Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / ltp / aabb8340f63ed31afe995fd97795e542dc68b93c / . / testcases / kernel / syscalls / sendmsg / sendmsg02.c
blob: bd25ee5bcec6945e0e9ef22f23e0e3d14b206dc1 [file] [log] [blame]
/*
* Copyright (C) 2013 Linux Test Project
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License as published by the Free Software Foundation.
*
* This program is distributed in the hope that it would be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* Further, this software is distributed without any warranty that it
* is free of the rightful claim of any third person regarding
* infringement or the like. Any license provided herein, whether
* implied or otherwise, applies only to this software file. Patent
* licenses, if any, provided herein do not apply to combinations of
* this program with other software, or any other product whatsoever.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* reproducer for:
* BUG: unable to handle kernel NULL ptr deref in selinux_socket_unix_may_send
* fixed in 3.9.0-0.rc5:
* commit ded34e0fe8fe8c2d595bfa30626654e4b87621e0
* Author: Paul Moore <pmoore@redhat.com>
* Date: Mon Mar 25 03:18:33 2013 +0000
* unix: fix a race condition in unix_release()
*/
#define _GNU_SOURCE
#include <sys/ipc.h>
#include <sys/stat.h>
#include <sys/sem.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <errno.h>
#include <signal.h>
#include "config.h"
#include "test.h"
#include "safe_macros.h"
union semun {
int val;
struct semid_ds *buf;
unsigned short int *array;
};
char *TCID = "sendmsg02";
static int sem_id;
static int tflag;
static char *t_opt;
static option_t options[] = {
{"s:", &tflag, &t_opt},
{NULL, NULL, NULL}
};
static void setup(void);
static void cleanup(void);
static void client(int id, int pipefd[])
{
int fd, semval;
char data[] = "123456789";
struct iovec w;
struct sockaddr_un sa;
struct msghdr mh;
struct cmsghdr cmh;
close(pipefd[0]);
memset(&sa, 0, sizeof(sa));
sa.sun_family = AF_UNIX;
snprintf(sa.sun_path, sizeof(sa.sun_path), "socket_test%d", id);
w.iov_base = data;
w.iov_len = 10;
memset(&cmh, 0, sizeof(cmh));
mh.msg_control = &cmh;
mh.msg_controllen = sizeof(cmh);
memset(&mh, 0, sizeof(mh));
mh.msg_name = &sa;
mh.msg_namelen = sizeof(struct sockaddr_un);
mh.msg_iov = &w;
mh.msg_iovlen = 1;
do {
fd = socket(AF_UNIX, SOCK_DGRAM, 0);
write(pipefd[1], &fd, 1);
sendmsg(fd, &mh, MSG_NOSIGNAL);
close(fd);
semval = semctl(sem_id, 0, GETVAL);
} while (semval != 0);
close(pipefd[1]);
}
static void server(int id, int pipefd[])
{
int fd, semval;
struct sockaddr_un sa;
close(pipefd[1]);
memset(&sa, 0, sizeof(sa));
sa.sun_family = AF_UNIX;
snprintf(sa.sun_path, sizeof(sa.sun_path), "socket_test%d", id);
do {
fd = socket(AF_UNIX, SOCK_DGRAM, 0);
unlink(sa.sun_path);
bind(fd, (struct sockaddr *) &sa, sizeof(struct sockaddr_un));
read(pipefd[0], &fd, 1);
close(fd);
semval = semctl(sem_id, 0, GETVAL);
} while (semval != 0);
close(pipefd[0]);
}
static void reproduce(int seconds)
{
int i, status, pipefd[2];
int child_pairs = sysconf(_SC_NPROCESSORS_ONLN)*4;
int child_count = 0;
int *child_pids;
int child_pid;
union semun u;
child_pids = SAFE_MALLOC(cleanup, sizeof(int) * child_pairs * 2);
u.val = 1;
if (semctl(sem_id, 0, SETVAL, u) == -1)
tst_brkm(TBROK | TERRNO, cleanup, "couldn't set semval to 1");
/* fork child for each client/server pair */
for (i = 0; i < child_pairs*2; i++) {
if (i%2 == 0) {
if (pipe(pipefd) < 0) {
tst_resm(TBROK | TERRNO, "pipe failed");
break;
}
}
child_pid = fork();
switch (child_pid) {
case -1:
tst_resm(TBROK | TERRNO, "fork");
break;
case 0:
if (i%2 == 0)
server(i, pipefd);
else
client(i-1, pipefd);
exit(0);
default:
child_pids[child_count++] = child_pid;
};
/* this process can close the pipe now */
if (i%2 == 0) {
close(pipefd[0]);
close(pipefd[1]);
}
}
/* let clients/servers run for a while, then clear semval to signal
* they should stop running now */
if (child_count == child_pairs*2)
sleep(seconds);
u.val = 0;
if (semctl(sem_id, 0, SETVAL, u) == -1) {
/* kill children if setting semval failed */
for (i = 0; i < child_count; i++)
kill(child_pids[i], SIGKILL);
tst_resm(TBROK | TERRNO, "couldn't set semval to 0");
}
for (i = 0; i < child_count; i++) {
if (waitpid(child_pids[i], &status, 0) == -1)
tst_resm(TBROK | TERRNO, "waitpid for %d failed",
child_pids[i]);
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
tst_resm(TFAIL, "child %d returns %d", i, status);
}
free(child_pids);
}
static void help(void)
{
printf(" -s NUM Number of seconds to run.\n");
}
int main(int argc, char *argv[])
{
int lc;
const char *msg;
long seconds;
msg = parse_opts(argc, argv, options, &help);
if (msg != NULL)
tst_brkm(TBROK, tst_exit, "OPTION PARSING ERROR - %s", msg);
setup();
seconds = tflag ? SAFE_STRTOL(NULL, t_opt, 1, LONG_MAX) : 15;
for (lc = 0; TEST_LOOPING(lc); lc++)
reproduce(seconds);
tst_resm(TPASS, "finished after %ld seconds", seconds);
cleanup();
tst_exit();
}
static void setup(void)
{
tst_require_root(NULL);
tst_tmpdir();
sem_id = semget(IPC_PRIVATE, 1, IPC_CREAT | S_IRWXU);
if (sem_id == -1)
tst_brkm(TBROK | TERRNO, NULL, "Couldn't allocate semaphore");
TEST_PAUSE;
}
static void cleanup(void)
{
semctl(sem_id, 0, IPC_RMID);
tst_rmdir();
}