3 files changed, 472 insertions, 3 deletions
diff --git a/lib/libc/tests/net/Makefile b/lib/libc/tests/net/Makefile
index 24cff61e8d24..ec0668633508 100644
--- a/lib/libc/tests/net/Makefile
+++ b/lib/libc/tests/net/Makefile
@@ -4,8 +4,10 @@ ATF_TESTS_C+=	ether_test
 ATF_TESTS_C+=	eui64_aton_test
 ATF_TESTS_C+=	eui64_ntoa_test
 ATF_TESTS_CXX+=	link_addr_test
+ATF_TESTS_CXX+=	inet_net_test
 
 CXXSTD.link_addr_test=	c++20
+CXXSTD.inet_net_test=	c++20
 
 CFLAGS+=	-I${.CURDIR}
 
diff --git a/lib/libc/tests/net/inet_net_test.cc b/lib/libc/tests/net/inet_net_test.cc
new file mode 100644
index 000000000000..60b60b152eca
--- /dev/null
+++ b/lib/libc/tests/net/inet_net_test.cc
@@ -0,0 +1,333 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2025 Lexi Winter <ivy@FreeBSD.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Tests for inet_net_pton() and inet_net_ntop().
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <ranges>
+#include <string>
+#include <vector>
+
+#include <atf-c++.hpp>
+
+using namespace std::literals;
+
+/*
+ * inet_net_ntop() and inet_net_pton() for IPv4.
+ */
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_inet4)
+ATF_TEST_CASE_BODY(inet_net_inet4)
+{
+	/*
+	 * Define a list of addresses we want to check.  Each address is passed
+	 * to inet_net_pton() to convert it to an in_addr, then we convert the
+	 * in_addr back to a string and compare it with the expected value.  We
+	 * want to test over-long prefixes here (such as 10.0.0.1/8), so we also
+	 * specify what the result is expected to be.
+	 */
+
+	struct test_addr {
+		std::string input;
+		int bits;
+		std::string output;
+	};
+
+	auto test_addrs = std::vector<test_addr>{
+		// Simple prefixes that fall on octet boundaries.
+		{ "10.0.0.0/8",		8,	"10/8" },
+		{ "10.1.0.0/16",	16,	"10.1/16" },
+		{ "10.1.2.0/24",	24,	"10.1.2/24" },
+		{ "10.1.2.3/32",	32,	"10.1.2.3/32" },
+
+		// Simple prefixes with the short-form address.
+		{ "10/8",		8,	"10/8" },
+		{ "10.1/16",		16,	"10.1/16" },
+		{ "10.1.2/24",		24,	"10.1.2/24" },
+
+		// A prefix that doesn't fall on an octet boundary.
+		{ "10.1.64/18",		18,	"10.1.64/18" },
+
+		// An overlong prefix with bits that aren't part of the prefix.
+		{ "10.0.0.1/8",		8,	"10/8" },
+	};
+
+	for (auto const &addr: test_addrs) {
+		/*
+		 * Convert the input string to an in_addr + bits, and make
+		 * sure the result produces the number of bits we expected.
+		 */
+
+		auto in = in_addr{};
+		auto bits = inet_net_pton(AF_INET, addr.input.c_str(),
+		    &in, sizeof(in));
+		ATF_REQUIRE(bits != -1);
+		ATF_REQUIRE_EQ(bits, addr.bits);
+
+		/*
+		 * Convert the in_addr back to a string
+		 */
+
+		/*
+		 * XXX: Should there be a constant for the size of the result
+		 * buffer?  For now, use ADDRSTRLEN + 3 ("/32") + 1 (NUL).
+		 *
+		 * Fill the buffer with 'Z', so we can check the result was
+		 * properly terminated.
+		 */
+		auto strbuf = std::vector<char>(INET_ADDRSTRLEN + 3 + 1, 'Z');
+		auto ret = inet_net_ntop(AF_INET, &in, bits,
+		    strbuf.data(), strbuf.size());
+		ATF_REQUIRE(ret != NULL);
+		ATF_REQUIRE_EQ(ret, strbuf.data());
+
+		/* Make sure the result was NUL-terminated and find the NUL */
+		ATF_REQUIRE(strbuf.size() >= 1);
+		auto end = std::ranges::find(strbuf, '\0');
+		ATF_REQUIRE(end != strbuf.end());
+
+		/*
+		 * Check the result matches what we expect.  Use a temporary
+		 * string here instead of std::ranges::equal because this
+		 * means ATF can print the mismatch.
+		 */
+		auto str = std::string(std::ranges::begin(strbuf), end);
+		ATF_REQUIRE_EQ(str, addr.output);
+	}
+}
+
+/*
+ * inet_net_ntop() and inet_net_pton() for IPv6.
+ */
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_inet6)
+ATF_TEST_CASE_BODY(inet_net_inet6)
+{
+	/*
+	 * Define a list of addresses we want to check.  Each address is
+	 * passed to inet_net_pton() to convert it to an in6_addr, then we
+	 * convert the in6_addr back to a string and compare it with the
+	 * expected value.  We want to test over-long prefixes here (such
+	 * as 2001:db8::1/32), so we also specify what the result is
+	 * expected to be.
+	 */
+
+	struct test_addr {
+		std::string input;
+		int bits;
+		std::string output;
+	};
+
+	auto test_addrs = std::vector<test_addr>{
+		// A prefix with a trailing ::
+		{ "2001:db8::/32",	32,	"2001:db8::/32" },
+
+		// A prefix with a leading ::.  Note that the output is
+		// different from the input because inet_ntop() renders
+		// this prefix with an IPv4 suffix for legacy reasons.
+		{ "::ffff:0:0/96",	96,	"::ffff:0.0.0.0/96" },
+
+		// The same prefix but with the IPv4 legacy form as input.
+		{ "::ffff:0.0.0.0/96",	96,	"::ffff:0.0.0.0/96" },
+
+		// A prefix with an infix ::.
+		{ "2001:db8::1/128",	128,	"2001:db8::1/128" },
+
+		// A prefix with bits set which are outside the prefix;
+		// these should be silently ignored.
+		{ "2001:db8:1:1:1:1:1:1/32", 32, "2001:db8::/32" },
+
+		// As above but with infix ::.
+		{ "2001:db8::1/32",	32,	"2001:db8::/32" },
+
+		// A prefix with only ::, commonly used to represent the
+		// entire address space.
+		{ "::/0",		0,	"::/0" },
+
+		// A single address with no ::.
+		{ "2001:db8:1:1:1:1:1:1/128", 128, "2001:db8:1:1:1:1:1:1/128" },
+
+		// A prefix with no ::.
+		{ "2001:db8:1:1:0:0:0:0/64", 64, "2001:db8:1:1::/64" },
+
+		// A prefix which isn't on a 16-bit boundary.
+		{ "2001:db8:c000::/56",	56,	"2001:db8:c000::/56" },
+
+		// A prefix which isn't on a nibble boundary.
+		{ "2001:db8:c100::/57",	57,	"2001:db8:c100::/57" },
+
+		// An address without a prefix length, which should be treated
+		// as a /128.
+		{ "2001:db8::",		128,	"2001:db8::/128" },
+		{ "2001:db8::1",	128,	"2001:db8::1/128" },
+
+		// Test vectors provided in PR bin/289198.
+		{ "fe80::1/64",		64,	"fe80::/64" },
+		{ "fe80::f000:74ff:fe54:bed2/64",
+					64,	"fe80::/64" },
+		{ "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/64",
+					64,	"ffff:ffff:ffff:ffff::/64" },
+		{ "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 128,
+		    "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" },
+	};
+
+	for (auto const &addr: test_addrs) {
+		/*
+		 * Convert the input string to an in6_addr + bits, and make
+		 * sure the result produces the number of bits we expected.
+		 */
+
+		auto in6 = in6_addr{};
+		errno = 0;
+		auto bits = inet_net_pton(AF_INET6, addr.input.c_str(),
+		    &in6, sizeof(in6));
+		ATF_REQUIRE(bits != -1);
+		ATF_REQUIRE_EQ(bits, addr.bits);
+
+		/*
+		 * Convert the in6_addr back to a string
+		 */
+
+		/*
+		 * XXX: Should there be a constant for the size of the result
+		 * buffer?  For now, use ADDRSTRLEN + 4 ("/128") + 1 (NUL).
+		 *
+		 * Fill the buffer with 'Z', so we can check the result was
+		 * properly terminated.
+		 */
+		auto strbuf = std::vector<char>(INET6_ADDRSTRLEN + 4 + 1, 'Z');
+		auto ret = inet_net_ntop(AF_INET6, &in6, bits,
+		    strbuf.data(), strbuf.size());
+		ATF_REQUIRE(ret != NULL);
+		ATF_REQUIRE_EQ(ret, strbuf.data());
+
+		/* Make sure the result was NUL-terminated and find the NUL */
+		ATF_REQUIRE(strbuf.size() >= 1);
+		auto end = std::ranges::find(strbuf, '\0');
+		ATF_REQUIRE(end != strbuf.end());
+
+		/*
+		 * Check the result matches what we expect.  Use a temporary
+		 * string here instead of std::ranges::equal because this
+		 * means ATF can print the mismatch.
+		 */
+		auto str = std::string(std::ranges::begin(strbuf), end);
+		ATF_REQUIRE_EQ(str, addr.output);
+	}
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_pton_invalid)
+ATF_TEST_CASE_BODY(inet_net_pton_invalid)
+{
+	auto ret = int{};
+	auto addr4 = in_addr{};
+	auto str4 = "10.0.0.0"s;
+	auto addr6 = in6_addr{};
+	auto str6 = "2001:db8::"s;
+
+	/* Passing an address which is too short should be an error */
+	ret = inet_net_pton(AF_INET6, str6.c_str(), &addr6, sizeof(addr6) - 1);
+	ATF_REQUIRE_EQ(ret, -1);
+
+	ret = inet_net_pton(AF_INET, str4.c_str(), &addr4, sizeof(addr4) - 1);
+	ATF_REQUIRE_EQ(ret, -1);
+
+	/* Test some generally invalid addresses. */
+	auto invalid4 = std::vector<std::string>{
+		// Prefix length too big
+		"10.0.0.0/33",
+		// Prefix length is negative
+		"10.0.0.0/-1",
+		// Prefix length is not a number
+		"10.0.0.0/foo",
+		// Input is not a network prefix
+		"this is not an IP address",
+	};
+
+	for (auto const &addr: invalid4) {
+		auto ret = inet_net_pton(AF_INET, addr.c_str(), &addr4,
+		    sizeof(addr4));
+		ATF_REQUIRE_EQ(ret, -1);
+	}
+
+	auto invalid6 = std::vector<std::string>{
+		// Prefix length too big
+		"2001:db8::/129",
+		// Prefix length is negative
+		"2001:db8::/-1",
+		// Prefix length is not a number
+		"2001:db8::/foo",
+		// Input is not a network prefix
+		"this is not an IP address",
+	};
+
+	for (auto const &addr: invalid6) {
+		auto ret = inet_net_pton(AF_INET6, addr.c_str(), &addr6,
+		    sizeof(addr6));
+		ATF_REQUIRE_EQ(ret, -1);
+	}
+}
+
+ATF_TEST_CASE_WITHOUT_HEAD(inet_net_ntop_invalid)
+ATF_TEST_CASE_BODY(inet_net_ntop_invalid)
+{
+	auto addr4 = in_addr{};
+	auto addr6 = in6_addr{};
+	auto strbuf = std::vector<char>(INET6_ADDRSTRLEN + 4 + 1);
+
+	/*
+	 * Passing a buffer which is too small should not overrun the buffer.
+	 * Test this by initialising the buffer to 'Z', and only providing
+	 * part of it to the function.
+	 */
+
+	std::ranges::fill(strbuf, 'Z');
+	auto ret = inet_net_ntop(AF_INET6, &addr6, 128, strbuf.data(), 1);
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ATF_REQUIRE_EQ(strbuf[1], 'Z');
+
+	std::ranges::fill(strbuf, 'Z');
+	ret = inet_net_ntop(AF_INET, &addr4, 32, strbuf.data(), 1);
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ATF_REQUIRE_EQ(strbuf[1], 'Z');
+
+	/* Check that invalid prefix lengths return an error */
+
+	ret = inet_net_ntop(AF_INET6, &addr6, 129, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ret = inet_net_ntop(AF_INET6, &addr6, -1, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+
+	ret = inet_net_ntop(AF_INET, &addr4, 33, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+	ret = inet_net_ntop(AF_INET, &addr4, -1, strbuf.data(), strbuf.size());
+	ATF_REQUIRE_EQ(ret, nullptr);
+}
+
+ATF_INIT_TEST_CASES(tcs)
+{
+	ATF_ADD_TEST_CASE(tcs, inet_net_inet4);
+	ATF_ADD_TEST_CASE(tcs, inet_net_inet6);
+	ATF_ADD_TEST_CASE(tcs, inet_net_pton_invalid);
+	ATF_ADD_TEST_CASE(tcs, inet_net_ntop_invalid);
+}
diff --git a/lib/libc/tests/sys/cpuset_test.c b/lib/libc/tests/sys/cpuset_test.c
index 53d6a8215bbc..c8ad225fadfc 100644
--- a/lib/libc/tests/sys/cpuset_test.c
+++ b/lib/libc/tests/sys/cpuset_test.c
@@ -34,8 +34,10 @@
 #include <sys/uio.h>
 #include <sys/wait.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <unistd.h>
 
 #include <atf-c.h>
@@ -107,6 +109,19 @@ skip_ltncpu(int ncpu, cpuset_t *mask)
 		atf_tc_skip("Test requires %d or more cores.", ncpu);
 }
 
+static void
+skip_ltncpu_root(int ncpu, cpuset_t *mask)
+{
+
+	CPU_ZERO(mask);
+	ATF_REQUIRE_EQ(0, cpuset_getaffinity(CPU_LEVEL_ROOT, CPU_WHICH_PID,
+	    -1, sizeof(*mask), mask));
+	if (CPU_COUNT(mask) < ncpu) {
+		atf_tc_skip("Test requires cpuset root with %d or more cores.",
+		    ncpu);
+	}
+}
+
 ATF_TC(newset);
 ATF_TC_HEAD(newset, tc)
 {
@@ -234,9 +249,8 @@ ATF_TC_BODY(deadlk, tc)
 }
 
 static int
-do_jail(int sock)
+create_jail(void)
 {
-	struct jail_test_info info;
 	struct iovec iov[2];
 	char *name;
 	int error;
@@ -250,8 +264,22 @@ do_jail(int sock)
 	iov[1].iov_base = name;
 	iov[1].iov_len = strlen(name) + 1;
 
-	if (jail_set(iov, 2, JAIL_CREATE | JAIL_ATTACH) < 0)
+	error = jail_set(iov, 2, JAIL_CREATE | JAIL_ATTACH);
+	free(name);
+	if (error < 0)
 		return (FAILURE_JAIL);
+	return (0);
+}
+
+static int
+do_jail(int sock)
+{
+	struct jail_test_info info;
+	int error;
+
+	error = create_jail();
+	if (error != 0)
+		return (error);
 
 	/* Record parameters, kick them over, then make a swift exit. */
 	CPU_ZERO(&info.jail_tidmask);
@@ -641,6 +669,111 @@ ATF_TC_BODY(jail_attach_disjoint, tc)
 	try_attach(jid, &smask);
 }
 
+struct nproc_info {
+	long		nproc_init;
+	long		nproc_final;
+	long		nproc_global;
+};
+
+ATF_TC(jail_nproc);
+ATF_TC_HEAD(jail_nproc, tc)
+{
+	atf_tc_set_md_var(tc, "descr",
+	    "Test that _SC_PROCESSORS_ONLN reflects jail cpuset constraints");
+}
+ATF_TC_BODY(jail_nproc, tc)
+{
+	cpuset_t jmask;
+	struct nproc_info ninfo = { };
+	int sockpair[2];
+	cpusetid_t setid;
+	ssize_t readsz;
+	pid_t pid;
+	int fcpu, error, pfd, sock;
+	char okb = 0x7f, rcvb;
+
+	skip_ltncpu_root(2, &jmask);
+	fcpu = CPU_FFS(&jmask) - 1;
+
+	/*
+	 * Just adjusting our affinity should not affect the number of
+	 * processors considered online- we want to be sure that it's only
+	 * adjusted if our jail's root set is.
+	 */
+	CPU_CLR(fcpu, &jmask);
+	error = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1,
+	    sizeof(jmask), &jmask);
+	ATF_REQUIRE_EQ(0, error);
+	ATF_REQUIRE(sysconf(_SC_NPROCESSORS_ONLN) > CPU_COUNT(&jmask));
+
+	ATF_REQUIRE_EQ(0, socketpair(PF_UNIX, SOCK_STREAM, 0, sockpair));
+
+	/* We'll wait on the procdesc, too, so we can fail faster if it dies. */
+	ATF_REQUIRE((pid = pdfork(&pfd, 0)) != -1);
+
+	if (pid == 0) {
+		/* First child sets up the jail. */
+		sock = sockpair[SP_CHILD];
+		close(sockpair[SP_PARENT]);
+
+		error = create_jail();
+		if (error != 0)
+			_exit(error);
+
+		ninfo.nproc_init = sysconf(_SC_NPROCESSORS_ONLN);
+
+		/* Signal the parent that we're jailed. */
+		readsz = write(sock, &okb, sizeof(okb));
+		assert(readsz == sizeof(okb));
+
+		/* Wait for parent to adjust our mask and signal OK. */
+		readsz = read(sock, &rcvb, sizeof(rcvb));
+		assert(readsz == sizeof(rcvb));
+		assert(rcvb == okb);
+
+		ninfo.nproc_final = sysconf(_SC_NPROCESSORS_ONLN);
+		ninfo.nproc_global = sysconf(_SC_NPROCESSORS_CONF);
+		readsz = write(sock, &ninfo, sizeof(ninfo));
+		assert(readsz == sizeof(ninfo));
+
+		_exit(0);
+	}
+
+	close(sockpair[SP_CHILD]);
+	sock = sockpair[SP_PARENT];
+
+	/* Wait for signal that they are jailed. */
+	readsz = read(sock, &rcvb, sizeof(rcvb));
+	assert(readsz == sizeof(rcvb));
+	assert(rcvb == okb);
+
+	/* Grab the cpuset id and adjust it. */
+	error = cpuset_getid(CPU_LEVEL_ROOT, CPU_WHICH_PID, pid, &setid);
+	ATF_REQUIRE_EQ(0, error);
+	error = cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_CPUSET,
+	    setid, sizeof(jmask), &jmask);
+	ATF_REQUIRE_EQ(0, error);
+
+	/* Signal OK to proceed. */
+	readsz = write(sock, &okb, sizeof(okb));
+	ATF_REQUIRE_EQ(sizeof(okb), readsz);
+
+	/* Grab our final nproc info. */
+	readsz = read(sock, &ninfo, sizeof(ninfo));
+	ATF_REQUIRE_EQ(sizeof(ninfo), readsz);
+
+	/*
+	 * We set our own affinity to jmask, which is derived from *our* root
+	 * set, at the beginning of the test.  The jail would inherit from this
+	 * set, so we just re-use that mask here to confirm that
+	 * _SC_NPROCESSORS_ONLN did actually drop in response to us limiting the
+	 * jail, and that its _SC_NPROCESSORS_CONF did not.
+	 */
+	ATF_REQUIRE_EQ(CPU_COUNT(&jmask) + 1, ninfo.nproc_init);
+	ATF_REQUIRE_EQ(CPU_COUNT(&jmask) + 1, ninfo.nproc_global);
+	ATF_REQUIRE_EQ(CPU_COUNT(&jmask), ninfo.nproc_final);
+}
+
 ATF_TC(badparent);
 ATF_TC_HEAD(badparent, tc)
 {
@@ -686,6 +819,7 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, jail_attach_prevbase);
 	ATF_TP_ADD_TC(tp, jail_attach_plain);
 	ATF_TP_ADD_TC(tp, jail_attach_disjoint);
+	ATF_TP_ADD_TC(tp, jail_nproc);
 	ATF_TP_ADD_TC(tp, badparent);
 	return (atf_no_error());
 }