t_mmap.c revision 272345
1/* $NetBSD: t_mmap.c,v 1.7 2012/06/14 17:47:58 bouyer Exp $ */ 2 3/*- 4 * Copyright (c) 2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jukka Ruohonen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32/*- 33 * Copyright (c)2004 YAMAMOTO Takashi, 34 * All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 */ 57#include <sys/cdefs.h> 58__RCSID("$NetBSD: t_mmap.c,v 1.7 2012/06/14 17:47:58 bouyer Exp $"); 59 60#include <sys/param.h> 61#include <sys/mman.h> 62#include <sys/socket.h> 63#include <sys/sysctl.h> 64#include <sys/wait.h> 65 66#include <atf-c.h> 67#include <errno.h> 68#include <fcntl.h> 69#include <signal.h> 70#include <stdio.h> 71#include <stdlib.h> 72#include <string.h> 73#include <unistd.h> 74#include <paths.h> 75#include <machine/disklabel.h> 76 77static long page = 0; 78static char path[] = "mmap"; 79static void map_check(void *, int); 80static void map_sighandler(int); 81static void testloan(void *, void *, char, int); 82 83#define BUFSIZE (32 * 1024) /* enough size to trigger sosend_loan */ 84 85static void 86map_check(void *map, int flag) 87{ 88 89 if (flag != 0) { 90 ATF_REQUIRE(map == MAP_FAILED); 91 return; 92 } 93 94 ATF_REQUIRE(map != MAP_FAILED); 95 ATF_REQUIRE(munmap(map, page) == 0); 96} 97 98void 99testloan(void *vp, void *vp2, char pat, int docheck) 100{ 101 char buf[BUFSIZE]; 102 char backup[BUFSIZE]; 103 ssize_t nwritten; 104 ssize_t nread; 105 int fds[2]; 106 int val; 107 108 val = BUFSIZE; 109 110 if (docheck != 0) 111 (void)memcpy(backup, vp, BUFSIZE); 112 113 if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, fds) != 0) 114 atf_tc_fail("socketpair() failed"); 115 116 val = BUFSIZE; 117 118 if (setsockopt(fds[1], SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)) != 0) 119 atf_tc_fail("setsockopt() failed, SO_RCVBUF"); 120 121 val = BUFSIZE; 122 123 if (setsockopt(fds[0], SOL_SOCKET, SO_SNDBUF, &val, sizeof(val)) != 0) 124 atf_tc_fail("setsockopt() failed, SO_SNDBUF"); 125 126 if (fcntl(fds[0], F_SETFL, O_NONBLOCK) != 0) 127 atf_tc_fail("fcntl() failed"); 128 129 nwritten = write(fds[0], (char *)vp + page, BUFSIZE - page); 130 131 if (nwritten == -1) 132 atf_tc_fail("write() failed"); 133 134 /* Break loan. */ 135 (void)memset(vp2, pat, BUFSIZE); 136 137 nread = read(fds[1], buf + page, BUFSIZE - page); 138 139 if (nread == -1) 140 atf_tc_fail("read() failed"); 141 142 if (nread != nwritten) 143 atf_tc_fail("too short read"); 144 145 if (docheck != 0 && memcmp(backup, buf + page, nread) != 0) 146 atf_tc_fail("data mismatch"); 147 148 ATF_REQUIRE(close(fds[0]) == 0); 149 ATF_REQUIRE(close(fds[1]) == 0); 150} 151 152static void 153map_sighandler(int signo) 154{ 155 _exit(signo); 156} 157 158ATF_TC(mmap_block); 159ATF_TC_HEAD(mmap_block, tc) 160{ 161 atf_tc_set_md_var(tc, "descr", "Test mmap(2) with a block device"); 162 atf_tc_set_md_var(tc, "require.user", "root"); 163} 164 165ATF_TC_BODY(mmap_block, tc) 166{ 167 static const int mib[] = { CTL_HW, HW_DISKNAMES }; 168 static const unsigned int miblen = __arraycount(mib); 169 char *map, *dk, *drives, dev[PATH_MAX]; 170 size_t len; 171 int fd = -1; 172 173 atf_tc_skip("The test case causes a panic (PR kern/38889, kern/46592)"); 174 175 ATF_REQUIRE(sysctl(mib, miblen, NULL, &len, NULL, 0) == 0); 176 drives = malloc(len); 177 ATF_REQUIRE(drives != NULL); 178 ATF_REQUIRE(sysctl(mib, miblen, drives, &len, NULL, 0) == 0); 179 for (dk = strtok(drives, " "); dk != NULL; dk = strtok(NULL, " ")) { 180 sprintf(dev, _PATH_DEV "%s%c", dk, 'a'+RAW_PART); 181 fprintf(stderr, "trying: %s\n", dev); 182 183 if ((fd = open(dev, O_RDONLY)) >= 0) { 184 (void)fprintf(stderr, "using %s\n", dev); 185 break; 186 } 187 } 188 free(drives); 189 190 if (fd < 0) 191 atf_tc_skip("failed to find suitable block device"); 192 193 map = mmap(NULL, 4096, PROT_READ, MAP_FILE, fd, 0); 194 ATF_REQUIRE(map != MAP_FAILED); 195 196 (void)fprintf(stderr, "first byte %x\n", *map); 197 ATF_REQUIRE(close(fd) == 0); 198 (void)fprintf(stderr, "first byte %x\n", *map); 199 200 ATF_REQUIRE(munmap(map, 4096) == 0); 201} 202 203ATF_TC(mmap_err); 204ATF_TC_HEAD(mmap_err, tc) 205{ 206 atf_tc_set_md_var(tc, "descr", "Test error conditions of mmap(2)"); 207} 208 209ATF_TC_BODY(mmap_err, tc) 210{ 211 size_t addr = SIZE_MAX; 212 void *map; 213 214 errno = 0; 215 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, -1, 0); 216 217 ATF_REQUIRE(map == MAP_FAILED); 218 ATF_REQUIRE(errno == EBADF); 219 220 errno = 0; 221 map = mmap(&addr, page, PROT_READ, MAP_FIXED|MAP_PRIVATE, -1, 0); 222 223 ATF_REQUIRE(map == MAP_FAILED); 224 ATF_REQUIRE(errno == EINVAL); 225 226 errno = 0; 227 map = mmap(NULL, page, PROT_READ, MAP_ANON|MAP_PRIVATE, INT_MAX, 0); 228 229 ATF_REQUIRE(map == MAP_FAILED); 230 ATF_REQUIRE(errno == EINVAL); 231} 232 233ATF_TC_WITH_CLEANUP(mmap_loan); 234ATF_TC_HEAD(mmap_loan, tc) 235{ 236 atf_tc_set_md_var(tc, "descr", "Test uvm page loanout with mmap(2)"); 237} 238 239ATF_TC_BODY(mmap_loan, tc) 240{ 241 char buf[BUFSIZE]; 242 char *vp, *vp2; 243 int fd; 244 245 fd = open(path, O_RDWR | O_CREAT, 0600); 246 ATF_REQUIRE(fd >= 0); 247 248 (void)memset(buf, 'x', sizeof(buf)); 249 (void)write(fd, buf, sizeof(buf)); 250 251 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 252 MAP_FILE | MAP_PRIVATE, fd, 0); 253 254 ATF_REQUIRE(vp != MAP_FAILED); 255 256 vp2 = vp; 257 258 testloan(vp, vp2, 'A', 0); 259 testloan(vp, vp2, 'B', 1); 260 261 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 262 263 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 264 MAP_FILE | MAP_SHARED, fd, 0); 265 266 vp2 = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 267 MAP_FILE | MAP_SHARED, fd, 0); 268 269 ATF_REQUIRE(vp != MAP_FAILED); 270 ATF_REQUIRE(vp2 != MAP_FAILED); 271 272 testloan(vp, vp2, 'E', 1); 273 274 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 275 ATF_REQUIRE(munmap(vp2, BUFSIZE) == 0); 276} 277 278ATF_TC_CLEANUP(mmap_loan, tc) 279{ 280 (void)unlink(path); 281} 282 283ATF_TC_WITH_CLEANUP(mmap_prot_1); 284ATF_TC_HEAD(mmap_prot_1, tc) 285{ 286 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #1"); 287} 288 289ATF_TC_BODY(mmap_prot_1, tc) 290{ 291 void *map; 292 int fd; 293 294 /* 295 * Open a file write-only and try to 296 * map it read-only. This should fail. 297 */ 298 fd = open(path, O_WRONLY | O_CREAT, 0700); 299 300 if (fd < 0) 301 return; 302 303 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 304 305 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 306 map_check(map, 1); 307 308 map = mmap(NULL, 3, PROT_WRITE, MAP_FILE|MAP_PRIVATE, fd, 0); 309 map_check(map, 0); 310 311 ATF_REQUIRE(close(fd) == 0); 312} 313 314ATF_TC_CLEANUP(mmap_prot_1, tc) 315{ 316 (void)unlink(path); 317} 318 319ATF_TC(mmap_prot_2); 320ATF_TC_HEAD(mmap_prot_2, tc) 321{ 322 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #2"); 323} 324 325ATF_TC_BODY(mmap_prot_2, tc) 326{ 327 char buf[2]; 328 void *map; 329 pid_t pid; 330 int sta; 331 332 /* 333 * Make a PROT_NONE mapping and try to access it. 334 * If we catch a SIGSEGV, all works as expected. 335 */ 336 map = mmap(NULL, page, PROT_NONE, MAP_ANON|MAP_PRIVATE, -1, 0); 337 ATF_REQUIRE(map != MAP_FAILED); 338 339 pid = fork(); 340 ATF_REQUIRE(pid >= 0); 341 342 if (pid == 0) { 343 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 344 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 345 } 346 347 (void)wait(&sta); 348 349 ATF_REQUIRE(WIFEXITED(sta) != 0); 350 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 351 ATF_REQUIRE(munmap(map, page) == 0); 352} 353 354ATF_TC_WITH_CLEANUP(mmap_prot_3); 355ATF_TC_HEAD(mmap_prot_3, tc) 356{ 357 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #3"); 358} 359 360ATF_TC_BODY(mmap_prot_3, tc) 361{ 362 char buf[2]; 363 int fd, sta; 364 void *map; 365 pid_t pid; 366 367 /* 368 * Open a file, change the permissions 369 * to read-only, and try to map it as 370 * PROT_NONE. This should succeed, but 371 * the access should generate SIGSEGV. 372 */ 373 fd = open(path, O_RDWR | O_CREAT, 0700); 374 375 if (fd < 0) 376 return; 377 378 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 379 ATF_REQUIRE(close(fd) == 0); 380 ATF_REQUIRE(chmod(path, 0444) == 0); 381 382 fd = open(path, O_RDONLY); 383 ATF_REQUIRE(fd != -1); 384 385 map = mmap(NULL, 3, PROT_NONE, MAP_FILE | MAP_SHARED, fd, 0); 386 ATF_REQUIRE(map != MAP_FAILED); 387 388 pid = fork(); 389 390 ATF_REQUIRE(pid >= 0); 391 392 if (pid == 0) { 393 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 394 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 395 } 396 397 (void)wait(&sta); 398 399 ATF_REQUIRE(WIFEXITED(sta) != 0); 400 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 401 ATF_REQUIRE(munmap(map, 3) == 0); 402} 403 404ATF_TC_CLEANUP(mmap_prot_3, tc) 405{ 406 (void)unlink(path); 407} 408 409ATF_TC_WITH_CLEANUP(mmap_truncate); 410ATF_TC_HEAD(mmap_truncate, tc) 411{ 412 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and ftruncate(2)"); 413} 414 415ATF_TC_BODY(mmap_truncate, tc) 416{ 417 char *map; 418 long i; 419 int fd; 420 421 fd = open(path, O_RDWR | O_CREAT, 0700); 422 423 if (fd < 0) 424 return; 425 426 /* 427 * See that ftruncate(2) works 428 * while the file is mapped. 429 */ 430 ATF_REQUIRE(ftruncate(fd, page) == 0); 431 432 map = mmap(NULL, page, PROT_READ | PROT_WRITE, MAP_FILE|MAP_PRIVATE, 433 fd, 0); 434 ATF_REQUIRE(map != MAP_FAILED); 435 436 for (i = 0; i < page; i++) 437 map[i] = 'x'; 438 439 ATF_REQUIRE(ftruncate(fd, 0) == 0); 440 ATF_REQUIRE(ftruncate(fd, page / 8) == 0); 441 ATF_REQUIRE(ftruncate(fd, page / 4) == 0); 442 ATF_REQUIRE(ftruncate(fd, page / 2) == 0); 443 ATF_REQUIRE(ftruncate(fd, page / 12) == 0); 444 ATF_REQUIRE(ftruncate(fd, page / 64) == 0); 445 446 ATF_REQUIRE(close(fd) == 0); 447} 448 449ATF_TC_CLEANUP(mmap_truncate, tc) 450{ 451 (void)unlink(path); 452} 453 454ATF_TC(mmap_va0); 455ATF_TC_HEAD(mmap_va0, tc) 456{ 457 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and vm.user_va0_disable"); 458} 459 460ATF_TC_BODY(mmap_va0, tc) 461{ 462 int flags = MAP_ANON | MAP_FIXED | MAP_PRIVATE; 463 size_t len = sizeof(int); 464 void *map; 465 int val; 466 467 /* 468 * Make an anonymous fixed mapping at zero address. If the address 469 * is restricted as noted in security(7), the syscall should fail. 470 */ 471 if (sysctlbyname("vm.user_va0_disable", &val, &len, NULL, 0) != 0) 472 atf_tc_fail("failed to read vm.user_va0_disable"); 473 474 map = mmap(NULL, page, PROT_EXEC, flags, -1, 0); 475 map_check(map, val); 476 477 map = mmap(NULL, page, PROT_READ, flags, -1, 0); 478 map_check(map, val); 479 480 map = mmap(NULL, page, PROT_WRITE, flags, -1, 0); 481 map_check(map, val); 482 483 map = mmap(NULL, page, PROT_READ|PROT_WRITE, flags, -1, 0); 484 map_check(map, val); 485 486 map = mmap(NULL, page, PROT_EXEC|PROT_READ|PROT_WRITE, flags, -1, 0); 487 map_check(map, val); 488} 489 490ATF_TP_ADD_TCS(tp) 491{ 492 page = sysconf(_SC_PAGESIZE); 493 ATF_REQUIRE(page >= 0); 494 495 ATF_TP_ADD_TC(tp, mmap_block); 496 ATF_TP_ADD_TC(tp, mmap_err); 497 ATF_TP_ADD_TC(tp, mmap_loan); 498 ATF_TP_ADD_TC(tp, mmap_prot_1); 499 ATF_TP_ADD_TC(tp, mmap_prot_2); 500 ATF_TP_ADD_TC(tp, mmap_prot_3); 501 ATF_TP_ADD_TC(tp, mmap_truncate); 502 ATF_TP_ADD_TC(tp, mmap_va0); 503 504 return atf_no_error(); 505} 506