/* $NetBSD: t_cloexec.c,v 1.1 2024/11/10 15:57:32 riastradh Exp $ */
/*-
* Copyright (c) 2024 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__RCSID("$NetBSD: t_cloexec.c,v 1.1 2024/11/10 15:57:32 riastradh Exp $");
#include <sys/types.h>
#include <sys/bitops.h>
#include <sys/event.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/wait.h>
#include <atf-c.h>
#include <fcntl.h>
#include <limits.h>
#include <spawn.h>
#include <stdio.h>
#include <unistd.h>
#include "h_macros.h"
/*
* Test close-on-exec as set in various ways
*/
static int
open_via_accept4(void)
{
static const union {
struct sockaddr sa;
struct sockaddr_un sun;
} name = { .sun = {
.sun_family = AF_LOCAL,
.sun_path = "socket",
} };
int slisten, saccept, c;
/*
* Create a listening server socket and bind it to the path.
*/
RL(slisten = socket(PF_LOCAL, SOCK_STREAM, 0));
RL(bind(slisten, &name.sa, sizeof(name)));
RL(listen(slisten, SOMAXCONN));
/*
* Create an active client socket and connect it to the path --
* nonblocking, so we don't deadlock here. If connect doesn't
* succeed immediately, it had better fail immediately with
* EINPROGRESS.
*/
RL(c = socket(PF_LOCAL, SOCK_STREAM|SOCK_NONBLOCK, 0));
if (connect(c, &name.sa, sizeof(name)) == -1) {
ATF_CHECK_EQ_MSG(errno, EINPROGRESS, "connect failed %d: %s",
errno, strerror(errno));
}
/*
* Accept a socket on the server side with SOCK_CLOEXEC.
*/
RL(saccept = accept4(slisten, /*addr*/NULL, /*addrlen*/NULL,
SOCK_CLOEXEC));
return saccept;
}
static int
open_via_clonedev(void)
{
int fd;
RL(fd = open("/dev/drvctl", O_RDONLY|O_CLOEXEC));
return fd;
}
static int
open_via_dup3(void)
{
int fd3;
RL(fd3 = dup3(STDIN_FILENO, 3, O_CLOEXEC));
ATF_REQUIRE_EQ_MSG(fd3, 3, "dup3(STDIN_FILENO, 3, ...)"
" failed to return 3: %d", fd3);
return fd3;
}
static int
open_via_fcntldupfd(void)
{
int fd;
RL(fd = fcntl(STDIN_FILENO, F_DUPFD_CLOEXEC, 0));
return fd;
}
static int
open_via_kqueue(void)
{
int fd;
RL(fd = kqueue1(O_CLOEXEC));
return fd;
}
static int
open_via_opencloexec(void)
{
int fd;
RL(fd = open("file", O_RDWR|O_CREAT|O_CLOEXEC, 0644));
return fd;
}
static int
open_via_openfcntlcloexec(void)
{
int fd;
RL(fd = open("file", O_RDWR|O_CREAT, 0644));
RL(fcntl(fd, F_SETFD, FD_CLOEXEC));
return fd;
}
static int
open_via_openioctlfioclex(void)
{
int fd;
RL(fd = open("file", O_RDWR|O_CREAT, 0644));
RL(ioctl(fd, FIOCLEX));
return fd;
}
static int
open_via_pipe2rd(void)
{
int fd[2];
RL(pipe2(fd, O_CLOEXEC));
return fd[0];
}
static int
open_via_pipe2wr(void)
{
int fd[2];
RL(pipe2(fd, O_CLOEXEC));
return fd[1];
}
static int
open_via_paccept(void)
{
static const union {
struct sockaddr sa;
struct sockaddr_un sun;
} name = { .sun = {
.sun_family = AF_LOCAL,
.sun_path = "socket",
} };
int slisten, saccept, c;
/*
* Create a listening server socket and bind it to the path.
*/
RL(slisten = socket(PF_LOCAL, SOCK_STREAM, 0));
RL(bind(slisten, &name.sa, sizeof(name)));
RL(listen(slisten, SOMAXCONN));
/*
* Create an active client socket and connect it to the path --
* nonblocking, so we don't deadlock here. If connect doesn't
* succeed immediately, it had better fail immediately with
* EINPROGRESS.
*/
RL(c = socket(PF_LOCAL, SOCK_STREAM|SOCK_NONBLOCK, 0));
if (connect(c, &name.sa, sizeof(name)) == -1) {
ATF_CHECK_EQ_MSG(errno, EINPROGRESS, "connect failed %d: %s",
errno, strerror(errno));
}
/*
* Accept a socket on the server side with SOCK_CLOEXEC.
*/
RL(saccept = paccept(slisten, /*addr*/NULL, /*addrlen*/NULL,
/*sigmask*/NULL, SOCK_CLOEXEC));
return saccept;
}
static int
open_via_socket(void)
{
int fd;
RL(fd = socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0));
return fd;
}
static int
open_via_socketpair0(void)
{
int fd[2];
RL(socketpair(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, fd));
return fd[0];
}
static int
open_via_socketpair1(void)
{
int fd[2];
RL(socketpair(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, fd));
return fd[1];
}
/*
* XXX Close-on-exec paths still missing:
* XXX
* XXX compat_linux inotify
* XXX compat_linux close_range
* XXX drm i915_perf_open_ioctl
* XXX drm dma_buf
* XXX eventfd(2)
* XXX memfd(2)
* XXX timerfd(2)
* XXX recvmsg/recvmmsg with MSG_CMSG_CLOEXEC
*/
static void
check_cloexec(const struct atf_tc *tc, int fd,
pid_t (*execfn)(char *, char *const[]))
{
char h_cloexec[PATH_MAX];
char fdstr[(ilog2(INT_MAX) + 1)/(ilog2(10) - 1) + 1];
char *const argv[] = {__UNCONST("h_cloexec"), fdstr, NULL};
pid_t child, waitedpid;
int status;
/*
* Format the h_cloexec helper executable path, which lives in
* the test's directory (typically /usr/tests/kernel), and the
* argument of a file descriptor in decimal.
*/
snprintf(h_cloexec, sizeof(h_cloexec), "%s/h_cloexec",
atf_tc_get_config_var(tc, "srcdir"));
snprintf(fdstr, sizeof(fdstr), "%d", fd);
/*
* Execute h_cloexec as a subprocess.
*/
child = (*execfn)(h_cloexec, argv);
/*
* Wait for the child to complete.
*/
RL(waitedpid = waitpid(child, &status, 0));
ATF_CHECK_EQ_MSG(child, waitedpid, "waited for %jd, got %jd",
(intmax_t)child, (intmax_t)waitedpid);
/*
* Verify the child exited normally.
*/
if (WIFSIGNALED(status)) {
atf_tc_fail("subprocess terminated on signal %d",
WTERMSIG(status));
return;
} else if (!WIFEXITED(status)) {
atf_tc_fail("subprocess failed to exit normally: status=0x%x",
status);
return;
}
/*
* h_cloexec is supposed to exit status 0 if an operation on
* the fd failed with EBADFD, 1 if it unexpectedly succeeded,
* 127 if exec returned, or something else if anything else
* happened.
*/
switch (WEXITSTATUS(status)) {
case 0: /* success -- closed on exec */
return;
case 1: /* fail -- not closed on exec */
atf_tc_fail("fd was not closed on exec");
return;
case 127: /* exec failed */
atf_tc_fail("failed to exec h_cloexec");
return;
default: /* something else went wong */
atf_tc_fail("h_cloexec failed unexpectedly: %d",
WEXITSTATUS(status));
return;
}
}
static pid_t
exec_via_forkexecve(char *prog, char *const argv[])
{
pid_t pid;
RL(pid = fork());
if (pid == 0) { /* child */
if (execve(prog, argv, /*envp*/NULL) == -1)
_exit(127);
abort();
}
/* parent */
return pid;
}
static pid_t
exec_via_vforkexecve(char *prog, char *const argv[])
{
pid_t pid;
RL(pid = vfork());
if (pid == 0) { /* child */
if (execve(prog, argv, /*envp*/NULL) == -1)
_exit(127);
abort();
}
/* parent */
return pid;
}
static pid_t
exec_via_posixspawn(char *prog, char *const argv[])
{
pid_t pid;
RZ(posix_spawn(&pid, prog, /*file_actions*/NULL, /*attrp*/NULL, argv,
/*envp*/NULL));
return pid;
}
/*
* Full cartesian product is not really important here -- the paths for
* open and the paths for exec are independent. So we try
* pipe2(O_CLOEXEC) with each exec path, and we try each open path with
* posix_spawn.
*/
#define CLOEXEC_TEST(test, openvia, execvia, descr) \
ATF_TC(test); \
ATF_TC_HEAD(test, tc) \
{ \
atf_tc_set_md_var(tc, "descr", descr); \
} \
ATF_TC_BODY(test, tc) \
{ \
check_cloexec(tc, openvia(), &execvia); \
}
CLOEXEC_TEST(pipe2rd_forkexecve, open_via_pipe2rd, exec_via_forkexecve,
"pipe2(O_CLOEXEC) reader is closed in child on fork/exec")
CLOEXEC_TEST(pipe2rd_vforkexecve, open_via_pipe2rd, exec_via_vforkexecve,
"pipe2(O_CLOEXEC) reader is closed in child on vfork/exec")
CLOEXEC_TEST(pipe2rd_posixspawn, open_via_pipe2rd, exec_via_posixspawn,
"pipe2(O_CLOEXEC) reader is closed in child on posix_spawn")
CLOEXEC_TEST(accept4_posixspawn, open_via_accept4, exec_via_posixspawn,
"accept4(SOCK_CLOEXEC) is closed in child on posix_spawn");
CLOEXEC_TEST(clonedev_posixspawn, open_via_clonedev, exec_via_posixspawn,
"open(\"/dev/drvctl\") is closed in child on posix_spawn");
CLOEXEC_TEST(dup3_posixspawn, open_via_dup3, exec_via_posixspawn,
"dup3(..., O_CLOEXEC) is closed in child on posix_spawn");
CLOEXEC_TEST(fcntldupfd_posixspawn, open_via_fcntldupfd, exec_via_posixspawn,
"fcntl(STDIN_FILENO, F_DUPFD_CLOEXEC) is closed in child on posix_spawn");
CLOEXEC_TEST(kqueue_posixspawn, open_via_kqueue, exec_via_posixspawn,
"kqueue1(O_CLOEXEC) is closed in child on posix_spawn");
CLOEXEC_TEST(opencloexec_posixspawn, open_via_opencloexec, exec_via_posixspawn,
"open(O_CLOEXEC) is closed in child on posix_spawn");
CLOEXEC_TEST(openfcntlcloexec_posixspawn, open_via_openfcntlcloexec,
exec_via_posixspawn,
"fcntl(open(...), F_SETFD, O_CLOEXEC) is closed in child on posix_spawn");
CLOEXEC_TEST(openioctlfioclex_posixspawn, open_via_openioctlfioclex,
exec_via_posixspawn,
"ioctl(open(...), FIOCLEX) is closed in child on posix_spawn");
#if 0 /* already done above */
CLOEXEC_TEST(pipe2rd_posixspawn, open_via_pipe2rd, exec_via_posixspawn,
"pipe2(O_CLOEXEC) reader is closed in child on posix_spawn")
#endif
CLOEXEC_TEST(pipe2wr_posixspawn, open_via_pipe2wr, exec_via_posixspawn,
"pipe2(O_CLOEXEC) writer is closed in child on posix_spawn")
CLOEXEC_TEST(paccept_posixspawn, open_via_paccept, exec_via_posixspawn,
"paccept(..., SOCK_CLOEXEC) is closed in child on posix_spawn")
CLOEXEC_TEST(socket_posixspawn, open_via_socket, exec_via_posixspawn,
"socket(SOCK_CLOEXEC) is closed in child on posix_spawn")
CLOEXEC_TEST(socketpair0_posixspawn, open_via_socketpair0, exec_via_posixspawn,
"socketpair(SOCK_CLOEXEC) side 0 is closed in child on posix_spawn")
CLOEXEC_TEST(socketpair1_posixspawn, open_via_socketpair1, exec_via_posixspawn,
"socketpair(SOCK_CLOEXEC) side 1 is closed in child on posix_spawn")
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, accept4_posixspawn);
ATF_TP_ADD_TC(tp, clonedev_posixspawn);
ATF_TP_ADD_TC(tp, dup3_posixspawn);
ATF_TP_ADD_TC(tp, fcntldupfd_posixspawn);
ATF_TP_ADD_TC(tp, kqueue_posixspawn);
ATF_TP_ADD_TC(tp, opencloexec_posixspawn);
ATF_TP_ADD_TC(tp, openfcntlcloexec_posixspawn);
ATF_TP_ADD_TC(tp, openioctlfioclex_posixspawn);
ATF_TP_ADD_TC(tp, paccept_posixspawn);
ATF_TP_ADD_TC(tp, pipe2rd_forkexecve);
ATF_TP_ADD_TC(tp, pipe2rd_posixspawn);
ATF_TP_ADD_TC(tp, pipe2rd_vforkexecve);
ATF_TP_ADD_TC(tp, pipe2wr_posixspawn);
ATF_TP_ADD_TC(tp, socket_posixspawn);
ATF_TP_ADD_TC(tp, socketpair0_posixspawn);
ATF_TP_ADD_TC(tp, socketpair1_posixspawn);
return atf_no_error();
}
