• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (c) 2017 SUSE.  All Rights Reserved.
4  *
5  * Started by Jan Kara <jack@suse.cz>
6  */
7 
8 /*\
9  * [Description]
10  * Check that fanotify permission events are handled properly on instance destruction.
11  */
12 
13 /*
14  * Kernel crashes should be fixed by:
15  *  96d41019e3ac "fanotify: fix list corruption in fanotify_get_response()"
16  *
17  * Kernel hangs should be fixed by:
18  *  05f0e38724e8 "fanotify: Release SRCU lock when waiting for userspace response"
19  */
20 
21 #define _GNU_SOURCE
22 #include "config.h"
23 
24 #include <stdio.h>
25 #include <unistd.h>
26 #include <stdlib.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <sys/wait.h>
30 #include <errno.h>
31 #include <string.h>
32 #include <signal.h>
33 #include <sys/syscall.h>
34 #include "tst_test.h"
35 #include "lapi/syscalls.h"
36 
37 #ifdef HAVE_SYS_FANOTIFY_H
38 #include "fanotify.h"
39 
40 #define BUF_SIZE 256
41 static char fname[BUF_SIZE];
42 static char buf[BUF_SIZE];
43 static volatile int fd_notify;
44 
45 /* Number of children we start */
46 #define MAX_CHILDREN 16
47 static pid_t child_pid[MAX_CHILDREN];
48 
49 /* Number of children we don't respond to before stopping */
50 #define MAX_NOT_RESPONDED 4
51 
generate_events(void)52 static void generate_events(void)
53 {
54 	int fd;
55 
56 	/*
57 	 * generate sequence of events
58 	 */
59 	fd = SAFE_OPEN(fname, O_RDWR | O_CREAT, 0700);
60 
61 	/* Run until killed... */
62 	while (1) {
63 		SAFE_LSEEK(fd, 0, SEEK_SET);
64 		SAFE_READ(0, fd, buf, BUF_SIZE);
65 	}
66 }
67 
run_children(void)68 static void run_children(void)
69 {
70 	int i;
71 
72 	for (i = 0; i < MAX_CHILDREN; i++) {
73 		child_pid[i] = SAFE_FORK();
74 		if (!child_pid[i]) {
75 			/* Child will generate events now */
76 			SAFE_CLOSE(fd_notify);
77 			generate_events();
78 			exit(0);
79 		}
80 	}
81 }
82 
stop_children(void)83 static int stop_children(void)
84 {
85 	int child_ret;
86 	int i, ret = 0;
87 
88 	for (i = 0; i < MAX_CHILDREN; i++) {
89 		if (!child_pid[i])
90 			continue;
91 
92 		SAFE_KILL(child_pid[i], SIGKILL);
93 	}
94 
95 	for (i = 0; i < MAX_CHILDREN; i++) {
96 		if (!child_pid[i])
97 			continue;
98 
99 		SAFE_WAITPID(child_pid[i], &child_ret, 0);
100 
101 		if (!WIFSIGNALED(child_ret))
102 			ret = 1;
103 
104 		child_pid[i] = 0;
105 	}
106 
107 	return ret;
108 }
109 
setup_instance(void)110 static int setup_instance(void)
111 {
112 	int fd;
113 
114 	fd = SAFE_FANOTIFY_INIT(FAN_CLASS_CONTENT, O_RDONLY);
115 	SAFE_FANOTIFY_MARK(fd, FAN_MARK_ADD, FAN_ACCESS_PERM, AT_FDCWD, fname);
116 
117 	return fd;
118 }
119 
loose_fanotify_events(void)120 static void loose_fanotify_events(void)
121 {
122 	int not_responded = 0;
123 
124 	/*
125 	 * check events
126 	 */
127 	while (not_responded < MAX_NOT_RESPONDED) {
128 		struct fanotify_event_metadata event;
129 		struct fanotify_response resp;
130 
131 		/* Get more events */
132 		SAFE_READ(1, fd_notify, &event, sizeof(event));
133 
134 		if (event.mask != FAN_ACCESS_PERM) {
135 			tst_res(TFAIL,
136 				"got event: mask=%llx (expected %llx) "
137 				"pid=%u fd=%d",
138 				(unsigned long long)event.mask,
139 				(unsigned long long)FAN_ACCESS_PERM,
140 				(unsigned)event.pid, event.fd);
141 			break;
142 		}
143 
144 		/*
145 		 * We respond to permission event with 95% percent
146 		 * probability. */
147 		if (random() % 100 > 5) {
148 			/* Write response to permission event */
149 			resp.fd = event.fd;
150 			resp.response = FAN_ALLOW;
151 			SAFE_WRITE(1, fd_notify, &resp, sizeof(resp));
152 		} else {
153 			not_responded++;
154 		}
155 		SAFE_CLOSE(event.fd);
156 	}
157 }
158 
test_fanotify(void)159 static void test_fanotify(void)
160 {
161 	int newfd;
162 	int ret;
163 
164 	fd_notify = setup_instance();
165 	run_children();
166 	loose_fanotify_events();
167 
168 	/*
169 	 * Create and destroy another instance. This may hang if
170 	 * unanswered fanotify events block notification subsystem.
171 	 */
172 	newfd = setup_instance();
173 
174 	SAFE_CLOSE(newfd);
175 
176 	tst_res(TPASS, "second instance destroyed successfully");
177 
178 	/*
179 	 * Now destroy the fanotify instance while there are permission
180 	 * events at various stages of processing. This may provoke
181 	 * kernel hangs or crashes.
182 	 */
183 	SAFE_CLOSE(fd_notify);
184 
185 	ret = stop_children();
186 	if (ret)
187 		tst_res(TFAIL, "child exited for unexpected reason");
188 	else
189 		tst_res(TPASS, "all children exited successfully");
190 }
191 
setup(void)192 static void setup(void)
193 {
194 	require_fanotify_access_permissions_supported_by_kernel();
195 
196 	sprintf(fname, "fname_%d", getpid());
197 	SAFE_FILE_PRINTF(fname, "%s", fname);
198 }
199 
cleanup(void)200 static void cleanup(void)
201 {
202 	stop_children();
203 
204 	if (fd_notify > 0)
205 		SAFE_CLOSE(fd_notify);
206 }
207 
208 static struct tst_test test = {
209 	.test_all = test_fanotify,
210 	.setup = setup,
211 	.cleanup = cleanup,
212 	.needs_tmpdir = 1,
213 	.forks_child = 1,
214 	.needs_root = 1,
215 };
216 
217 #else
218 	TST_TEST_TCONF("system doesn't have required fanotify support");
219 #endif
220