From owner-svn-src-stable-11@freebsd.org Wed Sep 12 19:15:59 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFCF7109AE4F; Wed, 12 Sep 2018 19:15:58 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 843B38EB21; Wed, 12 Sep 2018 19:15:58 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7F2942AB0; Wed, 12 Sep 2018 19:15:58 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w8CJFwMD056564; Wed, 12 Sep 2018 19:15:58 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w8CJFwfU056563; Wed, 12 Sep 2018 19:15:58 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201809121915.w8CJFwfU056563@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Wed, 12 Sep 2018 19:15:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r338619 - stable/11/tests/sys/kern X-SVN-Group: stable-11 X-SVN-Commit-Author: markj X-SVN-Commit-Paths: stable/11/tests/sys/kern X-SVN-Commit-Revision: 338619 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2018 19:15:59 -0000 Author: markj Date: Wed Sep 12 19:15:58 2018 New Revision: 338619 URL: https://svnweb.freebsd.org/changeset/base/338619 Log: MFC r337329: Fix the regression test for PR 181741. MFC r337424: Update PR 131876 regression tests after r337423. PR: 131876 Modified: stable/11/tests/sys/kern/unix_passfd_test.c Directory Properties: stable/11/ (props changed) Modified: stable/11/tests/sys/kern/unix_passfd_test.c ============================================================================== --- stable/11/tests/sys/kern/unix_passfd_test.c Wed Sep 12 19:13:32 2018 (r338618) +++ stable/11/tests/sys/kern/unix_passfd_test.c Wed Sep 12 19:15:58 2018 (r338619) @@ -119,6 +119,20 @@ getnfds(void) } static void +putfds(char *buf, int fd, int nfds) +{ + struct cmsghdr *cm; + int *fdp, i; + + cm = (struct cmsghdr *)buf; + cm->cmsg_len = CMSG_LEN(nfds * sizeof(int)); + cm->cmsg_level = SOL_SOCKET; + cm->cmsg_type = SCM_RIGHTS; + for (fdp = (int *)CMSG_DATA(cm), i = 0; i < nfds; i++) + *fdp++ = fd; +} + +static void samefile(struct stat *sb1, struct stat *sb2) { @@ -126,12 +140,11 @@ samefile(struct stat *sb1, struct stat *sb2) ATF_REQUIRE_MSG(sb1->st_ino == sb2->st_ino, "different inode"); } -static void +static size_t sendfd_payload(int sockfd, int send_fd, void *payload, size_t paylen) { struct iovec iovec; char message[CMSG_SPACE(sizeof(int))]; - struct cmsghdr *cmsghdr; struct msghdr msghdr; ssize_t len; @@ -147,41 +160,55 @@ sendfd_payload(int sockfd, int send_fd, void *payload, msghdr.msg_iov = &iovec; msghdr.msg_iovlen = 1; - cmsghdr = (struct cmsghdr *)(void *)message; - cmsghdr->cmsg_len = CMSG_LEN(sizeof(int)); - cmsghdr->cmsg_level = SOL_SOCKET; - cmsghdr->cmsg_type = SCM_RIGHTS; - memcpy(CMSG_DATA(cmsghdr), &send_fd, sizeof(int)); - + putfds(message, send_fd, 1); len = sendmsg(sockfd, &msghdr, 0); ATF_REQUIRE_MSG(len != -1, "sendmsg failed: %s", strerror(errno)); - ATF_REQUIRE_MSG((size_t)len == paylen, - "sendmsg: %zd messages sent; expected: %zu; %s", len, paylen, - strerror(errno)); + return ((size_t)len); } static void sendfd(int sockfd, int send_fd) { - char ch = 0; + size_t len; + char ch; - sendfd_payload(sockfd, send_fd, &ch, sizeof(ch)); + ch = 0; + len = sendfd_payload(sockfd, send_fd, &ch, sizeof(ch)); + ATF_REQUIRE_MSG(len == sizeof(ch), + "sendmsg: %zu bytes sent; expected %zu; %s", len, sizeof(ch), + strerror(errno)); } +static bool +localcreds(int sockfd) +{ + socklen_t sz; + int rc, val; + + sz = sizeof(val); + rc = getsockopt(sockfd, 0, LOCAL_CREDS, &val, &sz); + ATF_REQUIRE_MSG(rc != -1, "getsockopt(LOCAL_CREDS) failed: %s", + strerror(errno)); + return (val != 0); +} + static void -recvfd_payload(int sockfd, int *recv_fd, void *buf, size_t buflen) +recvfd_payload(int sockfd, int *recv_fd, void *buf, size_t buflen, + size_t cmsgsz) { struct cmsghdr *cmsghdr; - char message[CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)) + - CMSG_SPACE(sizeof(int))]; struct msghdr msghdr; struct iovec iovec; + char *message; ssize_t len; + bool foundcreds; bzero(&msghdr, sizeof(msghdr)); + message = malloc(cmsgsz); + ATF_REQUIRE(message != NULL); msghdr.msg_control = message; - msghdr.msg_controllen = sizeof(message); + msghdr.msg_controllen = cmsgsz; iovec.iov_base = buf; iovec.iov_len = buflen; @@ -197,6 +224,7 @@ recvfd_payload(int sockfd, int *recv_fd, void *buf, si cmsghdr = CMSG_FIRSTHDR(&msghdr); ATF_REQUIRE_MSG(cmsghdr != NULL, "recvmsg: did not receive control message"); + foundcreds = false; *recv_fd = -1; for (; cmsghdr != NULL; cmsghdr = CMSG_NXTHDR(&msghdr, cmsghdr)) { if (cmsghdr->cmsg_level == SOL_SOCKET && @@ -204,10 +232,14 @@ recvfd_payload(int sockfd, int *recv_fd, void *buf, si cmsghdr->cmsg_len == CMSG_LEN(sizeof(int))) { memcpy(recv_fd, CMSG_DATA(cmsghdr), sizeof(int)); ATF_REQUIRE(*recv_fd != -1); - } + } else if (cmsghdr->cmsg_level == SOL_SOCKET && + cmsghdr->cmsg_type == SCM_CREDS) + foundcreds = true; } ATF_REQUIRE_MSG(*recv_fd != -1, "recvmsg: did not receive single-fd message"); + ATF_REQUIRE_MSG(!localcreds(sockfd) || foundcreds, + "recvmsg: expected credentials were not received"); } static void @@ -215,7 +247,8 @@ recvfd(int sockfd, int *recv_fd) { char ch = 0; - recvfd_payload(sockfd, recv_fd, &ch, sizeof(ch)); + recvfd_payload(sockfd, recv_fd, &ch, sizeof(ch), + CMSG_SPACE(sizeof(int))); } /* @@ -362,9 +395,9 @@ ATF_TC_BODY(devfs_orphan, tc) /* * Test for PR 181741. Receiver sets LOCAL_CREDS, and kernel prepends a - * control message to the data. Sender sends large payload. - * Payload + SCM_RIGHTS + LOCAL_CREDS hit socket buffer limit, and receiver - * receives truncated data. + * control message to the data. Sender sends large payload using a non-blocking + * socket. Payload + SCM_RIGHTS + LOCAL_CREDS hit socket buffer limit, and + * receiver receives truncated data. */ ATF_TC_WITHOUT_HEAD(rights_creds_payload); ATF_TC_BODY(rights_creds_payload, tc) @@ -375,9 +408,6 @@ ATF_TC_BODY(rights_creds_payload, tc) void *buf; int fd[2], getfd, putfd, rc; - atf_tc_expect_fail("PR 181741: Packet loss when 'control' messages " - "are present with large data"); - len = sizeof(sendspace); rc = sysctlbyname(LOCAL_SENDSPACE_SYSCTL, &sendspace, &len, NULL, 0); @@ -388,66 +418,170 @@ ATF_TC_BODY(rights_creds_payload, tc) ATF_REQUIRE(buf != NULL); domainsocketpair(fd); + tempfile(&putfd); + + rc = fcntl(fd[0], F_SETFL, O_NONBLOCK); + ATF_REQUIRE_MSG(rc != -1, "fcntl(O_NONBLOCK) failed: %s", + strerror(errno)); rc = setsockopt(fd[1], 0, LOCAL_CREDS, &on, sizeof(on)); ATF_REQUIRE_MSG(rc != -1, "setsockopt(LOCAL_CREDS) failed: %s", strerror(errno)); - tempfile(&putfd); - sendfd_payload(fd[0], putfd, buf, sendspace); - recvfd_payload(fd[1], &getfd, buf, sendspace); + + len = sendfd_payload(fd[0], putfd, buf, sendspace); + ATF_REQUIRE_MSG(len < sendspace, "sendmsg: %zu bytes sent", len); + recvfd_payload(fd[1], &getfd, buf, len, + CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)) + CMSG_SPACE(sizeof(int))); + close(putfd); close(getfd); closesocketpair(fd); } +static void +send_cmsg(int sockfd, void *cmsg, size_t cmsgsz) +{ + struct iovec iov; + struct msghdr msghdr; + ssize_t len; + char ch; + + ch = 0; + bzero(&msghdr, sizeof(msghdr)); + + iov.iov_base = &ch; + iov.iov_len = sizeof(ch); + msghdr.msg_control = cmsg; + msghdr.msg_controllen = cmsgsz; + msghdr.msg_iov = &iov; + msghdr.msg_iovlen = 1; + + len = sendmsg(sockfd, &msghdr, 0); + ATF_REQUIRE_MSG(len != -1, + "sendmsg failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(len == sizeof(ch), + "sendmsg: %zd bytes sent; expected %zu", len, sizeof(ch)); +} + +static void +recv_cmsg(int sockfd, char *cmsg, size_t cmsgsz, int flags) +{ + struct iovec iov; + struct msghdr msghdr; + ssize_t len; + char ch; + + ch = 0; + bzero(&msghdr, sizeof(msghdr)); + + iov.iov_base = &ch; + iov.iov_len = sizeof(ch); + msghdr.msg_control = cmsg; + msghdr.msg_controllen = cmsgsz; + msghdr.msg_iov = &iov; + msghdr.msg_iovlen = 1; + + len = recvmsg(sockfd, &msghdr, 0); + ATF_REQUIRE_MSG(len != -1, + "recvmsg failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(len == sizeof(ch), + "recvmsg: %zd bytes received; expected %zu", len, sizeof(ch)); + ATF_REQUIRE_MSG((msghdr.msg_flags & flags) == flags, + "recvmsg: got flags %#x; expected %#x", msghdr.msg_flags, flags); +} + /* - * Test for PR 131876. Receiver uses a control message buffer that is too + * Test for PR 131876. Receiver uses a control message buffer that is too * small for the incoming SCM_RIGHTS message, so the message is truncated. * The kernel must not leak the copied right into the receiver's namespace. */ ATF_TC_WITHOUT_HEAD(truncated_rights); ATF_TC_BODY(truncated_rights, tc) { - struct iovec iovec; - struct msghdr msghdr; - char buf[16], message[CMSG_SPACE(0)]; - ssize_t len; - int fd[2], nfds, putfd; + char *message; + int fd[2], nfds, putfd, rc; - atf_tc_expect_fail("PR 131876: " - "FD leak when 'control' message is truncated"); - - memset(buf, 42, sizeof(buf)); domainsocketpair(fd); devnull(&putfd); nfds = getnfds(); - sendfd_payload(fd[0], putfd, buf, sizeof(buf)); + /* + * Case 1: Send a single descriptor and truncate the message. + */ + message = malloc(CMSG_SPACE(sizeof(int))); + ATF_REQUIRE(message != NULL); + putfds(message, putfd, 1); + send_cmsg(fd[0], message, CMSG_LEN(sizeof(int))); + recv_cmsg(fd[1], message, CMSG_LEN(0), MSG_CTRUNC); + ATF_REQUIRE(getnfds() == nfds); + free(message); - bzero(&msghdr, sizeof(msghdr)); - bzero(message, sizeof(message)); + /* + * Case 2a: Send two descriptors in separate messages, and truncate at + * the boundary between the two messages. We should still + * receive the first message. + */ + message = malloc(CMSG_SPACE(sizeof(int)) * 2); + ATF_REQUIRE(message != NULL); + putfds(message, putfd, 1); + putfds(message + CMSG_SPACE(sizeof(int)), putfd, 1); + send_cmsg(fd[0], message, CMSG_SPACE(sizeof(int)) * 2); + recv_cmsg(fd[1], message, CMSG_SPACE(sizeof(int)), MSG_CTRUNC); + rc = close(*(int *)CMSG_DATA(message)); + ATF_REQUIRE_MSG(rc == 0, "close failed: %s", strerror(errno)); + ATF_REQUIRE(getnfds() == nfds); + free(message); - iovec.iov_base = buf; - iovec.iov_len = sizeof(buf); - msghdr.msg_control = message; - msghdr.msg_controllen = sizeof(message); - msghdr.msg_iov = &iovec; - msghdr.msg_iovlen = 1; + /* + * Case 2b: Send two descriptors in separate messages, and truncate + * before the end of the first message. + */ + message = malloc(CMSG_SPACE(sizeof(int)) * 2); + ATF_REQUIRE(message != NULL); + putfds(message, putfd, 1); + putfds(message + CMSG_SPACE(sizeof(int)), putfd, 1); + send_cmsg(fd[0], message, CMSG_SPACE(sizeof(int)) * 2); + recv_cmsg(fd[1], message, CMSG_SPACE(0), MSG_CTRUNC); + ATF_REQUIRE(getnfds() == nfds); + free(message); - len = recvmsg(fd[1], &msghdr, 0); - ATF_REQUIRE_MSG(len != -1, "recvmsg failed: %s", strerror(errno)); - ATF_REQUIRE_MSG((size_t)len == sizeof(buf), - "recvmsg: %zd bytes received; expected %zd", len, sizeof(buf)); - for (size_t i = 0; i < sizeof(buf); i++) - ATF_REQUIRE_MSG(buf[i] == 42, "unexpected buffer contents"); + /* + * Case 2c: Send two descriptors in separate messages, and truncate + * after the end of the first message. We should still + * receive the first message. + */ + message = malloc(CMSG_SPACE(sizeof(int)) * 2); + ATF_REQUIRE(message != NULL); + putfds(message, putfd, 1); + putfds(message + CMSG_SPACE(sizeof(int)), putfd, 1); + send_cmsg(fd[0], message, CMSG_SPACE(sizeof(int)) * 2); + recv_cmsg(fd[1], message, CMSG_SPACE(sizeof(int)) + CMSG_SPACE(0), + MSG_CTRUNC); + rc = close(*(int *)CMSG_DATA(message)); + ATF_REQUIRE_MSG(rc == 0, "close failed: %s", strerror(errno)); + ATF_REQUIRE(getnfds() == nfds); + free(message); - ATF_REQUIRE_MSG((msghdr.msg_flags & MSG_CTRUNC) != 0, - "MSG_CTRUNC not set after truncation"); + /* + * Case 3: Send three descriptors in the same message, and leave space + * only for the first when receiving the message. + */ + message = malloc(CMSG_SPACE(sizeof(int) * 3)); + ATF_REQUIRE(message != NULL); + putfds(message, putfd, 3); + send_cmsg(fd[0], message, CMSG_SPACE(sizeof(int) * 3)); + recv_cmsg(fd[1], message, CMSG_SPACE(sizeof(int)), MSG_CTRUNC); ATF_REQUIRE(getnfds() == nfds); + free(message); close(putfd); closesocketpair(fd); } +/* + * Ensure that an attempt to copy a SCM_RIGHTS message to the recipient + * fails. In this case the kernel must dispose of the externalized rights + * rather than leaking them into the recipient's file descriptor table. + */ ATF_TC_WITHOUT_HEAD(copyout_rights_error); ATF_TC_BODY(copyout_rights_error, tc) { @@ -456,9 +590,6 @@ ATF_TC_BODY(copyout_rights_error, tc) char buf[16]; ssize_t len; int fd[2], error, nfds, putfd; - - atf_tc_expect_fail("PR 131876: " - "FD leak when copyout of rights returns an error"); memset(buf, 0, sizeof(buf)); domainsocketpair(fd);