git: ee5686c614ba - main - ktls: Add a regression test to exercise socket error handling

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Fri, 17 Dec 2021 18:11:47 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=ee5686c614ba7e11e8586b2e5b02dfc550679e96

commit ee5686c614ba7e11e8586b2e5b02dfc550679e96
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-12-17 16:00:19 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-12-17 18:10:22 +0000

    ktls: Add a regression test to exercise socket error handling
    
    Prior to commit 916c61a5ed37 ("Fix handling of errors from
    pru_send(PRUS_NOTREADY)") this test triggered a kernel panic due to an
    mbuf double free.
    
    Reviewed by:    jhb
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D33517
---
 tests/sys/kern/ktls_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index ec71d0c9cd33..9525258a64bc 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -1722,6 +1722,45 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc)			\
  */
 AES_CBC_TESTS(GEN_UNSUPPORTED_RECEIVE_TEST);
 
+/*
+ * Try to perform an invalid sendto(2) on a TXTLS-enabled socket, to exercise
+ * KTLS error handling in the socket layer.
+ */
+ATF_TC_WITHOUT_HEAD(ktls_sendto_baddst);
+ATF_TC_BODY(ktls_sendto_baddst, tc)
+{
+	char buf[32];
+	struct sockaddr_in dst;
+	struct tls_enable en;
+	ssize_t n;
+	int s;
+
+	ATF_REQUIRE_KTLS();
+
+	s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	ATF_REQUIRE(s >= 0);
+
+	build_tls_enable(CRYPTO_AES_NIST_GCM_16, 128 / 8, 0,
+	    TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
+
+	ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,
+	    sizeof(en)) == 0);
+
+	memset(&dst, 0, sizeof(dst));
+	dst.sin_family = AF_INET;
+	dst.sin_len = sizeof(dst);
+	dst.sin_addr.s_addr = htonl(INADDR_BROADCAST);
+	dst.sin_port = htons(12345);
+
+	memset(buf, 0, sizeof(buf));
+	n = sendto(s, buf, sizeof(buf), 0, (struct sockaddr *)&dst,
+	    sizeof(dst));
+
+	/* Can't transmit to the broadcast address over TCP. */
+	ATF_REQUIRE_ERRNO(EACCES, n == -1);
+	ATF_REQUIRE(close(s) == 0);
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 	/* Transmit tests */
@@ -1739,5 +1778,8 @@ ATF_TP_ADD_TCS(tp)
 	TLS_13_TESTS(ADD_PADDING_RECEIVE_TESTS);
 	INVALID_CIPHER_SUITES(ADD_INVALID_RECEIVE_TEST);
 
+	/* Miscellaneous */
+	ATF_TP_ADD_TC(tp, ktls_sendto_baddst);
+
 	return (atf_no_error());
 }