xref: /freebsd/tools/test/stress2/misc/sendmsg.sh (revision dd41de95a84d979615a2ef11df6850622bf6184e) 
1#!/bin/sh
2
3#
4# Copyright (c) 2016 EMC Corp.
5# All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26# SUCH DAMAGE.
27#
28
29# sendmsg(2) fuzz test.
30
31# Looping test program seen:
32# https://people.freebsd.org/~pho/stress/log/sendmsg.txt
33
34. ../default.cfg
35
36dir=/tmp
37odir=`pwd`
38cd $dir
39sed '1,/^EOF/d' < $odir/$0 > $dir/sendmsg.c
40mycc -o sendmsg -Wall -Wextra -O0 -g sendmsg.c || exit 1
41rm -f sendmsg.c
42cd $odir
43
44daemon sh -c "(cd ../testcases/swap; ./swap -t 5m -i 20 -k -h)" > /dev/null
45sleep 2
46
47/tmp/sendmsg 2>/dev/null
48
49while pgrep -q swap; do
50	pkill -9 swap
51done
52rm -f /tmp/sendmsg sendmsg.core
53
54n=0
55while pgrep -q sendmsg; do
56	pkill -9 sendmsg
57	n=$((n + 1))
58	[ $n -gt 20 ] && { echo "Looping sendmsg"; exit 1; }
59	sleep 1
60done
61exit 0
62
63EOF
64#include <sys/param.h>
65#include <sys/mman.h>
66#include <sys/socket.h>
67#include <sys/stat.h>
68#include <sys/wait.h>
69
70#include <machine/atomic.h>
71
72#include <err.h>
73#include <errno.h>
74#include <fcntl.h>
75#include <stdio.h>
76#include <stdlib.h>
77#include <string.h>
78#include <time.h>
79#include <unistd.h>
80
81volatile u_int *share;
82
83#define PARALLEL 16
84#define RUNTIME (5 * 60)
85#define SYNC 0
86
87int
88setflag(void)
89{
90	int flag, i;
91
92	i = arc4random() % 100;
93
94	if (i < 33)
95		flag = 0;
96	else if (i >= 33 && i < 66)
97		flag = 2 <<  (arc4random() % 9);
98	else
99		flag = arc4random();
100
101	return(flag);
102}
103
104void
105corrupt(unsigned char *buf, int len)
106{
107	unsigned char byte, mask;
108	int bit, i;
109
110	i = arc4random() % len;
111	byte = buf[i];
112	bit = arc4random() % 8;
113	mask = ~(1 << bit);
114	byte = (byte & mask) | (~byte & ~mask);
115	buf[i] = byte;
116}
117
118/*
119   Based on https://www.win.tue.nl/~aeb/linux/lk/sendfd.c
120 */
121void
122test(void)
123{
124	struct cmsghdr *cmsg;
125	struct msghdr msg;
126	pid_t pid;
127	int fd, flag, n, pair[2];
128	char buf[1024];
129	char fdbuf[CMSG_SPACE(sizeof(int))];
130
131	/* dummy */
132	struct iovec vec;
133	char ch = '\0';
134
135	atomic_add_int(&share[SYNC], 1);
136	while (share[SYNC] != PARALLEL)
137		;
138
139	memset(&msg, 0, sizeof(msg));
140
141	/* having zero msg_iovlen or iov_len doesnt seem to work */
142	vec.iov_base = &ch;
143	vec.iov_len = 1;
144	msg.msg_iov = &vec;
145	msg.msg_iovlen = 1;
146
147	msg.msg_control = fdbuf;
148	msg.msg_controllen = CMSG_LEN(sizeof(int));
149	cmsg = CMSG_FIRSTHDR(&msg);
150	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
151
152	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair))
153		err(1, "socketpair");
154
155	if ((pid = fork()) == -1)
156		err(1, "fork");
157
158	if (pid == 0) {
159		fd = open("/etc/passwd", O_RDONLY);
160		if (fd < 0)
161			err(1, "/etc/passwd");
162#if defined(DEBUG)
163		printf("child: sending fd=%d for /etc/passwd\n", fd);
164#endif
165
166		cmsg->cmsg_level = SOL_SOCKET;
167		cmsg->cmsg_type = SCM_RIGHTS;
168		*(int *)CMSG_DATA(cmsg) = fd;
169		flag = setflag();
170		if (arc4random() % 2 == 0)
171			corrupt((unsigned char *)&msg, sizeof(msg));
172		else
173			corrupt((unsigned char *)&cmsg, sizeof(cmsg));
174		if (sendmsg(pair[0], &msg, flag) < 0)
175			err(1, "sendmsg");
176		_exit(0);
177	}
178	alarm(2);
179	if (recvmsg(pair[1], &msg, 0) < 0)
180		err(1, "recvmsg");
181	if (cmsg->cmsg_type != SCM_RIGHTS)
182		err(1, "didnt get a fd?\n");
183	fd = *(int *)CMSG_DATA(cmsg);
184#if defined(DEBUG)
185	printf("parent: received fd=%d\n", fd);
186#endif
187	n = read(fd, buf, sizeof(buf));
188	if (n < 0)
189		err(1, "read");
190	if (n != sizeof(buf))
191		printf("read %d bytes\n", n);
192	wait(NULL);
193
194	_exit(0);
195}
196
197int
198main(void)
199{
200	size_t len;
201	time_t start;
202	int e, i, pids[PARALLEL], status;
203
204	e = 0;
205	len = PAGE_SIZE;
206	if ((share = mmap(NULL, len, PROT_READ | PROT_WRITE,
207	    MAP_ANON | MAP_SHARED, -1, 0)) == MAP_FAILED)
208		err(1, "mmap");
209
210	start = time(NULL);
211	while ((time(NULL) - start) < RUNTIME) {
212		share[SYNC] = 0;
213		for (i = 0; i < PARALLEL; i++) {
214			if ((pids[i] = fork()) == 0)
215				test();
216		}
217		for (i = 0; i < PARALLEL; i++) {
218			waitpid(pids[i], &status, 0);
219			e += status == 0 ? 0 : 1;
220		}
221	}
222
223	return (e);
224}
225