1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Author: Aleksa Sarai <cyphar@cyphar.com>
4 * Copyright (C) 2018-2019 SUSE LLC.
5 */
6
7 #define _GNU_SOURCE
8 #define __SANE_USERSPACE_TYPES__ // Use ll64
9 #include <fcntl.h>
10 #include <sched.h>
11 #include <sys/stat.h>
12 #include <sys/types.h>
13 #include <sys/mount.h>
14 #include <stdlib.h>
15 #include <stdbool.h>
16 #include <string.h>
17
18 #include "../kselftest.h"
19 #include "helpers.h"
20
21 /*
22 * O_LARGEFILE is set to 0 by glibc.
23 * XXX: This is wrong on {mips, parisc, powerpc, sparc}.
24 */
25 #undef O_LARGEFILE
26 #ifdef __aarch64__
27 #define O_LARGEFILE 0x20000
28 #else
29 #define O_LARGEFILE 0x8000
30 #endif
31
32 struct open_how_ext {
33 struct open_how inner;
34 uint32_t extra1;
35 char pad1[128];
36 uint32_t extra2;
37 char pad2[128];
38 uint32_t extra3;
39 };
40
41 struct struct_test {
42 const char *name;
43 struct open_how_ext arg;
44 size_t size;
45 int err;
46 };
47
48 #define NUM_OPENAT2_STRUCT_TESTS 7
49 #define NUM_OPENAT2_STRUCT_VARIATIONS 13
50
test_openat2_struct(void)51 void test_openat2_struct(void)
52 {
53 int misalignments[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 17, 87 };
54
55 struct struct_test tests[] = {
56 /* Normal struct. */
57 { .name = "normal struct",
58 .arg.inner.flags = O_RDONLY,
59 .size = sizeof(struct open_how) },
60 /* Bigger struct, with zeroed out end. */
61 { .name = "bigger struct (zeroed out)",
62 .arg.inner.flags = O_RDONLY,
63 .size = sizeof(struct open_how_ext) },
64
65 /* TODO: Once expanded, check zero-padding. */
66
67 /* Smaller than version-0 struct. */
68 { .name = "zero-sized 'struct'",
69 .arg.inner.flags = O_RDONLY, .size = 0, .err = -EINVAL },
70 { .name = "smaller-than-v0 struct",
71 .arg.inner.flags = O_RDONLY,
72 .size = OPEN_HOW_SIZE_VER0 - 1, .err = -EINVAL },
73
74 /* Bigger struct, with non-zero trailing bytes. */
75 { .name = "bigger struct (non-zero data in first 'future field')",
76 .arg.inner.flags = O_RDONLY, .arg.extra1 = 0xdeadbeef,
77 .size = sizeof(struct open_how_ext), .err = -E2BIG },
78 { .name = "bigger struct (non-zero data in middle of 'future fields')",
79 .arg.inner.flags = O_RDONLY, .arg.extra2 = 0xfeedcafe,
80 .size = sizeof(struct open_how_ext), .err = -E2BIG },
81 { .name = "bigger struct (non-zero data at end of 'future fields')",
82 .arg.inner.flags = O_RDONLY, .arg.extra3 = 0xabad1dea,
83 .size = sizeof(struct open_how_ext), .err = -E2BIG },
84 };
85
86 BUILD_BUG_ON(ARRAY_LEN(misalignments) != NUM_OPENAT2_STRUCT_VARIATIONS);
87 BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_STRUCT_TESTS);
88
89 for (int i = 0; i < ARRAY_LEN(tests); i++) {
90 struct struct_test *test = &tests[i];
91 struct open_how_ext how_ext = test->arg;
92
93 for (int j = 0; j < ARRAY_LEN(misalignments); j++) {
94 int fd, misalign = misalignments[j];
95 char *fdpath = NULL;
96 bool failed;
97 void (*resultfn)(const char *msg, ...) = ksft_test_result_pass;
98
99 void *copy = NULL, *how_copy = &how_ext;
100
101 if (!openat2_supported) {
102 ksft_print_msg("openat2(2) unsupported\n");
103 resultfn = ksft_test_result_skip;
104 goto skip;
105 }
106
107 if (misalign) {
108 /*
109 * Explicitly misalign the structure copying it with the given
110 * (mis)alignment offset. The other data is set to be non-zero to
111 * make sure that non-zero bytes outside the struct aren't checked
112 *
113 * This is effectively to check that is_zeroed_user() works.
114 */
115 copy = malloc(misalign + sizeof(how_ext));
116 how_copy = copy + misalign;
117 memset(copy, 0xff, misalign);
118 memcpy(how_copy, &how_ext, sizeof(how_ext));
119 }
120
121 fd = raw_openat2(AT_FDCWD, ".", how_copy, test->size);
122 if (test->err >= 0)
123 failed = (fd < 0);
124 else
125 failed = (fd != test->err);
126 if (fd >= 0) {
127 fdpath = fdreadlink(fd);
128 close(fd);
129 }
130
131 if (failed) {
132 resultfn = ksft_test_result_fail;
133
134 ksft_print_msg("openat2 unexpectedly returned ");
135 if (fdpath)
136 ksft_print_msg("%d['%s']\n", fd, fdpath);
137 else
138 ksft_print_msg("%d (%s)\n", fd, strerror(-fd));
139 }
140
141 skip:
142 if (test->err >= 0)
143 resultfn("openat2 with %s argument [misalign=%d] succeeds\n",
144 test->name, misalign);
145 else
146 resultfn("openat2 with %s argument [misalign=%d] fails with %d (%s)\n",
147 test->name, misalign, test->err,
148 strerror(-test->err));
149
150 free(copy);
151 free(fdpath);
152 fflush(stdout);
153 }
154 }
155 }
156
157 struct flag_test {
158 const char *name;
159 struct open_how how;
160 int err;
161 };
162
163 #define NUM_OPENAT2_FLAG_TESTS 25
164
test_openat2_flags(void)165 void test_openat2_flags(void)
166 {
167 struct flag_test tests[] = {
168 /* O_TMPFILE is incompatible with O_PATH and O_CREAT. */
169 { .name = "incompatible flags (O_TMPFILE | O_PATH)",
170 .how.flags = O_TMPFILE | O_PATH | O_RDWR, .err = -EINVAL },
171 { .name = "incompatible flags (O_TMPFILE | O_CREAT)",
172 .how.flags = O_TMPFILE | O_CREAT | O_RDWR, .err = -EINVAL },
173
174 /* O_PATH only permits certain other flags to be set ... */
175 { .name = "compatible flags (O_PATH | O_CLOEXEC)",
176 .how.flags = O_PATH | O_CLOEXEC },
177 { .name = "compatible flags (O_PATH | O_DIRECTORY)",
178 .how.flags = O_PATH | O_DIRECTORY },
179 { .name = "compatible flags (O_PATH | O_NOFOLLOW)",
180 .how.flags = O_PATH | O_NOFOLLOW },
181 /* ... and others are absolutely not permitted. */
182 { .name = "incompatible flags (O_PATH | O_RDWR)",
183 .how.flags = O_PATH | O_RDWR, .err = -EINVAL },
184 { .name = "incompatible flags (O_PATH | O_CREAT)",
185 .how.flags = O_PATH | O_CREAT, .err = -EINVAL },
186 { .name = "incompatible flags (O_PATH | O_EXCL)",
187 .how.flags = O_PATH | O_EXCL, .err = -EINVAL },
188 { .name = "incompatible flags (O_PATH | O_NOCTTY)",
189 .how.flags = O_PATH | O_NOCTTY, .err = -EINVAL },
190 { .name = "incompatible flags (O_PATH | O_DIRECT)",
191 .how.flags = O_PATH | O_DIRECT, .err = -EINVAL },
192 { .name = "incompatible flags (O_PATH | O_LARGEFILE)",
193 .how.flags = O_PATH | O_LARGEFILE, .err = -EINVAL },
194
195 /* ->mode must only be set with O_{CREAT,TMPFILE}. */
196 { .name = "non-zero how.mode and O_RDONLY",
197 .how.flags = O_RDONLY, .how.mode = 0600, .err = -EINVAL },
198 { .name = "non-zero how.mode and O_PATH",
199 .how.flags = O_PATH, .how.mode = 0600, .err = -EINVAL },
200 { .name = "valid how.mode and O_CREAT",
201 .how.flags = O_CREAT, .how.mode = 0600 },
202 { .name = "valid how.mode and O_TMPFILE",
203 .how.flags = O_TMPFILE | O_RDWR, .how.mode = 0600 },
204 /* ->mode must only contain 0777 bits. */
205 { .name = "invalid how.mode and O_CREAT",
206 .how.flags = O_CREAT,
207 .how.mode = 0xFFFF, .err = -EINVAL },
208 { .name = "invalid (very large) how.mode and O_CREAT",
209 .how.flags = O_CREAT,
210 .how.mode = 0xC000000000000000ULL, .err = -EINVAL },
211 { .name = "invalid how.mode and O_TMPFILE",
212 .how.flags = O_TMPFILE | O_RDWR,
213 .how.mode = 0x1337, .err = -EINVAL },
214 { .name = "invalid (very large) how.mode and O_TMPFILE",
215 .how.flags = O_TMPFILE | O_RDWR,
216 .how.mode = 0x0000A00000000000ULL, .err = -EINVAL },
217
218 /* ->resolve flags must not conflict. */
219 { .name = "incompatible resolve flags (BENEATH | IN_ROOT)",
220 .how.flags = O_RDONLY,
221 .how.resolve = RESOLVE_BENEATH | RESOLVE_IN_ROOT,
222 .err = -EINVAL },
223
224 /* ->resolve must only contain RESOLVE_* flags. */
225 { .name = "invalid how.resolve and O_RDONLY",
226 .how.flags = O_RDONLY,
227 .how.resolve = 0x1337, .err = -EINVAL },
228 { .name = "invalid how.resolve and O_CREAT",
229 .how.flags = O_CREAT,
230 .how.resolve = 0x1337, .err = -EINVAL },
231 { .name = "invalid how.resolve and O_TMPFILE",
232 .how.flags = O_TMPFILE | O_RDWR,
233 .how.resolve = 0x1337, .err = -EINVAL },
234 { .name = "invalid how.resolve and O_PATH",
235 .how.flags = O_PATH,
236 .how.resolve = 0x1337, .err = -EINVAL },
237
238 /* currently unknown upper 32 bit rejected. */
239 { .name = "currently unknown bit (1 << 63)",
240 .how.flags = O_RDONLY | (1ULL << 63),
241 .how.resolve = 0, .err = -EINVAL },
242 };
243
244 BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_FLAG_TESTS);
245
246 for (int i = 0; i < ARRAY_LEN(tests); i++) {
247 int fd, fdflags = -1;
248 char *path, *fdpath = NULL;
249 bool failed = false;
250 struct flag_test *test = &tests[i];
251 void (*resultfn)(const char *msg, ...) = ksft_test_result_pass;
252
253 if (!openat2_supported) {
254 ksft_print_msg("openat2(2) unsupported\n");
255 resultfn = ksft_test_result_skip;
256 goto skip;
257 }
258
259 path = (test->how.flags & O_CREAT) ? "/tmp/ksft.openat2_tmpfile" : ".";
260 unlink(path);
261
262 fd = sys_openat2(AT_FDCWD, path, &test->how);
263 if (fd < 0 && fd == -EOPNOTSUPP) {
264 /*
265 * Skip the testcase if it failed because not supported
266 * by FS. (e.g. a valid O_TMPFILE combination on NFS)
267 */
268 ksft_test_result_skip("openat2 with %s fails with %d (%s)\n",
269 test->name, fd, strerror(-fd));
270 goto next;
271 }
272
273 if (test->err >= 0)
274 failed = (fd < 0);
275 else
276 failed = (fd != test->err);
277 if (fd >= 0) {
278 int otherflags;
279
280 fdpath = fdreadlink(fd);
281 fdflags = fcntl(fd, F_GETFL);
282 otherflags = fcntl(fd, F_GETFD);
283 close(fd);
284
285 E_assert(fdflags >= 0, "fcntl F_GETFL of new fd");
286 E_assert(otherflags >= 0, "fcntl F_GETFD of new fd");
287
288 /* O_CLOEXEC isn't shown in F_GETFL. */
289 if (otherflags & FD_CLOEXEC)
290 fdflags |= O_CLOEXEC;
291 /* O_CREAT is hidden from F_GETFL. */
292 if (test->how.flags & O_CREAT)
293 fdflags |= O_CREAT;
294 if (!(test->how.flags & O_LARGEFILE))
295 fdflags &= ~O_LARGEFILE;
296 failed |= (fdflags != test->how.flags);
297 }
298
299 if (failed) {
300 resultfn = ksft_test_result_fail;
301
302 ksft_print_msg("openat2 unexpectedly returned ");
303 if (fdpath)
304 ksft_print_msg("%d['%s'] with %X (!= %X)\n",
305 fd, fdpath, fdflags,
306 test->how.flags);
307 else
308 ksft_print_msg("%d (%s)\n", fd, strerror(-fd));
309 }
310
311 skip:
312 if (test->err >= 0)
313 resultfn("openat2 with %s succeeds\n", test->name);
314 else
315 resultfn("openat2 with %s fails with %d (%s)\n",
316 test->name, test->err, strerror(-test->err));
317 next:
318 free(fdpath);
319 fflush(stdout);
320 }
321 }
322
323 #define NUM_TESTS (NUM_OPENAT2_STRUCT_VARIATIONS * NUM_OPENAT2_STRUCT_TESTS + \
324 NUM_OPENAT2_FLAG_TESTS)
325
main(int argc,char ** argv)326 int main(int argc, char **argv)
327 {
328 ksft_print_header();
329 ksft_set_plan(NUM_TESTS);
330
331 test_openat2_struct();
332 test_openat2_flags();
333
334 if (ksft_get_fail_cnt() + ksft_get_error_cnt() > 0)
335 ksft_exit_fail();
336 else
337 ksft_exit_pass();
338 }
339