From b2f5de0334f03e90ae7dee72a7fc597ef555a9a8 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Thu, 7 Jun 2018 17:10:20 -0700 Subject: tools/testing/selftests/proc: test /proc/*/fd a bit (+ PF_KTHREAD is ABI!) * Test lookup in /proc/self/fd. "map_files" lookup story showed that lookup is not that simple. * Test that all those symlinks open the same file. Check with (st_dev, st_info). * Test that kernel threads do not have anything in their /proc/*/fd/ directory. Now this is where things get interesting. First, kernel threads aren't pinned by /proc/self or equivalent, thus some "atomicity" is required. Second, ->comm can contain whitespace and ')'. No, they are not escaped. Third, the only reliable way to check if process is kernel thread appears to be field #9 in /proc/*/stat. This field is struct task_struct::flags in decimal! Check is done by testing PF_KTHREAD flags like we do in kernel. PF_KTREAD value is a part of userspace ABI !!! Other methods for determining kernel threadness are not reliable: * RSS can be 0 if everything is swapped, even while reading from /proc/self. * ->total_vm CAN BE ZERO if process is finishing munmap(NULL, whole address space); * /proc/*/maps and similar files can be empty because unmapping everything works. Read returning 0 can't distinguish between kernel thread and such suicide process. Link: http://lkml.kernel.org/r/20180505000414.GA15090@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- tools/testing/selftests/proc/fd-003-kthread.c | 178 ++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 tools/testing/selftests/proc/fd-003-kthread.c (limited to 'tools/testing/selftests/proc/fd-003-kthread.c') diff --git a/tools/testing/selftests/proc/fd-003-kthread.c b/tools/testing/selftests/proc/fd-003-kthread.c new file mode 100644 index 000000000000..1d659d55368c --- /dev/null +++ b/tools/testing/selftests/proc/fd-003-kthread.c @@ -0,0 +1,178 @@ +/* + * Copyright © 2018 Alexey Dobriyan + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +// Test that /proc/$KERNEL_THREAD/fd/ is empty. +#define _GNU_SOURCE +#undef NDEBUG +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "proc.h" + +#define PF_KHTREAD 0x00200000 + +/* + * Test for kernel threadness atomically with openat(). + * + * Return /proc/$PID/fd descriptor if process is kernel thread. + * Return -1 if a process is userspace process. + */ +static int kernel_thread_fd(unsigned int pid) +{ + unsigned int flags = 0; + char buf[4096]; + int dir_fd, fd; + ssize_t rv; + + snprintf(buf, sizeof(buf), "/proc/%u", pid); + dir_fd = open(buf, O_RDONLY|O_DIRECTORY); + if (dir_fd == -1) + return -1; + + /* + * Believe it or not, struct task_struct::flags is directly exposed + * to userspace! + */ + fd = openat(dir_fd, "stat", O_RDONLY); + if (fd == -1) { + close(dir_fd); + return -1; + } + rv = read(fd, buf, sizeof(buf)); + close(fd); + if (0 < rv && rv <= sizeof(buf)) { + unsigned long long flags_ull; + char *p, *end; + int i; + + assert(buf[rv - 1] == '\n'); + buf[rv - 1] = '\0'; + + /* Search backwards: ->comm can contain whitespace and ')'. */ + for (i = 0; i < 43; i++) { + p = strrchr(buf, ' '); + assert(p); + *p = '\0'; + } + + p = strrchr(buf, ' '); + assert(p); + + flags_ull = xstrtoull(p + 1, &end); + assert(*end == '\0'); + assert(flags_ull == (unsigned int)flags_ull); + + flags = flags_ull; + } + + fd = -1; + if (flags & PF_KHTREAD) { + fd = openat(dir_fd, "fd", O_RDONLY|O_DIRECTORY); + } + close(dir_fd); + return fd; +} + +static void test_readdir(int fd) +{ + DIR *d; + struct dirent *de; + + d = fdopendir(fd); + assert(d); + + de = xreaddir(d); + assert(streq(de->d_name, ".")); + assert(de->d_type == DT_DIR); + + de = xreaddir(d); + assert(streq(de->d_name, "..")); + assert(de->d_type == DT_DIR); + + de = xreaddir(d); + assert(!de); +} + +static inline int sys_statx(int dirfd, const char *pathname, int flags, + unsigned int mask, void *stx) +{ + return syscall(SYS_statx, dirfd, pathname, flags, mask, stx); +} + +static void test_lookup_fail(int fd, const char *pathname) +{ + char stx[256] __attribute__((aligned(8))); + int rv; + + rv = sys_statx(fd, pathname, AT_SYMLINK_NOFOLLOW, 0, (void *)stx); + assert(rv == -1 && errno == ENOENT); +} + +static void test_lookup(int fd) +{ + char buf[64]; + unsigned int u; + int i; + + for (i = INT_MIN; i < INT_MIN + 1024; i++) { + snprintf(buf, sizeof(buf), "%d", i); + test_lookup_fail(fd, buf); + } + for (i = -1024; i < 1024; i++) { + snprintf(buf, sizeof(buf), "%d", i); + test_lookup_fail(fd, buf); + } + for (u = INT_MAX - 1024; u < (unsigned int)INT_MAX + 1024; u++) { + snprintf(buf, sizeof(buf), "%u", u); + test_lookup_fail(fd, buf); + } + for (u = UINT_MAX - 1024; u != 0; u++) { + snprintf(buf, sizeof(buf), "%u", u); + test_lookup_fail(fd, buf); + } +} + +int main(void) +{ + unsigned int pid; + int fd; + + /* + * In theory this will loop indefinitely if kernel threads are exiled + * from /proc. + * + * Start with kthreadd. + */ + pid = 2; + while ((fd = kernel_thread_fd(pid)) == -1 && pid < 1024) { + pid++; + } + /* EACCES if run as non-root. */ + if (pid >= 1024) + return 1; + + test_readdir(fd); + test_lookup(fd); + + return 0; +} -- cgit v1.2.3-59-g8ed1b