github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/test/syscalls/linux/prctl.cc (about) 1 // Copyright 2018 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #include <sys/prctl.h> 16 #include <sys/ptrace.h> 17 #include <sys/types.h> 18 #include <sys/wait.h> 19 #include <unistd.h> 20 21 #include <string> 22 23 #include "gtest/gtest.h" 24 #include "absl/flags/flag.h" 25 #include "test/util/capability_util.h" 26 #include "test/util/cleanup.h" 27 #include "test/util/multiprocess_util.h" 28 #include "test/util/posix_error.h" 29 #include "test/util/test_util.h" 30 #include "test/util/thread_util.h" 31 32 ABSL_FLAG(bool, prctl_no_new_privs_test_child, false, 33 "If true, exit with the return value of prctl(PR_GET_NO_NEW_PRIVS) " 34 "plus an offset (see test source)."); 35 36 namespace gvisor { 37 namespace testing { 38 39 namespace { 40 41 #ifndef SUID_DUMP_DISABLE 42 #define SUID_DUMP_DISABLE 0 43 #endif /* SUID_DUMP_DISABLE */ 44 #ifndef SUID_DUMP_USER 45 #define SUID_DUMP_USER 1 46 #endif /* SUID_DUMP_USER */ 47 #ifndef SUID_DUMP_ROOT 48 #define SUID_DUMP_ROOT 2 49 #endif /* SUID_DUMP_ROOT */ 50 51 TEST(PrctlTest, NameInitialized) { 52 const size_t name_length = 20; 53 char name[name_length] = {}; 54 ASSERT_THAT(prctl(PR_GET_NAME, name), SyscallSucceeds()); 55 ASSERT_NE(std::string(name), ""); 56 } 57 58 TEST(PrctlTest, SetNameLongName) { 59 const size_t name_length = 20; 60 const std::string long_name(name_length, 'A'); 61 ASSERT_THAT(prctl(PR_SET_NAME, long_name.c_str()), SyscallSucceeds()); 62 char truncated_name[name_length] = {}; 63 ASSERT_THAT(prctl(PR_GET_NAME, truncated_name), SyscallSucceeds()); 64 const size_t truncated_length = 15; 65 ASSERT_EQ(long_name.substr(0, truncated_length), std::string(truncated_name)); 66 } 67 68 TEST(PrctlTest, ChildProcessName) { 69 constexpr size_t kMaxNameLength = 15; 70 71 char parent_name[kMaxNameLength + 1] = {}; 72 memset(parent_name, 'a', kMaxNameLength); 73 74 ASSERT_THAT(prctl(PR_SET_NAME, parent_name), SyscallSucceeds()); 75 76 pid_t child_pid = fork(); 77 TEST_PCHECK(child_pid >= 0); 78 if (child_pid == 0) { 79 char child_name[kMaxNameLength + 1] = {}; 80 TEST_PCHECK(prctl(PR_GET_NAME, child_name) >= 0); 81 TEST_CHECK(memcmp(parent_name, child_name, sizeof(parent_name)) == 0); 82 _exit(0); 83 } 84 85 int status; 86 ASSERT_THAT(waitpid(child_pid, &status, 0), 87 SyscallSucceedsWithValue(child_pid)); 88 EXPECT_TRUE(WIFEXITED(status) && WEXITSTATUS(status) == 0) 89 << "status =" << status; 90 } 91 92 // Offset added to exit code from test child to distinguish from other abnormal 93 // exits. 94 constexpr int kPrctlNoNewPrivsTestChildExitBase = 100; 95 96 TEST(PrctlTest, NoNewPrivsPreservedAcrossCloneForkAndExecve) { 97 // Check if no_new_privs is already set. If it is, we can still test that it's 98 // preserved across clone/fork/execve, but we also expect it to still be set 99 // at the end of the test. Otherwise, call prctl(PR_SET_NO_NEW_PRIVS) so as 100 // not to contaminate the original thread. 101 int no_new_privs; 102 ASSERT_THAT(no_new_privs = prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0), 103 SyscallSucceeds()); 104 ScopedThread thread = ScopedThread([] { 105 ASSERT_THAT(prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), SyscallSucceeds()); 106 EXPECT_THAT(prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0), 107 SyscallSucceedsWithValue(1)); 108 ScopedThread threadInner = ScopedThread([] { 109 EXPECT_THAT(prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0), 110 SyscallSucceedsWithValue(1)); 111 // Note that these ASSERT_*s failing will only return from this thread, 112 // but this is the intended behavior. 113 pid_t child_pid = -1; 114 int execve_errno = 0; 115 auto cleanup = ASSERT_NO_ERRNO_AND_VALUE( 116 ForkAndExec("/proc/self/exe", 117 {"/proc/self/exe", "--prctl_no_new_privs_test_child"}, {}, 118 nullptr, &child_pid, &execve_errno)); 119 120 ASSERT_GT(child_pid, 0); 121 ASSERT_EQ(execve_errno, 0); 122 123 int status = 0; 124 ASSERT_THAT(RetryEINTR(waitpid)(child_pid, &status, 0), 125 SyscallSucceeds()); 126 ASSERT_TRUE(WIFEXITED(status)); 127 ASSERT_EQ(WEXITSTATUS(status), kPrctlNoNewPrivsTestChildExitBase + 1); 128 129 EXPECT_THAT(prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0), 130 SyscallSucceedsWithValue(1)); 131 }); 132 threadInner.Join(); 133 EXPECT_THAT(prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0), 134 SyscallSucceedsWithValue(1)); 135 }); 136 thread.Join(); 137 EXPECT_THAT(prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0), 138 SyscallSucceedsWithValue(no_new_privs)); 139 } 140 141 TEST(PrctlTest, PDeathSig) { 142 pid_t child_pid; 143 144 // Make the new process' parent a separate thread since the parent death 145 // signal fires when the parent *thread* exits. 146 ScopedThread thread = ScopedThread([&] { 147 child_pid = fork(); 148 TEST_CHECK(child_pid >= 0); 149 if (child_pid == 0) { 150 // In child process. 151 TEST_CHECK(prctl(PR_SET_PDEATHSIG, SIGKILL) >= 0); 152 int signo; 153 TEST_CHECK(prctl(PR_GET_PDEATHSIG, &signo) >= 0); 154 TEST_CHECK(signo == SIGKILL); 155 // Enable tracing, then raise SIGSTOP and expect our parent to suppress 156 // it. 157 TEST_CHECK(ptrace(PTRACE_TRACEME, 0, 0, 0) >= 0); 158 TEST_CHECK(raise(SIGSTOP) == 0); 159 // Sleep until killed by our parent death signal. sleep(3) is 160 // async-signal-safe, absl::SleepFor isn't. 161 while (true) { 162 sleep(10); 163 } 164 } 165 // In parent process. 166 167 // Wait for the child to send itself SIGSTOP and enter signal-delivery-stop. 168 int status; 169 ASSERT_THAT(waitpid(child_pid, &status, 0), 170 SyscallSucceedsWithValue(child_pid)); 171 EXPECT_TRUE(WIFSTOPPED(status) && WSTOPSIG(status) == SIGSTOP) 172 << "status = " << status; 173 174 // Suppress the SIGSTOP and detach from the child. 175 ASSERT_THAT(ptrace(PTRACE_DETACH, child_pid, 0, 0), SyscallSucceeds()); 176 }); 177 thread.Join(); 178 179 // The child should have been killed by its parent death SIGKILL. 180 int status; 181 ASSERT_THAT(waitpid(child_pid, &status, 0), 182 SyscallSucceedsWithValue(child_pid)); 183 EXPECT_TRUE(WIFSIGNALED(status) && WTERMSIG(status) == SIGKILL) 184 << "status = " << status; 185 } 186 187 // This test is to validate that calling prctl with PR_SET_MM without the 188 // CAP_SYS_RESOURCE returns EPERM. 189 TEST(PrctlTest, InvalidPrSetMM) { 190 // Drop capability to test below. 191 AutoCapability cap(CAP_SYS_RESOURCE, false); 192 ASSERT_THAT(prctl(PR_SET_MM, 0, 0, 0, 0), SyscallFailsWithErrno(EPERM)); 193 } 194 195 // Sanity check that dumpability is remembered. 196 TEST(PrctlTest, SetGetDumpability) { 197 int before; 198 ASSERT_THAT(before = prctl(PR_GET_DUMPABLE), SyscallSucceeds()); 199 auto cleanup = Cleanup([before] { 200 ASSERT_THAT(prctl(PR_SET_DUMPABLE, before), SyscallSucceeds()); 201 }); 202 203 EXPECT_THAT(prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE), SyscallSucceeds()); 204 EXPECT_THAT(prctl(PR_GET_DUMPABLE), 205 SyscallSucceedsWithValue(SUID_DUMP_DISABLE)); 206 207 EXPECT_THAT(prctl(PR_SET_DUMPABLE, SUID_DUMP_USER), SyscallSucceeds()); 208 EXPECT_THAT(prctl(PR_GET_DUMPABLE), SyscallSucceedsWithValue(SUID_DUMP_USER)); 209 } 210 211 // SUID_DUMP_ROOT cannot be set via PR_SET_DUMPABLE. 212 TEST(PrctlTest, RootDumpability) { 213 EXPECT_THAT(prctl(PR_SET_DUMPABLE, SUID_DUMP_ROOT), 214 SyscallFailsWithErrno(EINVAL)); 215 } 216 217 } // namespace 218 219 } // namespace testing 220 } // namespace gvisor 221 222 int main(int argc, char** argv) { 223 gvisor::testing::TestInit(&argc, &argv); 224 225 if (absl::GetFlag(FLAGS_prctl_no_new_privs_test_child)) { 226 exit(gvisor::testing::kPrctlNoNewPrivsTestChildExitBase + 227 prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0)); 228 } 229 230 return gvisor::testing::RunAllTests(); 231 }