* [LTP] [PATCH] syscalls/recvmsg03.c: add new testcase
@ 2016-10-31 11:23 Xiao Yang
2016-10-31 13:39 ` Cyril Hrubis
0 siblings, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-10-31 11:23 UTC (permalink / raw)
To: ltp
If the size of address for receiving data is set larger than actaul
size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
This bug has been fixed by the following kernel commit:
06b6a1cf6e776426766298d055bb3991957d90a7(rds: set correct msg_namelen)
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
runtest/syscalls | 1 +
testcases/kernel/syscalls/.gitignore | 1 +
testcases/kernel/syscalls/recvmsg/recvmsg03.c | 195 ++++++++++++++++++++++++++
3 files changed, 197 insertions(+)
create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
diff --git a/runtest/syscalls b/runtest/syscalls
index b781241..4c87f45 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -869,6 +869,7 @@ recvfrom01 recvfrom01
recvmsg01 recvmsg01
recvmsg02 recvmsg02
+recvmsg03 recvmsg03
remap_file_pages01 remap_file_pages01
remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index f53cc05..1229720 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
/recvfrom/recvfrom01
/recvmsg/recvmsg01
/recvmsg/recvmsg02
+/recvmsg/recvmsg03
/remap_file_pages/remap_file_pages01
/remap_file_pages/remap_file_pages02
/removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..c4225c4
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than actaul size,
+ * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static int rds_flag;
+
+static void setup(void)
+{
+ int acc_res, load_res;
+ const char *cmd[] = {"modprobe", "-i", "rds", NULL};
+
+ acc_res = access("/proc/sys/net/rds", F_OK);
+ if (acc_res == -1 && errno == ENOENT) {
+ load_res = tst_run_cmd(cmd, NULL, NULL, 1);
+ if (load_res) {
+ tst_brk(TCONF, "failed to loaded rds module, "
+ "so rds modeule was not support by system");
+ } else {
+ tst_res(TINFO, "succeeded to load rds module");
+ rds_flag = 1;
+ }
+ }
+
+ if (acc_res == -1 && errno != ENOENT)
+ tst_brk(TFAIL | TERRNO, "failed to check rds module");
+
+ tst_res(TINFO, "rds module was supported by system");
+}
+
+static void cleanup(void)
+{
+ int unload_res;
+ const char *cmd[] = {"modprobe", "-r", "rds", NULL};
+
+ if (rds_flag == 1) {
+ unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
+ if (unload_res)
+ tst_res(TWARN | TERRNO, "failed to unload rds module");
+ else
+ tst_res(TINFO, "succeeded to unload rds modules");
+ }
+}
+
+static void client(void)
+{
+ int sock_fd1;
+ char sendBuffer[128] = "hello world";
+ struct sockaddr_in serverAddr;
+ struct sockaddr_in toAddr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&serverAddr, 0, sizeof(serverAddr));
+ serverAddr.sin_family = AF_INET;
+ serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ serverAddr.sin_port = htons(4001);
+
+ SAFE_BIND(sock_fd1, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
+
+ memset(&toAddr, 0, sizeof(toAddr));
+
+ toAddr.sin_family = AF_INET;
+ toAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ toAddr.sin_port = htons(4000);
+ msg.msg_name = &toAddr;
+ msg.msg_namelen = sizeof(toAddr);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = sendBuffer;
+ msg.msg_iov->iov_len = strlen(sendBuffer) + 1;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ if (sendmsg(sock_fd1, &msg, 0) == -1) {
+ tst_brk(TFAIL | TERRNO,
+ "sendmsg() failed to send data to server");
+ }
+
+ SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+ int sock_fd, sock_fd2;
+ static char recvBuffer[128];
+ struct sockaddr_in serverAddr;
+ struct sockaddr_in fromAddr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+ sock_fd = sock_fd2;
+
+ memset(&serverAddr, 0, sizeof(serverAddr));
+ serverAddr.sin_family = AF_INET;
+ serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ serverAddr.sin_port = htons(4000);
+
+ SAFE_BIND(sock_fd2, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
+
+ msg.msg_name = &fromAddr;
+ msg.msg_namelen = sizeof(fromAddr) + 16;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = recvBuffer;
+ msg.msg_iov->iov_len = 128;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ TST_CHECKPOINT_WAKE(0);
+
+ TEST(recvmsg(sock_fd2, &msg, 0));
+ if (TEST_RETURN == -1) {
+ tst_res(TFAIL | TERRNO,
+ "recvmsg() failed to recvice data from client");
+ return;
+ }
+
+ if (msg.msg_namelen != sizeof(fromAddr)) {
+ tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+ "expected %lu", msg.msg_namelen, sizeof(fromAddr));
+ return;
+ }
+
+ if (sock_fd2 != sock_fd) {
+ tst_res(TFAIL, "sock_fd was destroyed");
+ return;
+ }
+
+ tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
+ "not destroyed", msg.msg_namelen);
+
+ SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+ pid_t pid;
+
+ pid = SAFE_FORK();
+ if (pid == 0) {
+ TST_CHECKPOINT_WAIT(0);
+ client();
+ } else {
+ server();
+ }
+}
+
+static struct tst_test test = {
+ .tid = "recvmsg03",
+ .forks_child = 1,
+ .needs_checkpoints = 1,
+ .setup = setup,
+ .cleanup = cleanup,
+ .test_all = verify_recvmsg
+};
--
1.8.3.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [LTP] [PATCH] syscalls/recvmsg03.c: add new testcase
2016-10-31 11:23 [LTP] [PATCH] syscalls/recvmsg03.c: add new testcase Xiao Yang
@ 2016-10-31 13:39 ` Cyril Hrubis
2016-11-01 2:24 ` [LTP] [PATCH v2] " Xiao Yang
2016-11-02 5:22 ` Xiao Yang
0 siblings, 2 replies; 14+ messages in thread
From: Cyril Hrubis @ 2016-10-31 13:39 UTC (permalink / raw)
To: ltp
Hi!
> +static void setup(void)
> +{
> + int acc_res, load_res;
> + const char *cmd[] = {"modprobe", "-i", "rds", NULL};
> +
> + acc_res = access("/proc/sys/net/rds", F_OK);
> + if (acc_res == -1 && errno == ENOENT) {
> + load_res = tst_run_cmd(cmd, NULL, NULL, 1);
> + if (load_res) {
> + tst_brk(TCONF, "failed to loaded rds module, "
> + "so rds modeule was not support by system");
> + } else {
> + tst_res(TINFO, "succeeded to load rds module");
> + rds_flag = 1;
No need for the else branch here, the tst_brk() will exit test if it's
reached.
Also if you just do return; here then you can just later do:
tst_brk(TFAIL | TERRNO, "failed to check rds module");
> + }
> + }
> +
> + if (acc_res == -1 && errno != ENOENT)
> + tst_brk(TFAIL | TERRNO, "failed to check rds module");
Once you get here the errno may be changed several times by library
functions called from tst_run_cmd() and tst_res().
The errno is per thread global variable used by most of the glibc
functions. Once you call something that may change its value is
undefined.
> + tst_res(TINFO, "rds module was supported by system");
> +}
> +
> +static void cleanup(void)
> +{
> + int unload_res;
> + const char *cmd[] = {"modprobe", "-r", "rds", NULL};
> +
> + if (rds_flag == 1) {
> + unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
> + if (unload_res)
> + tst_res(TWARN | TERRNO, "failed to unload rds module");
> + else
> + tst_res(TINFO, "succeeded to unload rds modules");
> + }
> +}
> +
> +static void client(void)
> +{
> + int sock_fd1;
> + char sendBuffer[128] = "hello world";
> + struct sockaddr_in serverAddr;
> + struct sockaddr_in toAddr;
Mixed case is frowned upon in LKML coding style. So these should rather
be send_buf, server_addr, etc...
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> + memset(&serverAddr, 0, sizeof(serverAddr));
> + serverAddr.sin_family = AF_INET;
> + serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + serverAddr.sin_port = htons(4001);
> +
> + SAFE_BIND(sock_fd1, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
> +
> + memset(&toAddr, 0, sizeof(toAddr));
> +
> + toAddr.sin_family = AF_INET;
> + toAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + toAddr.sin_port = htons(4000);
> + msg.msg_name = &toAddr;
> + msg.msg_namelen = sizeof(toAddr);
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = sendBuffer;
> + msg.msg_iov->iov_len = strlen(sendBuffer) + 1;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + if (sendmsg(sock_fd1, &msg, 0) == -1) {
> + tst_brk(TFAIL | TERRNO,
> + "sendmsg() failed to send data to server");
> + }
> +
> + SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> + int sock_fd, sock_fd2;
> + static char recvBuffer[128];
> + struct sockaddr_in serverAddr;
> + struct sockaddr_in fromAddr;
> + struct msghdr msg;
> + struct iovec iov;
Here as well.
> + sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> + sock_fd = sock_fd2;
> +
> + memset(&serverAddr, 0, sizeof(serverAddr));
> + serverAddr.sin_family = AF_INET;
> + serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + serverAddr.sin_port = htons(4000);
> +
> + SAFE_BIND(sock_fd2, (struct sockaddr *) &serverAddr, sizeof(serverAddr));
> +
> + msg.msg_name = &fromAddr;
> + msg.msg_namelen = sizeof(fromAddr) + 16;
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = recvBuffer;
> + msg.msg_iov->iov_len = 128;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + TST_CHECKPOINT_WAKE(0);
> +
> + TEST(recvmsg(sock_fd2, &msg, 0));
> + if (TEST_RETURN == -1) {
> + tst_res(TFAIL | TERRNO,
> + "recvmsg() failed to recvice data from client");
> + return;
> + }
> +
> + if (msg.msg_namelen != sizeof(fromAddr)) {
> + tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> + "expected %lu", msg.msg_namelen, sizeof(fromAddr));
> + return;
> + }
> +
> + if (sock_fd2 != sock_fd) {
> + tst_res(TFAIL, "sock_fd was destroyed");
> + return;
> + }
> +
> + tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
> + "not destroyed", msg.msg_namelen);
> +
> + SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> + pid_t pid;
> +
> + pid = SAFE_FORK();
> + if (pid == 0) {
> + TST_CHECKPOINT_WAIT(0);
> + client();
> + } else {
> + server();
> + }
> +}
> +
> +static struct tst_test test = {
> + .tid = "recvmsg03",
> + .forks_child = 1,
> + .needs_checkpoints = 1,
> + .setup = setup,
> + .cleanup = cleanup,
> + .test_all = verify_recvmsg
> +};
> --
> 1.8.3.1
>
>
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase
2016-10-31 13:39 ` Cyril Hrubis
@ 2016-11-01 2:24 ` Xiao Yang
2016-11-02 5:34 ` Xiao Yang
2016-11-02 5:22 ` Xiao Yang
1 sibling, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-11-01 2:24 UTC (permalink / raw)
To: ltp
If the size of address for receiving data is set larger than actaul
size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
This bug has been fixed by the following kernel patch:
'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
runtest/syscalls | 1 +
testcases/kernel/syscalls/.gitignore | 1 +
testcases/kernel/syscalls/recvmsg/recvmsg03.c | 196 ++++++++++++++++++++++++++
3 files changed, 198 insertions(+)
create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
diff --git a/runtest/syscalls b/runtest/syscalls
index b781241..4c87f45 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -869,6 +869,7 @@ recvfrom01 recvfrom01
recvmsg01 recvmsg01
recvmsg02 recvmsg02
+recvmsg03 recvmsg03
remap_file_pages01 remap_file_pages01
remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index f53cc05..1229720 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
/recvfrom/recvfrom01
/recvmsg/recvmsg01
/recvmsg/recvmsg02
+/recvmsg/recvmsg03
/remap_file_pages/remap_file_pages01
/remap_file_pages/remap_file_pages02
/removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..23ed23b
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than actaul size,
+ * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static int rds_flag;
+
+static void setup(void)
+{
+ int acc_res, load_res;
+ const char *cmd[] = {"modprobe", "-i", "rds", NULL};
+
+ acc_res = access("/proc/sys/net/rds", F_OK);
+ if (acc_res == -1 && errno != ENOENT)
+ tst_brk(TFAIL | TERRNO, "failed to check rds module");
+
+ if (acc_res == -1 && errno == ENOENT) {
+ load_res = tst_run_cmd(cmd, NULL, NULL, 1);
+ if (load_res) {
+ tst_brk(TCONF, "failed to loaded rds module, "
+ "so rds modeule was not support by system");
+ }
+
+ tst_res(TINFO, "succeeded to load rds module");
+ rds_flag = 1;
+ }
+
+ tst_res(TINFO, "rds module was supported by system");
+}
+
+static void cleanup(void)
+{
+ int unload_res;
+ const char *cmd[] = {"modprobe", "-r", "rds", NULL};
+
+ if (rds_flag == 1) {
+ unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
+ if (unload_res)
+ tst_res(TWARN | TERRNO, "failed to unload rds module");
+ else
+ tst_res(TINFO, "succeeded to unload rds modules");
+ }
+}
+
+static void client(void)
+{
+ int sock_fd1;
+ char send_buf[128] = "hello world";
+ struct sockaddr_in server_addr;
+ struct sockaddr_in to_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4001);
+
+ SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ memset(&to_addr, 0, sizeof(to_addr));
+
+ to_addr.sin_family = AF_INET;
+ to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ to_addr.sin_port = htons(4000);
+ msg.msg_name = &to_addr;
+ msg.msg_namelen = sizeof(to_addr);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = send_buf;
+ msg.msg_iov->iov_len = strlen(send_buf) + 1;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ if (sendmsg(sock_fd1, &msg, 0) == -1) {
+ tst_brk(TFAIL | TERRNO,
+ "sendmsg() failed to send data to server");
+ }
+
+ SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+ int sock_fd, sock_fd2;
+ static char recv_buf[128];
+ struct sockaddr_in server_addr;
+ struct sockaddr_in from_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+ sock_fd = sock_fd2;
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4000);
+
+ SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ msg.msg_name = &from_addr;
+ msg.msg_namelen = sizeof(from_addr) + 16;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = recv_buf;
+ msg.msg_iov->iov_len = 128;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ TST_CHECKPOINT_WAKE(0);
+
+ TEST(recvmsg(sock_fd2, &msg, 0));
+ if (TEST_RETURN == -1) {
+ tst_res(TFAIL | TERRNO,
+ "recvmsg() failed to recvice data from client");
+ goto end;
+ }
+
+ if (msg.msg_namelen != sizeof(from_addr)) {
+ tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+ "expected %lu", msg.msg_namelen, sizeof(from_addr));
+ goto end;
+ }
+
+ if (sock_fd2 != sock_fd) {
+ tst_res(TFAIL, "sock_fd was destroyed");
+ goto end;
+ }
+
+ tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
+ "not destroyed", msg.msg_namelen);
+
+end:
+ SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+ pid_t pid;
+
+ pid = SAFE_FORK();
+ if (pid == 0) {
+ TST_CHECKPOINT_WAIT(0);
+ client();
+ } else {
+ server();
+ }
+}
+
+static struct tst_test test = {
+ .tid = "recvmsg03",
+ .forks_child = 1,
+ .needs_checkpoints = 1,
+ .setup = setup,
+ .cleanup = cleanup,
+ .test_all = verify_recvmsg
+};
--
1.8.3.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase
2016-10-31 13:39 ` Cyril Hrubis
2016-11-01 2:24 ` [LTP] [PATCH v2] " Xiao Yang
@ 2016-11-02 5:22 ` Xiao Yang
2016-11-02 13:06 ` Cyril Hrubis
1 sibling, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-11-02 5:22 UTC (permalink / raw)
To: ltp
If the size of address for receiving data is set larger than actaul
size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
This bug has been fixed by the following kernel commit:
06b6a1cf6e776426766298d055bb3991957d90a7(rds: set correct msg_namelen)
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
runtest/syscalls | 1 +
testcases/kernel/syscalls/.gitignore | 1 +
testcases/kernel/syscalls/recvmsg/recvmsg03.c | 172 ++++++++++++++++++++++++++
3 files changed, 174 insertions(+)
create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
diff --git a/runtest/syscalls b/runtest/syscalls
index 7c84296..5895889 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -870,6 +870,7 @@ recvfrom01 recvfrom01
recvmsg01 recvmsg01
recvmsg02 recvmsg02
+recvmsg03 recvmsg03
remap_file_pages01 remap_file_pages01
remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index f53cc05..1229720 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
/recvfrom/recvfrom01
/recvmsg/recvmsg01
/recvmsg/recvmsg02
+/recvmsg/recvmsg03
/remap_file_pages/remap_file_pages01
/remap_file_pages/remap_file_pages02
/removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..8683721
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than actaul size,
+ * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static void setup(void)
+{
+ int res;
+
+ res = socket(AF_RDS, SOCK_SEQPACKET, 0);
+ if (res == -1) {
+ if (errno == EAFNOSUPPORT)
+ tst_brk(TCONF, "rds was not supported");
+ else
+ tst_brk(TBROK | TERRNO, "socket() failed with rds");
+ }
+
+ SAFE_CLOSE(res);
+}
+
+static void client(void)
+{
+ int sock_fd1;
+ char send_buf[128] = "hello world";
+ struct sockaddr_in server_addr;
+ struct sockaddr_in to_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4001);
+
+ SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ memset(&to_addr, 0, sizeof(to_addr));
+
+ to_addr.sin_family = AF_INET;
+ to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ to_addr.sin_port = htons(4000);
+ msg.msg_name = &to_addr;
+ msg.msg_namelen = sizeof(to_addr);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = send_buf;
+ msg.msg_iov->iov_len = strlen(send_buf) + 1;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ if (sendmsg(sock_fd1, &msg, 0) == -1) {
+ tst_brk(TBROK | TERRNO,
+ "sendmsg() failed to send data to server");
+ }
+
+ SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+ int sock_fd, sock_fd2;
+ static char recv_buf[128];
+ struct sockaddr_in server_addr;
+ struct sockaddr_in from_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+ sock_fd = sock_fd2;
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4000);
+
+ SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ msg.msg_name = &from_addr;
+ msg.msg_namelen = sizeof(from_addr) + 16;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = recv_buf;
+ msg.msg_iov->iov_len = 128;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ TST_CHECKPOINT_WAKE(0);
+
+ TEST(recvmsg(sock_fd2, &msg, 0));
+ if (TEST_RETURN == -1) {
+ tst_res(TFAIL | TERRNO,
+ "recvmsg() failed to recvice data from client");
+ goto end;
+ }
+
+ if (msg.msg_namelen != sizeof(from_addr)) {
+ tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+ "expected %lu", msg.msg_namelen, sizeof(from_addr));
+ goto end;
+ }
+
+ if (sock_fd2 != sock_fd) {
+ tst_res(TFAIL, "sock_fd was destroyed");
+ goto end;
+ }
+
+ tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
+ "not destroyed", msg.msg_namelen);
+
+end:
+ SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+ pid_t pid;
+
+ pid = SAFE_FORK();
+ if (pid == 0) {
+ TST_CHECKPOINT_WAIT(0);
+ client();
+ } else {
+ server();
+ SAFE_WAIT(NULL);
+ }
+}
+
+static struct tst_test test = {
+ .tid = "recvmsg03",
+ .forks_child = 1,
+ .needs_checkpoints = 1,
+ .setup = setup,
+ .test_all = verify_recvmsg
+};
--
1.8.3.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase
2016-11-01 2:24 ` [LTP] [PATCH v2] " Xiao Yang
@ 2016-11-02 5:34 ` Xiao Yang
0 siblings, 0 replies; 14+ messages in thread
From: Xiao Yang @ 2016-11-02 5:34 UTC (permalink / raw)
To: ltp
Hi Cyril
Please ignore the v2 patch,i will resend it.
Thanks,
Xiao Yang
On 2016/11/01 10:24, Xiao Yang wrote:
> If the size of address for receiving data is set larger than actaul
> size, recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
>
> This bug has been fixed by the following kernel patch:
> 'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/.gitignore | 1 +
> testcases/kernel/syscalls/recvmsg/recvmsg03.c | 196 ++++++++++++++++++++++++++
> 3 files changed, 198 insertions(+)
> create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index b781241..4c87f45 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -869,6 +869,7 @@ recvfrom01 recvfrom01
>
> recvmsg01 recvmsg01
> recvmsg02 recvmsg02
> +recvmsg03 recvmsg03
>
> remap_file_pages01 remap_file_pages01
> remap_file_pages02 remap_file_pages02
> diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
> index f53cc05..1229720 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -725,6 +725,7 @@
> /recvfrom/recvfrom01
> /recvmsg/recvmsg01
> /recvmsg/recvmsg02
> +/recvmsg/recvmsg03
> /remap_file_pages/remap_file_pages01
> /remap_file_pages/remap_file_pages02
> /removexattr/removexattr01
> diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> new file mode 100644
> index 0000000..23ed23b
> --- /dev/null
> +++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> @@ -0,0 +1,196 @@
> +/*
> + * Copyright(c) 2016 Fujitsu Ltd.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * You should have received a copy of the GNU General Public License
> + * alone with this program.
> + */
> +
> +/*
> + * Test Name: recvmsg03
> + *
> + * This test needs that rds socket is supported by system.
> + * If the size of address for receiving data is set larger than actaul size,
> + * recvmsg() will set msg_namelen incorrectly and destroy sock_fd.
> + *
> + * Description:
> + * This is a regression test and has been fixed by kernel commit:
> + * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
> + */
> +
> +#include <errno.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +#include <stdio.h>
> +
> +#include "tst_test.h"
> +
> +#ifndef AF_RDS
> +# define AF_RDS 21
> +#endif
> +
> +static int rds_flag;
> +
> +static void setup(void)
> +{
> + int acc_res, load_res;
> + const char *cmd[] = {"modprobe", "-i", "rds", NULL};
> +
> + acc_res = access("/proc/sys/net/rds", F_OK);
> + if (acc_res == -1 && errno != ENOENT)
> + tst_brk(TFAIL | TERRNO, "failed to check rds module");
> +
> + if (acc_res == -1 && errno == ENOENT) {
> + load_res = tst_run_cmd(cmd, NULL, NULL, 1);
> + if (load_res) {
> + tst_brk(TCONF, "failed to loaded rds module, "
> + "so rds modeule was not support by system");
> + }
> +
> + tst_res(TINFO, "succeeded to load rds module");
> + rds_flag = 1;
> + }
> +
> + tst_res(TINFO, "rds module was supported by system");
> +}
> +
> +static void cleanup(void)
> +{
> + int unload_res;
> + const char *cmd[] = {"modprobe", "-r", "rds", NULL};
> +
> + if (rds_flag == 1) {
> + unload_res = tst_run_cmd(cmd, NULL, NULL, 1);
> + if (unload_res)
> + tst_res(TWARN | TERRNO, "failed to unload rds module");
> + else
> + tst_res(TINFO, "succeeded to unload rds modules");
> + }
> +}
> +
> +static void client(void)
> +{
> + int sock_fd1;
> + char send_buf[128] = "hello world";
> + struct sockaddr_in server_addr;
> + struct sockaddr_in to_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4001);
> +
> + SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + memset(&to_addr, 0, sizeof(to_addr));
> +
> + to_addr.sin_family = AF_INET;
> + to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + to_addr.sin_port = htons(4000);
> + msg.msg_name = &to_addr;
> + msg.msg_namelen = sizeof(to_addr);
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = send_buf;
> + msg.msg_iov->iov_len = strlen(send_buf) + 1;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + if (sendmsg(sock_fd1, &msg, 0) == -1) {
> + tst_brk(TFAIL | TERRNO,
> + "sendmsg() failed to send data to server");
> + }
> +
> + SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> + int sock_fd, sock_fd2;
> + static char recv_buf[128];
> + struct sockaddr_in server_addr;
> + struct sockaddr_in from_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> + sock_fd = sock_fd2;
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4000);
> +
> + SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + msg.msg_name = &from_addr;
> + msg.msg_namelen = sizeof(from_addr) + 16;
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = recv_buf;
> + msg.msg_iov->iov_len = 128;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + TST_CHECKPOINT_WAKE(0);
> +
> + TEST(recvmsg(sock_fd2, &msg, 0));
> + if (TEST_RETURN == -1) {
> + tst_res(TFAIL | TERRNO,
> + "recvmsg() failed to recvice data from client");
> + goto end;
> + }
> +
> + if (msg.msg_namelen != sizeof(from_addr)) {
> + tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> + "expected %lu", msg.msg_namelen, sizeof(from_addr));
> + goto end;
> + }
> +
> + if (sock_fd2 != sock_fd) {
> + tst_res(TFAIL, "sock_fd was destroyed");
> + goto end;
> + }
> +
> + tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
> + "not destroyed", msg.msg_namelen);
> +
> +end:
> + SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> + pid_t pid;
> +
> + pid = SAFE_FORK();
> + if (pid == 0) {
> + TST_CHECKPOINT_WAIT(0);
> + client();
> + } else {
> + server();
> + }
> +}
> +
> +static struct tst_test test = {
> + .tid = "recvmsg03",
> + .forks_child = 1,
> + .needs_checkpoints = 1,
> + .setup = setup,
> + .cleanup = cleanup,
> + .test_all = verify_recvmsg
> +};
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase
2016-11-02 5:22 ` Xiao Yang
@ 2016-11-02 13:06 ` Cyril Hrubis
2016-11-03 7:49 ` [LTP] [PATCH v3] " Xiao Yang
2016-11-07 10:52 ` [LTP] [PATCH v2] " Xiao Yang
0 siblings, 2 replies; 14+ messages in thread
From: Cyril Hrubis @ 2016-11-02 13:06 UTC (permalink / raw)
To: ltp
Hi!
> +static void server(void)
> +{
> + int sock_fd, sock_fd2;
> + static char recv_buf[128];
> + struct sockaddr_in server_addr;
> + struct sockaddr_in from_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> + sock_fd = sock_fd2;
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4000);
> +
> + SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + msg.msg_name = &from_addr;
> + msg.msg_namelen = sizeof(from_addr) + 16;
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = recv_buf;
> + msg.msg_iov->iov_len = 128;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + TST_CHECKPOINT_WAKE(0);
> +
> + TEST(recvmsg(sock_fd2, &msg, 0));
> + if (TEST_RETURN == -1) {
> + tst_res(TFAIL | TERRNO,
> + "recvmsg() failed to recvice data from client");
> + goto end;
> + }
> +
> + if (msg.msg_namelen != sizeof(from_addr)) {
> + tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> + "expected %lu", msg.msg_namelen, sizeof(from_addr));
> + goto end;
> + }
> +
> + if (sock_fd2 != sock_fd) {
> + tst_res(TFAIL, "sock_fd was destroyed");
> + goto end;
> + }
> +
> + tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
> + "not destroyed", msg.msg_namelen);
> +
> +end:
> + SAFE_CLOSE(sock_fd2);
I'm a bit confused here, which one of the sock_fd/sock_fd2 is destroyed?
Looking at the original code in the kernel commit the sock_fd there is
stored on the stack directly after the sockaddr_in from_addr so I guess
that the kernel will actually write a few bytes after the end of
from_addr structure in this case, which will rewrite the msghrd msg in
your code. Does the test actually fail on kernel without the fix?
> +}
> +
> +static void verify_recvmsg(void)
> +{
> + pid_t pid;
> +
> + pid = SAFE_FORK();
> + if (pid == 0) {
> + TST_CHECKPOINT_WAIT(0);
> + client();
> + } else {
> + server();
> + SAFE_WAIT(NULL);
We should rather call tst_reap_children() in this case instead of the
WAIT since otherwise TBROK from the client() function will not get
propagated.
> + }
> +}
> +
> +static struct tst_test test = {
> + .tid = "recvmsg03",
> + .forks_child = 1,
> + .needs_checkpoints = 1,
> + .setup = setup,
> + .test_all = verify_recvmsg
> +};
> --
> 1.8.3.1
>
>
>
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-11-02 13:06 ` Cyril Hrubis
@ 2016-11-03 7:49 ` Xiao Yang
2016-11-11 1:30 ` Xiao Yang
2016-11-07 10:52 ` [LTP] [PATCH v2] " Xiao Yang
1 sibling, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-11-03 7:49 UTC (permalink / raw)
To: ltp
If the size of address for receiving data is set larger than
actaul size, recvmsg() will set msg_namelen incorrectly.
This bug has been fixed by the following kernel patch:
'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
runtest/syscalls | 1 +
testcases/kernel/syscalls/.gitignore | 1 +
testcases/kernel/syscalls/recvmsg/recvmsg03.c | 163 ++++++++++++++++++++++++++
3 files changed, 165 insertions(+)
create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
diff --git a/runtest/syscalls b/runtest/syscalls
index e6b36ae..5543eac 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -870,6 +870,7 @@ recvfrom01 recvfrom01
recvmsg01 recvmsg01
recvmsg02 recvmsg02
+recvmsg03 recvmsg03
remap_file_pages01 remap_file_pages01
remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index 0807e17..170b889 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -725,6 +725,7 @@
/recvfrom/recvfrom01
/recvmsg/recvmsg01
/recvmsg/recvmsg02
+/recvmsg/recvmsg03
/remap_file_pages/remap_file_pages01
/remap_file_pages/remap_file_pages02
/removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..bee9c12
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than
+ * actaul size, recvmsg() will set msg_namelen incorrectly.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static void setup(void)
+{
+ int res;
+
+ res = socket(AF_RDS, SOCK_SEQPACKET, 0);
+ if (res == -1) {
+ if (errno == EAFNOSUPPORT)
+ tst_brk(TCONF, "rds was not supported");
+ else
+ tst_brk(TBROK | TERRNO, "socket() failed with rds");
+ }
+
+ SAFE_CLOSE(res);
+}
+
+static void client(void)
+{
+ int sock_fd1;
+ char send_buf[128] = "hello world";
+ struct sockaddr_in server_addr;
+ struct sockaddr_in to_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4001);
+
+ SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ memset(&to_addr, 0, sizeof(to_addr));
+
+ to_addr.sin_family = AF_INET;
+ to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ to_addr.sin_port = htons(4000);
+ msg.msg_name = &to_addr;
+ msg.msg_namelen = sizeof(to_addr);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = send_buf;
+ msg.msg_iov->iov_len = strlen(send_buf) + 1;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ if (sendmsg(sock_fd1, &msg, 0) == -1) {
+ tst_brk(TBROK | TERRNO,
+ "sendmsg() failed to send data to server");
+ }
+
+ SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+ int sock_fd2;
+ static char recv_buf[128];
+ struct sockaddr_in server_addr;
+ struct sockaddr_in from_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4000);
+
+ SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ msg.msg_name = &from_addr;
+ msg.msg_namelen = sizeof(from_addr) + 16;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = recv_buf;
+ msg.msg_iov->iov_len = 128;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ TST_CHECKPOINT_WAKE(0);
+
+ TEST(recvmsg(sock_fd2, &msg, 0));
+ if (TEST_RETURN == -1) {
+ tst_brk(TBROK | TTERRNO,
+ "recvmsg() failed to recvice data from client");
+ }
+
+ if (msg.msg_namelen != sizeof(from_addr)) {
+ tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+ "expected %lu", msg.msg_namelen, sizeof(from_addr));
+ } else {
+ tst_res(TPASS, "msg_namelen was set to %u correctly",
+ msg.msg_namelen);
+ }
+
+ SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+ pid_t pid;
+
+ pid = SAFE_FORK();
+ if (pid == 0) {
+ TST_CHECKPOINT_WAIT(0);
+ client();
+ } else {
+ server();
+ tst_reap_children();
+ }
+}
+
+static struct tst_test test = {
+ .tid = "recvmsg03",
+ .forks_child = 1,
+ .needs_checkpoints = 1,
+ .setup = setup,
+ .test_all = verify_recvmsg
+};
--
1.8.3.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [LTP] [PATCH v2] syscalls/recvmsg03.c: add new testcase
2016-11-02 13:06 ` Cyril Hrubis
2016-11-03 7:49 ` [LTP] [PATCH v3] " Xiao Yang
@ 2016-11-07 10:52 ` Xiao Yang
1 sibling, 0 replies; 14+ messages in thread
From: Xiao Yang @ 2016-11-07 10:52 UTC (permalink / raw)
To: ltp
On 2016/11/02 21:06, Cyril Hrubis wrote:
> Hi!
>> +static void server(void)
>> +{
>> + int sock_fd, sock_fd2;
>> + static char recv_buf[128];
>> + struct sockaddr_in server_addr;
>> + struct sockaddr_in from_addr;
>> + struct msghdr msg;
>> + struct iovec iov;
>> +
>> + sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
>> + sock_fd = sock_fd2;
>> +
>> + memset(&server_addr, 0, sizeof(server_addr));
>> + server_addr.sin_family = AF_INET;
>> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
>> + server_addr.sin_port = htons(4000);
>> +
>> + SAFE_BIND(sock_fd2, (struct sockaddr *)&server_addr, sizeof(server_addr));
>> +
>> + msg.msg_name =&from_addr;
>> + msg.msg_namelen = sizeof(from_addr) + 16;
>> + msg.msg_iov =&iov;
>> + msg.msg_iovlen = 1;
>> + msg.msg_iov->iov_base = recv_buf;
>> + msg.msg_iov->iov_len = 128;
>> + msg.msg_control = 0;
>> + msg.msg_controllen = 0;
>> + msg.msg_flags = 0;
>> +
>> + TST_CHECKPOINT_WAKE(0);
>> +
>> + TEST(recvmsg(sock_fd2,&msg, 0));
>> + if (TEST_RETURN == -1) {
>> + tst_res(TFAIL | TERRNO,
>> + "recvmsg() failed to recvice data from client");
>> + goto end;
>> + }
>> +
>> + if (msg.msg_namelen != sizeof(from_addr)) {
>> + tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
>> + "expected %lu", msg.msg_namelen, sizeof(from_addr));
>> + goto end;
>> + }
>> +
>> + if (sock_fd2 != sock_fd) {
>> + tst_res(TFAIL, "sock_fd was destroyed");
>> + goto end;
>> + }
>> +
>> + tst_res(TPASS, "msg_namelen was set to %u correctly and sock_fd was "
>> + "not destroyed", msg.msg_namelen);
>> +
>> +end:
>> + SAFE_CLOSE(sock_fd2);
> I'm a bit confused here, which one of the sock_fd/sock_fd2 is destroyed?
>
> Looking at the original code in the kernel commit the sock_fd there is
> stored on the stack directly after the sockaddr_in from_addr so I guess
> that the kernel will actually write a few bytes after the end of
> from_addr structure in this case, which will rewrite the msghrd msg in
> your code. Does the test actually fail on kernel without the fix?
>
Hi Cyril
I am sorry for the late response. the msghrd msg was rewritten but
sock_fd2 was not destroyed
on v3.5 kernel without the fix patch, so i will remove the code about
checking sock_fd.
Thanks,
Xiao Yang
>> +}
>> +
>> +static void verify_recvmsg(void)
>> +{
>> + pid_t pid;
>> +
>> + pid = SAFE_FORK();
>> + if (pid == 0) {
>> + TST_CHECKPOINT_WAIT(0);
>> + client();
>> + } else {
>> + server();
>> + SAFE_WAIT(NULL);
> We should rather call tst_reap_children() in this case instead of the
> WAIT since otherwise TBROK from the client() function will not get
> propagated.
>
>> + }
>> +}
>> +
>> +static struct tst_test test = {
>> + .tid = "recvmsg03",
>> + .forks_child = 1,
>> + .needs_checkpoints = 1,
>> + .setup = setup,
>> + .test_all = verify_recvmsg
>> +};
>> --
>> 1.8.3.1
>>
>>
>>
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-11-03 7:49 ` [LTP] [PATCH v3] " Xiao Yang
@ 2016-11-11 1:30 ` Xiao Yang
2016-11-15 14:04 ` Cyril Hrubis
0 siblings, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-11-11 1:30 UTC (permalink / raw)
To: ltp
Hi Cyril!
Ping :-)
Thanks,
Xiao Yang
On 2016/11/03 15:49, Xiao Yang wrote:
> If the size of address for receiving data is set larger than
> actaul size, recvmsg() will set msg_namelen incorrectly.
>
> This bug has been fixed by the following kernel patch:
> 'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/.gitignore | 1 +
> testcases/kernel/syscalls/recvmsg/recvmsg03.c | 163 ++++++++++++++++++++++++++
> 3 files changed, 165 insertions(+)
> create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index e6b36ae..5543eac 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -870,6 +870,7 @@ recvfrom01 recvfrom01
>
> recvmsg01 recvmsg01
> recvmsg02 recvmsg02
> +recvmsg03 recvmsg03
>
> remap_file_pages01 remap_file_pages01
> remap_file_pages02 remap_file_pages02
> diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
> index 0807e17..170b889 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -725,6 +725,7 @@
> /recvfrom/recvfrom01
> /recvmsg/recvmsg01
> /recvmsg/recvmsg02
> +/recvmsg/recvmsg03
> /remap_file_pages/remap_file_pages01
> /remap_file_pages/remap_file_pages02
> /removexattr/removexattr01
> diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> new file mode 100644
> index 0000000..bee9c12
> --- /dev/null
> +++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> @@ -0,0 +1,163 @@
> +/*
> + * Copyright(c) 2016 Fujitsu Ltd.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * You should have received a copy of the GNU General Public License
> + * alone with this program.
> + */
> +
> +/*
> + * Test Name: recvmsg03
> + *
> + * This test needs that rds socket is supported by system.
> + * If the size of address for receiving data is set larger than
> + * actaul size, recvmsg() will set msg_namelen incorrectly.
> + *
> + * Description:
> + * This is a regression test and has been fixed by kernel commit:
> + * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
> + */
> +
> +#include <errno.h>
> +#include <string.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +
> +#include "tst_test.h"
> +
> +#ifndef AF_RDS
> +# define AF_RDS 21
> +#endif
> +
> +static void setup(void)
> +{
> + int res;
> +
> + res = socket(AF_RDS, SOCK_SEQPACKET, 0);
> + if (res == -1) {
> + if (errno == EAFNOSUPPORT)
> + tst_brk(TCONF, "rds was not supported");
> + else
> + tst_brk(TBROK | TERRNO, "socket() failed with rds");
> + }
> +
> + SAFE_CLOSE(res);
> +}
> +
> +static void client(void)
> +{
> + int sock_fd1;
> + char send_buf[128] = "hello world";
> + struct sockaddr_in server_addr;
> + struct sockaddr_in to_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4001);
> +
> + SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + memset(&to_addr, 0, sizeof(to_addr));
> +
> + to_addr.sin_family = AF_INET;
> + to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + to_addr.sin_port = htons(4000);
> + msg.msg_name = &to_addr;
> + msg.msg_namelen = sizeof(to_addr);
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = send_buf;
> + msg.msg_iov->iov_len = strlen(send_buf) + 1;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + if (sendmsg(sock_fd1, &msg, 0) == -1) {
> + tst_brk(TBROK | TERRNO,
> + "sendmsg() failed to send data to server");
> + }
> +
> + SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> + int sock_fd2;
> + static char recv_buf[128];
> + struct sockaddr_in server_addr;
> + struct sockaddr_in from_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4000);
> +
> + SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + msg.msg_name = &from_addr;
> + msg.msg_namelen = sizeof(from_addr) + 16;
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = recv_buf;
> + msg.msg_iov->iov_len = 128;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + TST_CHECKPOINT_WAKE(0);
> +
> + TEST(recvmsg(sock_fd2, &msg, 0));
> + if (TEST_RETURN == -1) {
> + tst_brk(TBROK | TTERRNO,
> + "recvmsg() failed to recvice data from client");
> + }
> +
> + if (msg.msg_namelen != sizeof(from_addr)) {
> + tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> + "expected %lu", msg.msg_namelen, sizeof(from_addr));
> + } else {
> + tst_res(TPASS, "msg_namelen was set to %u correctly",
> + msg.msg_namelen);
> + }
> +
> + SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> + pid_t pid;
> +
> + pid = SAFE_FORK();
> + if (pid == 0) {
> + TST_CHECKPOINT_WAIT(0);
> + client();
> + } else {
> + server();
> + tst_reap_children();
> + }
> +}
> +
> +static struct tst_test test = {
> + .tid = "recvmsg03",
> + .forks_child = 1,
> + .needs_checkpoints = 1,
> + .setup = setup,
> + .test_all = verify_recvmsg
> +};
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-11-11 1:30 ` Xiao Yang
@ 2016-11-15 14:04 ` Cyril Hrubis
2016-11-16 4:34 ` Xiao Yang
2016-11-16 5:37 ` Xiao Yang
0 siblings, 2 replies; 14+ messages in thread
From: Cyril Hrubis @ 2016-11-15 14:04 UTC (permalink / raw)
To: ltp
Hi!
> Hi Cyril!
>
> Ping :-)
Any hints on what distribution is this bug reproducible? I've looked
around my collection of virtual machines and everything is either too
old or too new.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-11-15 14:04 ` Cyril Hrubis
@ 2016-11-16 4:34 ` Xiao Yang
2016-11-16 5:37 ` Xiao Yang
1 sibling, 0 replies; 14+ messages in thread
From: Xiao Yang @ 2016-11-16 4:34 UTC (permalink / raw)
To: ltp
On 2016/11/15 22:04, Cyril Hrubis wrote:
> Hi!
>> Hi Cyril!
>>
>> Ping :-)
> Any hints on what distribution is this bug reproducible? I've looked
> around my collection of virtual machines and everything is either too
> old or too new.
>
Hi cyril
When I built kernel with CONFIG_RDS enabled, I have tested it and
reproduced this bug on
v3.5 kernel without the fix patch.
I will resend the v3 patch because we need to make sure that recvmsg()
can succeed to get data.
Thanks,
Xiao Yang
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-11-15 14:04 ` Cyril Hrubis
2016-11-16 4:34 ` Xiao Yang
@ 2016-11-16 5:37 ` Xiao Yang
2016-12-13 7:50 ` Xiao Yang
1 sibling, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-11-16 5:37 UTC (permalink / raw)
To: ltp
If the size of address for receiving data is set larger than
actaul size, recvmsg() will set msg_namelen incorrectly.
This bug has been fixed by the following kernel patch:
'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
runtest/syscalls | 1 +
testcases/kernel/syscalls/.gitignore | 1 +
testcases/kernel/syscalls/recvmsg/recvmsg03.c | 170 ++++++++++++++++++++++++++
3 files changed, 172 insertions(+)
create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
diff --git a/runtest/syscalls b/runtest/syscalls
index 2f2dde5..458cf2f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -869,6 +869,7 @@ recvfrom01 recvfrom01
recvmsg01 recvmsg01
recvmsg02 recvmsg02
+recvmsg03 recvmsg03
remap_file_pages01 remap_file_pages01
remap_file_pages02 remap_file_pages02
diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
index 348c235..6377bd2 100644
--- a/testcases/kernel/syscalls/.gitignore
+++ b/testcases/kernel/syscalls/.gitignore
@@ -724,6 +724,7 @@
/recvfrom/recvfrom01
/recvmsg/recvmsg01
/recvmsg/recvmsg02
+/recvmsg/recvmsg03
/remap_file_pages/remap_file_pages01
/remap_file_pages/remap_file_pages02
/removexattr/removexattr01
diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
new file mode 100644
index 0000000..b23a7d1
--- /dev/null
+++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright(c) 2016 Fujitsu Ltd.
+ * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * You should have received a copy of the GNU General Public License
+ * alone with this program.
+ */
+
+/*
+ * Test Name: recvmsg03
+ *
+ * This test needs that rds socket is supported by system.
+ * If the size of address for receiving data is set larger than
+ * actaul size, recvmsg() will set msg_namelen incorrectly.
+ *
+ * Description:
+ * This is a regression test and has been fixed by kernel commit:
+ * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "tst_test.h"
+
+#ifndef AF_RDS
+# define AF_RDS 21
+#endif
+
+static void setup(void)
+{
+ int res;
+
+ res = socket(AF_RDS, SOCK_SEQPACKET, 0);
+ if (res == -1) {
+ if (errno == EAFNOSUPPORT)
+ tst_brk(TCONF, "rds was not supported");
+ else
+ tst_brk(TBROK | TERRNO, "socket() failed with rds");
+ }
+
+ SAFE_CLOSE(res);
+}
+
+static void client(void)
+{
+ TST_CHECKPOINT_WAIT(0);
+
+ int sock_fd1, count;
+ char send_buf[128] = "hello world";
+ struct sockaddr_in server_addr;
+ struct sockaddr_in to_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4001);
+
+ SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ memset(&to_addr, 0, sizeof(to_addr));
+
+ to_addr.sin_family = AF_INET;
+ to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ to_addr.sin_port = htons(4000);
+ msg.msg_name = &to_addr;
+ msg.msg_namelen = sizeof(to_addr);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = send_buf;
+ msg.msg_iov->iov_len = strlen(send_buf) + 1;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ /* make sure that recvmsg() can succeed to get data.
+ * we may not send data successfully when loading rds
+ * module for the first time.
+ */
+ for (count = 1; count < 5000; count++) {
+ if (sendmsg(sock_fd1, &msg, 0) == -1) {
+ tst_brk(TBROK | TERRNO,
+ "sendmsg() failed to send data to server");
+ }
+ }
+
+ SAFE_CLOSE(sock_fd1);
+}
+
+static void server(void)
+{
+ int sock_fd2;
+ static char recv_buf[128];
+ struct sockaddr_in server_addr;
+ struct sockaddr_in from_addr;
+ struct msghdr msg;
+ struct iovec iov;
+
+ sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
+
+ memset(&server_addr, 0, sizeof(server_addr));
+ server_addr.sin_family = AF_INET;
+ server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
+ server_addr.sin_port = htons(4000);
+
+ SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
+
+ msg.msg_name = &from_addr;
+ msg.msg_namelen = sizeof(from_addr) + 16;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_iov->iov_base = recv_buf;
+ msg.msg_iov->iov_len = 128;
+ msg.msg_control = 0;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+
+ TST_CHECKPOINT_WAKE(0);
+
+ TEST(recvmsg(sock_fd2, &msg, 0));
+ if (TEST_RETURN == -1) {
+ tst_brk(TBROK | TTERRNO,
+ "recvmsg() failed to recvice data from client");
+ }
+
+ if (msg.msg_namelen != sizeof(from_addr)) {
+ tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
+ "expected %lu", msg.msg_namelen, sizeof(from_addr));
+ } else {
+ tst_res(TPASS, "msg_namelen was set to %u correctly",
+ msg.msg_namelen);
+ }
+
+ SAFE_CLOSE(sock_fd2);
+}
+
+static void verify_recvmsg(void)
+{
+ pid_t pid;
+
+ pid = SAFE_FORK();
+ if (pid == 0) {
+ client();
+ } else {
+ server();
+ tst_reap_children();
+ }
+}
+
+static struct tst_test test = {
+ .tid = "recvmsg03",
+ .forks_child = 1,
+ .needs_checkpoints = 1,
+ .setup = setup,
+ .test_all = verify_recvmsg
+};
--
1.8.3.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-11-16 5:37 ` Xiao Yang
@ 2016-12-13 7:50 ` Xiao Yang
2017-03-15 15:35 ` Cyril Hrubis
0 siblings, 1 reply; 14+ messages in thread
From: Xiao Yang @ 2016-12-13 7:50 UTC (permalink / raw)
To: ltp
Hi Cyril
ping:-)
When I built kernel with CONFIG_RDS enabled, I have tested it and
reproduced this bug on
v3.5 kernel without the fix patch.
Thanks,
Xiao Yang
On 2016/11/16 13:37, Xiao Yang wrote:
> If the size of address for receiving data is set larger than
> actaul size, recvmsg() will set msg_namelen incorrectly.
>
> This bug has been fixed by the following kernel patch:
> 'commit 06b6a1cf6e77 ("rds: set correct msg_namelen")'
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/.gitignore | 1 +
> testcases/kernel/syscalls/recvmsg/recvmsg03.c | 170 ++++++++++++++++++++++++++
> 3 files changed, 172 insertions(+)
> create mode 100644 testcases/kernel/syscalls/recvmsg/recvmsg03.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 2f2dde5..458cf2f 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -869,6 +869,7 @@ recvfrom01 recvfrom01
>
> recvmsg01 recvmsg01
> recvmsg02 recvmsg02
> +recvmsg03 recvmsg03
>
> remap_file_pages01 remap_file_pages01
> remap_file_pages02 remap_file_pages02
> diff --git a/testcases/kernel/syscalls/.gitignore b/testcases/kernel/syscalls/.gitignore
> index 348c235..6377bd2 100644
> --- a/testcases/kernel/syscalls/.gitignore
> +++ b/testcases/kernel/syscalls/.gitignore
> @@ -724,6 +724,7 @@
> /recvfrom/recvfrom01
> /recvmsg/recvmsg01
> /recvmsg/recvmsg02
> +/recvmsg/recvmsg03
> /remap_file_pages/remap_file_pages01
> /remap_file_pages/remap_file_pages02
> /removexattr/removexattr01
> diff --git a/testcases/kernel/syscalls/recvmsg/recvmsg03.c b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> new file mode 100644
> index 0000000..b23a7d1
> --- /dev/null
> +++ b/testcases/kernel/syscalls/recvmsg/recvmsg03.c
> @@ -0,0 +1,170 @@
> +/*
> + * Copyright(c) 2016 Fujitsu Ltd.
> + * Author: Xiao Yang <yangx.jy@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of version 2 of the GNU General Public License as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it would be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + * You should have received a copy of the GNU General Public License
> + * alone with this program.
> + */
> +
> +/*
> + * Test Name: recvmsg03
> + *
> + * This test needs that rds socket is supported by system.
> + * If the size of address for receiving data is set larger than
> + * actaul size, recvmsg() will set msg_namelen incorrectly.
> + *
> + * Description:
> + * This is a regression test and has been fixed by kernel commit:
> + * 06b6a1cf6e776426766298d055bb3991957d90a7 (rds: set correct msg_namelen)
> + */
> +
> +#include <errno.h>
> +#include <string.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +
> +#include "tst_test.h"
> +
> +#ifndef AF_RDS
> +# define AF_RDS 21
> +#endif
> +
> +static void setup(void)
> +{
> + int res;
> +
> + res = socket(AF_RDS, SOCK_SEQPACKET, 0);
> + if (res == -1) {
> + if (errno == EAFNOSUPPORT)
> + tst_brk(TCONF, "rds was not supported");
> + else
> + tst_brk(TBROK | TERRNO, "socket() failed with rds");
> + }
> +
> + SAFE_CLOSE(res);
> +}
> +
> +static void client(void)
> +{
> + TST_CHECKPOINT_WAIT(0);
> +
> + int sock_fd1, count;
> + char send_buf[128] = "hello world";
> + struct sockaddr_in server_addr;
> + struct sockaddr_in to_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd1 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4001);
> +
> + SAFE_BIND(sock_fd1, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + memset(&to_addr, 0, sizeof(to_addr));
> +
> + to_addr.sin_family = AF_INET;
> + to_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + to_addr.sin_port = htons(4000);
> + msg.msg_name = &to_addr;
> + msg.msg_namelen = sizeof(to_addr);
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = send_buf;
> + msg.msg_iov->iov_len = strlen(send_buf) + 1;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + /* make sure that recvmsg() can succeed to get data.
> + * we may not send data successfully when loading rds
> + * module for the first time.
> + */
> + for (count = 1; count < 5000; count++) {
> + if (sendmsg(sock_fd1, &msg, 0) == -1) {
> + tst_brk(TBROK | TERRNO,
> + "sendmsg() failed to send data to server");
> + }
> + }
> +
> + SAFE_CLOSE(sock_fd1);
> +}
> +
> +static void server(void)
> +{
> + int sock_fd2;
> + static char recv_buf[128];
> + struct sockaddr_in server_addr;
> + struct sockaddr_in from_addr;
> + struct msghdr msg;
> + struct iovec iov;
> +
> + sock_fd2 = SAFE_SOCKET(AF_RDS, SOCK_SEQPACKET, 0);
> +
> + memset(&server_addr, 0, sizeof(server_addr));
> + server_addr.sin_family = AF_INET;
> + server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
> + server_addr.sin_port = htons(4000);
> +
> + SAFE_BIND(sock_fd2, (struct sockaddr *) &server_addr, sizeof(server_addr));
> +
> + msg.msg_name = &from_addr;
> + msg.msg_namelen = sizeof(from_addr) + 16;
> + msg.msg_iov = &iov;
> + msg.msg_iovlen = 1;
> + msg.msg_iov->iov_base = recv_buf;
> + msg.msg_iov->iov_len = 128;
> + msg.msg_control = 0;
> + msg.msg_controllen = 0;
> + msg.msg_flags = 0;
> +
> + TST_CHECKPOINT_WAKE(0);
> +
> + TEST(recvmsg(sock_fd2, &msg, 0));
> + if (TEST_RETURN == -1) {
> + tst_brk(TBROK | TTERRNO,
> + "recvmsg() failed to recvice data from client");
> + }
> +
> + if (msg.msg_namelen != sizeof(from_addr)) {
> + tst_res(TFAIL, "msg_namelen was set to %u incorrectly, "
> + "expected %lu", msg.msg_namelen, sizeof(from_addr));
> + } else {
> + tst_res(TPASS, "msg_namelen was set to %u correctly",
> + msg.msg_namelen);
> + }
> +
> + SAFE_CLOSE(sock_fd2);
> +}
> +
> +static void verify_recvmsg(void)
> +{
> + pid_t pid;
> +
> + pid = SAFE_FORK();
> + if (pid == 0) {
> + client();
> + } else {
> + server();
> + tst_reap_children();
> + }
> +}
> +
> +static struct tst_test test = {
> + .tid = "recvmsg03",
> + .forks_child = 1,
> + .needs_checkpoints = 1,
> + .setup = setup,
> + .test_all = verify_recvmsg
> +};
^ permalink raw reply [flat|nested] 14+ messages in thread
* [LTP] [PATCH v3] syscalls/recvmsg03.c: add new testcase
2016-12-13 7:50 ` Xiao Yang
@ 2017-03-15 15:35 ` Cyril Hrubis
0 siblings, 0 replies; 14+ messages in thread
From: Cyril Hrubis @ 2017-03-15 15:35 UTC (permalink / raw)
To: ltp
Hi!
> ping:-)
>
> When I built kernel with CONFIG_RDS enabled, I have tested it and
> reproduced this bug on
> v3.5 kernel without the fix patch.
Pushed, thanks.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2017-03-15 15:35 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-31 11:23 [LTP] [PATCH] syscalls/recvmsg03.c: add new testcase Xiao Yang
2016-10-31 13:39 ` Cyril Hrubis
2016-11-01 2:24 ` [LTP] [PATCH v2] " Xiao Yang
2016-11-02 5:34 ` Xiao Yang
2016-11-02 5:22 ` Xiao Yang
2016-11-02 13:06 ` Cyril Hrubis
2016-11-03 7:49 ` [LTP] [PATCH v3] " Xiao Yang
2016-11-11 1:30 ` Xiao Yang
2016-11-15 14:04 ` Cyril Hrubis
2016-11-16 4:34 ` Xiao Yang
2016-11-16 5:37 ` Xiao Yang
2016-12-13 7:50 ` Xiao Yang
2017-03-15 15:35 ` Cyril Hrubis
2016-11-07 10:52 ` [LTP] [PATCH v2] " Xiao Yang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.