// SPDX-License-Identifier: GPL-2.0 #define _GNU_SOURCE #include <assert.h> #include <errno.h> #include <fcntl.h> #include <linux/types.h> #include <sched.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <syscall.h> #include <sys/wait.h> #include <sys/mman.h> #include "pidfd.h" #include "../kselftest.h" struct error { int code; char msg[512]; }; static int error_set(struct error *err, int code, const char *fmt, ...) { va_list args; int r; if (code == PIDFD_PASS || !err || err->code != PIDFD_PASS) return code; err->code = code; va_start(args, fmt); r = vsnprintf(err->msg, sizeof(err->msg), fmt, args); assert((size_t)r < sizeof(err->msg)); va_end(args); return code; } static void error_report(struct error *err, const char *test_name) { switch (err->code) { case PIDFD_ERROR: ksft_exit_fail_msg("%s test: Fatal: %s\n", test_name, err->msg); break; case PIDFD_FAIL: /* will be: not ok %d # error %s test: %s */ ksft_test_result_error("%s test: %s\n", test_name, err->msg); break; case PIDFD_SKIP: /* will be: not ok %d # SKIP %s test: %s */ ksft_test_result_skip("%s test: %s\n", test_name, err->msg); break; case PIDFD_XFAIL: ksft_test_result_pass("%s test: Expected failure: %s\n", test_name, err->msg); break; case PIDFD_PASS: ksft_test_result_pass("%s test: Passed\n"); break; default: ksft_exit_fail_msg("%s test: Unknown code: %d %s\n", test_name, err->code, err->msg); break; } } static inline int error_check(struct error *err, const char *test_name) { /* In case of error we bail out and terminate the test program */ if (err->code == PIDFD_ERROR) error_report(err, test_name); return err->code; } #define CHILD_STACK_SIZE 8192 struct child { char *stack; pid_t pid; int fd; }; static struct child clone_newns(int (*fn)(void *), void *args, struct error *err) { static int flags = CLONE_PIDFD | CLONE_NEWPID | CLONE_NEWNS | SIGCHLD; struct child ret; if (!(flags & CLONE_NEWUSER) && geteuid() != 0) flags |= CLONE_NEWUSER; ret.stack = mmap(NULL, CHILD_STACK_SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); if (ret.stack == MAP_FAILED) { error_set(err, -1, "mmap of stack failed (errno %d)", errno); return ret; } #ifdef __ia64__ ret.pid = __clone2(fn, ret.stack, CHILD_STACK_SIZE, flags, args, &ret.fd); #else ret.pid = clone(fn, ret.stack + CHILD_STACK_SIZE, flags, args, &ret.fd); #endif if (ret.pid < 0) { error_set(err, PIDFD_ERROR, "clone failed (ret %d, errno %d)", ret.fd, errno); return ret; } ksft_print_msg("New child: %d, fd: %d\n", ret.pid, ret.fd); return ret; } static inline void child_close(struct child *child) { close(child->fd); } static inline int child_join(struct child *child, struct error *err) { int r; r = wait_for_pid(child->pid); if (r < 0) error_set(err, PIDFD_ERROR, "waitpid failed (ret %d, errno %d)", r, errno); else if (r > 0) error_set(err, r, "child %d reported: %d", child->pid, r); if (munmap(child->stack, CHILD_STACK_SIZE)) { error_set(err, -1, "munmap of child stack failed (errno %d)", errno); r = -1; } ksft_print_msg("waitpid WEXITSTATUS=%d\n", r); return r; } static inline int child_join_close(struct child *child, struct error *err) { child_close(child); return child_join(child, err); } static inline void trim_newline(char *str) { char *pos = strrchr(str, '\n'); if (pos) *pos = '\0'; } static int verify_fdinfo(int pidfd, struct error *err, const char *prefix, size_t prefix_len, const char *expect, ...) { char buffer[512] = {0, }; char path[512] = {0, }; va_list args; FILE *f; char *line = NULL; size_t n = 0; int found = 0; int r; va_start(args, expect); r = vsnprintf(buffer, sizeof(buffer), expect, args); assert((size_t)r < sizeof(buffer)); va_end(args); snprintf(path, sizeof(path), "/proc/self/fdinfo/%d", pidfd); f = fopen(path, "re"); if (!f) return error_set(err, PIDFD_ERROR, "fdinfo open failed for %d", pidfd); while (getline(&line, &n, f) != -1) { char *val; if (strncmp(line, prefix, prefix_len)) continue; found = 1; val = line + prefix_len; r = strcmp(val, buffer); if (r != 0) { trim_newline(line); trim_newline(buffer); error_set(err, PIDFD_FAIL, "%s '%s' != '%s'", prefix, val, buffer); } break; } free(line); fclose(f); if (found == 0) return error_set(err, PIDFD_FAIL, "%s not found for fd %d", prefix, pidfd); return PIDFD_PASS; } static int child_fdinfo_nspid_test(void *args) { struct error err; int pidfd; int r; /* if we got no fd for the sibling, we are done */ if (!args) return PIDFD_PASS; /* verify that we can not resolve the pidfd for a process * in a sibling pid namespace, i.e. a pid namespace it is * not in our or a descended namespace */ r = mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0); if (r < 0) { ksft_print_msg("Failed to remount / private\n"); return PIDFD_ERROR; } (void)umount2("/proc", MNT_DETACH); r = mount("proc", "/proc", "proc", 0, NULL); if (r < 0) { ksft_print_msg("Failed to remount /proc\n"); return PIDFD_ERROR; } pidfd = *(int *)args; r = verify_fdinfo(pidfd, &err, "NSpid:", 6, "\t0\n"); if (r != PIDFD_PASS) ksft_print_msg("NSpid fdinfo check failed: %s\n", err.msg); return r; } static void test_pidfd_fdinfo_nspid(void) { struct child a, b; struct error err = {0, }; const char *test_name = "pidfd check for NSpid in fdinfo"; /* Create a new child in a new pid and mount namespace */ a = clone_newns(child_fdinfo_nspid_test, NULL, &err); error_check(&err, test_name); /* Pass the pidfd representing the first child to the * second child, which will be in a sibling pid namespace, * which means that the fdinfo NSpid entry for the pidfd * should only contain '0'. */ b = clone_newns(child_fdinfo_nspid_test, &a.fd, &err); error_check(&err, test_name); /* The children will have pid 1 in the new pid namespace, * so the line must be 'NSPid:\t<pid>\t1'. */ verify_fdinfo(a.fd, &err, "NSpid:", 6, "\t%d\t%d\n", a.pid, 1); verify_fdinfo(b.fd, &err, "NSpid:", 6, "\t%d\t%d\n", b.pid, 1); /* wait for the process, check the exit status and set * 'err' accordingly, if it is not already set. */ child_join_close(&a, &err); child_join_close(&b, &err); error_report(&err, test_name); } static void test_pidfd_dead_fdinfo(void) { struct child a; struct error err = {0, }; const char *test_name = "pidfd check fdinfo for dead process"; /* Create a new child in a new pid and mount namespace */ a = clone_newns(child_fdinfo_nspid_test, NULL, &err); error_check(&err, test_name); child_join(&a, &err); verify_fdinfo(a.fd, &err, "Pid:", 4, "\t-1\n"); verify_fdinfo(a.fd, &err, "NSpid:", 6, "\t-1\n"); child_close(&a); error_report(&err, test_name); } int main(int argc, char **argv) { ksft_print_header(); ksft_set_plan(2); test_pidfd_fdinfo_nspid(); test_pidfd_dead_fdinfo(); return ksft_exit_pass(); }