t_mmap.c revision 313498
1/* $NetBSD: t_mmap.c,v 1.9 2015/02/28 13:57:08 martin Exp $ */ 2 3/*- 4 * Copyright (c) 2011 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jukka Ruohonen. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32/*- 33 * Copyright (c)2004 YAMAMOTO Takashi, 34 * All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 */ 57#include <sys/cdefs.h> 58__RCSID("$NetBSD: t_mmap.c,v 1.9 2015/02/28 13:57:08 martin Exp $"); 59 60#include <sys/param.h> 61#include <sys/mman.h> 62#include <sys/socket.h> 63#include <sys/sysctl.h> 64#include <sys/wait.h> 65 66#include <atf-c.h> 67#include <errno.h> 68#include <fcntl.h> 69#include <signal.h> 70#include <stdio.h> 71#include <stdlib.h> 72#include <string.h> 73#include <unistd.h> 74#include <paths.h> 75#ifdef __NetBSD__ 76#include <machine/disklabel.h> 77#endif 78 79#ifdef __FreeBSD__ 80#include <sys/disklabel.h> 81#include <sys/stat.h> 82#include <stdint.h> 83#endif 84 85static long page = 0; 86static char path[] = "mmap"; 87static void map_check(void *, int); 88static void map_sighandler(int); 89static void testloan(void *, void *, char, int); 90 91#define BUFSIZE (32 * 1024) /* enough size to trigger sosend_loan */ 92 93static void 94map_check(void *map, int flag) 95{ 96 97 if (flag != 0) { 98 ATF_REQUIRE(map == MAP_FAILED); 99 return; 100 } 101 102 ATF_REQUIRE(map != MAP_FAILED); 103 ATF_REQUIRE(munmap(map, page) == 0); 104} 105 106void 107testloan(void *vp, void *vp2, char pat, int docheck) 108{ 109 char buf[BUFSIZE]; 110 char backup[BUFSIZE]; 111 ssize_t nwritten; 112 ssize_t nread; 113 int fds[2]; 114 int val; 115 116 val = BUFSIZE; 117 118 if (docheck != 0) 119 (void)memcpy(backup, vp, BUFSIZE); 120 121 if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, fds) != 0) 122 atf_tc_fail("socketpair() failed"); 123 124 val = BUFSIZE; 125 126 if (setsockopt(fds[1], SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)) != 0) 127 atf_tc_fail("setsockopt() failed, SO_RCVBUF"); 128 129 val = BUFSIZE; 130 131 if (setsockopt(fds[0], SOL_SOCKET, SO_SNDBUF, &val, sizeof(val)) != 0) 132 atf_tc_fail("setsockopt() failed, SO_SNDBUF"); 133 134 if (fcntl(fds[0], F_SETFL, O_NONBLOCK) != 0) 135 atf_tc_fail("fcntl() failed"); 136 137 nwritten = write(fds[0], (char *)vp + page, BUFSIZE - page); 138 139 if (nwritten == -1) 140 atf_tc_fail("write() failed"); 141 142 /* Break loan. */ 143 (void)memset(vp2, pat, BUFSIZE); 144 145 nread = read(fds[1], buf + page, BUFSIZE - page); 146 147 if (nread == -1) 148 atf_tc_fail("read() failed"); 149 150 if (nread != nwritten) 151 atf_tc_fail("too short read"); 152 153 if (docheck != 0 && memcmp(backup, buf + page, nread) != 0) 154 atf_tc_fail("data mismatch"); 155 156 ATF_REQUIRE(close(fds[0]) == 0); 157 ATF_REQUIRE(close(fds[1]) == 0); 158} 159 160static void 161map_sighandler(int signo) 162{ 163 _exit(signo); 164} 165 166#ifdef __NetBSD__ 167ATF_TC(mmap_block); 168ATF_TC_HEAD(mmap_block, tc) 169{ 170 atf_tc_set_md_var(tc, "descr", "Test mmap(2) with a block device"); 171 atf_tc_set_md_var(tc, "require.user", "root"); 172} 173 174ATF_TC_BODY(mmap_block, tc) 175{ 176 static const int mib[] = { CTL_HW, HW_DISKNAMES }; 177 static const unsigned int miblen = __arraycount(mib); 178 char *map, *dk, *drives, dev[PATH_MAX]; 179 size_t len; 180 int fd = -1; 181 182 atf_tc_skip("The test case causes a panic (PR kern/38889, kern/46592)"); 183 184 ATF_REQUIRE(sysctl(mib, miblen, NULL, &len, NULL, 0) == 0); 185 drives = malloc(len); 186 ATF_REQUIRE(drives != NULL); 187 ATF_REQUIRE(sysctl(mib, miblen, drives, &len, NULL, 0) == 0); 188 for (dk = strtok(drives, " "); dk != NULL; dk = strtok(NULL, " ")) { 189 sprintf(dev, _PATH_DEV "%s%c", dk, 'a'+RAW_PART); 190 fprintf(stderr, "trying: %s\n", dev); 191 192 if ((fd = open(dev, O_RDONLY)) >= 0) { 193 (void)fprintf(stderr, "using %s\n", dev); 194 break; 195 } 196 } 197 free(drives); 198 199 if (fd < 0) 200 atf_tc_skip("failed to find suitable block device"); 201 202 map = mmap(NULL, 4096, PROT_READ, MAP_FILE, fd, 0); 203 ATF_REQUIRE(map != MAP_FAILED); 204 205 (void)fprintf(stderr, "first byte %x\n", *map); 206 ATF_REQUIRE(close(fd) == 0); 207 (void)fprintf(stderr, "first byte %x\n", *map); 208 209 ATF_REQUIRE(munmap(map, 4096) == 0); 210} 211#endif 212 213ATF_TC(mmap_err); 214ATF_TC_HEAD(mmap_err, tc) 215{ 216 atf_tc_set_md_var(tc, "descr", "Test error conditions of mmap(2)"); 217} 218 219ATF_TC_BODY(mmap_err, tc) 220{ 221 size_t addr = SIZE_MAX; 222 void *map; 223 224 errno = 0; 225 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, -1, 0); 226 227 ATF_REQUIRE(map == MAP_FAILED); 228 ATF_REQUIRE(errno == EBADF); 229 230 errno = 0; 231 map = mmap(&addr, page, PROT_READ, MAP_FIXED|MAP_PRIVATE, -1, 0); 232 233 ATF_REQUIRE(map == MAP_FAILED); 234 ATF_REQUIRE(errno == EINVAL); 235 236 errno = 0; 237 map = mmap(NULL, page, PROT_READ, MAP_ANON|MAP_PRIVATE, INT_MAX, 0); 238 239 ATF_REQUIRE(map == MAP_FAILED); 240 ATF_REQUIRE(errno == EINVAL); 241} 242 243ATF_TC_WITH_CLEANUP(mmap_loan); 244ATF_TC_HEAD(mmap_loan, tc) 245{ 246 atf_tc_set_md_var(tc, "descr", "Test uvm page loanout with mmap(2)"); 247} 248 249ATF_TC_BODY(mmap_loan, tc) 250{ 251 char buf[BUFSIZE]; 252 char *vp, *vp2; 253 int fd; 254 255 fd = open(path, O_RDWR | O_CREAT, 0600); 256 ATF_REQUIRE(fd >= 0); 257 258 (void)memset(buf, 'x', sizeof(buf)); 259 (void)write(fd, buf, sizeof(buf)); 260 261 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 262 MAP_FILE | MAP_PRIVATE, fd, 0); 263 264 ATF_REQUIRE(vp != MAP_FAILED); 265 266 vp2 = vp; 267 268 testloan(vp, vp2, 'A', 0); 269 testloan(vp, vp2, 'B', 1); 270 271 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 272 273 vp = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 274 MAP_FILE | MAP_SHARED, fd, 0); 275 276 vp2 = mmap(NULL, BUFSIZE, PROT_READ | PROT_WRITE, 277 MAP_FILE | MAP_SHARED, fd, 0); 278 279 ATF_REQUIRE(vp != MAP_FAILED); 280 ATF_REQUIRE(vp2 != MAP_FAILED); 281 282 testloan(vp, vp2, 'E', 1); 283 284 ATF_REQUIRE(munmap(vp, BUFSIZE) == 0); 285 ATF_REQUIRE(munmap(vp2, BUFSIZE) == 0); 286} 287 288ATF_TC_CLEANUP(mmap_loan, tc) 289{ 290 (void)unlink(path); 291} 292 293ATF_TC_WITH_CLEANUP(mmap_prot_1); 294ATF_TC_HEAD(mmap_prot_1, tc) 295{ 296 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #1"); 297} 298 299ATF_TC_BODY(mmap_prot_1, tc) 300{ 301 void *map; 302 int fd; 303 304 /* 305 * Open a file write-only and try to 306 * map it read-only. This should fail. 307 */ 308 fd = open(path, O_WRONLY | O_CREAT, 0700); 309 310 if (fd < 0) 311 return; 312 313 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 314 315 map = mmap(NULL, 3, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 316 map_check(map, 1); 317 318 map = mmap(NULL, 3, PROT_WRITE, MAP_FILE|MAP_PRIVATE, fd, 0); 319 map_check(map, 0); 320 321 ATF_REQUIRE(close(fd) == 0); 322} 323 324ATF_TC_CLEANUP(mmap_prot_1, tc) 325{ 326 (void)unlink(path); 327} 328 329ATF_TC(mmap_prot_2); 330ATF_TC_HEAD(mmap_prot_2, tc) 331{ 332 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #2"); 333} 334 335ATF_TC_BODY(mmap_prot_2, tc) 336{ 337 char buf[2]; 338 void *map; 339 pid_t pid; 340 int sta; 341 342 /* 343 * Make a PROT_NONE mapping and try to access it. 344 * If we catch a SIGSEGV, all works as expected. 345 */ 346 map = mmap(NULL, page, PROT_NONE, MAP_ANON|MAP_PRIVATE, -1, 0); 347 ATF_REQUIRE(map != MAP_FAILED); 348 349 pid = fork(); 350 ATF_REQUIRE(pid >= 0); 351 352 if (pid == 0) { 353 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 354 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 355 } 356 357 (void)wait(&sta); 358 359 ATF_REQUIRE(WIFEXITED(sta) != 0); 360 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 361 ATF_REQUIRE(munmap(map, page) == 0); 362} 363 364ATF_TC_WITH_CLEANUP(mmap_prot_3); 365ATF_TC_HEAD(mmap_prot_3, tc) 366{ 367 atf_tc_set_md_var(tc, "descr", "Test mmap(2) protections, #3"); 368} 369 370ATF_TC_BODY(mmap_prot_3, tc) 371{ 372 char buf[2]; 373 int fd, sta; 374 void *map; 375 pid_t pid; 376 377 /* 378 * Open a file, change the permissions 379 * to read-only, and try to map it as 380 * PROT_NONE. This should succeed, but 381 * the access should generate SIGSEGV. 382 */ 383 fd = open(path, O_RDWR | O_CREAT, 0700); 384 385 if (fd < 0) 386 return; 387 388 ATF_REQUIRE(write(fd, "XXX", 3) == 3); 389 ATF_REQUIRE(close(fd) == 0); 390 ATF_REQUIRE(chmod(path, 0444) == 0); 391 392 fd = open(path, O_RDONLY); 393 ATF_REQUIRE(fd != -1); 394 395 map = mmap(NULL, 3, PROT_NONE, MAP_FILE | MAP_SHARED, fd, 0); 396 ATF_REQUIRE(map != MAP_FAILED); 397 398 pid = fork(); 399 400 ATF_REQUIRE(pid >= 0); 401 402 if (pid == 0) { 403 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 404 ATF_REQUIRE(strlcpy(buf, map, sizeof(buf)) != 0); 405 } 406 407 (void)wait(&sta); 408 409 ATF_REQUIRE(WIFEXITED(sta) != 0); 410 ATF_REQUIRE(WEXITSTATUS(sta) == SIGSEGV); 411 ATF_REQUIRE(munmap(map, 3) == 0); 412} 413 414ATF_TC_CLEANUP(mmap_prot_3, tc) 415{ 416 (void)unlink(path); 417} 418 419ATF_TC_WITH_CLEANUP(mmap_truncate); 420ATF_TC_HEAD(mmap_truncate, tc) 421{ 422 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and ftruncate(2)"); 423} 424 425ATF_TC_BODY(mmap_truncate, tc) 426{ 427 char *map; 428 long i; 429 int fd; 430 431 fd = open(path, O_RDWR | O_CREAT, 0700); 432 433 if (fd < 0) 434 return; 435 436 /* 437 * See that ftruncate(2) works 438 * while the file is mapped. 439 */ 440 ATF_REQUIRE(ftruncate(fd, page) == 0); 441 442 map = mmap(NULL, page, PROT_READ | PROT_WRITE, MAP_FILE|MAP_PRIVATE, 443 fd, 0); 444 ATF_REQUIRE(map != MAP_FAILED); 445 446 for (i = 0; i < page; i++) 447 map[i] = 'x'; 448 449 ATF_REQUIRE(ftruncate(fd, 0) == 0); 450 ATF_REQUIRE(ftruncate(fd, page / 8) == 0); 451 ATF_REQUIRE(ftruncate(fd, page / 4) == 0); 452 ATF_REQUIRE(ftruncate(fd, page / 2) == 0); 453 ATF_REQUIRE(ftruncate(fd, page / 12) == 0); 454 ATF_REQUIRE(ftruncate(fd, page / 64) == 0); 455 456 ATF_REQUIRE(close(fd) == 0); 457} 458 459ATF_TC_CLEANUP(mmap_truncate, tc) 460{ 461 (void)unlink(path); 462} 463 464ATF_TC_WITH_CLEANUP(mmap_truncate_signal); 465ATF_TC_HEAD(mmap_truncate_signal, tc) 466{ 467 atf_tc_set_md_var(tc, "descr", 468 "Test mmap(2) ftruncate(2) causing signal"); 469} 470 471ATF_TC_BODY(mmap_truncate_signal, tc) 472{ 473 char *map; 474 long i; 475 int fd, sta; 476 pid_t pid; 477 478#ifdef __FreeBSD__ 479 atf_tc_expect_fail("testcase fails with SIGSEGV on FreeBSD; bug # 211924"); 480#endif 481 482 fd = open(path, O_RDWR | O_CREAT, 0700); 483 484 if (fd < 0) 485 return; 486 487 ATF_REQUIRE(write(fd, "foo\n", 5) == 5); 488 489 map = mmap(NULL, page, PROT_READ, MAP_FILE|MAP_PRIVATE, fd, 0); 490 ATF_REQUIRE(map != MAP_FAILED); 491 492 sta = 0; 493 for (i = 0; i < 5; i++) 494 sta += map[i]; 495 ATF_REQUIRE(sta == 334); 496 497 ATF_REQUIRE(ftruncate(fd, 0) == 0); 498 pid = fork(); 499 ATF_REQUIRE(pid >= 0); 500 501 if (pid == 0) { 502 ATF_REQUIRE(signal(SIGBUS, map_sighandler) != SIG_ERR); 503 ATF_REQUIRE(signal(SIGSEGV, map_sighandler) != SIG_ERR); 504 sta = 0; 505 for (i = 0; i < page; i++) 506 sta += map[i]; 507 /* child never will get this far, but the compiler will 508 not know, so better use the values calculated to 509 prevent the access to be optimized out */ 510 ATF_REQUIRE(i == 0); 511 ATF_REQUIRE(sta == 0); 512 return; 513 } 514 515 (void)wait(&sta); 516 517 ATF_REQUIRE(WIFEXITED(sta) != 0); 518 if (WEXITSTATUS(sta) == SIGSEGV) 519 atf_tc_fail("child process got SIGSEGV instead of SIGBUS"); 520 ATF_REQUIRE(WEXITSTATUS(sta) == SIGBUS); 521 ATF_REQUIRE(munmap(map, page) == 0); 522 ATF_REQUIRE(close(fd) == 0); 523} 524 525ATF_TC_CLEANUP(mmap_truncate_signal, tc) 526{ 527 (void)unlink(path); 528} 529 530ATF_TC(mmap_va0); 531ATF_TC_HEAD(mmap_va0, tc) 532{ 533 atf_tc_set_md_var(tc, "descr", "Test mmap(2) and vm.user_va0_disable"); 534} 535 536ATF_TC_BODY(mmap_va0, tc) 537{ 538 int flags = MAP_ANON | MAP_FIXED | MAP_PRIVATE; 539 size_t len = sizeof(int); 540 void *map; 541 int val; 542 543 /* 544 * Make an anonymous fixed mapping at zero address. If the address 545 * is restricted as noted in security(7), the syscall should fail. 546 */ 547#ifdef __FreeBSD__ 548 if (sysctlbyname("security.bsd.map_at_zero", &val, &len, NULL, 0) != 0) 549 atf_tc_fail("failed to read security.bsd.map_at_zero"); 550 val = !val; /* 1 == enable map at zero */ 551#endif 552#ifdef __NetBSD__ 553 if (sysctlbyname("vm.user_va0_disable", &val, &len, NULL, 0) != 0) 554 atf_tc_fail("failed to read vm.user_va0_disable"); 555#endif 556 557 map = mmap(NULL, page, PROT_EXEC, flags, -1, 0); 558 map_check(map, val); 559 560 map = mmap(NULL, page, PROT_READ, flags, -1, 0); 561 map_check(map, val); 562 563 map = mmap(NULL, page, PROT_WRITE, flags, -1, 0); 564 map_check(map, val); 565 566 map = mmap(NULL, page, PROT_READ|PROT_WRITE, flags, -1, 0); 567 map_check(map, val); 568 569 map = mmap(NULL, page, PROT_EXEC|PROT_READ|PROT_WRITE, flags, -1, 0); 570 map_check(map, val); 571} 572 573ATF_TP_ADD_TCS(tp) 574{ 575 page = sysconf(_SC_PAGESIZE); 576 ATF_REQUIRE(page >= 0); 577 578#ifdef __NetBSD__ 579 ATF_TP_ADD_TC(tp, mmap_block); 580#endif 581 ATF_TP_ADD_TC(tp, mmap_err); 582 ATF_TP_ADD_TC(tp, mmap_loan); 583 ATF_TP_ADD_TC(tp, mmap_prot_1); 584 ATF_TP_ADD_TC(tp, mmap_prot_2); 585 ATF_TP_ADD_TC(tp, mmap_prot_3); 586 ATF_TP_ADD_TC(tp, mmap_truncate); 587 ATF_TP_ADD_TC(tp, mmap_truncate_signal); 588 ATF_TP_ADD_TC(tp, mmap_va0); 589 590 return atf_no_error(); 591} 592