1 /*
2 * Check decoding of msg_name* fields of struct msghdr array argument
3 * of sendmmsg and recvmmsg syscalls.
4 *
5 * Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "tests.h"
32
33 #include <errno.h>
34 #include <limits.h>
35 #include <stddef.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <sys/un.h>
40
41 #include "msghdr.h"
42
43 #define DEFAULT_STRLEN 32
44
45 #define IOV_MAX1 (IOV_MAX + 1)
46
47 #ifndef TEST_NAME
48 # define TEST_NAME "mmsg_name"
49 #endif
50
51 static void
print_msghdr(const struct msghdr * const msg,const int user_msg_namelen)52 print_msghdr(const struct msghdr *const msg, const int user_msg_namelen)
53 {
54 const struct sockaddr_un *const un = msg->msg_name;
55 const int offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
56
57 printf("{msg_name=");
58 if (!un)
59 printf("NULL");
60 else if (user_msg_namelen < offsetof_sun_path) {
61 printf("%p", un);
62 } else {
63 printf("{sa_family=AF_UNIX");
64 if (user_msg_namelen > offsetof_sun_path) {
65 int len = user_msg_namelen < (int) msg->msg_namelen ?
66 user_msg_namelen : (int) msg->msg_namelen;
67 len -= offsetof_sun_path;
68 if (len > (int) sizeof(un->sun_path))
69 len = sizeof(un->sun_path);
70 printf(", sun_path=\"%.*s\"", len, un->sun_path);
71 }
72 printf("}");
73 }
74 printf(", msg_namelen=");
75 if (user_msg_namelen != (int) msg->msg_namelen) {
76 printf("%d->", user_msg_namelen);
77 }
78 printf("%d, msg_iov=[{iov_base=\"%c\", iov_len=1}]"
79 ", msg_iovlen=1, msg_controllen=0, msg_flags=0}",
80 (int) msg->msg_namelen, * (char *) msg->msg_iov[0].iov_base);
81 }
82
83 static void
test_mmsg_name(const int send_fd,const int recv_fd)84 test_mmsg_name(const int send_fd, const int recv_fd)
85 {
86 struct sockaddr_un *const send_addr =
87 tail_alloc(sizeof(*send_addr) * IOV_MAX1);
88 char *const send_buf = tail_alloc(sizeof(*send_buf) * IOV_MAX1);
89 struct iovec *const send_iov = tail_alloc(sizeof(*send_iov) * IOV_MAX1);
90 struct mmsghdr *const send_mh = tail_alloc(sizeof(*send_mh) * IOV_MAX1);
91
92 int i, rc;
93
94 for (i = 0; i < IOV_MAX1; ++i) {
95 int sun_len = i + 1 > (int) sizeof(send_addr[i].sun_path)
96 ? (int) sizeof(send_addr[i].sun_path)
97 : i + 1;
98
99 send_addr[i].sun_family = AF_UNIX;
100 memset(send_addr[i].sun_path, 'a' + i % 26, sun_len);
101
102 send_buf[i] = '0' + i % 10;
103
104 send_iov[i].iov_base = &send_buf[i];
105 send_iov[i].iov_len = sizeof(*send_buf);
106
107 send_mh[i].msg_hdr.msg_iov = &send_iov[i];
108 send_mh[i].msg_hdr.msg_iovlen = 1;
109 send_mh[i].msg_hdr.msg_name = &send_addr[i];
110 send_mh[i].msg_hdr.msg_namelen = i + 1;
111 send_mh[i].msg_hdr.msg_control = 0;
112 send_mh[i].msg_hdr.msg_controllen = 0;
113 send_mh[i].msg_hdr.msg_flags = 0;
114 }
115
116 rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
117 int saved_errno = errno;
118
119 printf("sendmmsg(%d, [", send_fd);
120 for (i = 0; i < IOV_MAX1; ++i) {
121 if (i)
122 printf(", ");
123 if (i >= IOV_MAX
124 # if !VERBOSE
125 || i >= DEFAULT_STRLEN
126 # endif
127 ) {
128 printf("...");
129 break;
130 }
131 printf("{msg_hdr=");
132 print_msghdr(&send_mh[i].msg_hdr, i + 1);
133 printf("}");
134 }
135 errno = saved_errno;
136 printf("], %u, MSG_DONTWAIT) = %d %s (%m)\n",
137 IOV_MAX1, rc, errno2name());
138
139 for (i = 0; i < IOV_MAX1; ++i) {
140 send_mh[i].msg_hdr.msg_name = 0;
141 send_mh[i].msg_hdr.msg_namelen = 0;
142 }
143
144 /*
145 * When recvmmsg is called with a valid descriptor
146 * but inaccessible memory, it causes segfaults on some architectures.
147 * As in these cases we test decoding of failed recvmmsg calls,
148 * it's ok to fail recvmmsg with any reason as long as
149 * it doesn't read that inaccessible memory.
150 */
151 rc = send_mmsg(-1, &send_mh[IOV_MAX], 2, MSG_DONTWAIT);
152 saved_errno = errno;
153 printf("sendmmsg(-1, [{msg_hdr=");
154 print_msghdr(&send_mh[IOV_MAX].msg_hdr, 0);
155 errno = saved_errno;
156 printf("}, %p], %u, MSG_DONTWAIT) = %d %s (%m)\n",
157 &send_mh[IOV_MAX1], 2, rc, errno2name());
158
159 rc = send_mmsg(send_fd, send_mh, IOV_MAX1, MSG_DONTWAIT);
160 if (rc < 0)
161 perror_msg_and_skip("sendmmsg");
162
163 printf("sendmmsg(%d, [", send_fd);
164 for (i = 0; i < IOV_MAX1; ++i) {
165 if (i)
166 printf(", ");
167 if (i >= IOV_MAX
168 #if !VERBOSE
169 || i >= DEFAULT_STRLEN
170 #endif
171 ) {
172 printf("...");
173 break;
174 }
175 printf("{msg_hdr=");
176 print_msghdr(&send_mh[i].msg_hdr, 0);
177 printf("%s}", i < rc ? ", msg_len=1" : "");
178 }
179 printf("], %u, MSG_DONTWAIT) = %d\n", IOV_MAX1, rc);
180
181 struct sockaddr_un *const recv_addr =
182 tail_alloc(sizeof(*recv_addr) * IOV_MAX1);
183 char *const recv_buf = tail_alloc(sizeof(*recv_buf) * IOV_MAX1);
184 struct iovec *const recv_iov = tail_alloc(sizeof(*recv_iov) * IOV_MAX1);
185 struct mmsghdr *const recv_mh = tail_alloc(sizeof(*recv_mh) * IOV_MAX1);
186
187 for (i = 0; i < IOV_MAX1; ++i) {
188 recv_iov[i].iov_base = &recv_buf[i];
189 recv_iov[i].iov_len = sizeof(*recv_buf);
190
191 recv_mh[i].msg_hdr.msg_name = &recv_addr[i];
192 recv_mh[i].msg_hdr.msg_namelen = i;
193 recv_mh[i].msg_hdr.msg_iov = &recv_iov[i];
194 recv_mh[i].msg_hdr.msg_iovlen = 1;
195 recv_mh[i].msg_hdr.msg_control = 0;
196 recv_mh[i].msg_hdr.msg_controllen = 0;
197 recv_mh[i].msg_hdr.msg_flags = 0;
198 }
199
200 rc = recv_mmsg(recv_fd, recv_mh, IOV_MAX1, MSG_DONTWAIT, 0);
201 if (rc < 0)
202 perror_msg_and_skip("recvmmsg");
203
204 printf("recvmmsg(%d, [", recv_fd);
205 for (i = 0; i < rc; ++i) {
206 if (i)
207 printf(", ");
208 #if !VERBOSE
209 if (i >= DEFAULT_STRLEN) {
210 printf("...");
211 break;
212 }
213 #endif
214 printf("{msg_hdr=");
215 print_msghdr(&recv_mh[i].msg_hdr, i);
216 printf(", msg_len=1}");
217 }
218 printf("], %u, MSG_DONTWAIT, NULL) = %d\n", IOV_MAX1, rc);
219 }
220
221 int
main(void)222 main(void)
223 {
224 int fds[2];
225 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds))
226 perror_msg_and_skip("socketpair");
227
228 const struct sockaddr_un un = {
229 .sun_family = AF_UNIX,
230 .sun_path = TEST_NAME "-recvmmsg.test.send.socket"
231 };
232
233 (void) unlink(un.sun_path);
234 if (bind(fds[1], (const void *) &un, sizeof(un)))
235 perror_msg_and_skip("bind");
236 (void) unlink(un.sun_path);
237
238 test_mmsg_name(fds[1], fds[0]);
239
240 puts("+++ exited with 0 +++");
241 return 0;
242 }
243