| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <71221c84-7721-42b7-add4-269a1f25c478@lucifer.local>
Date: Fri, 11 Oct 2024 09:20:34 +0100
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: Shuah Khan <skhan@...uxfoundation.org>
Cc: Christian Brauner <christian@...uner.io>, Shuah Khan <shuah@...nel.org>,
"Liam R . Howlett" <Liam.Howlett@...cle.com>,
Suren Baghdasaryan <surenb@...gle.com>,
Vlastimil Babka <vbabka@...e.cz>, pedro.falcato@...il.com,
linux-kselftest@...r.kernel.org, linux-mm@...ck.org,
linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] selftests: pidfd: add tests for PIDFD_SELF_*
On Thu, Oct 10, 2024 at 05:16:22PM -0600, Shuah Khan wrote:
> On 10/10/24 12:15, Lorenzo Stoakes wrote:
> > Add tests to assert that PIDFD_SELF_* correctly refers to the current
> > thread and process.
> >
> > This is only practically meaningful to pidfd_send_signal() and
> > pidfd_getfd(), but also explicitly test that we disallow this feature for
> > setns() where it would make no sense.
> >
> > We cannot reasonably wait on ourself using waitid(P_PIDFD, ...) so while in
> > theory PIDFD_SELF_* would work here, we'd be left blocked if we tried it.
> >
> > We defer testing of mm-specific functionality which uses pidfd, namely
> > process_madvise() and process_mrelease() to mm testing (though note the
> > latter can not be sensibly tested as it would require the testing process
> > to be dying).
> >
> > Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
> > ---
> > tools/testing/selftests/pidfd/pidfd.h | 8 ++
> > .../selftests/pidfd/pidfd_getfd_test.c | 136 ++++++++++++++++++
> > .../selftests/pidfd/pidfd_setns_test.c | 11 ++
> > tools/testing/selftests/pidfd/pidfd_test.c | 67 +++++++--
> > 4 files changed, 213 insertions(+), 9 deletions(-)
> >
> > diff --git a/tools/testing/selftests/pidfd/pidfd.h b/tools/testing/selftests/pidfd/pidfd.h
> > index 88d6830ee004..1640b711889b 100644
> > --- a/tools/testing/selftests/pidfd/pidfd.h
> > +++ b/tools/testing/selftests/pidfd/pidfd.h
> > @@ -50,6 +50,14 @@
> > #define PIDFD_NONBLOCK O_NONBLOCK
> > #endif
> > +/* System header file may not have this available. */
> > +#ifndef PIDFD_SELF_THREAD
> > +#define PIDFD_SELF_THREAD -100
> > +#endif
> > +#ifndef PIDFD_SELF_THREAD_GROUP
> > +#define PIDFD_SELF_THREAD_GROUP -200
> > +#endif
> > +
>
> Can't we pick these up from linux/pidfd.h - patch 2/3 adds
> them.
We're running this file in userland and it's not obvious we can correctly
import this header, it'd be some "../../" thing out of the testing root
directory and might not interact well with all scenarios in which this file
is built.
Also the existing tests do not seem to try to import that header, so it
seemed the safest way of doing this.
>
> > /*
> > * The kernel reserves 300 pids via RESERVED_PIDS in kernel/pid.c
> > * That means, when it wraps around any pid < 300 will be skipped.
> > diff --git a/tools/testing/selftests/pidfd/pidfd_getfd_test.c b/tools/testing/selftests/pidfd/pidfd_getfd_test.c
> > index cd51d547b751..10793fc845ed 100644
> > --- a/tools/testing/selftests/pidfd/pidfd_getfd_test.c
> > +++ b/tools/testing/selftests/pidfd/pidfd_getfd_test.c
> > @@ -6,6 +6,7 @@
> > #include <limits.h>
> > #include <linux/types.h>
> > #include <poll.h>
> > +#include <pthread.h>
> > #include <sched.h>
> > #include <signal.h>
> > #include <stdio.h>
> > @@ -15,6 +16,7 @@
> > #include <sys/prctl.h>
> > #include <sys/wait.h>
> > #include <unistd.h>
> > +#include <sys/mman.h>
> > #include <sys/socket.h>
> > #include <linux/kcmp.h>
> > @@ -114,6 +116,89 @@ static int child(int sk)
> > return ret;
> > }
> > +static int __pidfd_self_thread_worker(unsigned long page_size)
> > +{
> > + int memfd;
> > + int newfd;
> > + char *ptr;
> > + int ret = 0;
> > +
> > + /*
> > + * Unshare our FDs so we have our own set. This means
> > + * PIDFD_SELF_THREAD_GROUP will fail.
> > + */
> > + if (unshare(CLONE_FILES) < 0) {
> > + ret = -errno;
> > + goto exit;
> > + }
> > +
> > + /* Truncate, map in and write to our memfd. */
> > + memfd = sys_memfd_create("test_self_child", 0);
>
> Missing eror check.
Ack, I had to rapidly change this code to not use the ASSERT_xxx() stuff
since abstracted out to helper function for pthread() to invoke and clearly
did not do so carefully enough :) thanks for pointing out will fix this +
other issues.
>
> > + if (ftruncate(memfd, page_size)) {
> > + ret = -errno;
> > + goto exit;
>
> Hmm. you probably need scoped cleanup paths. "exit" closes
> memfd and newfd which isn't open yet and sys_memfd_create()
> could fail and memfd doesn't need closing?
Yes... oops! Will fix.
>
> > + }
> > +
> > + ptr = mmap(NULL, page_size, PROT_READ | PROT_WRITE,
> > + MAP_SHARED, memfd, 0);
> > + if (ptr == MAP_FAILED) {
> > + ret = -errno;
> > + goto exit;
> > + }
> > + ptr[0] = 'y';
> > + if (munmap(ptr, page_size)) {
> > + ret = -errno;
> > + goto exit;
> > + }
> > +
> > + /* Get a thread-local duplicate of our memfd. */
> > + newfd = sys_pidfd_getfd(PIDFD_SELF_THREAD, memfd, 0);
> > + if (newfd < 0) {
> > + ret = -errno;
> > + goto exit;
>
> Same comment here - "exit" closes newfd
Ack will fix.
>
> > + }
> > +
> > + if (memfd == newfd) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + /* Map in new fd and make sure that the data is as expected. */
> > + ptr = mmap(NULL, page_size, PROT_READ | PROT_WRITE,
> > + MAP_SHARED, newfd, 0);
> > + if (ptr == MAP_FAILED) {
> > + ret = -errno;
> > + goto exit;
> > + }
> > +
> > + if (ptr[0] != 'y') {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + if (munmap(ptr, page_size)) {
> > + ret = -errno;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + /* Cleanup. */
> > + close(newfd);
> > + close(memfd);
> > +
> > + return ret;
> > +}
> > +
> > +static void *pidfd_self_thread_worker(void *arg)
> > +{
> > + unsigned long page_size = (unsigned long)arg;
> > + int ret;
> > +
> > + ret = __pidfd_self_thread_worker(page_size);
>
> Don't you want to check error here?
We check it from callers, and it is passed to them we can't assert here as
we're not in a test.
>
> > +
> > + return (void *)(intptr_t)ret;
> > +}
> > +
> > FIXTURE(child)
> > {
> > /*
> > @@ -264,6 +349,57 @@ TEST_F(child, no_strange_EBADF)
> > EXPECT_EQ(errno, ESRCH);
> > }
> > +TEST(pidfd_self)
> > +{
> > + int memfd = sys_memfd_create("test_self", 0);
> > + unsigned long page_size = sysconf(_SC_PAGESIZE);
> > + int newfd;
> > + char *ptr;
> > + pthread_t thread;
> > + void *res;
> > + int err;
> > +
> > + ASSERT_GE(memfd, 0);
> > + ASSERT_EQ(ftruncate(memfd, page_size), 0);
> > +
> > + /*
> > + * Map so we can assert that the duplicated fd references the same
> > + * memory.
> > + */
> > + ptr = mmap(NULL, page_size, PROT_READ | PROT_WRITE,
> > + MAP_SHARED, memfd, 0);
> > + ASSERT_NE(ptr, MAP_FAILED);
> > + ptr[0] = 'x';
> > + ASSERT_EQ(munmap(ptr, page_size), 0);
> > +
> > + /* Now get a duplicate of our memfd. */
> > + newfd = sys_pidfd_getfd(PIDFD_SELF_THREAD_GROUP, memfd, 0);
> > + ASSERT_GE(newfd, 0);
> > + ASSERT_NE(memfd, newfd);
> > +
> > + /* Now map duplicate fd and make sure it references the same memory. */
> > + ptr = mmap(NULL, page_size, PROT_READ | PROT_WRITE,
> > + MAP_SHARED, newfd, 0);
> > + ASSERT_NE(ptr, MAP_FAILED);
> > + ASSERT_EQ(ptr[0], 'x');
> > + ASSERT_EQ(munmap(ptr, page_size), 0);
> > +
> > + /* Cleanup. */
> > + close(memfd);
> > + close(newfd);
> > +
> > + /*
> > + * Fire up the thread and assert that we can lookup the thread-specific
> > + * PIDFD_SELF_THREAD (also aliased by PIDFD_SELF).
> > + */
> > + ASSERT_EQ(pthread_create(&thread, NULL, pidfd_self_thread_worker,
> > + (void *)page_size), 0);
> > + ASSERT_EQ(pthread_join(thread, &res), 0);
> > + err = (int)(intptr_t)res;
> > +
> > + ASSERT_EQ(err, 0);
> > +}
> > +
> > #if __NR_pidfd_getfd == -1
> > int main(void)
> > {
> > diff --git a/tools/testing/selftests/pidfd/pidfd_setns_test.c b/tools/testing/selftests/pidfd/pidfd_setns_test.c
> > index 7c2a4349170a..bbd39dc5ceb7 100644
> > --- a/tools/testing/selftests/pidfd/pidfd_setns_test.c
> > +++ b/tools/testing/selftests/pidfd/pidfd_setns_test.c
> > @@ -752,4 +752,15 @@ TEST(setns_einval)
> > close(fd);
> > }
> > +TEST(setns_pidfd_self_disallowed)
> > +{
> > + ASSERT_EQ(setns(PIDFD_SELF_THREAD, 0), -1);
> > + EXPECT_EQ(errno, EBADF);
> > +
> > + errno = 0;
> > +
> > + ASSERT_EQ(setns(PIDFD_SELF_THREAD_GROUP, 0), -1);
> > + EXPECT_EQ(errno, EBADF);
> > +}
> > +
> > TEST_HARNESS_MAIN
> > diff --git a/tools/testing/selftests/pidfd/pidfd_test.c b/tools/testing/selftests/pidfd/pidfd_test.c
> > index 9faa686f90e4..ab5caa0368a1 100644
> > --- a/tools/testing/selftests/pidfd/pidfd_test.c
> > +++ b/tools/testing/selftests/pidfd/pidfd_test.c
> > @@ -42,12 +42,41 @@ static pid_t pidfd_clone(int flags, int *pidfd, int (*fn)(void *))
> > #endif
> > }
> > -static int signal_received;
> > +static pthread_t signal_received;
> > static void set_signal_received_on_sigusr1(int sig)
> > {
> > if (sig == SIGUSR1)
> > - signal_received = 1;
> > + signal_received = pthread_self();
> > +}
> > +
> > +static int send_signal(int pidfd)
> > +{
> > + int ret = 0;
> > +
> > + if (sys_pidfd_send_signal(pidfd, SIGUSR1, NULL, 0) < 0) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + if (signal_received != pthread_self()) {
> > + ret = -EINVAL;
> > + goto exit;
> > + }
> > +
> > +exit:
> > + signal_received = 0;
> > + return ret;
> > +}
> > +
> > +static void *send_signal_worker(void *arg)
> > +{
> > + int pidfd = (int)(intptr_t)arg;
> > + int ret;
> > +
> > + ret = send_signal(pidfd);
> > +
>
> Same here - don't you have to check ret?
As in the other case, we check that in the caller rather than here. I will
add a comment to both to make it clear that we intentionally forward the
error.
>
> > + return (void *)(intptr_t)ret;
> > }
> > /*
> > @@ -56,8 +85,11 @@ static void set_signal_received_on_sigusr1(int sig)
> > */
> > static int test_pidfd_send_signal_simple_success(void)
> > {
> > - int pidfd, ret;
> > + int pidfd;
> > const char *test_name = "pidfd_send_signal send SIGUSR1";
> > + pthread_t thread;
> > + void *thread_res;
> > + int res;
> > if (!have_pidfd_send_signal) {
> > ksft_test_result_skip(
> > @@ -74,17 +106,34 @@ static int test_pidfd_send_signal_simple_success(void)
> > signal(SIGUSR1, set_signal_received_on_sigusr1);
> > - ret = sys_pidfd_send_signal(pidfd, SIGUSR1, NULL, 0);
> > + send_signal(pidfd);
> > close(pidfd);
> > - if (ret < 0)
> > - ksft_exit_fail_msg("%s test: Failed to send signal\n",
> > +
> > + /* Now try the same thing only using PIDFD_SELF_THREAD_GROUP. */
> > + res = send_signal(PIDFD_SELF_THREAD_GROUP);
> > + if (res)
> > + ksft_exit_fail_msg(
> > + "%s test: Error %d on PIDFD_SELF_THREAD_GROUP signal\n",
> > + test_name, res);
> > +
> > + /*
> > + * Now try the same thing in a thread and assert thread ID is equal to
> > + * worker thread ID.
> > + */
> > + if (pthread_create(&thread, NULL, send_signal_worker,
> > + (void *)(intptr_t)PIDFD_SELF_THREAD))
> > + ksft_exit_fail_msg("%s test: Failed to create thread\n",
> > test_name);
> > - if (signal_received != 1)
> > - ksft_exit_fail_msg("%s test: Failed to receive signal\n",
> > + if (pthread_join(thread, &thread_res))
> > + ksft_exit_fail_msg("%s test: Failed to join thread\n",
> > test_name);
> > + res = (int)(intptr_t)thread_res;
> > + if (res)
> > + ksft_exit_fail_msg(
> > + "%s test: Error %d on PIDFD_SELF_THREAD signal\n",
> > + test_name, res);
> > - signal_received = 0;
> > ksft_test_result_pass("%s test: Sent signal\n", test_name);
> > return 0;
> > }
>
> thanks,
> -- Shuah
Thanks for the review!
Powered by blists - more mailing lists