-/* SPDX-License-Identifier: LGPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <fcntl.h>
+#include <sys/eventfd.h>
#include <unistd.h>
#include "alloc-util.h"
+#include "data-fd-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "macro.h"
#include "memory-util.h"
+#include "missing_syscall.h"
+#include "mount-util.h"
#include "path-util.h"
#include "process-util.h"
#include "random-util.h"
#include "rlimit-util.h"
+#include "seccomp-util.h"
#include "serialize.h"
#include "string-util.h"
#include "tests.h"
#include "tmpfile-util.h"
-static void test_close_many(void) {
+TEST(close_many) {
int fds[3];
char name0[] = "/tmp/test-close-many.XXXXXX";
char name1[] = "/tmp/test-close-many.XXXXXX";
unlink(name2);
}
-static void test_close_nointr(void) {
+TEST(close_nointr) {
char name[] = "/tmp/test-test-close_nointr.XXXXXX";
int fd;
unlink(name);
}
-static void test_same_fd(void) {
- _cleanup_close_pair_ int p[2] = { -1, -1 };
- _cleanup_close_ int a = -1, b = -1, c = -1;
+TEST(same_fd) {
+ _cleanup_close_pair_ int p[2];
+ _cleanup_close_ int a, b, c;
assert_se(pipe2(p, O_CLOEXEC) >= 0);
assert_se((a = fcntl(p[0], F_DUPFD, 3)) >= 0);
assert_se(same_fd(b, a) == 0);
}
-static void test_open_serialization_fd(void) {
- _cleanup_close_ int fd = -1;
+TEST(open_serialization_fd) {
+ _cleanup_close_ int fd = -EBADF;
fd = open_serialization_fd("test");
assert_se(fd >= 0);
assert_se(write(fd, "test\n", 5) == 5);
}
-static void test_acquire_data_fd_one(unsigned flags) {
- char wbuffer[196*1024 - 7];
- char rbuffer[sizeof(wbuffer)];
- int fd;
-
- fd = acquire_data_fd("foo", 3, flags);
- assert_se(fd >= 0);
-
- zero(rbuffer);
- assert_se(read(fd, rbuffer, sizeof(rbuffer)) == 3);
- assert_se(streq(rbuffer, "foo"));
-
- fd = safe_close(fd);
-
- fd = acquire_data_fd("", 0, flags);
- assert_se(fd >= 0);
-
- zero(rbuffer);
- assert_se(read(fd, rbuffer, sizeof(rbuffer)) == 0);
- assert_se(streq(rbuffer, ""));
-
- fd = safe_close(fd);
-
- random_bytes(wbuffer, sizeof(wbuffer));
-
- fd = acquire_data_fd(wbuffer, sizeof(wbuffer), flags);
- assert_se(fd >= 0);
-
- zero(rbuffer);
- assert_se(read(fd, rbuffer, sizeof(rbuffer)) == sizeof(rbuffer));
- assert_se(memcmp(rbuffer, wbuffer, sizeof(rbuffer)) == 0);
-
- fd = safe_close(fd);
-}
-
-static void test_acquire_data_fd(void) {
-
- test_acquire_data_fd_one(0);
- test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL);
- test_acquire_data_fd_one(ACQUIRE_NO_MEMFD);
- test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_MEMFD);
- test_acquire_data_fd_one(ACQUIRE_NO_PIPE);
- test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_PIPE);
- test_acquire_data_fd_one(ACQUIRE_NO_MEMFD|ACQUIRE_NO_PIPE);
- test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_MEMFD|ACQUIRE_NO_PIPE);
- test_acquire_data_fd_one(ACQUIRE_NO_DEV_NULL|ACQUIRE_NO_MEMFD|ACQUIRE_NO_PIPE|ACQUIRE_NO_TMPFILE);
-}
-
-static void test_fd_move_above_stdio(void) {
+TEST(fd_move_above_stdio) {
int original_stdin, new_fd;
original_stdin = fcntl(0, F_DUPFD, 3);
assert_se(close_nointr(new_fd) != EBADF);
}
-static void test_rearrange_stdio(void) {
+TEST(rearrange_stdio) {
pid_t pid;
int r;
}
}
-static void assert_equal_fd(int fd1, int fd2) {
-
- for (;;) {
- uint8_t a[4096], b[4096];
- ssize_t x, y;
-
- x = read(fd1, a, sizeof(a));
- assert_se(x >= 0);
-
- y = read(fd2, b, sizeof(b));
- assert_se(y >= 0);
-
- assert_se(x == y);
-
- if (x == 0)
- break;
-
- assert_se(memcmp(a, b, x) == 0);
- }
-}
-
-static void test_fd_duplicate_data_fd(void) {
- _cleanup_close_ int fd1 = -1, fd2 = -1;
- _cleanup_(close_pairp) int sfd[2] = { -1, -1 };
- _cleanup_(sigkill_waitp) pid_t pid = -1;
- uint64_t i, j;
- int r;
-
- fd1 = open("/etc/fstab", O_RDONLY|O_CLOEXEC);
- if (fd1 >= 0) {
-
- fd2 = fd_duplicate_data_fd(fd1);
- assert_se(fd2 >= 0);
-
- assert_se(lseek(fd1, 0, SEEK_SET) == 0);
- assert_equal_fd(fd1, fd2);
- }
-
- fd1 = safe_close(fd1);
- fd2 = safe_close(fd2);
-
- fd1 = acquire_data_fd("hallo", 6, 0);
- assert_se(fd1 >= 0);
-
- fd2 = fd_duplicate_data_fd(fd1);
- assert_se(fd2 >= 0);
-
- safe_close(fd1);
- fd1 = acquire_data_fd("hallo", 6, 0);
- assert_se(fd1 >= 0);
-
- assert_equal_fd(fd1, fd2);
-
- fd1 = safe_close(fd1);
- fd2 = safe_close(fd2);
-
- assert_se(socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, sfd) >= 0);
-
- r = safe_fork("(sd-pipe)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
- assert_se(r >= 0);
-
- if (r == 0) {
- /* child */
-
- sfd[0] = safe_close(sfd[0]);
-
- for (i = 0; i < 1536*1024 / sizeof(uint64_t); i++)
- assert_se(write(sfd[1], &i, sizeof(i)) == sizeof(i));
-
- sfd[1] = safe_close(sfd[1]);
-
- _exit(EXIT_SUCCESS);
- }
-
- sfd[1] = safe_close(sfd[1]);
-
- fd2 = fd_duplicate_data_fd(sfd[0]);
- assert_se(fd2 >= 0);
-
- for (i = 0; i < 1536*1024 / sizeof(uint64_t); i++) {
- assert_se(read(fd2, &j, sizeof(j)) == sizeof(j));
- assert_se(i == j);
- }
-
- assert_se(read(fd2, &j, sizeof(j)) == 0);
-}
-
-static void test_read_nr_open(void) {
+TEST(read_nr_open) {
log_info("nr-open: %i", read_nr_open());
}
return c; /* Return number of fds >= 0 in the array */
}
-static void test_close_all_fds(void) {
+static void test_close_all_fds_inner(void) {
_cleanup_free_ int *fds = NULL, *keep = NULL;
- struct rlimit rl;
size_t n_fds, n_keep;
+ int max_fd;
log_info("/* %s */", __func__);
rlimit_nofile_bump(-1);
- assert_se(getrlimit(RLIMIT_NOFILE, &rl) >= 0);
- assert_se(rl.rlim_cur > 10);
+ max_fd = get_max_fd();
+ assert_se(max_fd > 10);
+
+ if (max_fd > 7000) {
+ /* If the worst fallback is activated we need to iterate through all possible fds, hence,
+ * let's lower the limit a small bit, so that we don't run for too long. Yes, this undoes the
+ * rlimit_nofile_bump() call above partially. */
+
+ (void) setrlimit_closest(RLIMIT_NOFILE, &(struct rlimit) { 7000, 7000 });
+ max_fd = 7000;
+ }
/* Try to use 5000 fds, but when we can't bump the rlimit to make that happen use the whole limit minus 10 */
- n_fds = MIN((rl.rlim_cur & ~1U) - 10U, 5000U);
+ n_fds = MIN(((size_t) max_fd & ~1U) - 10U, 5000U);
assert_se((n_fds & 1U) == 0U); /* make sure even number of fds */
/* Allocate the determined number of fds, always two at a time */
log_open();
}
-int main(int argc, char *argv[]) {
+static int seccomp_prohibit_close_range(void) {
+#if HAVE_SECCOMP && defined(__SNR_close_range)
+ _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
+ int r;
+
+ r = seccomp_init_for_arch(&seccomp, SCMP_ARCH_NATIVE, SCMP_ACT_ALLOW);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to acquire seccomp context, ignoring: %m");
- test_setup_logging(LOG_DEBUG);
+ r = seccomp_rule_add_exact(
+ seccomp,
+ SCMP_ACT_ERRNO(EPERM),
+ SCMP_SYS(close_range),
+ 0);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to add close_range() rule, ignoring: %m");
- test_close_many();
- test_close_nointr();
- test_same_fd();
- test_open_serialization_fd();
- test_acquire_data_fd();
- test_fd_move_above_stdio();
- test_rearrange_stdio();
- test_fd_duplicate_data_fd();
- test_read_nr_open();
- test_close_all_fds();
+ r = seccomp_load(seccomp);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to apply close_range() restrictions, ignoring: %m");
return 0;
+#else
+ return log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Seccomp support or close_range() syscall definition not available.");
+#endif
}
+
+TEST(close_all_fds) {
+ int r;
+
+ /* Runs the test four times. Once as is. Once with close_range() syscall blocked via seccomp, once
+ * with /proc/ overmounted, and once with the combination of both. This should trigger all fallbacks
+ * in the close_range_all() function. */
+
+ r = safe_fork("(caf-plain)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+ if (r == 0) {
+ test_close_all_fds_inner();
+ _exit(EXIT_SUCCESS);
+ }
+ assert_se(r >= 0);
+
+ if (geteuid() != 0)
+ return (void) log_tests_skipped("Lacking privileges for test with close_range() blocked and /proc/ overmounted");
+
+ r = safe_fork("(caf-noproc)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, NULL);
+ if (r == 0) {
+ r = mount_nofollow_verbose(LOG_WARNING, "tmpfs", "/proc", "tmpfs", 0, NULL);
+ if (r < 0)
+ log_notice("Overmounting /proc/ didn't work, skipping close_all_fds() with masked /proc/.");
+ else
+ test_close_all_fds_inner();
+ _exit(EXIT_SUCCESS);
+ }
+ assert_se(r >= 0);
+
+ if (!is_seccomp_available())
+ return (void) log_tests_skipped("Seccomp not available");
+
+ r = safe_fork("(caf-seccomp)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+ if (r == 0) {
+ r = seccomp_prohibit_close_range();
+ if (r < 0)
+ log_notice("Applying seccomp filter didn't work, skipping close_all_fds() test with masked close_range().");
+ else
+ test_close_all_fds_inner();
+
+ _exit(EXIT_SUCCESS);
+ }
+ assert_se(r >= 0);
+
+ r = safe_fork("(caf-scnp)", FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE, NULL);
+ if (r == 0) {
+ r = seccomp_prohibit_close_range();
+ if (r < 0)
+ log_notice("Applying seccomp filter didn't work, skipping close_all_fds() test with masked close_range().");
+ else {
+ r = mount_nofollow_verbose(LOG_WARNING, "tmpfs", "/proc", "tmpfs", 0, NULL);
+ if (r < 0)
+ log_notice("Overmounting /proc/ didn't work, skipping close_all_fds() with masked /proc/.");
+ else
+ test_close_all_fds_inner();
+ }
+
+ test_close_all_fds_inner();
+ _exit(EXIT_SUCCESS);
+ }
+ assert_se(r >= 0);
+}
+
+TEST(format_proc_fd_path) {
+ assert_se(streq_ptr(FORMAT_PROC_FD_PATH(0), "/proc/self/fd/0"));
+ assert_se(streq_ptr(FORMAT_PROC_FD_PATH(1), "/proc/self/fd/1"));
+ assert_se(streq_ptr(FORMAT_PROC_FD_PATH(2), "/proc/self/fd/2"));
+ assert_se(streq_ptr(FORMAT_PROC_FD_PATH(3), "/proc/self/fd/3"));
+ assert_se(streq_ptr(FORMAT_PROC_FD_PATH(2147483647), "/proc/self/fd/2147483647"));
+}
+
+TEST(fd_reopen) {
+ _cleanup_close_ int fd1 = -EBADF, fd2 = -EBADF;
+ struct stat st1, st2;
+ int fl;
+
+ /* Test this with a directory */
+ fd1 = open("/proc", O_DIRECTORY|O_PATH|O_CLOEXEC);
+ assert_se(fd1 >= 0);
+
+ assert_se(fstat(fd1, &st1) >= 0);
+ assert_se(S_ISDIR(st1.st_mode));
+
+ fl = fcntl(fd1, F_GETFL);
+ assert_se(fl >= 0);
+ assert_se(FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(FLAGS_SET(fl, O_PATH));
+
+ fd2 = fd_reopen(fd1, O_RDONLY|O_DIRECTORY|O_CLOEXEC); /* drop the O_PATH */
+ assert_se(fd2 >= 0);
+
+ assert_se(fstat(fd2, &st2) >= 0);
+ assert_se(S_ISDIR(st2.st_mode));
+ assert_se(st1.st_ino == st2.st_ino);
+ assert_se(st1.st_rdev == st2.st_rdev);
+
+ fl = fcntl(fd2, F_GETFL);
+ assert_se(fl >= 0);
+ assert_se(FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(!FLAGS_SET(fl, O_PATH));
+
+ safe_close(fd1);
+
+ fd1 = fd_reopen(fd2, O_DIRECTORY|O_PATH|O_CLOEXEC); /* reacquire the O_PATH */
+ assert_se(fd1 >= 0);
+
+ assert_se(fstat(fd1, &st1) >= 0);
+ assert_se(S_ISDIR(st1.st_mode));
+ assert_se(st1.st_ino == st2.st_ino);
+ assert_se(st1.st_rdev == st2.st_rdev);
+
+ fl = fcntl(fd1, F_GETFL);
+ assert_se(fl >= 0);
+ assert_se(FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(FLAGS_SET(fl, O_PATH));
+
+ safe_close(fd1);
+
+ /* And now, test this with a file. */
+ fd1 = open("/proc/version", O_PATH|O_CLOEXEC);
+ assert_se(fd1 >= 0);
+
+ assert_se(fstat(fd1, &st1) >= 0);
+ assert_se(S_ISREG(st1.st_mode));
+
+ fl = fcntl(fd1, F_GETFL);
+ assert_se(fl >= 0);
+ assert_se(!FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(FLAGS_SET(fl, O_PATH));
+
+ assert_se(fd_reopen(fd1, O_RDONLY|O_DIRECTORY|O_CLOEXEC) == -ENOTDIR);
+ fd2 = fd_reopen(fd1, O_RDONLY|O_CLOEXEC); /* drop the O_PATH */
+ assert_se(fd2 >= 0);
+
+ assert_se(fstat(fd2, &st2) >= 0);
+ assert_se(S_ISREG(st2.st_mode));
+ assert_se(st1.st_ino == st2.st_ino);
+ assert_se(st1.st_rdev == st2.st_rdev);
+
+ fl = fcntl(fd2, F_GETFL);
+ assert_se(fl >= 0);
+ assert_se(!FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(!FLAGS_SET(fl, O_PATH));
+
+ safe_close(fd1);
+
+ assert_se(fd_reopen(fd2, O_DIRECTORY|O_PATH|O_CLOEXEC) == -ENOTDIR);
+ fd1 = fd_reopen(fd2, O_PATH|O_CLOEXEC); /* reacquire the O_PATH */
+ assert_se(fd1 >= 0);
+
+ assert_se(fstat(fd1, &st1) >= 0);
+ assert_se(S_ISREG(st1.st_mode));
+ assert_se(st1.st_ino == st2.st_ino);
+ assert_se(st1.st_rdev == st2.st_rdev);
+
+ fl = fcntl(fd1, F_GETFL);
+ assert_se(fl >= 0);
+ assert_se(!FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(FLAGS_SET(fl, O_PATH));
+
+ /* Also check the right error is generated if the fd is already closed */
+ safe_close(fd1);
+ assert_se(fd_reopen(fd1, O_RDONLY|O_CLOEXEC) == -EBADF);
+ fd1 = -EBADF;
+}
+
+TEST(fd_reopen_condition) {
+ _cleanup_close_ int fd1 = -EBADF, fd3 = -EBADF;
+ int fd2, fl;
+
+ /* Open without O_PATH */
+ fd1 = open("/usr/", O_RDONLY|O_DIRECTORY|O_CLOEXEC);
+ assert_se(fd1 >= 0);
+
+ fl = fcntl(fd1, F_GETFL);
+ assert_se(FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(!FLAGS_SET(fl, O_PATH));
+
+ fd2 = fd_reopen_condition(fd1, O_DIRECTORY, O_DIRECTORY|O_PATH, &fd3);
+ assert_se(fd2 == fd1);
+ assert_se(fd3 < 0);
+
+ /* Switch on O_PATH */
+ fd2 = fd_reopen_condition(fd1, O_DIRECTORY|O_PATH, O_DIRECTORY|O_PATH, &fd3);
+ assert_se(fd2 != fd1);
+ assert_se(fd3 == fd2);
+
+ fl = fcntl(fd2, F_GETFL);
+ assert_se(FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(FLAGS_SET(fl, O_PATH));
+
+ close_and_replace(fd1, fd3);
+
+ fd2 = fd_reopen_condition(fd1, O_DIRECTORY|O_PATH, O_DIRECTORY|O_PATH, &fd3);
+ assert_se(fd2 == fd1);
+ assert_se(fd3 < 0);
+
+ /* Switch off O_PATH again */
+ fd2 = fd_reopen_condition(fd1, O_DIRECTORY, O_DIRECTORY|O_PATH, &fd3);
+ assert_se(fd2 != fd1);
+ assert_se(fd3 == fd2);
+
+ fl = fcntl(fd2, F_GETFL);
+ assert_se(FLAGS_SET(fl, O_DIRECTORY));
+ assert_se(!FLAGS_SET(fl, O_PATH));
+
+ close_and_replace(fd1, fd3);
+
+ fd2 = fd_reopen_condition(fd1, O_DIRECTORY, O_DIRECTORY|O_PATH, &fd3);
+ assert_se(fd2 == fd1);
+ assert_se(fd3 < 0);
+}
+
+TEST(take_fd) {
+ _cleanup_close_ int fd1 = -EBADF, fd2 = -EBADF;
+ int array[2] = PIPE_EBADF, i = 0;
+
+ assert_se(fd1 == -EBADF);
+ assert_se(fd2 == -EBADF);
+
+ fd1 = eventfd(0, EFD_CLOEXEC);
+ assert_se(fd1 >= 0);
+
+ fd2 = TAKE_FD(fd1);
+ assert_se(fd1 == -EBADF);
+ assert_se(fd2 >= 0);
+
+ assert_se(array[0] == -EBADF);
+ assert_se(array[1] == -EBADF);
+
+ array[0] = TAKE_FD(fd2);
+ assert_se(fd1 == -EBADF);
+ assert_se(fd2 == -EBADF);
+ assert_se(array[0] >= 0);
+ assert_se(array[1] == -EBADF);
+
+ array[1] = TAKE_FD(array[i]);
+ assert_se(array[0] == -EBADF);
+ assert_se(array[1] >= 0);
+
+ i = 1 - i;
+ array[0] = TAKE_FD(*(array + i));
+ assert_se(array[0] >= 0);
+ assert_se(array[1] == -EBADF);
+
+ i = 1 - i;
+ fd1 = TAKE_FD(array[i]);
+ assert_se(fd1 >= 0);
+ assert_se(array[0] == -EBADF);
+ assert_se(array[1] == -EBADF);
+}
+
+DEFINE_TEST_MAIN(LOG_DEBUG);
projects / thirdparty / systemd.git / blobdiff