ktls: Add a regression test to exercise socket error handling

Prior to commit 916c61a5ed37 ("Fix handling of errors from
pru_send(PRUS_NOTREADY)") this test triggered a kernel panic due to an
mbuf double free.

Reviewed by:	jhb
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33517

1 files changed, 42 insertions, 0 deletions

diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index ec71d0c9cd33..9525258a64bc 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -1722,6 +1722,45 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc)			\
  */
 AES_CBC_TESTS(GEN_UNSUPPORTED_RECEIVE_TEST);
 
+/*
+ * Try to perform an invalid sendto(2) on a TXTLS-enabled socket, to exercise
+ * KTLS error handling in the socket layer.
+ */
+ATF_TC_WITHOUT_HEAD(ktls_sendto_baddst);
+ATF_TC_BODY(ktls_sendto_baddst, tc)
+{
+	char buf[32];
+	struct sockaddr_in dst;
+	struct tls_enable en;
+	ssize_t n;
+	int s;
+
+	ATF_REQUIRE_KTLS();
+
+	s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	ATF_REQUIRE(s >= 0);
+
+	build_tls_enable(CRYPTO_AES_NIST_GCM_16, 128 / 8, 0,
+	    TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
+
+	ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,
+	    sizeof(en)) == 0);
+
+	memset(&dst, 0, sizeof(dst));
+	dst.sin_family = AF_INET;
+	dst.sin_len = sizeof(dst);
+	dst.sin_addr.s_addr = htonl(INADDR_BROADCAST);
+	dst.sin_port = htons(12345);
+
+	memset(buf, 0, sizeof(buf));
+	n = sendto(s, buf, sizeof(buf), 0, (struct sockaddr *)&dst,
+	    sizeof(dst));
+
+	/* Can't transmit to the broadcast address over TCP. */
+	ATF_REQUIRE_ERRNO(EACCES, n == -1);
+	ATF_REQUIRE(close(s) == 0);
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 	/* Transmit tests */
@@ -1739,5 +1778,8 @@ ATF_TP_ADD_TCS(tp)
 	TLS_13_TESTS(ADD_PADDING_RECEIVE_TESTS);
 	INVALID_CIPHER_SUITES(ADD_INVALID_RECEIVE_TEST);
 
+	/* Miscellaneous */
+	ATF_TP_ADD_TC(tp, ktls_sendto_baddst);
+
 	return (atf_no_error());
 }