Basic tests for setrlimit(2).

2011-04-05 19:02:22 +00:00 · 2011-04-05 19:02:22 +00:00 · 28d491ccd9
parent c5f754b958
commit 28d491ccd9
3 changed files with 494 additions and 7 deletions
--- a/distrib/sets/lists/tests/mi
+++ b/distrib/sets/lists/tests/mi
@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.293 2011/04/05 08:24:28 jruoho Exp $
+# $NetBSD: mi,v 1.294 2011/04/05 19:02:22 jruoho Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@ -574,6 +574,7 @@
 ./usr/libdata/debug/usr/tests/syscall/t_getsid.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_mmap.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_mprotect.debug			tests-syscall-debug	debug,atf
+./usr/libdata/debug/usr/tests/syscall/t_setrlimit.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_setuid.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_timer.debug			tests-syscall-debug	debug,atf
 ./usr/libdata/debug/usr/tests/syscall/t_umask.debug			tests-syscall-debug	debug,atf
@ -2120,6 +2121,7 @@
 ./usr/tests/syscall/t_getsid			tests-syscall-tests	atf
 ./usr/tests/syscall/t_mmap			tests-syscall-tests	atf
 ./usr/tests/syscall/t_mprotect			tests-syscall-tests	atf
+./usr/tests/syscall/t_setrlimit			tests-syscall-tests	atf
 ./usr/tests/syscall/t_setuid			tests-syscall-tests	atf
 ./usr/tests/syscall/t_timer			tests-syscall-tests	atf
 ./usr/tests/syscall/t_umask			tests-syscall-tests	atf
--- a/tests/syscall/Makefile
+++ b/tests/syscall/Makefile
@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.18 2011/04/04 19:08:43 jruoho Exp $
+# $NetBSD: Makefile,v 1.19 2011/04/05 19:02:23 jruoho Exp $

 .include <bsd.own.mk>

 TESTSDIR=	${TESTSBASE}/syscall

 TESTS_C+=	t_access t_cmsg t_dup t_fsync t_getpid t_getsid
-TESTS_C+=	t_mmap t_mprotect t_setuid t_timer t_umask
+TESTS_C+=	t_mmap t_mprotect t_setrlimit t_setuid t_timer t_umask

-LDADD.t_getpid+=-lpthread
-LDADD.t_timer+=	-lpthread
+LDADD.t_getpid+=	-lpthread
+LDADD.t_timer+=		-lpthread

-LDADD.t_cmsg+=	-lrumpnet_local -lrumpnet_net -lrumpnet
-LDADD.t_cmsg+=	-lrumpvfs -lrump -lrumpuser -lpthread
+LDADD.t_cmsg+=		-lrumpnet_local -lrumpnet_net -lrumpnet
+LDADD.t_cmsg+=		-lrumpvfs -lrump -lrumpuser -lpthread

 WARNS=		4

--- a/tests/syscall/t_setrlimit.c
+++ b/tests/syscall/t_setrlimit.c
@ -0,0 +1,485 @@
+/* $NetBSD: t_setrlimit.c,v 1.1 2011/04/05 19:02:23 jruoho Exp $ */
+
+/*-
+ * Copyright (c) 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Jukka Ruohonen.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: t_setrlimit.c,v 1.1 2011/04/05 19:02:23 jruoho Exp $");
+
+#include <sys/resource.h>
+#include <sys/mman.h>
+#include <sys/wait.h>
+
+#include <atf-c.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static void		 sighandler(int);
+static const char	 path[] = "/tmp/setrlimit";
+
+static const int rlimit[] = {
+	RLIMIT_AS,
+	RLIMIT_CORE,
+	RLIMIT_CPU,
+	RLIMIT_DATA,
+	RLIMIT_FSIZE,
+	RLIMIT_MEMLOCK,
+	RLIMIT_NOFILE,
+	RLIMIT_NPROC,
+	RLIMIT_RSS,
+	RLIMIT_SBSIZE,
+	RLIMIT_STACK
+};
+
+ATF_TC(setrlimit_basic);
+ATF_TC_HEAD(setrlimit_basic, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "A basic soft limit test");
+}
+
+ATF_TC_BODY(setrlimit_basic, tc)
+{
+	struct rlimit res;
+	int *buf, lim;
+	size_t i;
+
+	buf = calloc(__arraycount(rlimit), sizeof(int));
+
+	if (buf == NULL)
+		atf_tc_fail("initialization failed");
+
+	for (i = lim = 0; i < __arraycount(rlimit); i++) {
+
+		(void)memset(&res, 0, sizeof(struct rlimit));
+
+		if (getrlimit(rlimit[i], &res) != 0)
+			continue;
+
+		if (res.rlim_cur == RLIM_INFINITY)
+			continue;
+
+		if (res.rlim_cur == res.rlim_max) /* An unprivileged run. */
+			continue;
+
+		buf[i] = res.rlim_cur;
+		res.rlim_cur = res.rlim_cur - 1;
+
+		if (setrlimit(rlimit[i], &res) != 0) {
+			lim = rlimit[i];
+			goto out;
+		}
+	}
+
+out:
+	for (i = 0; i < __arraycount(rlimit); i++) {
+
+		(void)memset(&res, 0, sizeof(struct rlimit));
+
+		if (buf[i] == 0)
+			continue;
+
+		if (getrlimit(rlimit[i], &res) != 0)
+			continue;
+
+		res.rlim_cur = buf[i];
+
+		(void)setrlimit(rlimit[i], &res);
+	}
+
+	if (lim != 0)
+		atf_tc_fail("failed to set limit (%d)", lim);
+}
+
+ATF_TC(setrlimit_current);
+ATF_TC_HEAD(setrlimit_current, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "setrlimit(3) with current limits");
+}
+
+ATF_TC_BODY(setrlimit_current, tc)
+{
+	struct rlimit res;
+	size_t i;
+
+	for (i = 0; i < __arraycount(rlimit); i++) {
+
+		(void)memset(&res, 0, sizeof(struct rlimit));
+
+		ATF_REQUIRE(getrlimit(rlimit[i], &res) == 0);
+		ATF_REQUIRE(setrlimit(rlimit[i], &res) == 0);
+	}
+}
+
+ATF_TC(setrlimit_err);
+ATF_TC_HEAD(setrlimit_err, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test error conditions");
+}
+
+ATF_TC_BODY(setrlimit_err, tc)
+{
+	struct rlimit res;
+	size_t i;
+
+	for (i = 0; i < __arraycount(rlimit); i++) {
+
+		errno = 0;
+
+		ATF_REQUIRE(getrlimit(rlimit[i], (void *)0) != 0);
+		ATF_REQUIRE(errno == EFAULT);
+	}
+
+	errno = 0;
+
+	ATF_REQUIRE(getrlimit(INT_MAX, &res) != 0);
+	ATF_REQUIRE(errno == EINVAL);
+}
+
+ATF_TC_WITH_CLEANUP(setrlimit_fsize);
+ATF_TC_HEAD(setrlimit_fsize, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setrlimit(2), RLIMIT_FSIZE");
+}
+
+ATF_TC_BODY(setrlimit_fsize, tc)
+{
+	struct rlimit res;
+	int fd, sta;
+	pid_t pid;
+
+	fd = open(path, O_RDWR | O_CREAT, 0700);
+
+	if (fd < 0)
+		atf_tc_fail("initialization failed");
+
+	pid = fork();
+	ATF_REQUIRE(pid >= 0);
+
+	if (pid == 0) {
+
+		(void)memset(&res, 0, sizeof(struct rlimit));
+
+		res.rlim_cur = 2;
+		res.rlim_max = 2;
+
+		if (setrlimit(RLIMIT_FSIZE, &res) != 0)
+			_exit(EXIT_FAILURE);
+
+		if (signal(SIGXFSZ, sighandler) == SIG_ERR)
+			_exit(EXIT_FAILURE);
+
+		/*
+		 * The third call should generate a SIGXFSZ.
+		 */
+		(void)write(fd, "X", 1);
+		(void)write(fd, "X", 1);
+		(void)write(fd, "X", 1);
+
+		_exit(EXIT_FAILURE);
+	}
+
+	(void)close(fd);
+	(void)wait(&sta);
+	(void)unlink(path);
+
+	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
+		atf_tc_fail("RLIMIT_FSIZE not enforced");
+}
+
+ATF_TC_CLEANUP(setrlimit_fsize, tc)
+{
+	(void)unlink(path);
+}
+
+static void
+sighandler(int signo)
+{
+
+	if (signo != SIGXFSZ)
+		_exit(EXIT_FAILURE);
+
+	_exit(EXIT_SUCCESS);
+}
+
+ATF_TC(setrlimit_memlock);
+ATF_TC_HEAD(setrlimit_memlock, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setrlimit(2), RLIMIT_MEMLOCK");
+}
+
+ATF_TC_BODY(setrlimit_memlock, tc)
+{
+	struct rlimit res;
+	void *buf;
+	long page;
+	pid_t pid;
+	int sta;
+
+	page = sysconf(_SC_PAGESIZE);
+	ATF_REQUIRE(page >= 0);
+
+	buf = malloc(page);
+	pid = fork();
+
+	if (buf == NULL || pid < 0)
+		atf_tc_fail("initialization failed");
+
+	if (pid == 0) {
+
+		/*
+		 * Try to lock a page while
+		 * RLIMIT_MEMLOCK is zero.
+		 */
+		if (mlock(buf, page) != 0)
+			_exit(EXIT_FAILURE);
+
+		if (munlock(buf, page) != 0)
+			_exit(EXIT_FAILURE);
+
+		res.rlim_cur = 0;
+		res.rlim_max = 0;
+
+		if (setrlimit(RLIMIT_MEMLOCK, &res) != 0)
+			_exit(EXIT_FAILURE);
+
+		if (mlock(buf, page) != 0)
+			_exit(EXIT_SUCCESS);
+
+		(void)munlock(buf, page);
+
+		_exit(EXIT_SUCCESS);
+	}
+
+	free(buf);
+
+	(void)wait(&sta);
+
+	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
+		atf_tc_fail("RLIMIT_MEMLOCK not enforced");
+}
+
+ATF_TC(setrlimit_nofile_1);
+ATF_TC_HEAD(setrlimit_nofile_1, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setrlimit(2), RLIMIT_NOFILE, #1");
+}
+
+ATF_TC_BODY(setrlimit_nofile_1, tc)
+{
+	struct rlimit res;
+	int fd, i, rv, sta;
+	pid_t pid;
+
+	res.rlim_cur = 0;
+	res.rlim_max = 0;
+
+	pid = fork();
+	ATF_REQUIRE(pid >= 0);
+
+	if (pid == 0) {
+
+		/*
+		 * Close all descriptors, set RLIMIT_NOFILE
+		 * to zero, and try to open a random file.
+		 * This should fail with EMFILE.
+		 */
+		for (i = 0; i < 1024; i++)
+			(void)close(i);
+
+		rv = setrlimit(RLIMIT_NOFILE, &res);
+
+		if (rv != 0)
+			_exit(EXIT_FAILURE);
+
+		errno = 0;
+		fd = open("/etc/passwd", O_RDONLY);
+
+		if (fd >= 0 || errno != EMFILE)
+			_exit(EXIT_FAILURE);
+
+		_exit(EXIT_SUCCESS);
+	}
+
+	(void)wait(&sta);
+
+	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
+		atf_tc_fail("RLIMIT_NOFILE not enforced");
+}
+
+ATF_TC(setrlimit_nofile_2);
+ATF_TC_HEAD(setrlimit_nofile_2, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setrlimit(2), RLIMIT_NOFILE, #2");
+}
+
+ATF_TC_BODY(setrlimit_nofile_2, tc)
+{
+	static const rlim_t lim = 12;
+	struct rlimit res;
+	int fd, i, rv, sta;
+	pid_t pid;
+
+	/*
+	 * See that an arbitrary limit on
+	 * open files is being enforced.
+	 */
+	res.rlim_cur = lim;
+	res.rlim_max = lim;
+
+	pid = fork();
+	ATF_REQUIRE(pid >= 0);
+
+	if (pid == 0) {
+
+		for (i = 0; i < 1024; i++)
+			(void)close(i);
+
+		rv = setrlimit(RLIMIT_NOFILE, &res);
+
+		if (rv != 0)
+			_exit(EXIT_FAILURE);
+
+		for (i = 0; i < (int)lim; i++) {
+
+			fd = open("/etc/passwd", O_RDONLY);
+
+			if (fd < 0)
+				_exit(EXIT_FAILURE);
+		}
+
+		/*
+		 * After the limit has been reached,
+		 * EMFILE should again follow.
+		 */
+		fd = open("/etc/passwd", O_RDONLY);
+
+		if (fd >= 0 || errno != EMFILE)
+			_exit(EXIT_FAILURE);
+
+		_exit(EXIT_SUCCESS);
+	}
+
+	(void)wait(&sta);
+
+	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
+		atf_tc_fail("RLIMIT_NOFILE not enforced");
+}
+
+ATF_TC(setrlimit_nproc);
+ATF_TC_HEAD(setrlimit_nproc, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setrlimit(2), RLIMIT_NPROC");
+	atf_tc_set_md_var(tc, "require.user", "unprivileged");
+}
+
+ATF_TC_BODY(setrlimit_nproc, tc)
+{
+	struct rlimit res;
+	pid_t pid, cpid;
+	int sta;
+
+	pid = fork();
+	ATF_REQUIRE(pid >= 0);
+
+	if (pid == 0) {
+
+		/*
+		 * Set RLIMIT_NPROC to zero and try to fork.
+		 */
+		(void)memset(&res, 0, sizeof(struct rlimit));
+
+		res.rlim_cur = 0;
+		res.rlim_max = 0;
+
+		if (setrlimit(RLIMIT_NPROC, &res) != 0)
+			_exit(EXIT_FAILURE);
+
+		cpid = fork();
+
+		if (cpid < 0)
+			_exit(EXIT_SUCCESS);
+
+		_exit(EXIT_FAILURE);
+	}
+
+	(void)waitpid(pid, &sta, 0);
+
+	if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS)
+		atf_tc_fail("RLIMIT_NPROC not enforced");
+}
+
+ATF_TC(setrlimit_perm);
+ATF_TC_HEAD(setrlimit_perm, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test setrlimit(2) for EPERM");
+	atf_tc_set_md_var(tc, "require.user", "unprivileged");
+}
+
+ATF_TC_BODY(setrlimit_perm, tc)
+{
+	struct rlimit res;
+	size_t i;
+
+	/*
+	 * Try to raise the maximum limits as an user.
+	 */
+	for (i = 0; i < __arraycount(rlimit); i++) {
+
+		ATF_REQUIRE(getrlimit(rlimit[i], &res) == 0);
+
+		if (res.rlim_max == UINT64_MAX) /* Overflow. */
+			continue;
+
+		errno = 0;
+		res.rlim_max = res.rlim_max + 1;
+
+		ATF_REQUIRE(setrlimit(rlimit[i], &res) != 0);
+		ATF_REQUIRE(errno == EPERM);
+	}
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+
+	ATF_TP_ADD_TC(tp, setrlimit_basic);
+	ATF_TP_ADD_TC(tp, setrlimit_current);
+	ATF_TP_ADD_TC(tp, setrlimit_err);
+	ATF_TP_ADD_TC(tp, setrlimit_fsize);
+	ATF_TP_ADD_TC(tp, setrlimit_memlock);
+	ATF_TP_ADD_TC(tp, setrlimit_nofile_1);
+	ATF_TP_ADD_TC(tp, setrlimit_nofile_2);
+	ATF_TP_ADD_TC(tp, setrlimit_nproc);
+	ATF_TP_ADD_TC(tp, setrlimit_perm);
+
+	return atf_no_error();
+}