xref: /freebsd/tools/test/stress2/misc/readdir.sh (revision 6be3386466ab79a84b48429ae66244f21526d3df) 
1#!/bin/sh
2
3#
4# Copyright (c) 2011 Peter Holm <pho@FreeBSD.org>
5# All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26# SUCH DAMAGE.
27#
28
29# readdir(3) fuzzing inspired by the iknowthis test suite
30# by Tavis Ormandy <taviso  cmpxchg8b com>
31
32# "panic: kmem_malloc(1328054272): kmem_map too small" seen
33
34[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1
35
36. ../default.cfg
37
38here=`pwd`
39cd /tmp
40sed '1,/^EOF/d' < $here/$0 > readdir.c
41mycc -o readdir -Wall -Wextra readdir.c || exit 1
42rm -f readdir.c
43
44mount | grep $mntpoint | grep -q /dev/md && umount -f $mntpoint
45mdconfig -l | grep -q md$mdstart &&  mdconfig -d -u $mdstart
46
47mount -t tmpfs tmpfs $mntpoint
48echo "Testing tmpfs(5)"
49cp -a /usr/include $mntpoint
50/tmp/readdir $mntpoint
51umount $mntpoint
52
53echo "Testing fdescfs(5)"
54kldstat -v | grep -q fdescfs || { kldload fdescfs.ko; loaded=1; }
55mount -t fdescfs null /dev/fd
56/tmp/readdir /dev/fd
57umount /dev/fd
58[ $unload ] && kldunload fdescfs.ko
59
60echo "Testing procfs(5)"
61mount -t procfs procfs $mntpoint
62/tmp/readdir $mntpoint
63umount $mntpoint
64
65if ping -c 2 `echo $nfs_export | sed 's/:.*//'` > /dev/null 2>&1; then
66	echo "Testing nfs"
67	mount -t nfs -o nfsv3,tcp,nolockd,retrycnt=3,soft,timeout=1 \
68	    $nfs_export $mntpoint
69	/tmp/readdir $mntpoint
70	umount $mntpoint
71fi
72
73mdconfig -a -t swap -s 1g -u $mdstart || exit 1
74bsdlabel -w md$mdstart auto
75newfs md${mdstart}$part > /dev/null
76mount /dev/md${mdstart}$part $mntpoint
77cp -a /usr/include $mntpoint
78echo "Testing UFS"
79/tmp/readdir $mntpoint
80umount $mntpoint
81mdconfig -d -u $mdstart
82
83mdconfig -a -t swap -s 1g -u $mdstart || exit 1
84bsdlabel -w md$mdstart auto
85newfs $newfs_flags md${mdstart}$part > /dev/null
86mount /dev/md${mdstart}$part $mntpoint
87cp -a /usr/include $mntpoint
88echo "Testing FFS"
89/tmp/readdir $mntpoint
90umount $mntpoint
91mdconfig -d -u $mdstart
92
93mount -t nullfs /bin $mntpoint
94echo "Testing nullfs(5)"
95/tmp/readdir $mntpoint
96umount $mntpoint
97
98rm -f /tmp/readdir
99exit 0
100EOF
101#include <sys/types.h>
102#include <sys/uio.h>
103#include <sys/wait.h>
104
105#include <dirent.h>
106#include <err.h>
107#include <fcntl.h>
108#include <signal.h>
109#include <stdio.h>
110#include <stdlib.h>
111#include <strings.h>
112#include <time.h>
113#include <unistd.h>
114
115#define RUNTIME 120
116
117/* copy from /usr/src/lib/libc/gen/gen-private.h */
118struct _telldir;		/* see telldir.h */
119struct pthread_mutex;
120
121/*
122 * Structure describing an open directory.
123 *
124 * NOTE. Change structure layout with care, at least dd_fd field has to
125 * remain unchanged to guarantee backward compatibility.
126 */
127struct _dirdesc {
128	int	dd_fd;		/* file descriptor associated with directory */
129	long	dd_loc;		/* offset in current buffer */
130	long	dd_size;	/* amount of data returned by getdirentries */
131	char	*dd_buf;	/* data buffer */
132	int	dd_len;		/* size of data buffer */
133	long	dd_seek;	/* magic cookie returned by getdirentries */
134	long	dd_rewind;	/* magic cookie for rewinding */
135	int	dd_flags;	/* flags for readdir */
136	struct pthread_mutex	*dd_lock;	/* lock */
137	struct _telldir *dd_td;	/* telldir position recording */
138};
139/* End copy */
140
141static void
142hand(int i __unused) {	/* handler */
143	_exit(1);
144}
145
146static void
147test(char *path)
148{
149	DIR *dirp, fuzz;
150	int i;
151
152	signal(SIGSEGV, hand);
153	alarm(300);
154	for (i = 0; i < 2000; i++) {
155		if ((dirp = opendir(path)) == NULL)
156			break;
157		bcopy(dirp, &fuzz, sizeof(fuzz));
158		fuzz.dd_len = arc4random();
159		readdir(&fuzz);
160		closedir(dirp);
161	}
162
163	_exit(0);
164}
165
166int
167main(int argc __unused, char **argv)
168{
169	time_t start;
170
171	start = time(NULL);
172	while (time(NULL) - start < RUNTIME) {
173		if (fork() == 0)
174			test(argv[1]);
175		wait(NULL);
176	}
177
178	return (0);
179}
180