Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2013 Linux Test Project |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or |
| 5 | * modify it under the terms of version 2 of the GNU General Public |
| 6 | * License as published by the Free Software Foundation. |
| 7 | * |
| 8 | * This program is distributed in the hope that it would be useful, |
| 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| 11 | * |
| 12 | * Further, this software is distributed without any warranty that it |
| 13 | * is free of the rightful claim of any third person regarding |
| 14 | * infringement or the like. Any license provided herein, whether |
| 15 | * implied or otherwise, applies only to this software file. Patent |
| 16 | * licenses, if any, provided herein do not apply to combinations of |
| 17 | * this program with other software, or any other product whatsoever. |
| 18 | * |
| 19 | * You should have received a copy of the GNU General Public License |
| 20 | * along with this program; if not, write the Free Software |
| 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| 22 | * 02110-1301, USA. |
| 23 | */ |
| 24 | /* |
| 25 | * reproducer for: |
| 26 | * BUG: unable to handle kernel NULL ptr deref in selinux_socket_unix_may_send |
| 27 | * fixed in 3.9.0-0.rc5: |
| 28 | * commit ded34e0fe8fe8c2d595bfa30626654e4b87621e0 |
| 29 | * Author: Paul Moore <pmoore@redhat.com> |
| 30 | * Date: Mon Mar 25 03:18:33 2013 +0000 |
| 31 | * unix: fix a race condition in unix_release() |
| 32 | */ |
| 33 | |
| 34 | #define _GNU_SOURCE |
| 35 | #include <sys/ipc.h> |
| 36 | #include <sys/stat.h> |
| 37 | #include <sys/sem.h> |
| 38 | #include <sys/socket.h> |
| 39 | #include <sys/types.h> |
| 40 | #include <sys/un.h> |
| 41 | #include <sys/wait.h> |
| 42 | #include <errno.h> |
| 43 | #include <signal.h> |
| 44 | #include "config.h" |
| 45 | #include "test.h" |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 46 | #include "safe_macros.h" |
| 47 | |
Jan Stancek | 72023d5 | 2014-08-22 14:56:48 +0200 | [diff] [blame] | 48 | union semun { |
| 49 | int val; |
| 50 | struct semid_ds *buf; |
| 51 | unsigned short int *array; |
| 52 | }; |
| 53 | |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 54 | char *TCID = "sendmsg02"; |
| 55 | |
| 56 | static int sem_id; |
| 57 | static int tflag; |
| 58 | static char *t_opt; |
| 59 | static option_t options[] = { |
| 60 | {"s:", &tflag, &t_opt}, |
| 61 | {NULL, NULL, NULL} |
| 62 | }; |
| 63 | |
| 64 | static void setup(void); |
| 65 | static void cleanup(void); |
| 66 | |
| 67 | static void client(int id, int pipefd[]) |
| 68 | { |
| 69 | int fd, semval; |
| 70 | char data[] = "123456789"; |
| 71 | struct iovec w; |
| 72 | struct sockaddr_un sa; |
| 73 | struct msghdr mh; |
| 74 | struct cmsghdr cmh; |
| 75 | |
| 76 | close(pipefd[0]); |
| 77 | |
| 78 | memset(&sa, 0, sizeof(sa)); |
| 79 | sa.sun_family = AF_UNIX; |
| 80 | snprintf(sa.sun_path, sizeof(sa.sun_path), "socket_test%d", id); |
| 81 | |
| 82 | w.iov_base = data; |
| 83 | w.iov_len = 10; |
| 84 | |
| 85 | memset(&cmh, 0, sizeof(cmh)); |
| 86 | mh.msg_control = &cmh; |
| 87 | mh.msg_controllen = sizeof(cmh); |
| 88 | |
| 89 | memset(&mh, 0, sizeof(mh)); |
| 90 | mh.msg_name = &sa; |
| 91 | mh.msg_namelen = sizeof(struct sockaddr_un); |
| 92 | mh.msg_iov = &w; |
| 93 | mh.msg_iovlen = 1; |
| 94 | |
| 95 | do { |
Jan Stancek | 738f74e | 2013-04-23 10:25:37 +0200 | [diff] [blame] | 96 | fd = socket(AF_UNIX, SOCK_DGRAM, 0); |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 97 | write(pipefd[1], &fd, 1); |
| 98 | sendmsg(fd, &mh, MSG_NOSIGNAL); |
| 99 | close(fd); |
| 100 | semval = semctl(sem_id, 0, GETVAL); |
| 101 | } while (semval != 0); |
| 102 | close(pipefd[1]); |
| 103 | } |
| 104 | |
| 105 | static void server(int id, int pipefd[]) |
| 106 | { |
| 107 | int fd, semval; |
| 108 | struct sockaddr_un sa; |
| 109 | |
| 110 | close(pipefd[1]); |
| 111 | |
| 112 | memset(&sa, 0, sizeof(sa)); |
| 113 | sa.sun_family = AF_UNIX; |
| 114 | snprintf(sa.sun_path, sizeof(sa.sun_path), "socket_test%d", id); |
| 115 | |
| 116 | do { |
Jan Stancek | 738f74e | 2013-04-23 10:25:37 +0200 | [diff] [blame] | 117 | fd = socket(AF_UNIX, SOCK_DGRAM, 0); |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 118 | unlink(sa.sun_path); |
| 119 | bind(fd, (struct sockaddr *) &sa, sizeof(struct sockaddr_un)); |
| 120 | read(pipefd[0], &fd, 1); |
| 121 | close(fd); |
| 122 | semval = semctl(sem_id, 0, GETVAL); |
| 123 | } while (semval != 0); |
| 124 | close(pipefd[0]); |
| 125 | } |
| 126 | |
| 127 | static void reproduce(int seconds) |
| 128 | { |
| 129 | int i, status, pipefd[2]; |
| 130 | int child_pairs = sysconf(_SC_NPROCESSORS_ONLN)*4; |
| 131 | int child_count = 0; |
| 132 | int *child_pids; |
| 133 | int child_pid; |
Jan Stancek | 72023d5 | 2014-08-22 14:56:48 +0200 | [diff] [blame] | 134 | union semun u; |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 135 | |
| 136 | child_pids = SAFE_MALLOC(cleanup, sizeof(int) * child_pairs * 2); |
| 137 | |
Jan Stancek | 72023d5 | 2014-08-22 14:56:48 +0200 | [diff] [blame] | 138 | u.val = 1; |
| 139 | if (semctl(sem_id, 0, SETVAL, u) == -1) |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 140 | tst_brkm(TBROK | TERRNO, cleanup, "couldn't set semval to 1"); |
| 141 | |
| 142 | /* fork child for each client/server pair */ |
| 143 | for (i = 0; i < child_pairs*2; i++) { |
| 144 | if (i%2 == 0) { |
| 145 | if (pipe(pipefd) < 0) { |
| 146 | tst_resm(TBROK | TERRNO, "pipe failed"); |
| 147 | break; |
| 148 | } |
| 149 | } |
| 150 | |
| 151 | child_pid = fork(); |
| 152 | switch (child_pid) { |
| 153 | case -1: |
| 154 | tst_resm(TBROK | TERRNO, "fork"); |
| 155 | break; |
| 156 | case 0: |
| 157 | if (i%2 == 0) |
| 158 | server(i, pipefd); |
| 159 | else |
| 160 | client(i-1, pipefd); |
| 161 | exit(0); |
| 162 | default: |
| 163 | child_pids[child_count++] = child_pid; |
| 164 | }; |
| 165 | |
| 166 | /* this process can close the pipe now */ |
| 167 | if (i%2 == 0) { |
| 168 | close(pipefd[0]); |
| 169 | close(pipefd[1]); |
| 170 | } |
| 171 | } |
| 172 | |
| 173 | /* let clients/servers run for a while, then clear semval to signal |
| 174 | * they should stop running now */ |
| 175 | if (child_count == child_pairs*2) |
| 176 | sleep(seconds); |
| 177 | |
Jan Stancek | 72023d5 | 2014-08-22 14:56:48 +0200 | [diff] [blame] | 178 | u.val = 0; |
| 179 | if (semctl(sem_id, 0, SETVAL, u) == -1) { |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 180 | /* kill children if setting semval failed */ |
| 181 | for (i = 0; i < child_count; i++) |
| 182 | kill(child_pids[i], SIGKILL); |
| 183 | tst_resm(TBROK | TERRNO, "couldn't set semval to 0"); |
| 184 | } |
| 185 | |
| 186 | for (i = 0; i < child_count; i++) { |
| 187 | if (waitpid(child_pids[i], &status, 0) == -1) |
| 188 | tst_resm(TBROK | TERRNO, "waitpid for %d failed", |
| 189 | child_pids[i]); |
| 190 | if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) |
| 191 | tst_resm(TFAIL, "child %d returns %d", i, status); |
| 192 | } |
| 193 | free(child_pids); |
| 194 | } |
| 195 | |
| 196 | static void help(void) |
| 197 | { |
| 198 | printf(" -s NUM Number of seconds to run.\n"); |
| 199 | } |
| 200 | |
| 201 | int main(int argc, char *argv[]) |
| 202 | { |
| 203 | int lc; |
Cyril Hrubis | 0b9589f | 2014-05-27 17:40:33 +0200 | [diff] [blame] | 204 | const char *msg; |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 205 | long seconds; |
| 206 | |
| 207 | msg = parse_opts(argc, argv, options, &help); |
| 208 | if (msg != NULL) |
| 209 | tst_brkm(TBROK, tst_exit, "OPTION PARSING ERROR - %s", msg); |
| 210 | setup(); |
| 211 | |
| 212 | seconds = tflag ? SAFE_STRTOL(NULL, t_opt, 1, LONG_MAX) : 15; |
| 213 | for (lc = 0; TEST_LOOPING(lc); lc++) |
| 214 | reproduce(seconds); |
| 215 | tst_resm(TPASS, "finished after %ld seconds", seconds); |
| 216 | |
| 217 | cleanup(); |
| 218 | tst_exit(); |
| 219 | } |
| 220 | |
| 221 | static void setup(void) |
| 222 | { |
| 223 | tst_require_root(NULL); |
| 224 | tst_tmpdir(); |
| 225 | |
| 226 | sem_id = semget(IPC_PRIVATE, 1, IPC_CREAT | S_IRWXU); |
| 227 | if (sem_id == -1) |
| 228 | tst_brkm(TBROK | TERRNO, NULL, "Couldn't allocate semaphore"); |
| 229 | |
| 230 | TEST_PAUSE; |
| 231 | } |
| 232 | |
| 233 | static void cleanup(void) |
| 234 | { |
Jan Stancek | 1cd3207 | 2013-04-15 09:58:29 +0200 | [diff] [blame] | 235 | semctl(sem_id, 0, IPC_RMID); |
| 236 | tst_rmdir(); |
| 237 | } |