From patchwork Fri Jan 24 09:17:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sargun Dhillon X-Patchwork-Id: 11349973 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 20E77924 for ; Fri, 24 Jan 2020 09:18:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F30C020838 for ; Fri, 24 Jan 2020 09:18:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=sargun.me header.i=@sargun.me header.b="kANUyGec" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729880AbgAXJSA (ORCPT ); Fri, 24 Jan 2020 04:18:00 -0500 Received: from mail-pl1-f193.google.com ([209.85.214.193]:45883 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730407AbgAXJSA (ORCPT ); Fri, 24 Jan 2020 04:18:00 -0500 Received: by mail-pl1-f193.google.com with SMTP id b22so509883pls.12 for ; Fri, 24 Jan 2020 01:17:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4RcxGgdRV5d1ycPgKGQshU3Dx8E58q2RM4BSH6L50H0=; b=kANUyGecpiYvb2WO2ikFMEFOaN9u2zq3XlV+Z5Nw/EA8/DlRMoPGwX73EyF2cCBkZt pcSrQchshZZ/6y7WX2YPWRhg9sC6oKm+hohz1m9VbDg9ARdka/rVoRBDAPEiMwrgT4x7 0hvAnZKvMXI0h46+4EY5QHhcIhncztG0rzfcY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4RcxGgdRV5d1ycPgKGQshU3Dx8E58q2RM4BSH6L50H0=; b=SDwyWDulQSrm+2dlqKQtqrILQsNlRtkktQpIRqeLVW7Ixne7lrbZ1Wqhl/TgCXL7Aj p9cJ1TTLbXSnM9h2uejmWw+aUgjKt5gxgcARJ8MALpgbwSn9yGR4jp+NKpC+NBzTqNhX +KnTZ8ff75fyPPYdvHPJ1FWOtCuv4SzReCMfFSNuC5QAJPXMoVAVqCp+Ww0oElQfBXcY pSSRO+66vYZui0GfxwVvvpSZmTOFY0VVLI8F01vwjOHcFP8oCtQMV2eWVv5FsRWGeZ2p 27Np8BsI1F+6vBy4CFZZ5FRZNuvSAMM+Y9maSX64sZRSTiYEmPNcdTk+l1JbIQpVFprJ Pzdg== X-Gm-Message-State: APjAAAVOBp2CePAi7mwDX/J76Pj4DMJvzTJV9UWgpfcgn4ufePAf/VyF 49tka/QvOQERfzVsRkBrF44aXw== X-Google-Smtp-Source: APXvYqx1b2xzIF8PeZ6R4Bhfq1a/HDT+lOtsd1FQcTEZpaUwRHyP1m1M56OAz1kKECc2oz1uyuHobQ== X-Received: by 2002:a17:902:8207:: with SMTP id x7mr2533438pln.185.1579857479183; Fri, 24 Jan 2020 01:17:59 -0800 (PST) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id y14sm5459507pfe.147.2020.01.24.01.17.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jan 2020 01:17:58 -0800 (PST) From: Sargun Dhillon To: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Sargun Dhillon , tycho@tycho.ws, christian.brauner@ubuntu.com Subject: [PATCH 1/4] pid: Add pidfd_create_file helper Date: Fri, 24 Jan 2020 01:17:40 -0800 Message-Id: <20200124091743.3357-2-sargun@sargun.me> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200124091743.3357-1-sargun@sargun.me> References: <20200124091743.3357-1-sargun@sargun.me> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org This helper allow for creation of pidfd files. The existing helper (pidfd_create) creates file descriptors directly, which cannot be used without race conditions when there is an intermediate step between creation, and informing userspace the fd has been created. Signed-off-by: Sargun Dhillon --- include/linux/pid.h | 1 + kernel/pid.c | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/include/linux/pid.h b/include/linux/pid.h index 998ae7d24450..70d4725cf8da 100644 --- a/include/linux/pid.h +++ b/include/linux/pid.h @@ -75,6 +75,7 @@ extern const struct file_operations pidfd_fops; struct file; extern struct pid *pidfd_pid(const struct file *file); +extern struct file *pidfd_create_file(struct pid *pid); static inline struct pid *get_pid(struct pid *pid) { diff --git a/kernel/pid.c b/kernel/pid.c index 2278e249141d..2a34db290128 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -521,6 +521,28 @@ static int pidfd_create(struct pid *pid) return fd; } +/** + * pidfd_create_file() - Create a new pidfd file. + * + * @pid: struct pid that the pidfd will reference + * + * This creates a new pidfd file. + * + * Return: On success, a cloexec pidfd file is returned + * On error, an err ptr will be returned. + */ +struct file *pidfd_create_file(struct pid *pid) +{ + struct file *f; + + f = anon_inode_getfile("[pidfd]", &pidfd_fops, get_pid(pid), + O_RDWR | O_CLOEXEC); + if (IS_ERR(f)) + put_pid(pid); + + return f; +} + /** * pidfd_open() - Open new pid file descriptor. * From patchwork Fri Jan 24 09:17:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sargun Dhillon X-Patchwork-Id: 11349977 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F303924 for ; Fri, 24 Jan 2020 09:18:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3D63B2087E for ; Fri, 24 Jan 2020 09:18:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=sargun.me header.i=@sargun.me header.b="VobvKElH" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730424AbgAXJSC (ORCPT ); Fri, 24 Jan 2020 04:18:02 -0500 Received: from mail-pg1-f193.google.com ([209.85.215.193]:37702 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730191AbgAXJSB (ORCPT ); Fri, 24 Jan 2020 04:18:01 -0500 Received: by mail-pg1-f193.google.com with SMTP id q127so714661pga.4 for ; Fri, 24 Jan 2020 01:18:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Uoir3FU1IATnUXQrOYdmalxomb8X20fURMYPZxBipaY=; b=VobvKElHW8c+ugq9B4n68RMGbkRbcC2SFUIltlHzEGYSmtLvBQZgPl2fpMg56byHPW N9xK2GXsqQqaRxpqwZmmQwVYBEofacH9Tc/tt0wzwaFaxHJzauZhEmtHJS8M78rBOWNf lNfgCbTXGrW5xE/pjDZ8PilqiD5xawxRBNVVc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Uoir3FU1IATnUXQrOYdmalxomb8X20fURMYPZxBipaY=; b=CAd9y/x+QfSLXBf8EjFGbC5sfrRdPW6oYHzHHOM+BmG9Sg34mLmxIWq71cbzejzVkf 4stvHGRQ5SW/W/onvu7T/9xWbe/Hwjcw6iTO1humkAThS6vsguNRfZ6LQqxFV//vIXcw R4MOhRR/PYNhavZ4YJcA6gc+crotcUxt1mUXfjYZcMTbChHklbJhM/gTK8o7b+U9gg0k 4LsgxQ7+EqBYgKd8nmOQACTC3CdrWr3+f8WnrWcDPg/SioEW+qJVgE6AP8PW2wQlG1W0 jprLpgMSLPPCfivQAMPyJEgBhGu0lYLMW8+LA38Qk3CZ77avru4r/qA1UsVhm8JmtKEV 7lrA== X-Gm-Message-State: APjAAAWs/YdxzCaefAYVQLfHDci5z2n5nkT7BcK9FzBphENjvM/uBdrx MiQ0teunuLoVnCY4CeLX5s6NhQ== X-Google-Smtp-Source: APXvYqydz/Qdpb5HbTAO2x2OE/gDtHDX0c3YRX9HY+7ZkT0Y8bfZkdkkGtEh723330PPVQixxzaq3Q== X-Received: by 2002:a63:215f:: with SMTP id s31mr2880124pgm.27.1579857480743; Fri, 24 Jan 2020 01:18:00 -0800 (PST) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id y14sm5459507pfe.147.2020.01.24.01.17.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jan 2020 01:18:00 -0800 (PST) From: Sargun Dhillon To: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Sargun Dhillon , tycho@tycho.ws, christian.brauner@ubuntu.com Subject: [PATCH 2/4] fork: Use newly created pidfd_create_file helper Date: Fri, 24 Jan 2020 01:17:41 -0800 Message-Id: <20200124091743.3357-3-sargun@sargun.me> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200124091743.3357-1-sargun@sargun.me> References: <20200124091743.3357-1-sargun@sargun.me> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Rather than duplicating the code to create a pidfd_file in kernel/fork.c, use the helper in kernel/pid.c. Signed-off-by: Sargun Dhillon --- kernel/fork.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 080809560072..181ab2958cad 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2106,14 +2106,12 @@ static __latent_entropy struct task_struct *copy_process( pidfd = retval; - pidfile = anon_inode_getfile("[pidfd]", &pidfd_fops, pid, - O_RDWR | O_CLOEXEC); + pidfile = pidfd_create_file(pid); if (IS_ERR(pidfile)) { put_unused_fd(pidfd); retval = PTR_ERR(pidfile); goto bad_fork_free_pid; } - get_pid(pid); /* held by pidfile now */ retval = put_user(pidfd, args->pidfd); if (retval) From patchwork Fri Jan 24 09:17:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sargun Dhillon X-Patchwork-Id: 11349979 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 92FAE924 for ; Fri, 24 Jan 2020 09:18:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 66D0B2075D for ; Fri, 24 Jan 2020 09:18:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=sargun.me header.i=@sargun.me header.b="oZTfK+0R" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730443AbgAXJSR (ORCPT ); Fri, 24 Jan 2020 04:18:17 -0500 Received: from mail-pj1-f68.google.com ([209.85.216.68]:56167 "EHLO mail-pj1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730461AbgAXJSD (ORCPT ); Fri, 24 Jan 2020 04:18:03 -0500 Received: by mail-pj1-f68.google.com with SMTP id d5so745506pjz.5 for ; Fri, 24 Jan 2020 01:18:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TDhZOynphy0Xvg7HBFwMit+7T95Klu1aHNq+emyqScw=; b=oZTfK+0R9osykxEjXoqEbNQUJ5lcI2m5Dxd353uZ6PMoi0srFVVHS4xlpewzOZBlCd h2OeSekdmtI79yAesYPvDV1obfIocx6fvTkDvTxADV0Kx8CmqZOREgDK9wCWMWRQbpfV p3BD0HIdAxfbmwdD+t59IlHxBxxwPFJ/bou/s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TDhZOynphy0Xvg7HBFwMit+7T95Klu1aHNq+emyqScw=; b=i2kneNjfcfO3YPS+SbFnbVfWyRq74OsUGObQnW8rLcmHWqwEqrqYLeD7MqQO6LWJCy PeFq5UPO/NZTcxjImg2JzW9S1sXwfMVbyuxfFegxrM2PSrJvIYupAFDjsuutDqhFF0DA 7PyIlQFXkIq0PfClQ9jW2SuxKdvnVviAY4DFFAmY2W1bnhs08oLo1XdH9fSNiKsJdDTa w3Fy9fdwxQ24bcv8OqKm/DGQDmRvXrQO9vz9Xky3qE56kpM6Uv7a427hAMCspLoyDfo4 ukldfPEcIrI4U9uaszOtR2+x73k2nh0WSN1UJVKe2kaDbpe9Ujf6SJkqFb4BCc7IpoLu L4lA== X-Gm-Message-State: APjAAAXPaSR0Kjmy7sMVolWxerY30zsW/vAlTpBnDqiyBPsRcWdFMmWt lCrU0tiSSIl64SVyaJSpU2p1ow== X-Google-Smtp-Source: APXvYqwmQP77Au3LiyBaC3XXFTOjaXFNgQqwJ1tgJrZlb420ZkuKKggGBamaR8yBl67yfH6RdBOOZg== X-Received: by 2002:a17:90a:7f86:: with SMTP id m6mr2180124pjl.143.1579857482208; Fri, 24 Jan 2020 01:18:02 -0800 (PST) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id y14sm5459507pfe.147.2020.01.24.01.18.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jan 2020 01:18:01 -0800 (PST) From: Sargun Dhillon To: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Sargun Dhillon , tycho@tycho.ws, christian.brauner@ubuntu.com Subject: [PATCH 3/4] seccomp: Add SECCOMP_USER_NOTIF_FLAG_PIDFD to get pidfd on listener trap Date: Fri, 24 Jan 2020 01:17:42 -0800 Message-Id: <20200124091743.3357-4-sargun@sargun.me> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200124091743.3357-1-sargun@sargun.me> References: <20200124091743.3357-1-sargun@sargun.me> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org This introduces the capability for users of seccomp's listener behaviour to be able to receive the pidfd of the process that triggered the event. Currently, this just opens the group leader of the thread that triggere the event, as pidfds (currently) are limited to group leaders. For actions which do not act on the process outside of the pidfd, there is then no need to check the cookie to ensure validity of the request throughout the listener's handling of it. This can be extended later on as well when pidfd capabilities are added to be able to have the listener imbue the pidfd with certain capabilities when it is delivered to userspace. It is the responsibility of the user to close the pidfd. Signed-off-by: Sargun Dhillon --- include/uapi/linux/seccomp.h | 4 +++ kernel/seccomp.c | 68 ++++++++++++++++++++++++++++++++---- 2 files changed, 66 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index be84d87f1f46..64f6fc5c95f1 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -69,11 +69,15 @@ struct seccomp_notif_sizes { __u16 seccomp_data; }; +/* Valid flags for struct seccomp_notif */ +#define SECCOMP_USER_NOTIF_FLAG_PIDFD (1UL << 0) /* populate pidfd */ + struct seccomp_notif { __u64 id; __u32 pid; __u32 flags; struct seccomp_data data; + __u32 pidfd; }; /* diff --git a/kernel/seccomp.c b/kernel/seccomp.c index b6ea3dcb57bf..93f9cf45ce07 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1019,21 +1019,61 @@ static int seccomp_notify_release(struct inode *inode, struct file *file) return 0; } + +static long __seccomp_notify_recv_pidfd(void __user *buf, + struct seccomp_notif *unotif, + struct task_struct *group_leader) +{ + struct file *pidfd_file; + struct pid *pid; + int fd; + + pid = get_task_pid(group_leader, PIDTYPE_PID); + pidfd_file = pidfd_create_file(pid); + put_pid(pid); + if (IS_ERR(pidfd_file)) + return PTR_ERR(pidfd_file); + + fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC); + if (fd < 0) { + fput(pidfd_file); + return fd; + } + + unotif->pidfd = fd; + + if (copy_to_user(buf, unotif, sizeof(*unotif))) { + put_unused_fd(fd); + fput(pidfd_file); + return -EFAULT; + } + + fd_install(fd, pidfd_file); + + return 0; +} + static long seccomp_notify_recv(struct seccomp_filter *filter, void __user *buf) { struct seccomp_knotif *knotif = NULL, *cur; struct seccomp_notif unotif; + struct task_struct *group_leader; + bool send_pidfd; ssize_t ret; + if (copy_from_user(&unotif, buf, sizeof(unotif))) + return -EFAULT; /* Verify that we're not given garbage to keep struct extensible. */ - ret = check_zeroed_user(buf, sizeof(unotif)); - if (ret < 0) - return ret; - if (!ret) + if (unotif.id || + unotif.pid || + memchr_inv(&unotif.data, 0, sizeof(unotif.data)) || + unotif.pidfd) + return -EINVAL; + if (unotif.flags & ~(SECCOMP_USER_NOTIF_FLAG_PIDFD)) return -EINVAL; - memset(&unotif, 0, sizeof(unotif)); + send_pidfd = unotif.flags & SECCOMP_USER_NOTIF_FLAG_PIDFD; ret = down_interruptible(&filter->notif->request); if (ret < 0) @@ -1057,9 +1097,13 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, goto out; } + memset(&unotif, 0, sizeof(unotif)); + unotif.id = knotif->id; unotif.pid = task_pid_vnr(knotif->task); unotif.data = *(knotif->data); + if (send_pidfd) + group_leader = get_task_struct(knotif->task->group_leader); knotif->state = SECCOMP_NOTIFY_SENT; wake_up_poll(&filter->notif->wqh, EPOLLOUT | EPOLLWRNORM); @@ -1067,9 +1111,21 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, out: mutex_unlock(&filter->notify_lock); - if (ret == 0 && copy_to_user(buf, &unotif, sizeof(unotif))) { + if (ret) + return ret; + + /* + * We've successfully received a notification, let's try to copy it to + * userspace. + */ + if (send_pidfd) { + ret = __seccomp_notify_recv_pidfd(buf, &unotif, group_leader); + put_task_struct(group_leader); + } else if (copy_to_user(buf, &unotif, sizeof(unotif))) { ret = -EFAULT; + } + if (ret) { /* * Userspace screwed up. To make sure that we keep this * notification alive, let's reset it back to INIT. It From patchwork Fri Jan 24 09:17:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sargun Dhillon X-Patchwork-Id: 11349975 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 60B04924 for ; Fri, 24 Jan 2020 09:18:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3EC8A2075D for ; Fri, 24 Jan 2020 09:18:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=sargun.me header.i=@sargun.me header.b="H7euZ/gk" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730540AbgAXJSG (ORCPT ); Fri, 24 Jan 2020 04:18:06 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:35725 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730520AbgAXJSE (ORCPT ); Fri, 24 Jan 2020 04:18:04 -0500 Received: by mail-pl1-f195.google.com with SMTP id g6so529899plt.2 for ; Fri, 24 Jan 2020 01:18:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dKte8R+6jYPAjIkNMBgQp/CzSAjiscHSDATdNHovQ48=; b=H7euZ/gkkuwVuKg+dsorX0bYNsUNRmvEwZuR1NNQiDWUonfevEsNxyljAkXAMxtlmh WNu8qGidyXQcH50xbcLnSq531fTg1rPkaWv5+A4EK8vAZqj4U80TLCk6H/u9bxJTmNRg le8dBF7mBI7l7ceI3fVTDWBqu0aBjHU0ekzCY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dKte8R+6jYPAjIkNMBgQp/CzSAjiscHSDATdNHovQ48=; b=mhbcrIQb4Pr9B2GLuyG4YGfoG5P1DKB+X6ECZY4/tAN2lZ6L3FXPaXgqCGb0IdQj7Q /GWtDRiDr2JgC3i5sZxux9Rhki4RIVogNgwIDXlEm4h3Wm0GYtC8DgTFeYH52zH3Kkb9 9FY8XNXUTETU1FDjYdMhLgi7gfxxGZwjxIV33mmfQ2e+4j96R7mM3OVk0r5Fdf9e9r58 jMxjzeBEkP4dNYu/06VgG2efNT7b4t2pw7N2PqvJX5FeVBWzef702+Wg72OoclHMOg4S gS1qTWYc9+YMT7rDsGJgL11mMD8/rpv/l2gYFowe3W4q/v6/tw0WhvL3wWi53Ut2lMAj YmqA== X-Gm-Message-State: APjAAAX4zVXnqclmB83ccVSAKWxZCf14WpgJHKilRDm9wTNaa2WuHVTG Arf9nU49q1FLSe7ub0swNaFPkjag2DkODg== X-Google-Smtp-Source: APXvYqy8gyWaSyFO2wjCRQtChZ9YJXitoMb5tGlCKikS+MHIFmJvyGJL5sq+Gmmvyt+qf5E/U5g5hg== X-Received: by 2002:a17:90a:2729:: with SMTP id o38mr2297536pje.45.1579857483704; Fri, 24 Jan 2020 01:18:03 -0800 (PST) Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id y14sm5459507pfe.147.2020.01.24.01.18.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jan 2020 01:18:03 -0800 (PST) From: Sargun Dhillon To: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Sargun Dhillon , tycho@tycho.ws, christian.brauner@ubuntu.com Subject: [PATCH 4/4] selftests/seccomp: test SECCOMP_USER_NOTIF_FLAG_PIDFD Date: Fri, 24 Jan 2020 01:17:43 -0800 Message-Id: <20200124091743.3357-5-sargun@sargun.me> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200124091743.3357-1-sargun@sargun.me> References: <20200124091743.3357-1-sargun@sargun.me> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org This adds a test which uses the SECCOMP_USER_NOTIF_FLAG_PIDFD flag. It does this by using sys_pidfd_send_signal to signal the process, and then relies on traditional waitpid to ensure that the specific signal was delivered. Additionally, it verifies the case where the copy of the notification to userspace fails, and the pidfd file is required to be freed. Signed-off-by: Sargun Dhillon --- tools/testing/selftests/seccomp/seccomp_bpf.c | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index ee1b727ede04..ae9167ffbda9 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -187,6 +187,7 @@ struct seccomp_notif { __u32 pid; __u32 flags; struct seccomp_data data; + __u32 pidfd; }; struct seccomp_notif_resp { @@ -212,6 +213,10 @@ struct seccomp_notif_sizes { #define SECCOMP_USER_NOTIF_FLAG_CONTINUE 0x00000001 #endif +#ifndef SECCOMP_USER_NOTIF_FLAG_PIDFD +#define SECCOMP_USER_NOTIF_FLAG_PIDFD (1UL << 0) +#endif + #ifndef seccomp int seccomp(unsigned int op, unsigned int flags, void *args) { @@ -1871,6 +1876,7 @@ FIXTURE_TEARDOWN(TRACE_syscall) free(self->prog.filter); } + TEST_F(TRACE_syscall, ptrace_syscall_redirected) { /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ @@ -3612,6 +3618,110 @@ TEST(user_notification_continue) } } +static int sys_pidfd_send_signal(int pidfd, int sig, siginfo_t *info, + unsigned int flags) +{ +#ifdef __NR_pidfd_send_signal + return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags); +#else + errno = ENOSYS; + return -1; +#endif +} + +TEST(user_notification_pidfd) +{ + struct seccomp_notif req = { + .flags = SECCOMP_USER_NOTIF_FLAG_PIDFD, + }; + struct seccomp_notif_resp resp = {}; + int ret, listener, status; + pid_t pid; + + + ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + ASSERT_EQ(0, ret) { + TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); + } + + listener = user_trap_syscall(__NR_getppid, + SECCOMP_FILTER_FLAG_NEW_LISTENER); + ASSERT_GE(listener, 0); + + pid = fork(); + ASSERT_GE(pid, 0); + + if (pid == 0) { + /* the process should be killed during this syscall */ + syscall(__NR_getppid); + exit(0); + } + + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); + ASSERT_GE(req.pidfd, 0); + + ASSERT_EQ(sys_pidfd_send_signal(req.pidfd, SIGKILL, NULL, 0), 0) { + XFAIL(goto out, + "Kernel does not support pidfd_send_signal() syscall"); + goto out; + } + EXPECT_EQ(req.pid, pid); + + EXPECT_EQ(waitpid(pid, &status, 0), pid); + EXPECT_EQ(true, WIFSIGNALED(status)); + EXPECT_EQ(SIGKILL, WTERMSIG(status)); + +out: + close(req.pidfd); + close(listener); +} + +TEST(user_notification_pidfd_fault) +{ + struct seccomp_notif req = { + .flags = SECCOMP_USER_NOTIF_FLAG_PIDFD, + }; + struct seccomp_notif_resp resp = {}; + int ret, listener, status; + pid_t pid; + + ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + ASSERT_EQ(0, ret) { + TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); + } + + listener = user_trap_syscall(__NR_getppid, + SECCOMP_FILTER_FLAG_NEW_LISTENER); + ASSERT_GE(listener, 0); + + pid = fork(); + ASSERT_GE(pid, 0); + + if (pid == 0) + exit(syscall(__NR_getppid) != USER_NOTIF_MAGIC); + + /* trigger an EFAULT */ + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, NULL), -1); + EXPECT_EQ(errno, EFAULT); + + /* Check that we can still fetch it. */ + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); + EXPECT_EQ(req.pid, pid); + + resp.id = req.id; + resp.error = 0; + resp.val = USER_NOTIF_MAGIC; + + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), 0); + + EXPECT_EQ(waitpid(pid, &status, 0), pid); + EXPECT_EQ(true, WIFEXITED(status)); + EXPECT_EQ(0, WEXITSTATUS(status)); + + close(req.pidfd); + close(listener); +} + /* * TODO: * - add microbenchmarks