t_mmap.c revision 313535
1/* $NetBSD: t_mmap.c,v 1.10 2017/01/10 22:36:29 christos Exp $ */ 2 3/*- 4 * Copyright (c) 2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jukka Ruohonen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32/*- 33 * Copyright (c)2004 YAMAMOTO Takashi, 34 * All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 */ 57#include <sys/cdefs.h> 58__RCSID("$NetBSD: t_mmap.c,v 1.10 2017/01/10 22:36:29 christos Exp $"); 59 60#include <sys/param.h> 61#include <sys/mman.h> 62#include <sys/stat.h> 63#include <sys/socket.h> 64#include <sys/sysctl.h> 65#include <sys/wait.h> 66 67#include <atf-c.h> 68#include <errno.h> 69#include <fcntl.h> 70#include <signal.h> 71#include <stdio.h> 72#include <stdlib.h> 73#include <string.h> 74#include <unistd.h> 75#include <paths.h> 76#ifdef __NetBSD__ 77#include <machine/disklabel.h> 78#endif 79 80#ifdef __FreeBSD__ 81#include <sys/disklabel.h> 82#include <stdint.h> 83#endif 84 85static long page = 0; 86static char path[] = "mmap"; 87static void map_check(void *, int); 88static void map_sighandler(int); 89static void testloan(void *, void *, char, int); 90 91#define BUFSIZE (32 * 1024) /* enough size to trigger sosend_loan */ 92 93static void 94map_check(void *map, int flag) 95{ 96 97 if (flag != 0) { 98 ATF_REQUIRE(map == MAP_FAILED); 99 return; 100 } 101 102 ATF_REQUIRE(map != MAP_FAILED); 103 ATF_REQUIRE(munmap(map, page) == 0); 104} 105 106void 107testloan(void *vp, void *vp2, char pat, int docheck) 108{ 109 char buf[BUFSIZE]; 110 char backup[BUFSIZE]; 111 ssize_t nwritten; 112 ssize_t nread; 113 int fds[2]; 114 int val; 115 116 val = BUFSIZE; 117 118 if (docheck != 0) 119 (void)memcpy(backup, vp, BUFSIZE); 120 121 if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, fds) != 0) 122 atf_tc_fail("socketpair() failed"); 123 124 val = BUFSIZE; 125 126 if (setsockopt(fds[1], SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)) != 0) 127 atf_tc_fail("setsockopt() failed, SO_RCVBUF"); 128 129 val = BUFSIZE; 130 131 if (setsockopt(fds[0], SOL_SOCKET, SO_SNDBUF, &val, sizeof(val)) != 0) 132 atf_tc_fail("setsockopt() failed, SO_SNDBUF"); 133 134 if (fcntl(fds[0], F_SETFL, O_NONBLOCK) != 0) 135 atf_tc_fail("fcntl() failed"); 136 137 nwritten = write(fds[0], (char *)vp + page, BUFSIZE - page); 138 139 if (nwritten == -1) 140 atf_tc_fail("write() failed"); 141 142 /* Break loan. */ 143 (void)memset(vp2, pat, BUFSIZE); 144 145 nread = read(fds[1], buf + page, BUFSIZE - page); 146 147 if (nread == -1) 148 atf_tc_fail("read() failed"); 149 150 if (nread != nwritten) 151 atf_tc_fail("too short read"); 152 153 if (docheck != 0 && memcmp(backup, buf + page, nread) != 0) 154 atf_tc_fail("data mismatch"); 155 156 ATF_REQUIRE(close(fds[0]) == 0); 157 ATF_REQUIRE(close(fds[1]) == 0); 158} 159 160static void 161map_sighandler(int signo) 162{ 163 _exit(signo); 164} 165 166#ifdef __NetBSD__ 167ATF_TC(mmap_block); 168ATF_TC_HEAD(mmap_block, tc) 169{ 170 atf_tc_set_md_var(tc, "descr", "Test mmap(2) with a block device"); 171 atf_tc_set_md_var(tc, "require.user", "root"); 172} 173 174ATF_TC_BODY(mmap_block, tc) 175{ 176 static const int mib[] = { CTL_HW, HW_DISKNAMES }; 177 static const unsigned int miblen = __arraycount(mib); 178 char *map, *dk, *drives, dev[PATH_MAX]; 179 size_t len; 180 int fd = -1; 181 182 atf_tc_skip("The test case causes a panic (PR kern/38889, kern/46592)"); 183 184 ATF_REQUIRE(sysctl(mib, miblen, NULL, &len, NULL, 0) == 0); 185 drives = malloc(len); 186 ATF_REQUIRE(drives != NULL); 187 ATF_REQUIRE(sysctl(mib, miblen, drives, &len, NULL, 0) == 0); 188 for (dk = strtok(drives, " "); dk != NULL; dk = strtok(NULL, " ")) { 189 sprintf(dev, _PATH_DEV "%s%c", dk, 'a'+RAW_PART); 190 fprintf(stderr, "trying: %s\n", dev); 191 192 if ((fd = open(dev, O_RDONLY)) >= 0) { 193 (void)fprintf(stderr, "using %s\n", dev); 194 break; 195 } 196 } 197 free(drives); 198 199 if (fd < 0) 200 atf_tc_skip("failed to find suitable block device"); 201 202 map = mmap(NULL, 4096, PROT_READ, MAP_FILE, fd, 0); 203 ATF_REQUIRE(map != MAP_FAILED); 204 205 (void)fprintf(stderr, "first byte %x\n", *map); 206 ATF_REQUIRE(close(fd) == 0); 207 (void)fprintf(stderr, "first byte %x\n", *map); 208 209 ATF_REQUIRE(munmap(map, 4096) == 0); 210} 211#endif 212 213ATF_TC(mmap_err); 214ATF_TC_HEAD(mmap_err, tc) 215{ 216 atf_tc_set_md_var(tc, "descr", "Test error conditions of mmap(2)"); 217} 218 219ATF_TC_BODY(mmap_err, tc) 220{ 221 size_t addr = SIZE_MAX; 222 void *map; 223 224 errno = 0; 225 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, -1, 0); 226 227 ATF_REQUIRE(map == MAP_FAILED); 228 ATF_REQUIRE(errno == EBADF); 229 230 errno = 0; 231 map = mmap(&addr, page, PROT_READ, MAP_FIXED|MAP_PRIVATE, -1, 0); 232 233 ATF_REQUIRE(map == MAP_FAILED); 234 ATF_REQUIRE(errno == EINVAL); 235 236 errno = 0; 237 map = mmap(NULL, page, PROT_READ, MAP_ANON|MAP_PRIVATE, INT_MAX, 0); 238 239 ATF_REQUIRE(map == MAP_FAILED); 240 ATF_REQUIRE(errno == EINVAL); 241} 242 243ATF_TC_WITH_CLEANUP(mmap_loan); 244ATF_TC_HEAD(mmap_loan, tc) 245{ 246 atf_tc_set_md_var(tc, "descr", "Test uvm page loanout with mmap(2)"); 247} 248 249ATF_TC_BODY(mmap_loan, tc) 250{ 251 char buf[BUFSIZE]; 252 char *vp, *vp2; 253 int fd; 254 255 fd = open(path, O_RDWR | O_CREAT, 0600); 256 ATF_REQUIRE(fd >= 0); 257 258 (void)memset(buf, 'x', sizeof(buf)); 259 (void)write(fd, buf, sizeof(buf)); 260 261 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 262 MAP_FILE | MAP_PRIVATE, fd, 0); 263 264 ATF_REQUIRE(vp != MAP_FAILED); 265 266 vp2 = vp; 267 268 testloan(vp, vp2, 'A', 0); 269 testloan(vp, vp2, 'B', 1); 270 271 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 272 273 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 274 MAP_FILE | MAP_SHARED, fd, 0); 275 276 vp2 = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 277 MAP_FILE | MAP_SHARED, fd, 0); 278 279 ATF_REQUIRE(vp != MAP_FAILED); 280 ATF_REQUIRE(vp2 != MAP_FAILED); 281 282 testloan(vp, vp2, 'E', 1); 283 284 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 285 ATF_REQUIRE(munmap(vp2, BUFSIZE) == 0); 286} 287 288ATF_TC_CLEANUP(mmap_loan, tc) 289{ 290 (void)unlink(path); 291} 292 293ATF_TC_WITH_CLEANUP(mmap_prot_1); 294ATF_TC_HEAD(mmap_prot_1, tc) 295{ 296 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #1"); 297} 298 299ATF_TC_BODY(mmap_prot_1, tc) 300{ 301 void *map; 302 int fd; 303 304 /* 305 * Open a file write-only and try to 306 * map it read-only. This should fail. 307 */ 308 fd = open(path, O_WRONLY | O_CREAT, 0700); 309 310 if (fd < 0) 311 return; 312 313 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 314 315 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 316 map_check(map, 1); 317 318 map = mmap(NULL, 3, PROT_WRITE, MAP_FILE|MAP_PRIVATE, fd, 0); 319 map_check(map, 0); 320 321 ATF_REQUIRE(close(fd) == 0); 322} 323 324ATF_TC_CLEANUP(mmap_prot_1, tc) 325{ 326 (void)unlink(path); 327} 328 329ATF_TC(mmap_prot_2); 330ATF_TC_HEAD(mmap_prot_2, tc) 331{ 332 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #2"); 333} 334 335ATF_TC_BODY(mmap_prot_2, tc) 336{ 337 char buf[2]; 338 void *map; 339 pid_t pid; 340 int sta; 341 342 /* 343 * Make a PROT_NONE mapping and try to access it. 344 * If we catch a SIGSEGV, all works as expected. 345 */ 346 map = mmap(NULL, page, PROT_NONE, MAP_ANON|MAP_PRIVATE, -1, 0); 347 ATF_REQUIRE(map != MAP_FAILED); 348 349 pid = fork(); 350 ATF_REQUIRE(pid >= 0); 351 352 if (pid == 0) { 353 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 354 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 355 } 356 357 (void)wait(&sta); 358 359 ATF_REQUIRE(WIFEXITED(sta) != 0); 360 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 361 ATF_REQUIRE(munmap(map, page) == 0); 362} 363 364ATF_TC_WITH_CLEANUP(mmap_prot_3); 365ATF_TC_HEAD(mmap_prot_3, tc) 366{ 367 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #3"); 368} 369 370ATF_TC_BODY(mmap_prot_3, tc) 371{ 372 char buf[2]; 373 int fd, sta; 374 void *map; 375 pid_t pid; 376 377 /* 378 * Open a file, change the permissions 379 * to read-only, and try to map it as 380 * PROT_NONE. This should succeed, but 381 * the access should generate SIGSEGV. 382 */ 383 fd = open(path, O_RDWR | O_CREAT, 0700); 384 if (fd < 0) 385#ifdef __FreeBSD__ 386 atf_tc_skip("opening %s failed; skipping testcase: %s", 387 path, strerror(errno)); 388#else 389 return; 390#endif 391 392 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 393 ATF_REQUIRE(close(fd) == 0); 394 ATF_REQUIRE(chmod(path, 0444) == 0); 395 396 fd = open(path, O_RDONLY); 397 ATF_REQUIRE(fd != -1); 398 399 map = mmap(NULL, 3, PROT_NONE, MAP_FILE | MAP_SHARED, fd, 0); 400 ATF_REQUIRE(map != MAP_FAILED); 401 402 pid = fork(); 403 404 ATF_REQUIRE(pid >= 0); 405 406 if (pid == 0) { 407 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 408 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 409 } 410 411 (void)wait(&sta); 412 413 ATF_REQUIRE(WIFEXITED(sta) != 0); 414 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 415 ATF_REQUIRE(munmap(map, 3) == 0); 416#ifdef __FreeBSD__ 417 (void)close(fd); 418#endif 419} 420 421ATF_TC_CLEANUP(mmap_prot_3, tc) 422{ 423 (void)unlink(path); 424} 425 426ATF_TC_WITH_CLEANUP(mmap_truncate); 427ATF_TC_HEAD(mmap_truncate, tc) 428{ 429 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and ftruncate(2)"); 430} 431 432ATF_TC_BODY(mmap_truncate, tc) 433{ 434 char *map; 435 long i; 436 int fd; 437 438 fd = open(path, O_RDWR | O_CREAT, 0700); 439 440 if (fd < 0) 441 return; 442 443 /* 444 * See that ftruncate(2) works 445 * while the file is mapped. 446 */ 447 ATF_REQUIRE(ftruncate(fd, page) == 0); 448 449 map = mmap(NULL, page, PROT_READ | PROT_WRITE, MAP_FILE|MAP_PRIVATE, 450 fd, 0); 451 ATF_REQUIRE(map != MAP_FAILED); 452 453 for (i = 0; i < page; i++) 454 map[i] = 'x'; 455 456 ATF_REQUIRE(ftruncate(fd, 0) == 0); 457 ATF_REQUIRE(ftruncate(fd, page / 8) == 0); 458 ATF_REQUIRE(ftruncate(fd, page / 4) == 0); 459 ATF_REQUIRE(ftruncate(fd, page / 2) == 0); 460 ATF_REQUIRE(ftruncate(fd, page / 12) == 0); 461 ATF_REQUIRE(ftruncate(fd, page / 64) == 0); 462 463#ifdef __FreeBSD__ 464 (void)munmap(map, page); 465#endif 466 ATF_REQUIRE(close(fd) == 0); 467} 468 469ATF_TC_CLEANUP(mmap_truncate, tc) 470{ 471 (void)unlink(path); 472} 473 474ATF_TC_WITH_CLEANUP(mmap_truncate_signal); 475ATF_TC_HEAD(mmap_truncate_signal, tc) 476{ 477 atf_tc_set_md_var(tc, "descr", 478 "Test mmap(2) ftruncate(2) causing signal"); 479} 480 481ATF_TC_BODY(mmap_truncate_signal, tc) 482{ 483 char *map; 484 long i; 485 int fd, sta; 486 pid_t pid; 487 488#ifdef __FreeBSD__ 489 atf_tc_expect_fail("testcase fails with SIGSEGV on FreeBSD; bug # 211924"); 490#endif 491 492 fd = open(path, O_RDWR | O_CREAT, 0700); 493 494 if (fd < 0) 495 return; 496 497 ATF_REQUIRE(write(fd, "foo\n", 5) == 5); 498 499 map = mmap(NULL, page, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 500 ATF_REQUIRE(map != MAP_FAILED); 501 502 sta = 0; 503 for (i = 0; i < 5; i++) 504 sta += map[i]; 505 ATF_REQUIRE(sta == 334); 506 507 ATF_REQUIRE(ftruncate(fd, 0) == 0); 508 pid = fork(); 509 ATF_REQUIRE(pid >= 0); 510 511 if (pid == 0) { 512 ATF_REQUIRE(signal(SIGBUS, map_sighandler) != SIG_ERR); 513 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 514 sta = 0; 515 for (i = 0; i < page; i++) 516 sta += map[i]; 517 /* child never will get this far, but the compiler will 518 not know, so better use the values calculated to 519 prevent the access to be optimized out */ 520 ATF_REQUIRE(i == 0); 521 ATF_REQUIRE(sta == 0); 522#ifdef __FreeBSD__ 523 (void)munmap(map, page); 524 (void)close(fd); 525#endif 526 return; 527 } 528 529 (void)wait(&sta); 530 531 ATF_REQUIRE(WIFEXITED(sta) != 0); 532 if (WEXITSTATUS(sta) == SIGSEGV) 533 atf_tc_fail("child process got SIGSEGV instead of SIGBUS"); 534 ATF_REQUIRE(WEXITSTATUS(sta) == SIGBUS); 535 ATF_REQUIRE(munmap(map, page) == 0); 536 ATF_REQUIRE(close(fd) == 0); 537} 538 539ATF_TC_CLEANUP(mmap_truncate_signal, tc) 540{ 541 (void)unlink(path); 542} 543 544ATF_TC(mmap_va0); 545ATF_TC_HEAD(mmap_va0, tc) 546{ 547 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and vm.user_va0_disable"); 548} 549 550ATF_TC_BODY(mmap_va0, tc) 551{ 552 int flags = MAP_ANON | MAP_FIXED | MAP_PRIVATE; 553 size_t len = sizeof(int); 554 void *map; 555 int val; 556 557 /* 558 * Make an anonymous fixed mapping at zero address. If the address 559 * is restricted as noted in security(7), the syscall should fail. 560 */ 561#ifdef __FreeBSD__ 562 if (sysctlbyname("security.bsd.map_at_zero", &val, &len, NULL, 0) != 0) 563 atf_tc_fail("failed to read security.bsd.map_at_zero"); 564 val = !val; /* 1 == enable map at zero */ 565#endif 566#ifdef __NetBSD__ 567 if (sysctlbyname("vm.user_va0_disable", &val, &len, NULL, 0) != 0) 568 atf_tc_fail("failed to read vm.user_va0_disable"); 569#endif 570 571 map = mmap(NULL, page, PROT_EXEC, flags, -1, 0); 572 map_check(map, val); 573 574 map = mmap(NULL, page, PROT_READ, flags, -1, 0); 575 map_check(map, val); 576 577 map = mmap(NULL, page, PROT_WRITE, flags, -1, 0); 578 map_check(map, val); 579 580 map = mmap(NULL, page, PROT_READ|PROT_WRITE, flags, -1, 0); 581 map_check(map, val); 582 583 map = mmap(NULL, page, PROT_EXEC|PROT_READ|PROT_WRITE, flags, -1, 0); 584 map_check(map, val); 585} 586 587ATF_TP_ADD_TCS(tp) 588{ 589 page = sysconf(_SC_PAGESIZE); 590 ATF_REQUIRE(page >= 0); 591 592#ifdef __NetBSD__ 593 ATF_TP_ADD_TC(tp, mmap_block); 594#endif 595 ATF_TP_ADD_TC(tp, mmap_err); 596 ATF_TP_ADD_TC(tp, mmap_loan); 597 ATF_TP_ADD_TC(tp, mmap_prot_1); 598 ATF_TP_ADD_TC(tp, mmap_prot_2); 599 ATF_TP_ADD_TC(tp, mmap_prot_3); 600 ATF_TP_ADD_TC(tp, mmap_truncate); 601 ATF_TP_ADD_TC(tp, mmap_truncate_signal); 602 ATF_TP_ADD_TC(tp, mmap_va0); 603 604 return atf_no_error(); 605} 606