);
380 ATF_REQUIRE(sd != -1);
381
382 memset(&sun, 0, sizeof(sun));
383 sun.sun_len = sizeof(sun);
384 sun.sun_family = AF_UNIX;
385 snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", name);
386 ATF_REQUIRE(bind(sd, (struct sockaddr *)&sun, sizeof(sun)) == 0);
387 ATF_REQUIRE(connect(sd, (struct sockaddr *)&sun, sizeof(sun)) == 0);
388
389 len = sizeof(sun);
390 ATF_REQUIRE(getpeername(sd, (struct sockaddr *)&sun, &len) == 0);
391 ATF_REQUIRE(strcmp(sun.sun_path, name) == 0);
392
393 ATF_REQUIRE(close(sd) == 0);
394 }
395
396 ATF_TC_WITHOUT_HEAD(fchmod);
ATF_TC_BODY(fchmod,tc)397 ATF_TC_BODY(fchmod, tc)
398 {
399 struct stat sb;
400 struct sockaddr_un sun;
401 int error, sd;
402
403 memset(&sun, 0, sizeof(sun));
404 sun.sun_len = sizeof(sun);
405 sun.sun_family = AF_UNIX;
406 strlcpy(sun.sun_path, "sock", sizeof(sun.sun_path));
407
408 sd = socket(PF_UNIX, SOCK_DGRAM, 0);
409 ATF_REQUIRE(sd != -1);
410
411 error = fchmod(sd, 0600 | S_ISUID);
412 ATF_REQUIRE_ERRNO(EINVAL, error == -1);
413
414 umask(0022);
415 error = fchmod(sd, 0766);
416 ATF_REQUIRE(error == 0);
417
418 error = bind(sd, (struct sockaddr *)&sun, sizeof(sun));
419 ATF_REQUIRE(error == 0);
420
421 error = stat(sun.sun_path, &sb);
422 ATF_REQUIRE(error == 0);
423 ATF_REQUIRE_MSG((sb.st_mode & 0777) == 0744,
424 "sb.st_mode = %o", sb.st_mode);
425
426 error = fchmod(sd, 0666);
427 ATF_REQUIRE_ERRNO(EINVAL, error == -1);
428
429 ATF_REQUIRE(close(sd) == 0);
430 }
431
ATF_TP_ADD_TCS(tp)432 ATF_TP_ADD_TCS(tp)
433 {
434 ATF_TP_ADD_TC(tp, basic);
435 ATF_TP_ADD_TC(tp, one2many);
436 ATF_TP_ADD_TC(tp, event);
437 ATF_TP_ADD_TC(tp, selfgetpeername);
438 ATF_TP_ADD_TC(tp, fchmod);
439
440 return (atf_no_error());
441 }
442