1 /*- 2 * Copyright (c) 2009 Simon L. Nielsen <simon@FreeBSD.org>, 3 * Bjoern A. Zeeb <bz@FreeBSD.org> 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <sys/param.h> 30 #include <sys/mman.h> 31 #include <sys/sysctl.h> 32 33 #include <atf-c.h> 34 #include <errno.h> 35 #include <fcntl.h> 36 #include <stdarg.h> 37 #include <stdio.h> 38 #include <stdlib.h> 39 40 static const struct { 41 void *addr; 42 int ok[2]; /* Depending on security.bsd.map_at_zero {0, !=0}. */ 43 } map_at_zero_tests[] = { 44 { (void *)0, { 0, 1 } }, /* Test sysctl. */ 45 { (void *)1, { 0, 0 } }, 46 { (void *)(PAGE_SIZE - 1), { 0, 0 } }, 47 { (void *)PAGE_SIZE, { 1, 1 } }, 48 { (void *)-1, { 0, 0 } }, 49 { (void *)(-PAGE_SIZE), { 0, 0 } }, 50 { (void *)(-1 - PAGE_SIZE), { 0, 0 } }, 51 { (void *)(-1 - PAGE_SIZE - 1), { 0, 0 } }, 52 { (void *)(0x1000 * PAGE_SIZE), { 1, 1 } }, 53 }; 54 55 #define MAP_AT_ZERO "security.bsd.map_at_zero" 56 57 ATF_TC_WITHOUT_HEAD(mmap__map_at_zero); 58 ATF_TC_BODY(mmap__map_at_zero, tc) 59 { 60 void *p; 61 size_t len; 62 unsigned int i; 63 int map_at_zero; 64 65 len = sizeof(map_at_zero); 66 if (sysctlbyname(MAP_AT_ZERO, &map_at_zero, &len, NULL, 0) == -1) { 67 atf_tc_skip("sysctl for %s failed: %s\n", MAP_AT_ZERO, 68 strerror(errno)); 69 return; 70 } 71 72 /* Normalize to 0 or 1 for array access. */ 73 map_at_zero = !!map_at_zero; 74 75 for (i = 0; i < nitems(map_at_zero_tests); i++) { 76 p = mmap((void *)map_at_zero_tests[i].addr, PAGE_SIZE, 77 PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_FIXED, 78 -1, 0); 79 if (p == MAP_FAILED) { 80 ATF_CHECK_MSG(map_at_zero_tests[i].ok[map_at_zero] == 0, 81 "mmap(%p, ...) failed", map_at_zero_tests[i].addr); 82 } else { 83 ATF_CHECK_MSG(map_at_zero_tests[i].ok[map_at_zero] == 1, 84 "mmap(%p, ...) succeeded: p=%p\n", 85 map_at_zero_tests[i].addr, p); 86 } 87 } 88 } 89 90 static void 91 checked_mmap(int prot, int flags, int fd, int error, const char *msg) 92 { 93 void *p; 94 95 p = mmap(NULL, getpagesize(), prot, flags, fd, 0); 96 if (p == MAP_FAILED) { 97 if (error == 0) 98 ATF_CHECK_MSG(0, "%s failed with errno %d", msg, 99 errno); 100 else 101 ATF_CHECK_EQ_MSG(error, errno, 102 "%s failed with wrong errno %d (expected %d)", msg, 103 errno, error); 104 } else { 105 ATF_CHECK_MSG(error == 0, "%s succeeded", msg); 106 munmap(p, getpagesize()); 107 } 108 } 109 110 ATF_TC_WITHOUT_HEAD(mmap__bad_arguments); 111 ATF_TC_BODY(mmap__bad_arguments, tc) 112 { 113 int devstatfd, shmfd, zerofd; 114 115 ATF_REQUIRE((devstatfd = open("/dev/devstat", O_RDONLY)) >= 0); 116 ATF_REQUIRE((shmfd = shm_open(SHM_ANON, O_RDWR, 0644)) >= 0); 117 ATF_REQUIRE(ftruncate(shmfd, getpagesize()) == 0); 118 ATF_REQUIRE((zerofd = open("/dev/zero", O_RDONLY)) >= 0); 119 120 /* These should work. */ 121 checked_mmap(PROT_READ | PROT_WRITE, MAP_ANON, -1, 0, 122 "simple MAP_ANON"); 123 checked_mmap(PROT_READ | PROT_WRITE, MAP_SHARED, shmfd, 0, 124 "simple shm fd shared"); 125 checked_mmap(PROT_READ | PROT_WRITE, MAP_PRIVATE, shmfd, 0, 126 "simple shm fd private"); 127 checked_mmap(PROT_READ, MAP_SHARED, zerofd, 0, 128 "simple /dev/zero shared"); 129 checked_mmap(PROT_READ | PROT_WRITE, MAP_PRIVATE, zerofd, 0, 130 "simple /dev/zero private"); 131 checked_mmap(PROT_READ, MAP_SHARED, devstatfd, 0, 132 "simple /dev/devstat shared"); 133 134 /* Extra PROT flags. */ 135 checked_mmap(PROT_READ | PROT_WRITE | 0x100000, MAP_ANON, -1, EINVAL, 136 "MAP_ANON with extra PROT flags"); 137 checked_mmap(0xffff, MAP_SHARED, shmfd, EINVAL, 138 "shm fd with garbage PROT"); 139 140 /* Undefined flag. */ 141 checked_mmap(PROT_READ | PROT_WRITE, MAP_ANON | MAP_RESERVED0080, -1, 142 EINVAL, "Undefined flag"); 143 144 /* Both MAP_SHARED and MAP_PRIVATE */ 145 checked_mmap(PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | 146 MAP_SHARED, -1, EINVAL, "MAP_ANON with both SHARED and PRIVATE"); 147 checked_mmap(PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_SHARED, shmfd, 148 EINVAL, "shm fd with both SHARED and PRIVATE"); 149 150 /* At least one of MAP_SHARED or MAP_PRIVATE without ANON */ 151 checked_mmap(PROT_READ | PROT_WRITE, 0, shmfd, EINVAL, 152 "shm fd without sharing flag"); 153 154 /* MAP_ANON with either sharing flag (impacts fork). */ 155 checked_mmap(PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED, -1, 0, 156 "shared MAP_ANON"); 157 checked_mmap(PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0, 158 "private MAP_ANON"); 159 160 /* MAP_ANON should require an fd of -1. */ 161 checked_mmap(PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, 0, EINVAL, 162 "MAP_ANON with fd != -1"); 163 164 /* Writable MAP_SHARED should fail on read-only descriptors. */ 165 checked_mmap(PROT_READ | PROT_WRITE, MAP_SHARED, zerofd, EACCES, 166 "MAP_SHARED of read-only /dev/zero"); 167 168 /* 169 * Character devices other than /dev/zero do not support private 170 * mappings. 171 */ 172 checked_mmap(PROT_READ, MAP_PRIVATE, devstatfd, EINVAL, 173 "MAP_PRIVATE of /dev/devstat"); 174 } 175 176 ATF_TC_WITHOUT_HEAD(mmap__dev_zero_private); 177 ATF_TC_BODY(mmap__dev_zero_private, tc) 178 { 179 char *p1, *p2, *p3; 180 size_t i; 181 int fd; 182 183 ATF_REQUIRE((fd = open("/dev/zero", O_RDONLY)) >= 0); 184 185 p1 = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 186 0); 187 ATF_REQUIRE(p1 != MAP_FAILED); 188 189 p2 = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 190 0); 191 ATF_REQUIRE(p2 != MAP_FAILED); 192 193 for (i = 0; i < getpagesize(); i++) 194 ATF_REQUIRE_EQ_MSG(0, p1[i], "byte at p1[%zu] is %x", i, p1[i]); 195 196 ATF_REQUIRE(memcmp(p1, p2, getpagesize()) == 0); 197 198 p1[0] = 1; 199 200 ATF_REQUIRE(p2[0] == 0); 201 202 p2[0] = 2; 203 204 ATF_REQUIRE(p1[0] == 1); 205 206 p3 = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 207 0); 208 ATF_REQUIRE(p3 != MAP_FAILED); 209 210 ATF_REQUIRE(p3[0] == 0); 211 } 212 213 ATF_TC_WITHOUT_HEAD(mmap__dev_zero_shared); 214 ATF_TC_BODY(mmap__dev_zero_shared, tc) 215 { 216 char *p1, *p2, *p3; 217 size_t i; 218 int fd; 219 220 ATF_REQUIRE((fd = open("/dev/zero", O_RDWR)) >= 0); 221 222 p1 = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 223 0); 224 ATF_REQUIRE(p1 != MAP_FAILED); 225 226 p2 = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 227 0); 228 ATF_REQUIRE(p2 != MAP_FAILED); 229 230 for (i = 0; i < getpagesize(); i++) 231 ATF_REQUIRE_EQ_MSG(0, p1[i], "byte at p1[%zu] is %x", i, p1[i]); 232 233 ATF_REQUIRE(memcmp(p1, p2, getpagesize()) == 0); 234 235 p1[0] = 1; 236 237 ATF_REQUIRE(p2[0] == 0); 238 239 p2[0] = 2; 240 241 ATF_REQUIRE(p1[0] == 1); 242 243 p3 = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 244 0); 245 ATF_REQUIRE(p3 != MAP_FAILED); 246 247 ATF_REQUIRE(p3[0] == 0); 248 } 249 250 ATF_TP_ADD_TCS(tp) 251 { 252 253 ATF_TP_ADD_TC(tp, mmap__map_at_zero); 254 ATF_TP_ADD_TC(tp, mmap__bad_arguments); 255 ATF_TP_ADD_TC(tp, mmap__dev_zero_private); 256 ATF_TP_ADD_TC(tp, mmap__dev_zero_shared); 257 258 return (atf_no_error()); 259 } 260