1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved.
4 * Author: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
5 */
6
7 /*\
8 * [Description]
9 *
10 * When a task is writing to an fd opened by a different task, the perm check
11 * should use the credentials of the latter task.
12 *
13 * It is copy from kernel selftests cgroup test_core test_cgcore_lesser_euid_open
14 * subcase. The difference is that kernel selftest only supports cgroup v2 but
15 * here we also support cgroup v1 and v2.
16 *
17 * It is a regression test for
18 *
19 * commit 1756d7994ad85c2479af6ae5a9750b92324685af
20 * Author: Tejun Heo <tj@kernel.org>
21 * Date: Thu Jan 6 11:02:28 2022 -1000
22 *
23 * cgroup: Use open-time credentials for process migraton perm checks
24 */
25
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <sys/types.h>
29 #include <pwd.h>
30 #include "tst_test.h"
31 #include "tst_safe_file_at.h"
32
33 static struct tst_cg_group *cg_child_a, *cg_child_b;
34 static uid_t nobody_uid, save_uid;
35
test_lesser_euid_open(void)36 static void test_lesser_euid_open(void)
37 {
38 int fds[TST_CG_ROOTS_MAX] = {-1};
39 int i, loops;
40
41 cg_child_a = tst_cg_group_mk(tst_cg, "child_a");
42 cg_child_b = tst_cg_group_mk(tst_cg, "child_b");
43
44 if (!SAFE_FORK()) {
45 SAFE_CG_PRINT(cg_child_a, "cgroup.procs", "0");
46 SAFE_CG_FCHOWN(cg_child_a, "cgroup.procs", nobody_uid, -1);
47 SAFE_CG_FCHOWN(cg_child_b, "cgroup.procs", nobody_uid, -1);
48 SAFE_SETEUID(nobody_uid);
49
50 loops = SAFE_CG_OPEN(cg_child_b, "cgroup.procs", O_RDWR, fds);
51 SAFE_SETEUID(save_uid);
52
53 for (i = 0; i < loops; i++) {
54 if (fds[i] < 1) {
55 tst_res(TFAIL, "unexpected negative fd %d", fds[i]);
56 exit(1);
57 }
58
59 TEST(write(fds[i], "0", 1));
60 if (TST_RET >= 0 || TST_ERR != EACCES)
61 tst_res(TFAIL, "%s failed", __func__);
62 else
63 tst_res(TPASS | TTERRNO, "%s passed", __func__);
64
65 SAFE_CLOSE(fds[i]);
66 }
67 exit(0);
68 }
69
70 tst_reap_children();
71 cg_child_b = tst_cg_group_rm(cg_child_b);
72 cg_child_a = tst_cg_group_rm(cg_child_a);
73 }
74
setup(void)75 static void setup(void)
76 {
77 struct passwd *pw;
78
79 pw = SAFE_GETPWNAM("nobody");
80 nobody_uid = pw->pw_uid;
81 save_uid = geteuid();
82 }
83
cleanup(void)84 static void cleanup(void)
85 {
86 if (cg_child_a) {
87 SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
88 cg_child_a = tst_cg_group_rm(cg_child_a);
89 }
90 if (cg_child_b) {
91 SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
92 cg_child_b = tst_cg_group_rm(cg_child_b);
93 }
94 }
95
96 static struct tst_test test = {
97 .setup = setup,
98 .cleanup = cleanup,
99 .test_all = test_lesser_euid_open,
100 .forks_child = 1,
101 .needs_root = 1,
102 .needs_cgroup_ctrls = (const char *const[]){"memory", NULL},
103 .tags = (const struct tst_tag[]) {
104 {"linux-git", "1756d7994ad8"},
105 {"CVE", "2021-4197"},
106 {}
107 },
108 };
109