1*8a272653SPeter Holm#!/bin/sh 2*8a272653SPeter Holm 3*8a272653SPeter Holm# 4*8a272653SPeter Holm# Copyright (c) 2016 EMC Corp. 5*8a272653SPeter Holm# All rights reserved. 6*8a272653SPeter Holm# 7*8a272653SPeter Holm# Redistribution and use in source and binary forms, with or without 8*8a272653SPeter Holm# modification, are permitted provided that the following conditions 9*8a272653SPeter Holm# are met: 10*8a272653SPeter Holm# 1. Redistributions of source code must retain the above copyright 11*8a272653SPeter Holm# notice, this list of conditions and the following disclaimer. 12*8a272653SPeter Holm# 2. Redistributions in binary form must reproduce the above copyright 13*8a272653SPeter Holm# notice, this list of conditions and the following disclaimer in the 14*8a272653SPeter Holm# documentation and/or other materials provided with the distribution. 15*8a272653SPeter Holm# 16*8a272653SPeter Holm# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17*8a272653SPeter Holm# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18*8a272653SPeter Holm# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19*8a272653SPeter Holm# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20*8a272653SPeter Holm# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21*8a272653SPeter Holm# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22*8a272653SPeter Holm# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23*8a272653SPeter Holm# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24*8a272653SPeter Holm# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25*8a272653SPeter Holm# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26*8a272653SPeter Holm# SUCH DAMAGE. 27*8a272653SPeter Holm# 28*8a272653SPeter Holm 29*8a272653SPeter Holm# sendmsg(2) fuzz test. 30*8a272653SPeter Holm 31*8a272653SPeter Holm# Looping test program seen: 32*8a272653SPeter Holm# https://people.freebsd.org/~pho/stress/log/sendmsg.txt 33*8a272653SPeter Holm 34*8a272653SPeter Holm. ../default.cfg 35*8a272653SPeter Holm 36*8a272653SPeter Holmdir=/tmp 37*8a272653SPeter Holmodir=`pwd` 38*8a272653SPeter Holmcd $dir 39*8a272653SPeter Holmsed '1,/^EOF/d' < $odir/$0 > $dir/sendmsg.c 40*8a272653SPeter Holmmycc -o sendmsg -Wall -Wextra -O0 -g sendmsg.c || exit 1 41*8a272653SPeter Holmrm -f sendmsg.c 42*8a272653SPeter Holmcd $odir 43*8a272653SPeter Holm 44*8a272653SPeter Holmdaemon sh -c "(cd ../testcases/swap; ./swap -t 5m -i 20 -k -h)" > /dev/null 45*8a272653SPeter Holmsleep 2 46*8a272653SPeter Holm 47*8a272653SPeter Holm/tmp/sendmsg 2>/dev/null 48*8a272653SPeter Holm 49*8a272653SPeter Holmwhile pgrep -q swap; do 50*8a272653SPeter Holm pkill -9 swap 51*8a272653SPeter Holmdone 52*8a272653SPeter Holmrm -f /tmp/sendmsg sendmsg.core 53*8a272653SPeter Holm 54*8a272653SPeter Holmn=0 55*8a272653SPeter Holmwhile pgrep -q sendmsg; do 56*8a272653SPeter Holm pkill -9 sendmsg 57*8a272653SPeter Holm n=$((n + 1)) 58*8a272653SPeter Holm [ $n -gt 20 ] && { echo "Looping sendmsg"; exit 1; } 59*8a272653SPeter Holm sleep 1 60*8a272653SPeter Holmdone 61*8a272653SPeter Holmexit 0 62*8a272653SPeter Holm 63*8a272653SPeter HolmEOF 64*8a272653SPeter Holm#include <sys/param.h> 65*8a272653SPeter Holm#include <sys/mman.h> 66*8a272653SPeter Holm#include <sys/socket.h> 67*8a272653SPeter Holm#include <sys/stat.h> 68*8a272653SPeter Holm#include <sys/wait.h> 69*8a272653SPeter Holm 70*8a272653SPeter Holm#include <machine/atomic.h> 71*8a272653SPeter Holm 72*8a272653SPeter Holm#include <err.h> 73*8a272653SPeter Holm#include <errno.h> 74*8a272653SPeter Holm#include <fcntl.h> 75*8a272653SPeter Holm#include <stdio.h> 76*8a272653SPeter Holm#include <stdlib.h> 77*8a272653SPeter Holm#include <string.h> 78*8a272653SPeter Holm#include <time.h> 79*8a272653SPeter Holm#include <unistd.h> 80*8a272653SPeter Holm 81*8a272653SPeter Holmvolatile u_int *share; 82*8a272653SPeter Holm 83*8a272653SPeter Holm#define PARALLEL 16 84*8a272653SPeter Holm#define RUNTIME (5 * 60) 85*8a272653SPeter Holm#define SYNC 0 86*8a272653SPeter Holm 87*8a272653SPeter Holmint 88*8a272653SPeter Holmsetflag(void) 89*8a272653SPeter Holm{ 90*8a272653SPeter Holm int flag, i; 91*8a272653SPeter Holm 92*8a272653SPeter Holm i = arc4random() % 100; 93*8a272653SPeter Holm 94*8a272653SPeter Holm if (i < 33) 95*8a272653SPeter Holm flag = 0; 96*8a272653SPeter Holm else if (i >= 33 && i < 66) 97*8a272653SPeter Holm flag = 2 << (arc4random() % 9); 98*8a272653SPeter Holm else 99*8a272653SPeter Holm flag = arc4random(); 100*8a272653SPeter Holm 101*8a272653SPeter Holm return(flag); 102*8a272653SPeter Holm} 103*8a272653SPeter Holm 104*8a272653SPeter Holmvoid 105*8a272653SPeter Holmcorrupt(unsigned char *buf, int len) 106*8a272653SPeter Holm{ 107*8a272653SPeter Holm unsigned char byte, mask; 108*8a272653SPeter Holm int bit, i; 109*8a272653SPeter Holm 110*8a272653SPeter Holm i = arc4random() % len; 111*8a272653SPeter Holm byte = buf[i]; 112*8a272653SPeter Holm bit = arc4random() % 8; 113*8a272653SPeter Holm mask = ~(1 << bit); 114*8a272653SPeter Holm byte = (byte & mask) | (~byte & ~mask); 115*8a272653SPeter Holm buf[i] = byte; 116*8a272653SPeter Holm} 117*8a272653SPeter Holm 118*8a272653SPeter Holm/* 119*8a272653SPeter Holm Based on https://www.win.tue.nl/~aeb/linux/lk/sendfd.c 120*8a272653SPeter Holm */ 121*8a272653SPeter Holmvoid 122*8a272653SPeter Holmtest(void) 123*8a272653SPeter Holm{ 124*8a272653SPeter Holm struct cmsghdr *cmsg; 125*8a272653SPeter Holm struct msghdr msg; 126*8a272653SPeter Holm pid_t pid; 127*8a272653SPeter Holm int fd, flag, n, pair[2]; 128*8a272653SPeter Holm char buf[1024]; 129*8a272653SPeter Holm char fdbuf[CMSG_SPACE(sizeof(int))]; 130*8a272653SPeter Holm 131*8a272653SPeter Holm /* dummy */ 132*8a272653SPeter Holm struct iovec vec; 133*8a272653SPeter Holm char ch = '\0'; 134*8a272653SPeter Holm 135*8a272653SPeter Holm atomic_add_int(&share[SYNC], 1); 136*8a272653SPeter Holm while (share[SYNC] != PARALLEL) 137*8a272653SPeter Holm ; 138*8a272653SPeter Holm 139*8a272653SPeter Holm memset(&msg, 0, sizeof(msg)); 140*8a272653SPeter Holm 141*8a272653SPeter Holm /* having zero msg_iovlen or iov_len doesnt seem to work */ 142*8a272653SPeter Holm vec.iov_base = &ch; 143*8a272653SPeter Holm vec.iov_len = 1; 144*8a272653SPeter Holm msg.msg_iov = &vec; 145*8a272653SPeter Holm msg.msg_iovlen = 1; 146*8a272653SPeter Holm 147*8a272653SPeter Holm msg.msg_control = fdbuf; 148*8a272653SPeter Holm msg.msg_controllen = CMSG_LEN(sizeof(int)); 149*8a272653SPeter Holm cmsg = CMSG_FIRSTHDR(&msg); 150*8a272653SPeter Holm cmsg->cmsg_len = CMSG_LEN(sizeof(int)); 151*8a272653SPeter Holm 152*8a272653SPeter Holm if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair)) 153*8a272653SPeter Holm err(1, "socketpair"); 154*8a272653SPeter Holm 155*8a272653SPeter Holm if ((pid = fork()) == -1) 156*8a272653SPeter Holm err(1, "fork"); 157*8a272653SPeter Holm 158*8a272653SPeter Holm if (pid == 0) { 159*8a272653SPeter Holm fd = open("/etc/passwd", O_RDONLY); 160*8a272653SPeter Holm if (fd < 0) 161*8a272653SPeter Holm err(1, "/etc/passwd"); 162*8a272653SPeter Holm#if defined(DEBUG) 163*8a272653SPeter Holm printf("child: sending fd=%d for /etc/passwd\n", fd); 164*8a272653SPeter Holm#endif 165*8a272653SPeter Holm 166*8a272653SPeter Holm cmsg->cmsg_level = SOL_SOCKET; 167*8a272653SPeter Holm cmsg->cmsg_type = SCM_RIGHTS; 168*8a272653SPeter Holm *(int *)CMSG_DATA(cmsg) = fd; 169*8a272653SPeter Holm flag = setflag(); 170*8a272653SPeter Holm if (arc4random() % 2 == 0) 171*8a272653SPeter Holm corrupt((unsigned char *)&msg, sizeof(msg)); 172*8a272653SPeter Holm else 173*8a272653SPeter Holm corrupt((unsigned char *)&cmsg, sizeof(cmsg)); 174*8a272653SPeter Holm if (sendmsg(pair[0], &msg, flag) < 0) 175*8a272653SPeter Holm err(1, "sendmsg"); 176*8a272653SPeter Holm _exit(0); 177*8a272653SPeter Holm } 178*8a272653SPeter Holm alarm(2); 179*8a272653SPeter Holm if (recvmsg(pair[1], &msg, 0) < 0) 180*8a272653SPeter Holm err(1, "recvmsg"); 181*8a272653SPeter Holm if (cmsg->cmsg_type != SCM_RIGHTS) 182*8a272653SPeter Holm err(1, "didnt get a fd?\n"); 183*8a272653SPeter Holm fd = *(int *)CMSG_DATA(cmsg); 184*8a272653SPeter Holm#if defined(DEBUG) 185*8a272653SPeter Holm printf("parent: received fd=%d\n", fd); 186*8a272653SPeter Holm#endif 187*8a272653SPeter Holm n = read(fd, buf, sizeof(buf)); 188*8a272653SPeter Holm if (n < 0) 189*8a272653SPeter Holm err(1, "read"); 190*8a272653SPeter Holm if (n != sizeof(buf)) 191*8a272653SPeter Holm printf("read %d bytes\n", n); 192*8a272653SPeter Holm wait(NULL); 193*8a272653SPeter Holm 194*8a272653SPeter Holm _exit(0); 195*8a272653SPeter Holm} 196*8a272653SPeter Holm 197*8a272653SPeter Holmint 198*8a272653SPeter Holmmain(void) 199*8a272653SPeter Holm{ 200*8a272653SPeter Holm size_t len; 201*8a272653SPeter Holm time_t start; 202*8a272653SPeter Holm int e, i, pids[PARALLEL], status; 203*8a272653SPeter Holm 204*8a272653SPeter Holm e = 0; 205*8a272653SPeter Holm len = PAGE_SIZE; 206*8a272653SPeter Holm if ((share = mmap(NULL, len, PROT_READ | PROT_WRITE, 207*8a272653SPeter Holm MAP_ANON | MAP_SHARED, -1, 0)) == MAP_FAILED) 208*8a272653SPeter Holm err(1, "mmap"); 209*8a272653SPeter Holm 210*8a272653SPeter Holm start = time(NULL); 211*8a272653SPeter Holm while ((time(NULL) - start) < RUNTIME) { 212*8a272653SPeter Holm share[SYNC] = 0; 213*8a272653SPeter Holm for (i = 0; i < PARALLEL; i++) { 214*8a272653SPeter Holm if ((pids[i] = fork()) == 0) 215*8a272653SPeter Holm test(); 216*8a272653SPeter Holm } 217*8a272653SPeter Holm for (i = 0; i < PARALLEL; i++) { 218*8a272653SPeter Holm waitpid(pids[i], &status, 0); 219*8a272653SPeter Holm e += status == 0 ? 0 : 1; 220*8a272653SPeter Holm } 221*8a272653SPeter Holm } 222*8a272653SPeter Holm 223*8a272653SPeter Holm return (e); 224*8a272653SPeter Holm} 225