pidfd_getfd_test.c 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275
  1. // SPDX-License-Identifier: GPL-2.0
  2. #define _GNU_SOURCE
  3. #include <errno.h>
  4. #include <fcntl.h>
  5. #include <limits.h>
  6. #include <linux/types.h>
  7. #include <poll.h>
  8. #include <sched.h>
  9. #include <signal.h>
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <syscall.h>
  14. #include <sys/prctl.h>
  15. #include <sys/wait.h>
  16. #include <unistd.h>
  17. #include <sys/socket.h>
  18. #include <linux/kcmp.h>
  19. #include "pidfd.h"
  20. #include "kselftest_harness.h"
  21. /*
  22. * UNKNOWN_FD is an fd number that should never exist in the child, as it is
  23. * used to check the negative case.
  24. */
  25. #define UNKNOWN_FD 111
  26. #define UID_NOBODY 65535
  27. static int sys_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1,
  28. unsigned long idx2)
  29. {
  30. return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
  31. }
  32. static int __child(int sk, int memfd)
  33. {
  34. int ret;
  35. char buf;
  36. /*
  37. * Ensure we don't leave around a bunch of orphaned children if our
  38. * tests fail.
  39. */
  40. ret = prctl(PR_SET_PDEATHSIG, SIGKILL);
  41. if (ret) {
  42. fprintf(stderr, "%s: Child could not set DEATHSIG\n",
  43. strerror(errno));
  44. return -1;
  45. }
  46. ret = send(sk, &memfd, sizeof(memfd), 0);
  47. if (ret != sizeof(memfd)) {
  48. fprintf(stderr, "%s: Child failed to send fd number\n",
  49. strerror(errno));
  50. return -1;
  51. }
  52. /*
  53. * The fixture setup is completed at this point. The tests will run.
  54. *
  55. * This blocking recv enables the parent to message the child.
  56. * Either we will read 'P' off of the sk, indicating that we need
  57. * to disable ptrace, or we will read a 0, indicating that the other
  58. * side has closed the sk. This occurs during fixture teardown time,
  59. * indicating that the child should exit.
  60. */
  61. while ((ret = recv(sk, &buf, sizeof(buf), 0)) > 0) {
  62. if (buf == 'P') {
  63. ret = prctl(PR_SET_DUMPABLE, 0);
  64. if (ret < 0) {
  65. fprintf(stderr,
  66. "%s: Child failed to disable ptrace\n",
  67. strerror(errno));
  68. return -1;
  69. }
  70. } else {
  71. fprintf(stderr, "Child received unknown command %c\n",
  72. buf);
  73. return -1;
  74. }
  75. ret = send(sk, &buf, sizeof(buf), 0);
  76. if (ret != 1) {
  77. fprintf(stderr, "%s: Child failed to ack\n",
  78. strerror(errno));
  79. return -1;
  80. }
  81. }
  82. if (ret < 0) {
  83. fprintf(stderr, "%s: Child failed to read from socket\n",
  84. strerror(errno));
  85. return -1;
  86. }
  87. return 0;
  88. }
  89. static int child(int sk)
  90. {
  91. int memfd, ret;
  92. memfd = sys_memfd_create("test", 0);
  93. if (memfd < 0) {
  94. fprintf(stderr, "%s: Child could not create memfd\n",
  95. strerror(errno));
  96. ret = -1;
  97. } else {
  98. ret = __child(sk, memfd);
  99. close(memfd);
  100. }
  101. close(sk);
  102. return ret;
  103. }
  104. FIXTURE(child)
  105. {
  106. /*
  107. * remote_fd is the number of the FD which we are trying to retrieve
  108. * from the child.
  109. */
  110. int remote_fd;
  111. /* pid points to the child which we are fetching FDs from */
  112. pid_t pid;
  113. /* pidfd is the pidfd of the child */
  114. int pidfd;
  115. /*
  116. * sk is our side of the socketpair used to communicate with the child.
  117. * When it is closed, the child will exit.
  118. */
  119. int sk;
  120. bool ignore_child_result;
  121. };
  122. FIXTURE_SETUP(child)
  123. {
  124. int ret, sk_pair[2];
  125. ASSERT_EQ(0, socketpair(PF_LOCAL, SOCK_SEQPACKET, 0, sk_pair)) {
  126. TH_LOG("%s: failed to create socketpair", strerror(errno));
  127. }
  128. self->sk = sk_pair[0];
  129. self->pid = fork();
  130. ASSERT_GE(self->pid, 0);
  131. if (self->pid == 0) {
  132. close(sk_pair[0]);
  133. if (child(sk_pair[1]))
  134. _exit(EXIT_FAILURE);
  135. _exit(EXIT_SUCCESS);
  136. }
  137. close(sk_pair[1]);
  138. self->pidfd = sys_pidfd_open(self->pid, 0);
  139. ASSERT_GE(self->pidfd, 0);
  140. /*
  141. * Wait for the child to complete setup. It'll send the remote memfd's
  142. * number when ready.
  143. */
  144. ret = recv(sk_pair[0], &self->remote_fd, sizeof(self->remote_fd), 0);
  145. ASSERT_EQ(sizeof(self->remote_fd), ret);
  146. }
  147. FIXTURE_TEARDOWN(child)
  148. {
  149. int ret;
  150. EXPECT_EQ(0, close(self->pidfd));
  151. EXPECT_EQ(0, close(self->sk));
  152. ret = wait_for_pid(self->pid);
  153. if (!self->ignore_child_result)
  154. EXPECT_EQ(0, ret);
  155. }
  156. TEST_F(child, disable_ptrace)
  157. {
  158. int uid, fd;
  159. char c;
  160. /*
  161. * Turn into nobody if we're root, to avoid CAP_SYS_PTRACE
  162. *
  163. * The tests should run in their own process, so even this test fails,
  164. * it shouldn't result in subsequent tests failing.
  165. */
  166. uid = getuid();
  167. if (uid == 0)
  168. ASSERT_EQ(0, seteuid(UID_NOBODY));
  169. ASSERT_EQ(1, send(self->sk, "P", 1, 0));
  170. ASSERT_EQ(1, recv(self->sk, &c, 1, 0));
  171. fd = sys_pidfd_getfd(self->pidfd, self->remote_fd, 0);
  172. EXPECT_EQ(-1, fd);
  173. EXPECT_EQ(EPERM, errno);
  174. if (uid == 0)
  175. ASSERT_EQ(0, seteuid(0));
  176. }
  177. TEST_F(child, fetch_fd)
  178. {
  179. int fd, ret;
  180. fd = sys_pidfd_getfd(self->pidfd, self->remote_fd, 0);
  181. ASSERT_GE(fd, 0);
  182. ret = sys_kcmp(getpid(), self->pid, KCMP_FILE, fd, self->remote_fd);
  183. if (ret < 0 && errno == ENOSYS)
  184. SKIP(return, "kcmp() syscall not supported");
  185. EXPECT_EQ(ret, 0);
  186. ret = fcntl(fd, F_GETFD);
  187. ASSERT_GE(ret, 0);
  188. EXPECT_GE(ret & FD_CLOEXEC, 0);
  189. close(fd);
  190. }
  191. TEST_F(child, test_unknown_fd)
  192. {
  193. int fd;
  194. fd = sys_pidfd_getfd(self->pidfd, UNKNOWN_FD, 0);
  195. EXPECT_EQ(-1, fd) {
  196. TH_LOG("getfd succeeded while fetching unknown fd");
  197. };
  198. EXPECT_EQ(EBADF, errno) {
  199. TH_LOG("%s: getfd did not get EBADF", strerror(errno));
  200. }
  201. }
  202. TEST(flags_set)
  203. {
  204. ASSERT_EQ(-1, sys_pidfd_getfd(0, 0, 1));
  205. EXPECT_EQ(errno, EINVAL);
  206. }
  207. TEST_F(child, no_strange_EBADF)
  208. {
  209. struct pollfd fds;
  210. self->ignore_child_result = true;
  211. fds.fd = self->pidfd;
  212. fds.events = POLLIN;
  213. ASSERT_EQ(kill(self->pid, SIGKILL), 0);
  214. ASSERT_EQ(poll(&fds, 1, 5000), 1);
  215. /*
  216. * It used to be that pidfd_getfd() could race with the exiting thread
  217. * between exit_files() and release_task(), and get a non-null task
  218. * with a NULL files struct, and you'd get EBADF, which was slightly
  219. * confusing.
  220. */
  221. errno = 0;
  222. EXPECT_EQ(sys_pidfd_getfd(self->pidfd, self->remote_fd, 0), -1);
  223. EXPECT_EQ(errno, ESRCH);
  224. }
  225. #if __NR_pidfd_getfd == -1
  226. int main(void)
  227. {
  228. fprintf(stderr, "__NR_pidfd_getfd undefined. The pidfd_getfd syscall is unavailable. Test aborting\n");
  229. return KSFT_SKIP;
  230. }
  231. #else
  232. TEST_HARNESS_MAIN
  233. #endif