ktls: Add a regression test to exercise socket error handling

Prior to commit 916c61a5ed ("Fix handling of errors from pru_send(PRUS_NOTREADY)") this test triggered a kernel panic due to an mbuf double free. Reviewed by: jhb MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33517
2024-10-15 21:05:08 +00:00 · 2021-12-17 11:00:19 -05:00 · 2021-12-17 11:00:19 -05:00 · ee5686c614
parent d157f2627b
commit ee5686c614
1 changed files with 42 additions and 0 deletions
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@ -1722,6 +1722,45 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc)			\
 */
 AES_CBC_TESTS(GEN_UNSUPPORTED_RECEIVE_TEST);

+/*
+ * Try to perform an invalid sendto(2) on a TXTLS-enabled socket, to exercise
+ * KTLS error handling in the socket layer.
+ */
+ATF_TC_WITHOUT_HEAD(ktls_sendto_baddst);
+ATF_TC_BODY(ktls_sendto_baddst, tc)
+{
+	char buf[32];
+	struct sockaddr_in dst;
+	struct tls_enable en;
+	ssize_t n;
+	int s;
+
+	ATF_REQUIRE_KTLS();
+
+	s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	ATF_REQUIRE(s >= 0);
+
+	build_tls_enable(CRYPTO_AES_NIST_GCM_16, 128 / 8, 0,
+	    TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
+
+	ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,
+	    sizeof(en)) == 0);
+
+	memset(&dst, 0, sizeof(dst));
+	dst.sin_family = AF_INET;
+	dst.sin_len = sizeof(dst);
+	dst.sin_addr.s_addr = htonl(INADDR_BROADCAST);
+	dst.sin_port = htons(12345);
+
+	memset(buf, 0, sizeof(buf));
+	n = sendto(s, buf, sizeof(buf), 0, (struct sockaddr *)&dst,
+	    sizeof(dst));
+
+	/* Can't transmit to the broadcast address over TCP. */
+	ATF_REQUIRE_ERRNO(EACCES, n == -1);
+	ATF_REQUIRE(close(s) == 0);
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 	/* Transmit tests */
@ -1739,5 +1778,8 @@ ATF_TP_ADD_TCS(tp)
 	TLS_13_TESTS(ADD_PADDING_RECEIVE_TESTS);
 	INVALID_CIPHER_SUITES(ADD_INVALID_RECEIVE_TEST);

+	/* Miscellaneous */
+	ATF_TP_ADD_TC(tp, ktls_sendto_baddst);
+
 	return (atf_no_error());
 }