1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Author: Aleksa Sarai <cyphar@cyphar.com> 4 * Copyright (C) 2018-2019 SUSE LLC. 5 */ 6 7 #define _GNU_SOURCE 8 #define __SANE_USERSPACE_TYPES__ // Use ll64 9 #include <fcntl.h> 10 #include <sched.h> 11 #include <sys/stat.h> 12 #include <sys/types.h> 13 #include <sys/mount.h> 14 #include <stdlib.h> 15 #include <stdbool.h> 16 #include <string.h> 17 18 #include "../kselftest.h" 19 #include "helpers.h" 20 21 /* 22 * O_LARGEFILE is set to 0 by glibc. 23 * XXX: This is wrong on {mips, parisc, powerpc, sparc}. 24 */ 25 #undef O_LARGEFILE 26 #ifdef __aarch64__ 27 #define O_LARGEFILE 0x20000 28 #else 29 #define O_LARGEFILE 0x8000 30 #endif 31 32 struct open_how_ext { 33 struct open_how inner; 34 uint32_t extra1; 35 char pad1[128]; 36 uint32_t extra2; 37 char pad2[128]; 38 uint32_t extra3; 39 }; 40 41 struct struct_test { 42 const char *name; 43 struct open_how_ext arg; 44 size_t size; 45 int err; 46 }; 47 48 #define NUM_OPENAT2_STRUCT_TESTS 7 49 #define NUM_OPENAT2_STRUCT_VARIATIONS 13 50 51 void test_openat2_struct(void) 52 { 53 int misalignments[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 17, 87 }; 54 55 struct struct_test tests[] = { 56 /* Normal struct. */ 57 { .name = "normal struct", 58 .arg.inner.flags = O_RDONLY, 59 .size = sizeof(struct open_how) }, 60 /* Bigger struct, with zeroed out end. */ 61 { .name = "bigger struct (zeroed out)", 62 .arg.inner.flags = O_RDONLY, 63 .size = sizeof(struct open_how_ext) }, 64 65 /* TODO: Once expanded, check zero-padding. */ 66 67 /* Smaller than version-0 struct. */ 68 { .name = "zero-sized 'struct'", 69 .arg.inner.flags = O_RDONLY, .size = 0, .err = -EINVAL }, 70 { .name = "smaller-than-v0 struct", 71 .arg.inner.flags = O_RDONLY, 72 .size = OPEN_HOW_SIZE_VER0 - 1, .err = -EINVAL }, 73 74 /* Bigger struct, with non-zero trailing bytes. */ 75 { .name = "bigger struct (non-zero data in first 'future field')", 76 .arg.inner.flags = O_RDONLY, .arg.extra1 = 0xdeadbeef, 77 .size = sizeof(struct open_how_ext), .err = -E2BIG }, 78 { .name = "bigger struct (non-zero data in middle of 'future fields')", 79 .arg.inner.flags = O_RDONLY, .arg.extra2 = 0xfeedcafe, 80 .size = sizeof(struct open_how_ext), .err = -E2BIG }, 81 { .name = "bigger struct (non-zero data at end of 'future fields')", 82 .arg.inner.flags = O_RDONLY, .arg.extra3 = 0xabad1dea, 83 .size = sizeof(struct open_how_ext), .err = -E2BIG }, 84 }; 85 86 BUILD_BUG_ON(ARRAY_LEN(misalignments) != NUM_OPENAT2_STRUCT_VARIATIONS); 87 BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_STRUCT_TESTS); 88 89 for (int i = 0; i < ARRAY_LEN(tests); i++) { 90 struct struct_test *test = &tests[i]; 91 struct open_how_ext how_ext = test->arg; 92 93 for (int j = 0; j < ARRAY_LEN(misalignments); j++) { 94 int fd, misalign = misalignments[j]; 95 char *fdpath = NULL; 96 bool failed; 97 void (*resultfn)(const char *msg, ...) = ksft_test_result_pass; 98 99 void *copy = NULL, *how_copy = &how_ext; 100 101 if (!openat2_supported) { 102 ksft_print_msg("openat2(2) unsupported\n"); 103 resultfn = ksft_test_result_skip; 104 goto skip; 105 } 106 107 if (misalign) { 108 /* 109 * Explicitly misalign the structure copying it with the given 110 * (mis)alignment offset. The other data is set to be non-zero to 111 * make sure that non-zero bytes outside the struct aren't checked 112 * 113 * This is effectively to check that is_zeroed_user() works. 114 */ 115 copy = malloc(misalign + sizeof(how_ext)); 116 how_copy = copy + misalign; 117 memset(copy, 0xff, misalign); 118 memcpy(how_copy, &how_ext, sizeof(how_ext)); 119 } 120 121 fd = raw_openat2(AT_FDCWD, ".", how_copy, test->size); 122 if (test->err >= 0) 123 failed = (fd < 0); 124 else 125 failed = (fd != test->err); 126 if (fd >= 0) { 127 fdpath = fdreadlink(fd); 128 close(fd); 129 } 130 131 if (failed) { 132 resultfn = ksft_test_result_fail; 133 134 ksft_print_msg("openat2 unexpectedly returned "); 135 if (fdpath) 136 ksft_print_msg("%d['%s']\n", fd, fdpath); 137 else 138 ksft_print_msg("%d (%s)\n", fd, strerror(-fd)); 139 } 140 141 skip: 142 if (test->err >= 0) 143 resultfn("openat2 with %s argument [misalign=%d] succeeds\n", 144 test->name, misalign); 145 else 146 resultfn("openat2 with %s argument [misalign=%d] fails with %d (%s)\n", 147 test->name, misalign, test->err, 148 strerror(-test->err)); 149 150 free(copy); 151 free(fdpath); 152 fflush(stdout); 153 } 154 } 155 } 156 157 struct flag_test { 158 const char *name; 159 struct open_how how; 160 int err; 161 }; 162 163 #define NUM_OPENAT2_FLAG_TESTS 25 164 165 void test_openat2_flags(void) 166 { 167 struct flag_test tests[] = { 168 /* O_TMPFILE is incompatible with O_PATH and O_CREAT. */ 169 { .name = "incompatible flags (O_TMPFILE | O_PATH)", 170 .how.flags = O_TMPFILE | O_PATH | O_RDWR, .err = -EINVAL }, 171 { .name = "incompatible flags (O_TMPFILE | O_CREAT)", 172 .how.flags = O_TMPFILE | O_CREAT | O_RDWR, .err = -EINVAL }, 173 174 /* O_PATH only permits certain other flags to be set ... */ 175 { .name = "compatible flags (O_PATH | O_CLOEXEC)", 176 .how.flags = O_PATH | O_CLOEXEC }, 177 { .name = "compatible flags (O_PATH | O_DIRECTORY)", 178 .how.flags = O_PATH | O_DIRECTORY }, 179 { .name = "compatible flags (O_PATH | O_NOFOLLOW)", 180 .how.flags = O_PATH | O_NOFOLLOW }, 181 /* ... and others are absolutely not permitted. */ 182 { .name = "incompatible flags (O_PATH | O_RDWR)", 183 .how.flags = O_PATH | O_RDWR, .err = -EINVAL }, 184 { .name = "incompatible flags (O_PATH | O_CREAT)", 185 .how.flags = O_PATH | O_CREAT, .err = -EINVAL }, 186 { .name = "incompatible flags (O_PATH | O_EXCL)", 187 .how.flags = O_PATH | O_EXCL, .err = -EINVAL }, 188 { .name = "incompatible flags (O_PATH | O_NOCTTY)", 189 .how.flags = O_PATH | O_NOCTTY, .err = -EINVAL }, 190 { .name = "incompatible flags (O_PATH | O_DIRECT)", 191 .how.flags = O_PATH | O_DIRECT, .err = -EINVAL }, 192 { .name = "incompatible flags (O_PATH | O_LARGEFILE)", 193 .how.flags = O_PATH | O_LARGEFILE, .err = -EINVAL }, 194 195 /* ->mode must only be set with O_{CREAT,TMPFILE}. */ 196 { .name = "non-zero how.mode and O_RDONLY", 197 .how.flags = O_RDONLY, .how.mode = 0600, .err = -EINVAL }, 198 { .name = "non-zero how.mode and O_PATH", 199 .how.flags = O_PATH, .how.mode = 0600, .err = -EINVAL }, 200 { .name = "valid how.mode and O_CREAT", 201 .how.flags = O_CREAT, .how.mode = 0600 }, 202 { .name = "valid how.mode and O_TMPFILE", 203 .how.flags = O_TMPFILE | O_RDWR, .how.mode = 0600 }, 204 /* ->mode must only contain 0777 bits. */ 205 { .name = "invalid how.mode and O_CREAT", 206 .how.flags = O_CREAT, 207 .how.mode = 0xFFFF, .err = -EINVAL }, 208 { .name = "invalid (very large) how.mode and O_CREAT", 209 .how.flags = O_CREAT, 210 .how.mode = 0xC000000000000000ULL, .err = -EINVAL }, 211 { .name = "invalid how.mode and O_TMPFILE", 212 .how.flags = O_TMPFILE | O_RDWR, 213 .how.mode = 0x1337, .err = -EINVAL }, 214 { .name = "invalid (very large) how.mode and O_TMPFILE", 215 .how.flags = O_TMPFILE | O_RDWR, 216 .how.mode = 0x0000A00000000000ULL, .err = -EINVAL }, 217 218 /* ->resolve flags must not conflict. */ 219 { .name = "incompatible resolve flags (BENEATH | IN_ROOT)", 220 .how.flags = O_RDONLY, 221 .how.resolve = RESOLVE_BENEATH | RESOLVE_IN_ROOT, 222 .err = -EINVAL }, 223 224 /* ->resolve must only contain RESOLVE_* flags. */ 225 { .name = "invalid how.resolve and O_RDONLY", 226 .how.flags = O_RDONLY, 227 .how.resolve = 0x1337, .err = -EINVAL }, 228 { .name = "invalid how.resolve and O_CREAT", 229 .how.flags = O_CREAT, 230 .how.resolve = 0x1337, .err = -EINVAL }, 231 { .name = "invalid how.resolve and O_TMPFILE", 232 .how.flags = O_TMPFILE | O_RDWR, 233 .how.resolve = 0x1337, .err = -EINVAL }, 234 { .name = "invalid how.resolve and O_PATH", 235 .how.flags = O_PATH, 236 .how.resolve = 0x1337, .err = -EINVAL }, 237 238 /* currently unknown upper 32 bit rejected. */ 239 { .name = "currently unknown bit (1 << 63)", 240 .how.flags = O_RDONLY | (1ULL << 63), 241 .how.resolve = 0, .err = -EINVAL }, 242 }; 243 244 BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_FLAG_TESTS); 245 246 for (int i = 0; i < ARRAY_LEN(tests); i++) { 247 int fd, fdflags = -1; 248 char *path, *fdpath = NULL; 249 bool failed = false; 250 struct flag_test *test = &tests[i]; 251 void (*resultfn)(const char *msg, ...) = ksft_test_result_pass; 252 253 if (!openat2_supported) { 254 ksft_print_msg("openat2(2) unsupported\n"); 255 resultfn = ksft_test_result_skip; 256 goto skip; 257 } 258 259 path = (test->how.flags & O_CREAT) ? "/tmp/ksft.openat2_tmpfile" : "."; 260 unlink(path); 261 262 fd = sys_openat2(AT_FDCWD, path, &test->how); 263 if (fd < 0 && fd == -EOPNOTSUPP) { 264 /* 265 * Skip the testcase if it failed because not supported 266 * by FS. (e.g. a valid O_TMPFILE combination on NFS) 267 */ 268 ksft_test_result_skip("openat2 with %s fails with %d (%s)\n", 269 test->name, fd, strerror(-fd)); 270 goto next; 271 } 272 273 if (test->err >= 0) 274 failed = (fd < 0); 275 else 276 failed = (fd != test->err); 277 if (fd >= 0) { 278 int otherflags; 279 280 fdpath = fdreadlink(fd); 281 fdflags = fcntl(fd, F_GETFL); 282 otherflags = fcntl(fd, F_GETFD); 283 close(fd); 284 285 E_assert(fdflags >= 0, "fcntl F_GETFL of new fd"); 286 E_assert(otherflags >= 0, "fcntl F_GETFD of new fd"); 287 288 /* O_CLOEXEC isn't shown in F_GETFL. */ 289 if (otherflags & FD_CLOEXEC) 290 fdflags |= O_CLOEXEC; 291 /* O_CREAT is hidden from F_GETFL. */ 292 if (test->how.flags & O_CREAT) 293 fdflags |= O_CREAT; 294 if (!(test->how.flags & O_LARGEFILE)) 295 fdflags &= ~O_LARGEFILE; 296 failed |= (fdflags != test->how.flags); 297 } 298 299 if (failed) { 300 resultfn = ksft_test_result_fail; 301 302 ksft_print_msg("openat2 unexpectedly returned "); 303 if (fdpath) 304 ksft_print_msg("%d['%s'] with %X (!= %X)\n", 305 fd, fdpath, fdflags, 306 test->how.flags); 307 else 308 ksft_print_msg("%d (%s)\n", fd, strerror(-fd)); 309 } 310 311 skip: 312 if (test->err >= 0) 313 resultfn("openat2 with %s succeeds\n", test->name); 314 else 315 resultfn("openat2 with %s fails with %d (%s)\n", 316 test->name, test->err, strerror(-test->err)); 317 next: 318 free(fdpath); 319 fflush(stdout); 320 } 321 } 322 323 #define NUM_TESTS (NUM_OPENAT2_STRUCT_VARIATIONS * NUM_OPENAT2_STRUCT_TESTS + \ 324 NUM_OPENAT2_FLAG_TESTS) 325 326 int main(int argc, char **argv) 327 { 328 ksft_print_header(); 329 ksft_set_plan(NUM_TESTS); 330 331 test_openat2_struct(); 332 test_openat2_flags(); 333 334 if (ksft_get_fail_cnt() + ksft_get_error_cnt() > 0) 335 ksft_exit_fail(); 336 else 337 ksft_exit_pass(); 338 } 339