1 // SPDX-License-Identifier: GPL-2.0
2 
3 #define _GNU_SOURCE
4 #include <assert.h>
5 #include <errno.h>
6 #include <fcntl.h>
7 #include <linux/types.h>
8 #include <sched.h>
9 #include <signal.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <syscall.h>
14 #include <sys/wait.h>
15 #include <sys/mman.h>
16 
17 #include "pidfd.h"
18 #include "../kselftest.h"
19 
20 struct error {
21 	int  code;
22 	char msg[512];
23 };
24 
25 static int error_set(struct error *err, int code, const char *fmt, ...)
26 {
27 	va_list args;
28 	int r;
29 
30 	if (code == PIDFD_PASS || !err || err->code != PIDFD_PASS)
31 		return code;
32 
33 	err->code = code;
34 	va_start(args, fmt);
35 	r = vsnprintf(err->msg, sizeof(err->msg), fmt, args);
36 	assert((size_t)r < sizeof(err->msg));
37 	va_end(args);
38 
39 	return code;
40 }
41 
42 static void error_report(struct error *err, const char *test_name)
43 {
44 	switch (err->code) {
45 	case PIDFD_ERROR:
46 		ksft_exit_fail_msg("%s test: Fatal: %s\n", test_name, err->msg);
47 		break;
48 
49 	case PIDFD_FAIL:
50 		/* will be: not ok %d # error %s test: %s */
51 		ksft_test_result_error("%s test: %s\n", test_name, err->msg);
52 		break;
53 
54 	case PIDFD_SKIP:
55 		/* will be: not ok %d # SKIP %s test: %s */
56 		ksft_test_result_skip("%s test: %s\n", test_name, err->msg);
57 		break;
58 
59 	case PIDFD_XFAIL:
60 		ksft_test_result_pass("%s test: Expected failure: %s\n",
61 				      test_name, err->msg);
62 		break;
63 
64 	case PIDFD_PASS:
65 		ksft_test_result_pass("%s test: Passed\n");
66 		break;
67 
68 	default:
69 		ksft_exit_fail_msg("%s test: Unknown code: %d %s\n",
70 				   test_name, err->code, err->msg);
71 		break;
72 	}
73 }
74 
75 static inline int error_check(struct error *err, const char *test_name)
76 {
77 	/* In case of error we bail out and terminate the test program */
78 	if (err->code == PIDFD_ERROR)
79 		error_report(err, test_name);
80 
81 	return err->code;
82 }
83 
84 #define CHILD_STACK_SIZE 8192
85 
86 struct child {
87 	char *stack;
88 	pid_t pid;
89 	int   fd;
90 };
91 
92 static struct child clone_newns(int (*fn)(void *), void *args,
93 				struct error *err)
94 {
95 	static int flags = CLONE_PIDFD | CLONE_NEWPID | CLONE_NEWNS | SIGCHLD;
96 	struct child ret;
97 
98 	if (!(flags & CLONE_NEWUSER) && geteuid() != 0)
99 		flags |= CLONE_NEWUSER;
100 
101 	ret.stack = mmap(NULL, CHILD_STACK_SIZE, PROT_READ | PROT_WRITE,
102 			 MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
103 	if (ret.stack == MAP_FAILED) {
104 		error_set(err, -1, "mmap of stack failed (errno %d)", errno);
105 		return ret;
106 	}
107 
108 #ifdef __ia64__
109 	ret.pid = __clone2(fn, ret.stack, CHILD_STACK_SIZE, flags, args, &ret.fd);
110 #else
111 	ret.pid = clone(fn, ret.stack + CHILD_STACK_SIZE, flags, args, &ret.fd);
112 #endif
113 
114 	if (ret.pid < 0) {
115 		error_set(err, PIDFD_ERROR, "clone failed (ret %d, errno %d)",
116 			  ret.fd, errno);
117 		return ret;
118 	}
119 
120 	ksft_print_msg("New child: %d, fd: %d\n", ret.pid, ret.fd);
121 
122 	return ret;
123 }
124 
125 static inline void child_close(struct child *child)
126 {
127 	close(child->fd);
128 }
129 
130 static inline int child_join(struct child *child, struct error *err)
131 {
132 	int r;
133 
134 	r = wait_for_pid(child->pid);
135 	if (r < 0)
136 		error_set(err, PIDFD_ERROR, "waitpid failed (ret %d, errno %d)",
137 			  r, errno);
138 	else if (r > 0)
139 		error_set(err, r, "child %d reported: %d", child->pid, r);
140 
141 	if (munmap(child->stack, CHILD_STACK_SIZE)) {
142 		error_set(err, -1, "munmap of child stack failed (errno %d)", errno);
143 		r = -1;
144 	}
145 
146 	ksft_print_msg("waitpid WEXITSTATUS=%d\n", r);
147 	return r;
148 }
149 
150 static inline int child_join_close(struct child *child, struct error *err)
151 {
152 	child_close(child);
153 	return child_join(child, err);
154 }
155 
156 static inline void trim_newline(char *str)
157 {
158 	char *pos = strrchr(str, '\n');
159 
160 	if (pos)
161 		*pos = '\0';
162 }
163 
164 static int verify_fdinfo(int pidfd, struct error *err, const char *prefix,
165 			 size_t prefix_len, const char *expect, ...)
166 {
167 	char buffer[512] = {0, };
168 	char path[512] = {0, };
169 	va_list args;
170 	FILE *f;
171 	char *line = NULL;
172 	size_t n = 0;
173 	int found = 0;
174 	int r;
175 
176 	va_start(args, expect);
177 	r = vsnprintf(buffer, sizeof(buffer), expect, args);
178 	assert((size_t)r < sizeof(buffer));
179 	va_end(args);
180 
181 	snprintf(path, sizeof(path), "/proc/self/fdinfo/%d", pidfd);
182 	f = fopen(path, "re");
183 	if (!f)
184 		return error_set(err, PIDFD_ERROR, "fdinfo open failed for %d",
185 				 pidfd);
186 
187 	while (getline(&line, &n, f) != -1) {
188 		char *val;
189 
190 		if (strncmp(line, prefix, prefix_len))
191 			continue;
192 
193 		found = 1;
194 
195 		val = line + prefix_len;
196 		r = strcmp(val, buffer);
197 		if (r != 0) {
198 			trim_newline(line);
199 			trim_newline(buffer);
200 			error_set(err, PIDFD_FAIL, "%s '%s' != '%s'",
201 				  prefix, val, buffer);
202 		}
203 		break;
204 	}
205 
206 	free(line);
207 	fclose(f);
208 
209 	if (found == 0)
210 		return error_set(err, PIDFD_FAIL, "%s not found for fd %d",
211 				 prefix, pidfd);
212 
213 	return PIDFD_PASS;
214 }
215 
216 static int child_fdinfo_nspid_test(void *args)
217 {
218 	struct error err;
219 	int pidfd;
220 	int r;
221 
222 	/* if we got no fd for the sibling, we are done */
223 	if (!args)
224 		return PIDFD_PASS;
225 
226 	/* verify that we can not resolve the pidfd for a process
227 	 * in a sibling pid namespace, i.e. a pid namespace it is
228 	 * not in our or a descended namespace
229 	 */
230 	r = mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0);
231 	if (r < 0) {
232 		ksft_print_msg("Failed to remount / private\n");
233 		return PIDFD_ERROR;
234 	}
235 
236 	(void)umount2("/proc", MNT_DETACH);
237 	r = mount("proc", "/proc", "proc", 0, NULL);
238 	if (r < 0) {
239 		ksft_print_msg("Failed to remount /proc\n");
240 		return PIDFD_ERROR;
241 	}
242 
243 	pidfd = *(int *)args;
244 	r = verify_fdinfo(pidfd, &err, "NSpid:", 6, "\t0\n");
245 
246 	if (r != PIDFD_PASS)
247 		ksft_print_msg("NSpid fdinfo check failed: %s\n", err.msg);
248 
249 	return r;
250 }
251 
252 static void test_pidfd_fdinfo_nspid(void)
253 {
254 	struct child a, b;
255 	struct error err = {0, };
256 	const char *test_name = "pidfd check for NSpid in fdinfo";
257 
258 	/* Create a new child in a new pid and mount namespace */
259 	a = clone_newns(child_fdinfo_nspid_test, NULL, &err);
260 	error_check(&err, test_name);
261 
262 	/* Pass the pidfd representing the first child to the
263 	 * second child, which will be in a sibling pid namespace,
264 	 * which means that the fdinfo NSpid entry for the pidfd
265 	 * should only contain '0'.
266 	 */
267 	b = clone_newns(child_fdinfo_nspid_test, &a.fd, &err);
268 	error_check(&err, test_name);
269 
270 	/* The children will have pid 1 in the new pid namespace,
271 	 * so the line must be 'NSPid:\t<pid>\t1'.
272 	 */
273 	verify_fdinfo(a.fd, &err, "NSpid:", 6, "\t%d\t%d\n", a.pid, 1);
274 	verify_fdinfo(b.fd, &err, "NSpid:", 6, "\t%d\t%d\n", b.pid, 1);
275 
276 	/* wait for the process, check the exit status and set
277 	 * 'err' accordingly, if it is not already set.
278 	 */
279 	child_join_close(&a, &err);
280 	child_join_close(&b, &err);
281 
282 	error_report(&err, test_name);
283 }
284 
285 static void test_pidfd_dead_fdinfo(void)
286 {
287 	struct child a;
288 	struct error err = {0, };
289 	const char *test_name = "pidfd check fdinfo for dead process";
290 
291 	/* Create a new child in a new pid and mount namespace */
292 	a = clone_newns(child_fdinfo_nspid_test, NULL, &err);
293 	error_check(&err, test_name);
294 	child_join(&a, &err);
295 
296 	verify_fdinfo(a.fd, &err, "Pid:", 4, "\t-1\n");
297 	verify_fdinfo(a.fd, &err, "NSpid:", 6, "\t-1\n");
298 	child_close(&a);
299 	error_report(&err, test_name);
300 }
301 
302 int main(int argc, char **argv)
303 {
304 	ksft_print_header();
305 	ksft_set_plan(2);
306 
307 	test_pidfd_fdinfo_nspid();
308 	test_pidfd_dead_fdinfo();
309 
310 	return ksft_exit_pass();
311 }
312