[LTP] [PATCH] syscalls/recvmsg03.c: add new testcase

[LTP] [PATCH] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

If the size of address for receiving data is set larger than actaul
size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.

This bug has been fixed by the following kernel commit:
06b6a1cf6e776426766298d055bb3991957d90a7(rds: set correct msg_namelen)

Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
 runtest/syscalls                              |   1 +
 testcases/kernel/syscalls/.gitignore          |   1 +
 testcases/kernel/syscalls/recvmsg/recvmsg03.c | 195 ++++++++++++++++++++++++++
 3 files changed, 197 insertions(+)
 create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c

diff --git a/runtest/syscalls b/runtest/syscalls
index b781241..4c87f45 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -869,6 +869,7 @@ recvfrom01 recvfrom01
 
 recvmsg01 recvmsg01
 recvmsg02 recvmsg02
+recvmsg03 recvmsg03
 
 remap_file_pages01 remap_file_pages01
 remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index f53cc05..1229720 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
 /recvfrom/recvfrom01
 /recvmsg/recvmsg01
 /recvmsg/recvmsg02
+/recvmsg/recvmsg03
 /remap_file_pages/remap_file_pages01
 /remap_file_pages/remap_file_pages02
 /removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..c4225c4
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than actaul size,
+ * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static int rds_flag;
+
+static void setup(void)
+{
+	int acc_res, load_res;
+	const char *cmd[] = {"modprobe", "-i", "rds", NULL};
+
+	acc_res = access("/proc/sys/net/rds", F_OK);
+	if (acc_res == -1 && errno == ENOENT) {
+		load_res = tst_run_cmd(cmd, NULL, NULL, 1);
+		if (load_res) {
+			tst_brk(TCONF, "failed to loaded rds module, "
+				"so rds modeule was not support by system");
+		} else {
+			tst_res(TINFO, "succeeded to load rds module");
+			rds_flag = 1;
+		}
+	}
+
+	if (acc_res == -1 && errno != ENOENT)
+		tst_brk(TFAIL | TERRNO, "failed to check rds module");
+
+	tst_res(TINFO, "rds module was supported by system");
+}
+
+static void cleanup(void)
+{
+	int unload_res;
+	const char *cmd[] = {"modprobe", "-r", "rds", NULL};
+
+	if (rds_flag == 1) {
+		unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
+		if (unload_res)
+			tst_res(TWARN | TERRNO, "failed to unload rds module");
+		else
+			tst_res(TINFO, "succeeded to unload rds modules");
+	}
+}
+
+static void client(void)
+{
+	int sock_fd1;
+	char sendBuffer[128] = "hello world";
+	struct sockaddr_in serverAddr;
+	struct sockaddr_in toAddr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&serverAddr, 0, sizeof(serverAddr));
+	serverAddr.sin_family = AF_INET;
+	serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	serverAddr.sin_port = htons(4001);
+
+	SAFE_BIND(sock_fd1, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
+
+	memset(&toAddr, 0, sizeof(toAddr));
+
+	toAddr.sin_family = AF_INET;
+	toAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	toAddr.sin_port = htons(4000);
+	msg.msg_name = &toAddr;
+	msg.msg_namelen = sizeof(toAddr);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = sendBuffer;
+	msg.msg_iov->iov_len = strlen(sendBuffer) + 1;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	if (sendmsg(sock_fd1, &msg, 0) == -1) {
+		tst_brk(TFAIL | TERRNO,
+			"sendmsg() failed to send data to server");
+	}
+
+	SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+	int sock_fd, sock_fd2;
+	static char recvBuffer[128];
+	struct sockaddr_in serverAddr;
+	struct sockaddr_in fromAddr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+	sock_fd = sock_fd2;
+
+	memset(&serverAddr, 0, sizeof(serverAddr));
+	serverAddr.sin_family = AF_INET;
+	serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	serverAddr.sin_port = htons(4000);
+
+	SAFE_BIND(sock_fd2, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
+
+	msg.msg_name = &fromAddr;
+	msg.msg_namelen = sizeof(fromAddr) + 16;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = recvBuffer;
+	msg.msg_iov->iov_len = 128;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	TST_CHECKPOINT_WAKE(0);
+
+	TEST(recvmsg(sock_fd2, &msg, 0));
+	if (TEST_RETURN == -1) {
+		tst_res(TFAIL | TERRNO,
+		"recvmsg() failed to recvice data from client");
+		return;
+	}
+
+	if (msg.msg_namelen != sizeof(fromAddr)) {
+		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+			"expected %lu", msg.msg_namelen, sizeof(fromAddr));
+		return;
+	}
+
+	if (sock_fd2 != sock_fd) {
+		tst_res(TFAIL, "sock_fd was destroyed");
+		return;
+	}
+
+	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
+		"not destroyed", msg.msg_namelen);
+
+	SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+	pid_t pid;
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		TST_CHECKPOINT_WAIT(0);
+		client();
+	} else {
+		server();
+	}
+}
+
+static struct tst_test test = {
+	.tid = "recvmsg03",
+	.forks_child = 1,
+	.needs_checkpoints = 1,
+	.setup = setup,
+	.cleanup = cleanup,
+	.test_all = verify_recvmsg
+};
-- 
1.8.3.1

[LTP] [PATCH] syscalls/recvmsg03.c: add new testcase

[Cyril Hrubis]

Hi!
> +static void setup(void)
> +{
> +	int acc_res, load_res;
> +	const char *cmd[] = {"modprobe", "-i", "rds", NULL};
> +
> +	acc_res = access("/proc/sys/net/rds", F_OK);
> +	if (acc_res == -1 && errno == ENOENT) {
> +		load_res = tst_run_cmd(cmd, NULL, NULL, 1);
> +		if (load_res) {
> +			tst_brk(TCONF, "failed to loaded rds module, "
> +				"so rds modeule was not support by system");
> +		} else {
> +			tst_res(TINFO, "succeeded to load rds module");
> +			rds_flag = 1;

No need for the else branch here, the tst_brk() will exit test if it's
reached.

Also if you just do return; here then you can just later do:

tst_brk(TFAIL | TERRNO, "failed to check rds module");

> +		}
> +	}
> +
> +	if (acc_res == -1 && errno != ENOENT)
> +		tst_brk(TFAIL | TERRNO, "failed to check rds module");

Once you get here the errno may be changed several times by library
functions called from tst_run_cmd() and tst_res().

The errno is per thread global variable used by most of the glibc
functions. Once you call something that may change its value is
undefined.

> +	tst_res(TINFO, "rds module was supported by system");
> +}
> +
> +static void cleanup(void)
> +{
> +	int unload_res;
> +	const char *cmd[] = {"modprobe", "-r", "rds", NULL};
> +
> +	if (rds_flag == 1) {
> +		unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
> +		if (unload_res)
> +			tst_res(TWARN | TERRNO, "failed to unload rds module");
> +		else
> +			tst_res(TINFO, "succeeded to unload rds modules");
> +	}
> +}
> +
> +static void client(void)
> +{
> +	int sock_fd1;
> +	char sendBuffer[128] = "hello world";
> +	struct sockaddr_in serverAddr;
> +	struct sockaddr_in toAddr;

Mixed case is frowned upon in LKML coding style. So these should rather
be send_buf, server_addr, etc...

> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> +	memset(&serverAddr, 0, sizeof(serverAddr));
> +	serverAddr.sin_family = AF_INET;
> +	serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	serverAddr.sin_port = htons(4001);
> +
> +	SAFE_BIND(sock_fd1, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
> +
> +	memset(&toAddr, 0, sizeof(toAddr));
> +
> +	toAddr.sin_family = AF_INET;
> +	toAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	toAddr.sin_port = htons(4000);
> +	msg.msg_name = &toAddr;
> +	msg.msg_namelen = sizeof(toAddr);
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = sendBuffer;
> +	msg.msg_iov->iov_len = strlen(sendBuffer) + 1;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	if (sendmsg(sock_fd1, &msg, 0) == -1) {
> +		tst_brk(TFAIL | TERRNO,
> +			"sendmsg() failed to send data to server");
> +	}
> +
> +	SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> +	int sock_fd, sock_fd2;
> +	static char recvBuffer[128];
> +	struct sockaddr_in serverAddr;
> +	struct sockaddr_in fromAddr;
> +	struct msghdr msg;
> +	struct iovec iov;

Here as well.

> +	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +	sock_fd = sock_fd2;
> +
> +	memset(&serverAddr, 0, sizeof(serverAddr));
> +	serverAddr.sin_family = AF_INET;
> +	serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	serverAddr.sin_port = htons(4000);
> +
> +	SAFE_BIND(sock_fd2, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
> +
> +	msg.msg_name = &fromAddr;
> +	msg.msg_namelen = sizeof(fromAddr) + 16;
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = recvBuffer;
> +	msg.msg_iov->iov_len = 128;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	TST_CHECKPOINT_WAKE(0);
> +
> +	TEST(recvmsg(sock_fd2, &msg, 0));
> +	if (TEST_RETURN == -1) {
> +		tst_res(TFAIL | TERRNO,
> +		"recvmsg() failed to recvice data from client");
> +		return;
> +	}
> +
> +	if (msg.msg_namelen != sizeof(fromAddr)) {
> +		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> +			"expected %lu", msg.msg_namelen, sizeof(fromAddr));
> +		return;
> +	}
> +
> +	if (sock_fd2 != sock_fd) {
> +		tst_res(TFAIL, "sock_fd was destroyed");
> +		return;
> +	}
> +
> +	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
> +		"not destroyed", msg.msg_namelen);
> +
> +	SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> +	pid_t pid;
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		TST_CHECKPOINT_WAIT(0);
> +		client();
> +	} else {
> +		server();
> +	}
> +}
> +
> +static struct tst_test test = {
> +	.tid = "recvmsg03",
> +	.forks_child = 1,
> +	.needs_checkpoints = 1,
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.test_all = verify_recvmsg
> +};
> -- 
> 1.8.3.1
> 
> 
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

If the size of address for receiving data is set larger than actaul
size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.

This bug has been fixed by the following kernel patch:
'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'

Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
 runtest/syscalls                              |   1 +
 testcases/kernel/syscalls/.gitignore          |   1 +
 testcases/kernel/syscalls/recvmsg/recvmsg03.c | 196 ++++++++++++++++++++++++++
 3 files changed, 198 insertions(+)
 create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c

diff --git a/runtest/syscalls b/runtest/syscalls
index b781241..4c87f45 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -869,6 +869,7 @@ recvfrom01 recvfrom01
 
 recvmsg01 recvmsg01
 recvmsg02 recvmsg02
+recvmsg03 recvmsg03
 
 remap_file_pages01 remap_file_pages01
 remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index f53cc05..1229720 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
 /recvfrom/recvfrom01
 /recvmsg/recvmsg01
 /recvmsg/recvmsg02
+/recvmsg/recvmsg03
 /remap_file_pages/remap_file_pages01
 /remap_file_pages/remap_file_pages02
 /removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..23ed23b
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than actaul size,
+ * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static int rds_flag;
+
+static void setup(void)
+{
+	int acc_res, load_res;
+	const char *cmd[] = {"modprobe", "-i", "rds", NULL};
+
+	acc_res = access("/proc/sys/net/rds", F_OK);
+	if (acc_res == -1 && errno != ENOENT)
+		tst_brk(TFAIL | TERRNO, "failed to check rds module");
+
+	if (acc_res == -1 && errno == ENOENT) {
+		load_res = tst_run_cmd(cmd, NULL, NULL, 1);
+		if (load_res) {
+			tst_brk(TCONF, "failed to loaded rds module, "
+				"so rds modeule was not support by system");
+		}
+
+		tst_res(TINFO, "succeeded to load rds module");
+		rds_flag = 1;
+	}
+
+	tst_res(TINFO, "rds module was supported by system");
+}
+
+static void cleanup(void)
+{
+	int unload_res;
+	const char *cmd[] = {"modprobe", "-r", "rds", NULL};
+
+	if (rds_flag == 1) {
+		unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
+		if (unload_res)
+			tst_res(TWARN | TERRNO, "failed to unload rds module");
+		else
+			tst_res(TINFO, "succeeded to unload rds modules");
+	}
+}
+
+static void client(void)
+{
+	int sock_fd1;
+	char send_buf[128] = "hello world";
+	struct sockaddr_in server_addr;
+	struct sockaddr_in to_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4001);
+
+	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	memset(&to_addr, 0, sizeof(to_addr));
+
+	to_addr.sin_family = AF_INET;
+	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	to_addr.sin_port = htons(4000);
+	msg.msg_name = &to_addr;
+	msg.msg_namelen = sizeof(to_addr);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = send_buf;
+	msg.msg_iov->iov_len = strlen(send_buf) + 1;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	if (sendmsg(sock_fd1, &msg, 0) == -1) {
+		tst_brk(TFAIL | TERRNO,
+			"sendmsg() failed to send data to server");
+	}
+
+	SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+	int sock_fd, sock_fd2;
+	static char recv_buf[128];
+	struct sockaddr_in server_addr;
+	struct sockaddr_in from_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+	sock_fd = sock_fd2;
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4000);
+
+	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	msg.msg_name = &from_addr;
+	msg.msg_namelen = sizeof(from_addr) + 16;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = recv_buf;
+	msg.msg_iov->iov_len = 128;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	TST_CHECKPOINT_WAKE(0);
+
+	TEST(recvmsg(sock_fd2, &msg, 0));
+	if (TEST_RETURN == -1) {
+		tst_res(TFAIL | TERRNO,
+		"recvmsg() failed to recvice data from client");
+		goto end;
+	}
+
+	if (msg.msg_namelen != sizeof(from_addr)) {
+		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+			"expected %lu", msg.msg_namelen, sizeof(from_addr));
+		goto end;
+	}
+
+	if (sock_fd2 != sock_fd) {
+		tst_res(TFAIL, "sock_fd was destroyed");
+		goto end;
+	}
+
+	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
+		"not destroyed", msg.msg_namelen);
+
+end:
+	SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+	pid_t pid;
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		TST_CHECKPOINT_WAIT(0);
+		client();
+	} else {
+		server();
+	}
+}
+
+static struct tst_test test = {
+	.tid = "recvmsg03",
+	.forks_child = 1,
+	.needs_checkpoints = 1,
+	.setup = setup,
+	.cleanup = cleanup,
+	.test_all = verify_recvmsg
+};
-- 
1.8.3.1

[LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

If the size of address for receiving data is set larger than actaul
size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.

This bug has been fixed by the following kernel commit:
06b6a1cf6e776426766298d055bb3991957d90a7(rds: set correct msg_namelen)

Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
 runtest/syscalls                              |   1 +
 testcases/kernel/syscalls/.gitignore          |   1 +
 testcases/kernel/syscalls/recvmsg/recvmsg03.c | 172 ++++++++++++++++++++++++++
 3 files changed, 174 insertions(+)
 create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 7c84296..5895889 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -870,6 +870,7 @@ recvfrom01 recvfrom01
 
 recvmsg01 recvmsg01
 recvmsg02 recvmsg02
+recvmsg03 recvmsg03
 
 remap_file_pages01 remap_file_pages01
 remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index f53cc05..1229720 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
 /recvfrom/recvfrom01
 /recvmsg/recvmsg01
 /recvmsg/recvmsg02
+/recvmsg/recvmsg03
 /remap_file_pages/remap_file_pages01
 /remap_file_pages/remap_file_pages02
 /removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..8683721
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than actaul size,
+ * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static void setup(void)
+{
+	int res;
+
+	res = socket(AF_RDS, SOCK_SEQPACKET, 0);
+	if (res == -1) {
+		if (errno == EAFNOSUPPORT)
+			tst_brk(TCONF, "rds was not supported");
+		else
+			tst_brk(TBROK | TERRNO, "socket() failed with rds");
+	}
+
+	SAFE_CLOSE(res);
+}
+
+static void client(void)
+{
+	int sock_fd1;
+	char send_buf[128] = "hello world";
+	struct sockaddr_in server_addr;
+	struct sockaddr_in to_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4001);
+
+	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	memset(&to_addr, 0, sizeof(to_addr));
+
+	to_addr.sin_family = AF_INET;
+	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	to_addr.sin_port = htons(4000);
+	msg.msg_name = &to_addr;
+	msg.msg_namelen = sizeof(to_addr);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = send_buf;
+	msg.msg_iov->iov_len = strlen(send_buf) + 1;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	if (sendmsg(sock_fd1, &msg, 0) == -1) {
+		tst_brk(TBROK | TERRNO,
+			"sendmsg() failed to send data to server");
+	}
+
+	SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+	int sock_fd, sock_fd2;
+	static char recv_buf[128];
+	struct sockaddr_in server_addr;
+	struct sockaddr_in from_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+	sock_fd = sock_fd2;
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4000);
+
+	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	msg.msg_name = &from_addr;
+	msg.msg_namelen = sizeof(from_addr) + 16;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = recv_buf;
+	msg.msg_iov->iov_len = 128;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	TST_CHECKPOINT_WAKE(0);
+
+	TEST(recvmsg(sock_fd2, &msg, 0));
+	if (TEST_RETURN == -1) {
+		tst_res(TFAIL | TERRNO,
+		"recvmsg() failed to recvice data from client");
+		goto end;
+	}
+
+	if (msg.msg_namelen != sizeof(from_addr)) {
+		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+			"expected %lu", msg.msg_namelen, sizeof(from_addr));
+		goto end;
+	}
+
+	if (sock_fd2 != sock_fd) {
+		tst_res(TFAIL, "sock_fd was destroyed");
+		goto end;
+	}
+
+	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
+		"not destroyed", msg.msg_namelen);
+
+end:
+	SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+	pid_t pid;
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		TST_CHECKPOINT_WAIT(0);
+		client();
+	} else {
+		server();
+		SAFE_WAIT(NULL);
+	}
+}
+
+static struct tst_test test = {
+	.tid = "recvmsg03",
+	.forks_child = 1,
+	.needs_checkpoints = 1,
+	.setup = setup,
+	.test_all = verify_recvmsg
+};
-- 
1.8.3.1

[LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

Hi Cyril

Please ignore the v2 patch，i will resend it.

Thanks,
Xiao Yang
On 2016/11/01 10:24, Xiao Yang wrote:
> If the size of address for receiving data is set larger than actaul
> size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
>
> This bug has been fixed by the following kernel patch:
> 'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
>  runtest/syscalls                              |   1 +
>  testcases/kernel/syscalls/.gitignore          |   1 +
>  testcases/kernel/syscalls/recvmsg/recvmsg03.c | 196 ++++++++++++++++++++++++++
>  3 files changed, 198 insertions(+)
>  create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index b781241..4c87f45 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -869,6 +869,7 @@ recvfrom01 recvfrom01
>  
>  recvmsg01 recvmsg01
>  recvmsg02 recvmsg02
> +recvmsg03 recvmsg03
>  
>  remap_file_pages01 remap_file_pages01
>  remap_file_pages02 remap_file_pages02
> diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
> index f53cc05..1229720 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -725,6 +725,7 @@
>  /recvfrom/recvfrom01
>  /recvmsg/recvmsg01
>  /recvmsg/recvmsg02
> +/recvmsg/recvmsg03
>  /remap_file_pages/remap_file_pages01
>  /remap_file_pages/remap_file_pages02
>  /removexattr/removexattr01
> diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> new file mode 100644
> index 0000000..23ed23b
> --- /dev/null
> +++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> @@ -0,0 +1,196 @@
> +/*
> + * Copyright(c) 2016 Fujitsu Ltd.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * You should have received a copy of the GNU General Public License
> + * alone with this program.
> + */
> +
> +/*
> + * Test Name: recvmsg03
> + *
> + * This test needs that rds socket is supported by system.
> + * If the size of address for receiving data is set larger than actaul size,
> + * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
> + *
> + * Description:
> + * This is a regression test and has been fixed by kernel commit:
> + * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
> + */
> +
> +#include <errno.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +#include <stdio.h>
> +
> +#include "tst_test.h"
> +
> +#ifndef AF_RDS
> +# define AF_RDS 21
> +#endif
> +
> +static int rds_flag;
> +
> +static void setup(void)
> +{
> +	int acc_res, load_res;
> +	const char *cmd[] = {"modprobe", "-i", "rds", NULL};
> +
> +	acc_res = access("/proc/sys/net/rds", F_OK);
> +	if (acc_res == -1 && errno != ENOENT)
> +		tst_brk(TFAIL | TERRNO, "failed to check rds module");
> +
> +	if (acc_res == -1 && errno == ENOENT) {
> +		load_res = tst_run_cmd(cmd, NULL, NULL, 1);
> +		if (load_res) {
> +			tst_brk(TCONF, "failed to loaded rds module, "
> +				"so rds modeule was not support by system");
> +		}
> +
> +		tst_res(TINFO, "succeeded to load rds module");
> +		rds_flag = 1;
> +	}
> +
> +	tst_res(TINFO, "rds module was supported by system");
> +}
> +
> +static void cleanup(void)
> +{
> +	int unload_res;
> +	const char *cmd[] = {"modprobe", "-r", "rds", NULL};
> +
> +	if (rds_flag == 1) {
> +		unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
> +		if (unload_res)
> +			tst_res(TWARN | TERRNO, "failed to unload rds module");
> +		else
> +			tst_res(TINFO, "succeeded to unload rds modules");
> +	}
> +}
> +
> +static void client(void)
> +{
> +	int sock_fd1;
> +	char send_buf[128] = "hello world";
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in to_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4001);
> +
> +	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	memset(&to_addr, 0, sizeof(to_addr));
> +
> +	to_addr.sin_family = AF_INET;
> +	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	to_addr.sin_port = htons(4000);
> +	msg.msg_name = &to_addr;
> +	msg.msg_namelen = sizeof(to_addr);
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = send_buf;
> +	msg.msg_iov->iov_len = strlen(send_buf) + 1;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	if (sendmsg(sock_fd1, &msg, 0) == -1) {
> +		tst_brk(TFAIL | TERRNO,
> +			"sendmsg() failed to send data to server");
> +	}
> +
> +	SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> +	int sock_fd, sock_fd2;
> +	static char recv_buf[128];
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in from_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +	sock_fd = sock_fd2;
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4000);
> +
> +	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	msg.msg_name = &from_addr;
> +	msg.msg_namelen = sizeof(from_addr) + 16;
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = recv_buf;
> +	msg.msg_iov->iov_len = 128;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	TST_CHECKPOINT_WAKE(0);
> +
> +	TEST(recvmsg(sock_fd2, &msg, 0));
> +	if (TEST_RETURN == -1) {
> +		tst_res(TFAIL | TERRNO,
> +		"recvmsg() failed to recvice data from client");
> +		goto end;
> +	}
> +
> +	if (msg.msg_namelen != sizeof(from_addr)) {
> +		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> +			"expected %lu", msg.msg_namelen, sizeof(from_addr));
> +		goto end;
> +	}
> +
> +	if (sock_fd2 != sock_fd) {
> +		tst_res(TFAIL, "sock_fd was destroyed");
> +		goto end;
> +	}
> +
> +	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
> +		"not destroyed", msg.msg_namelen);
> +
> +end:
> +	SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> +	pid_t pid;
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		TST_CHECKPOINT_WAIT(0);
> +		client();
> +	} else {
> +		server();
> +	}
> +}
> +
> +static struct tst_test test = {
> +	.tid = "recvmsg03",
> +	.forks_child = 1,
> +	.needs_checkpoints = 1,
> +	.setup = setup,
> +	.cleanup = cleanup,
> +	.test_all = verify_recvmsg
> +};

[LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase

[Cyril Hrubis]

Hi!
> +static void server(void)
> +{
> +	int sock_fd, sock_fd2;
> +	static char recv_buf[128];
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in from_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +	sock_fd = sock_fd2;
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4000);
> +
> +	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	msg.msg_name = &from_addr;
> +	msg.msg_namelen = sizeof(from_addr) + 16;
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = recv_buf;
> +	msg.msg_iov->iov_len = 128;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	TST_CHECKPOINT_WAKE(0);
> +
> +	TEST(recvmsg(sock_fd2, &msg, 0));
> +	if (TEST_RETURN == -1) {
> +		tst_res(TFAIL | TERRNO,
> +		"recvmsg() failed to recvice data from client");
> +		goto end;
> +	}
> +
> +	if (msg.msg_namelen != sizeof(from_addr)) {
> +		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> +			"expected %lu", msg.msg_namelen, sizeof(from_addr));
> +		goto end;
> +	}
> +
> +	if (sock_fd2 != sock_fd) {
> +		tst_res(TFAIL, "sock_fd was destroyed");
> +		goto end;
> +	}
> +
> +	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
> +		"not destroyed", msg.msg_namelen);
> +
> +end:
> +	SAFE_CLOSE(sock_fd2);

I'm a bit confused here, which one of the sock_fd/sock_fd2 is destroyed?

Looking at the original code in the kernel commit the sock_fd there is
stored on the stack directly after the sockaddr_in from_addr so I guess
that the kernel will actually write a few bytes after the end of
from_addr structure in this case, which will rewrite the msghrd msg in
your code. Does the test actually fail on kernel without the fix?

> +}
> +
> +static void verify_recvmsg(void)
> +{
> +	pid_t pid;
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		TST_CHECKPOINT_WAIT(0);
> +		client();
> +	} else {
> +		server();
> +		SAFE_WAIT(NULL);

We should rather call tst_reap_children() in this case instead of the
WAIT since otherwise TBROK from the client() function will not get
propagated.

> +	}
> +}
> +
> +static struct tst_test test = {
> +	.tid = "recvmsg03",
> +	.forks_child = 1,
> +	.needs_checkpoints = 1,
> +	.setup = setup,
> +	.test_all = verify_recvmsg
> +};
> -- 
> 1.8.3.1
> 
> 
> 

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

If the size of address for receiving data is set larger than
actaul size, recvmsg() will set msg_namelen incorrectly.

This bug has been fixed by the following kernel patch:
'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'

Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
 runtest/syscalls                              |   1 +
 testcases/kernel/syscalls/.gitignore          |   1 +
 testcases/kernel/syscalls/recvmsg/recvmsg03.c | 163 ++++++++++++++++++++++++++
 3 files changed, 165 insertions(+)
 create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c

diff --git a/runtest/syscalls b/runtest/syscalls
index e6b36ae..5543eac 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -870,6 +870,7 @@ recvfrom01 recvfrom01
 
 recvmsg01 recvmsg01
 recvmsg02 recvmsg02
+recvmsg03 recvmsg03
 
 remap_file_pages01 remap_file_pages01
 remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index 0807e17..170b889 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
 /recvfrom/recvfrom01
 /recvmsg/recvmsg01
 /recvmsg/recvmsg02
+/recvmsg/recvmsg03
 /remap_file_pages/remap_file_pages01
 /remap_file_pages/remap_file_pages02
 /removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..bee9c12
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than
+ * actaul size, recvmsg() will set msg_namelen incorrectly.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static void setup(void)
+{
+	int res;
+
+	res = socket(AF_RDS, SOCK_SEQPACKET, 0);
+	if (res == -1) {
+		if (errno == EAFNOSUPPORT)
+			tst_brk(TCONF, "rds was not supported");
+		else
+			tst_brk(TBROK | TERRNO, "socket() failed with rds");
+	}
+
+	SAFE_CLOSE(res);
+}
+
+static void client(void)
+{
+	int sock_fd1;
+	char send_buf[128] = "hello world";
+	struct sockaddr_in server_addr;
+	struct sockaddr_in to_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4001);
+
+	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	memset(&to_addr, 0, sizeof(to_addr));
+
+	to_addr.sin_family = AF_INET;
+	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	to_addr.sin_port = htons(4000);
+	msg.msg_name = &to_addr;
+	msg.msg_namelen = sizeof(to_addr);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = send_buf;
+	msg.msg_iov->iov_len = strlen(send_buf) + 1;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	if (sendmsg(sock_fd1, &msg, 0) == -1) {
+		tst_brk(TBROK | TERRNO,
+			"sendmsg() failed to send data to server");
+	}
+
+	SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+	int sock_fd2;
+	static char recv_buf[128];
+	struct sockaddr_in server_addr;
+	struct sockaddr_in from_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4000);
+
+	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	msg.msg_name = &from_addr;
+	msg.msg_namelen = sizeof(from_addr) + 16;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = recv_buf;
+	msg.msg_iov->iov_len = 128;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	TST_CHECKPOINT_WAKE(0);
+
+	TEST(recvmsg(sock_fd2, &msg, 0));
+	if (TEST_RETURN == -1) {
+		tst_brk(TBROK | TTERRNO,
+		"recvmsg() failed to recvice data from client");
+	}
+
+	if (msg.msg_namelen != sizeof(from_addr)) {
+		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+			"expected %lu", msg.msg_namelen, sizeof(from_addr));
+	} else {
+		tst_res(TPASS, "msg_namelen was set to %u correctly",
+			msg.msg_namelen);
+	}
+
+	SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+	pid_t pid;
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		TST_CHECKPOINT_WAIT(0);
+		client();
+	} else {
+		server();
+		tst_reap_children();
+	}
+}
+
+static struct tst_test test = {
+	.tid = "recvmsg03",
+	.forks_child = 1,
+	.needs_checkpoints = 1,
+	.setup = setup,
+	.test_all = verify_recvmsg
+};
-- 
1.8.3.1

[LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

On 2016/11/02 21:06, Cyril Hrubis wrote:
> Hi!
>> +static void server(void)
>> +{
>> +	int sock_fd, sock_fd2;
>> +	static char recv_buf[128];
>> +	struct sockaddr_in server_addr;
>> +	struct sockaddr_in from_addr;
>> +	struct msghdr msg;
>> +	struct iovec iov;
>> +
>> +	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
>> +	sock_fd = sock_fd2;
>> +
>> +	memset(&server_addr, 0, sizeof(server_addr));
>> +	server_addr.sin_family = AF_INET;
>> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
>> +	server_addr.sin_port = htons(4000);
>> +
>> +	SAFE_BIND(sock_fd2, (struct sockaddr *)&server_addr, sizeof(server_addr));
>> +
>> +	msg.msg_name =&from_addr;
>> +	msg.msg_namelen = sizeof(from_addr) + 16;
>> +	msg.msg_iov =&iov;
>> +	msg.msg_iovlen = 1;
>> +	msg.msg_iov->iov_base = recv_buf;
>> +	msg.msg_iov->iov_len = 128;
>> +	msg.msg_control = 0;
>> +	msg.msg_controllen = 0;
>> +	msg.msg_flags = 0;
>> +
>> +	TST_CHECKPOINT_WAKE(0);
>> +
>> +	TEST(recvmsg(sock_fd2,&msg, 0));
>> +	if (TEST_RETURN == -1) {
>> +		tst_res(TFAIL | TERRNO,
>> +		"recvmsg() failed to recvice data from client");
>> +		goto end;
>> +	}
>> +
>> +	if (msg.msg_namelen != sizeof(from_addr)) {
>> +		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
>> +			"expected %lu", msg.msg_namelen, sizeof(from_addr));
>> +		goto end;
>> +	}
>> +
>> +	if (sock_fd2 != sock_fd) {
>> +		tst_res(TFAIL, "sock_fd was destroyed");
>> +		goto end;
>> +	}
>> +
>> +	tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
>> +		"not destroyed", msg.msg_namelen);
>> +
>> +end:
>> +	SAFE_CLOSE(sock_fd2);
> I'm a bit confused here, which one of the sock_fd/sock_fd2 is destroyed?
>
> Looking at the original code in the kernel commit the sock_fd there is
> stored on the stack directly after the sockaddr_in from_addr so I guess
> that the kernel will actually write a few bytes after the end of
> from_addr structure in this case, which will rewrite the msghrd msg in
> your code. Does the test actually fail on kernel without the fix?
>
Hi Cyril

I am sorry  for the late response.  the msghrd msg was rewritten but 
sock_fd2 was not destroyed
on v3.5 kernel without the fix patch, so i will remove the code about 
checking sock_fd.

Thanks,
Xiao Yang
>> +}
>> +
>> +static void verify_recvmsg(void)
>> +{
>> +	pid_t pid;
>> +
>> +	pid = SAFE_FORK();
>> +	if (pid == 0) {
>> +		TST_CHECKPOINT_WAIT(0);
>> +		client();
>> +	} else {
>> +		server();
>> +		SAFE_WAIT(NULL);
> We should rather call tst_reap_children() in this case instead of the
> WAIT since otherwise TBROK from the client() function will not get
> propagated.
>
>> +	}
>> +}
>> +
>> +static struct tst_test test = {
>> +	.tid = "recvmsg03",
>> +	.forks_child = 1,
>> +	.needs_checkpoints = 1,
>> +	.setup = setup,
>> +	.test_all = verify_recvmsg
>> +};
>> -- 
>> 1.8.3.1
>>
>>
>>

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

Hi Cyril!

Ping :-)

Thanks,
Xiao Yang

On 2016/11/03 15:49, Xiao Yang wrote:
> If the size of address for receiving data is set larger than
> actaul size, recvmsg() will set msg_namelen incorrectly.
>
> This bug has been fixed by the following kernel patch:
> 'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
>  runtest/syscalls                              |   1 +
>  testcases/kernel/syscalls/.gitignore          |   1 +
>  testcases/kernel/syscalls/recvmsg/recvmsg03.c | 163 ++++++++++++++++++++++++++
>  3 files changed, 165 insertions(+)
>  create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index e6b36ae..5543eac 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -870,6 +870,7 @@ recvfrom01 recvfrom01
>  
>  recvmsg01 recvmsg01
>  recvmsg02 recvmsg02
> +recvmsg03 recvmsg03
>  
>  remap_file_pages01 remap_file_pages01
>  remap_file_pages02 remap_file_pages02
> diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
> index 0807e17..170b889 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -725,6 +725,7 @@
>  /recvfrom/recvfrom01
>  /recvmsg/recvmsg01
>  /recvmsg/recvmsg02
> +/recvmsg/recvmsg03
>  /remap_file_pages/remap_file_pages01
>  /remap_file_pages/remap_file_pages02
>  /removexattr/removexattr01
> diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> new file mode 100644
> index 0000000..bee9c12
> --- /dev/null
> +++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> @@ -0,0 +1,163 @@
> +/*
> + * Copyright(c) 2016 Fujitsu Ltd.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * You should have received a copy of the GNU General Public License
> + * alone with this program.
> + */
> +
> +/*
> + * Test Name: recvmsg03
> + *
> + * This test needs that rds socket is supported by system.
> + * If the size of address for receiving data is set larger than
> + * actaul size, recvmsg() will set msg_namelen incorrectly.
> + *
> + * Description:
> + * This is a regression test and has been fixed by kernel commit:
> + * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
> + */
> +
> +#include <errno.h>
> +#include <string.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +
> +#include "tst_test.h"
> +
> +#ifndef AF_RDS
> +# define AF_RDS 21
> +#endif
> +
> +static void setup(void)
> +{
> +	int res;
> +
> +	res = socket(AF_RDS, SOCK_SEQPACKET, 0);
> +	if (res == -1) {
> +		if (errno == EAFNOSUPPORT)
> +			tst_brk(TCONF, "rds was not supported");
> +		else
> +			tst_brk(TBROK | TERRNO, "socket() failed with rds");
> +	}
> +
> +	SAFE_CLOSE(res);
> +}
> +
> +static void client(void)
> +{
> +	int sock_fd1;
> +	char send_buf[128] = "hello world";
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in to_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4001);
> +
> +	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	memset(&to_addr, 0, sizeof(to_addr));
> +
> +	to_addr.sin_family = AF_INET;
> +	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	to_addr.sin_port = htons(4000);
> +	msg.msg_name = &to_addr;
> +	msg.msg_namelen = sizeof(to_addr);
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = send_buf;
> +	msg.msg_iov->iov_len = strlen(send_buf) + 1;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	if (sendmsg(sock_fd1, &msg, 0) == -1) {
> +		tst_brk(TBROK | TERRNO,
> +			"sendmsg() failed to send data to server");
> +	}
> +
> +	SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> +	int sock_fd2;
> +	static char recv_buf[128];
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in from_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4000);
> +
> +	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	msg.msg_name = &from_addr;
> +	msg.msg_namelen = sizeof(from_addr) + 16;
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = recv_buf;
> +	msg.msg_iov->iov_len = 128;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	TST_CHECKPOINT_WAKE(0);
> +
> +	TEST(recvmsg(sock_fd2, &msg, 0));
> +	if (TEST_RETURN == -1) {
> +		tst_brk(TBROK | TTERRNO,
> +		"recvmsg() failed to recvice data from client");
> +	}
> +
> +	if (msg.msg_namelen != sizeof(from_addr)) {
> +		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> +			"expected %lu", msg.msg_namelen, sizeof(from_addr));
> +	} else {
> +		tst_res(TPASS, "msg_namelen was set to %u correctly",
> +			msg.msg_namelen);
> +	}
> +
> +	SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> +	pid_t pid;
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		TST_CHECKPOINT_WAIT(0);
> +		client();
> +	} else {
> +		server();
> +		tst_reap_children();
> +	}
> +}
> +
> +static struct tst_test test = {
> +	.tid = "recvmsg03",
> +	.forks_child = 1,
> +	.needs_checkpoints = 1,
> +	.setup = setup,
> +	.test_all = verify_recvmsg
> +};

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Cyril Hrubis]

Hi!
> Hi Cyril!
> 
> Ping :-)

Any hints on what distribution is this bug reproducible? I've looked
around my collection of virtual machines and everything is either too
old or too new.

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

On 2016/11/15 22:04, Cyril Hrubis wrote:
> Hi!
>> Hi Cyril!
>>
>> Ping :-)
> Any hints on what distribution is this bug reproducible? I've looked
> around my collection of virtual machines and everything is either too
> old or too new.
>
Hi cyril

When I built kernel with CONFIG_RDS enabled,  I have tested it and 
reproduced this bug on
v3.5 kernel without the fix patch.

I will resend the v3 patch because we need to make sure that recvmsg() 
can succeed to get data.

Thanks,
Xiao Yang

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

If the size of address for receiving data is set larger than
actaul size, recvmsg() will set msg_namelen incorrectly.

This bug has been fixed by the following kernel patch:
'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'

Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
 runtest/syscalls                              |   1 +
 testcases/kernel/syscalls/.gitignore          |   1 +
 testcases/kernel/syscalls/recvmsg/recvmsg03.c | 170 ++++++++++++++++++++++++++
 3 files changed, 172 insertions(+)
 create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c

diff --git a/runtest/syscalls b/runtest/syscalls
index 2f2dde5..458cf2f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -869,6 +869,7 @@ recvfrom01 recvfrom01
 
 recvmsg01 recvmsg01
 recvmsg02 recvmsg02
+recvmsg03 recvmsg03
 
 remap_file_pages01 remap_file_pages01
 remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index 348c235..6377bd2 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -724,6 +724,7 @@
 /recvfrom/recvfrom01
 /recvmsg/recvmsg01
 /recvmsg/recvmsg02
+/recvmsg/recvmsg03
 /remap_file_pages/remap_file_pages01
 /remap_file_pages/remap_file_pages02
 /removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..b23a7d1
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than
+ * actaul size, recvmsg() will set msg_namelen incorrectly.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static void setup(void)
+{
+	int res;
+
+	res = socket(AF_RDS, SOCK_SEQPACKET, 0);
+	if (res == -1) {
+		if (errno == EAFNOSUPPORT)
+			tst_brk(TCONF, "rds was not supported");
+		else
+			tst_brk(TBROK | TERRNO, "socket() failed with rds");
+	}
+
+	SAFE_CLOSE(res);
+}
+
+static void client(void)
+{
+	TST_CHECKPOINT_WAIT(0);
+
+	int sock_fd1, count;
+	char send_buf[128] = "hello world";
+	struct sockaddr_in server_addr;
+	struct sockaddr_in to_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4001);
+
+	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	memset(&to_addr, 0, sizeof(to_addr));
+
+	to_addr.sin_family = AF_INET;
+	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	to_addr.sin_port = htons(4000);
+	msg.msg_name = &to_addr;
+	msg.msg_namelen = sizeof(to_addr);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = send_buf;
+	msg.msg_iov->iov_len = strlen(send_buf) + 1;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	/* make sure that recvmsg() can succeed to get data.
+	 * we may not send data successfully when loading rds
+	 * module for the first time.
+	 */
+	for (count = 1; count < 5000; count++) {
+		if (sendmsg(sock_fd1, &msg, 0) == -1) {
+			tst_brk(TBROK | TERRNO,
+				"sendmsg() failed to send data to server");
+		}
+	}
+
+	SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+	int sock_fd2;
+	static char recv_buf[128];
+	struct sockaddr_in server_addr;
+	struct sockaddr_in from_addr;
+	struct msghdr msg;
+	struct iovec iov;
+
+	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+	memset(&server_addr, 0, sizeof(server_addr));
+	server_addr.sin_family = AF_INET;
+	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server_addr.sin_port = htons(4000);
+
+	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+	msg.msg_name = &from_addr;
+	msg.msg_namelen = sizeof(from_addr) + 16;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_iov->iov_base = recv_buf;
+	msg.msg_iov->iov_len = 128;
+	msg.msg_control = 0;
+	msg.msg_controllen = 0;
+	msg.msg_flags = 0;
+
+	TST_CHECKPOINT_WAKE(0);
+
+	TEST(recvmsg(sock_fd2, &msg, 0));
+	if (TEST_RETURN == -1) {
+		tst_brk(TBROK | TTERRNO,
+		"recvmsg() failed to recvice data from client");
+	}
+
+	if (msg.msg_namelen != sizeof(from_addr)) {
+		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+			"expected %lu", msg.msg_namelen, sizeof(from_addr));
+	} else {
+		tst_res(TPASS, "msg_namelen was set to %u correctly",
+			msg.msg_namelen);
+	}
+
+	SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+	pid_t pid;
+
+	pid = SAFE_FORK();
+	if (pid == 0) {
+		client();
+	} else {
+		server();
+		tst_reap_children();
+	}
+}
+
+static struct tst_test test = {
+	.tid = "recvmsg03",
+	.forks_child = 1,
+	.needs_checkpoints = 1,
+	.setup = setup,
+	.test_all = verify_recvmsg
+};
-- 
1.8.3.1

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Xiao Yang]

Hi Cyril

ping:-)

When I built kernel with CONFIG_RDS enabled, I have tested it and
reproduced this bug on
v3.5 kernel without the fix patch.

Thanks,
Xiao Yang

On 2016/11/16 13:37, Xiao Yang wrote:
> If the size of address for receiving data is set larger than
> actaul size, recvmsg() will set msg_namelen incorrectly.
>
> This bug has been fixed by the following kernel patch:
> 'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
>  runtest/syscalls                              |   1 +
>  testcases/kernel/syscalls/.gitignore          |   1 +
>  testcases/kernel/syscalls/recvmsg/recvmsg03.c | 170 ++++++++++++++++++++++++++
>  3 files changed, 172 insertions(+)
>  create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 2f2dde5..458cf2f 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -869,6 +869,7 @@ recvfrom01 recvfrom01
>  
>  recvmsg01 recvmsg01
>  recvmsg02 recvmsg02
> +recvmsg03 recvmsg03
>  
>  remap_file_pages01 remap_file_pages01
>  remap_file_pages02 remap_file_pages02
> diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
> index 348c235..6377bd2 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -724,6 +724,7 @@
>  /recvfrom/recvfrom01
>  /recvmsg/recvmsg01
>  /recvmsg/recvmsg02
> +/recvmsg/recvmsg03
>  /remap_file_pages/remap_file_pages01
>  /remap_file_pages/remap_file_pages02
>  /removexattr/removexattr01
> diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> new file mode 100644
> index 0000000..b23a7d1
> --- /dev/null
> +++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> @@ -0,0 +1,170 @@
> +/*
> + * Copyright(c) 2016 Fujitsu Ltd.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * You should have received a copy of the GNU General Public License
> + * alone with this program.
> + */
> +
> +/*
> + * Test Name: recvmsg03
> + *
> + * This test needs that rds socket is supported by system.
> + * If the size of address for receiving data is set larger than
> + * actaul size, recvmsg() will set msg_namelen incorrectly.
> + *
> + * Description:
> + * This is a regression test and has been fixed by kernel commit:
> + * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
> + */
> +
> +#include <errno.h>
> +#include <string.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +
> +#include "tst_test.h"
> +
> +#ifndef AF_RDS
> +# define AF_RDS 21
> +#endif
> +
> +static void setup(void)
> +{
> +	int res;
> +
> +	res = socket(AF_RDS, SOCK_SEQPACKET, 0);
> +	if (res == -1) {
> +		if (errno == EAFNOSUPPORT)
> +			tst_brk(TCONF, "rds was not supported");
> +		else
> +			tst_brk(TBROK | TERRNO, "socket() failed with rds");
> +	}
> +
> +	SAFE_CLOSE(res);
> +}
> +
> +static void client(void)
> +{
> +	TST_CHECKPOINT_WAIT(0);
> +
> +	int sock_fd1, count;
> +	char send_buf[128] = "hello world";
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in to_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4001);
> +
> +	SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	memset(&to_addr, 0, sizeof(to_addr));
> +
> +	to_addr.sin_family = AF_INET;
> +	to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	to_addr.sin_port = htons(4000);
> +	msg.msg_name = &to_addr;
> +	msg.msg_namelen = sizeof(to_addr);
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = send_buf;
> +	msg.msg_iov->iov_len = strlen(send_buf) + 1;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	/* make sure that recvmsg() can succeed to get data.
> +	 * we may not send data successfully when loading rds
> +	 * module for the first time.
> +	 */
> +	for (count = 1; count < 5000; count++) {
> +		if (sendmsg(sock_fd1, &msg, 0) == -1) {
> +			tst_brk(TBROK | TERRNO,
> +				"sendmsg() failed to send data to server");
> +		}
> +	}
> +
> +	SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> +	int sock_fd2;
> +	static char recv_buf[128];
> +	struct sockaddr_in server_addr;
> +	struct sockaddr_in from_addr;
> +	struct msghdr msg;
> +	struct iovec iov;
> +
> +	sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> +	memset(&server_addr, 0, sizeof(server_addr));
> +	server_addr.sin_family = AF_INET;
> +	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> +	server_addr.sin_port = htons(4000);
> +
> +	SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> +	msg.msg_name = &from_addr;
> +	msg.msg_namelen = sizeof(from_addr) + 16;
> +	msg.msg_iov = &iov;
> +	msg.msg_iovlen = 1;
> +	msg.msg_iov->iov_base = recv_buf;
> +	msg.msg_iov->iov_len = 128;
> +	msg.msg_control = 0;
> +	msg.msg_controllen = 0;
> +	msg.msg_flags = 0;
> +
> +	TST_CHECKPOINT_WAKE(0);
> +
> +	TEST(recvmsg(sock_fd2, &msg, 0));
> +	if (TEST_RETURN == -1) {
> +		tst_brk(TBROK | TTERRNO,
> +		"recvmsg() failed to recvice data from client");
> +	}
> +
> +	if (msg.msg_namelen != sizeof(from_addr)) {
> +		tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> +			"expected %lu", msg.msg_namelen, sizeof(from_addr));
> +	} else {
> +		tst_res(TPASS, "msg_namelen was set to %u correctly",
> +			msg.msg_namelen);
> +	}
> +
> +	SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> +	pid_t pid;
> +
> +	pid = SAFE_FORK();
> +	if (pid == 0) {
> +		client();
> +	} else {
> +		server();
> +		tst_reap_children();
> +	}
> +}
> +
> +static struct tst_test test = {
> +	.tid = "recvmsg03",
> +	.forks_child = 1,
> +	.needs_checkpoints = 1,
> +	.setup = setup,
> +	.test_all = verify_recvmsg
> +};

[LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase

[Cyril Hrubis]

Hi!
> ping:-)
> 
> When I built kernel with CONFIG_RDS enabled, I have tested it and
> reproduced this bug on
> v3.5 kernel without the fix patch.

Pushed, thanks.

-- 
Cyril Hrubis
chrubis@suse.cz