1// Copyright 2019 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5//go:build linux && cgo 6 7package cgotest 8 9import ( 10 "fmt" 11 "internal/testenv" 12 "os" 13 "runtime" 14 "sort" 15 "strings" 16 "syscall" 17 "testing" 18) 19 20// #include <stdio.h> 21// #include <stdlib.h> 22// #include <pthread.h> 23// #include <unistd.h> 24// #include <sys/types.h> 25// 26// pthread_t *t = NULL; 27// pthread_mutex_t mu; 28// int nts = 0; 29// int all_done = 0; 30// 31// static void *aFn(void *vargp) { 32// int done = 0; 33// while (!done) { 34// usleep(100); 35// pthread_mutex_lock(&mu); 36// done = all_done; 37// pthread_mutex_unlock(&mu); 38// } 39// return NULL; 40// } 41// 42// void trial(int argc) { 43// int i; 44// nts = argc; 45// t = calloc(nts, sizeof(pthread_t)); 46// pthread_mutex_init(&mu, NULL); 47// for (i = 0; i < nts; i++) { 48// pthread_create(&t[i], NULL, aFn, NULL); 49// } 50// } 51// 52// void cleanup(void) { 53// int i; 54// pthread_mutex_lock(&mu); 55// all_done = 1; 56// pthread_mutex_unlock(&mu); 57// for (i = 0; i < nts; i++) { 58// pthread_join(t[i], NULL); 59// } 60// pthread_mutex_destroy(&mu); 61// free(t); 62// } 63import "C" 64 65// compareStatus is used to confirm the contents of the thread 66// specific status files match expectations. 67func compareStatus(filter, expect string) error { 68 expected := filter + expect 69 pid := syscall.Getpid() 70 fs, err := os.ReadDir(fmt.Sprintf("/proc/%d/task", pid)) 71 if err != nil { 72 return fmt.Errorf("unable to find %d tasks: %v", pid, err) 73 } 74 expectedProc := fmt.Sprintf("Pid:\t%d", pid) 75 foundAThread := false 76 for _, f := range fs { 77 tf := fmt.Sprintf("/proc/%s/status", f.Name()) 78 d, err := os.ReadFile(tf) 79 if err != nil { 80 // There are a surprising number of ways this 81 // can error out on linux. We've seen all of 82 // the following, so treat any error here as 83 // equivalent to the "process is gone": 84 // os.IsNotExist(err), 85 // "... : no such process", 86 // "... : bad file descriptor. 87 continue 88 } 89 lines := strings.Split(string(d), "\n") 90 for _, line := range lines { 91 // Different kernel vintages pad differently. 92 line = strings.TrimSpace(line) 93 if strings.HasPrefix(line, "Pid:\t") { 94 // On loaded systems, it is possible 95 // for a TID to be reused really 96 // quickly. As such, we need to 97 // validate that the thread status 98 // info we just read is a task of the 99 // same process PID as we are 100 // currently running, and not a 101 // recently terminated thread 102 // resurfaced in a different process. 103 if line != expectedProc { 104 break 105 } 106 // Fall through in the unlikely case 107 // that filter at some point is 108 // "Pid:\t". 109 } 110 if strings.HasPrefix(line, filter) { 111 if line == expected { 112 foundAThread = true 113 break 114 } 115 if filter == "Groups:" && strings.HasPrefix(line, "Groups:\t") { 116 // https://github.com/golang/go/issues/46145 117 // Containers don't reliably output this line in sorted order so manually sort and compare that. 118 a := strings.Split(line[8:], " ") 119 sort.Strings(a) 120 got := strings.Join(a, " ") 121 if got == expected[8:] { 122 foundAThread = true 123 break 124 } 125 126 } 127 return fmt.Errorf("%q got:%q want:%q (bad) [pid=%d file:'%s' %v]\n", tf, line, expected, pid, string(d), expectedProc) 128 } 129 } 130 } 131 if !foundAThread { 132 return fmt.Errorf("found no thread /proc/<TID>/status files for process %q", expectedProc) 133 } 134 return nil 135} 136 137// test1435 test 9 glibc implemented setuid/gid syscall functions are 138// mapped. This test is a slightly more expansive test than that of 139// src/syscall/syscall_linux_test.go:TestSetuidEtc() insofar as it 140// launches concurrent threads from C code via CGo and validates that 141// they are subject to the system calls being tested. For the actual 142// Go functionality being tested here, the syscall_linux_test version 143// is considered authoritative, but non-trivial improvements to that 144// should be mirrored here. 145func test1435(t *testing.T) { 146 if syscall.Getuid() != 0 { 147 t.Skip("skipping root only test") 148 } 149 if testing.Short() && testenv.Builder() != "" && os.Getenv("USER") == "swarming" { 150 // The Go build system's swarming user is known not to be root. 151 // Unfortunately, it sometimes appears as root due the current 152 // implementation of a no-network check using 'unshare -n -r'. 153 // Since this test does need root to work, we need to skip it. 154 t.Skip("skipping root only test on a non-root builder") 155 } 156 if runtime.GOOS == "linux" { 157 if _, err := os.Stat("/etc/alpine-release"); err == nil { 158 t.Skip("skipping failing test on alpine - go.dev/issue/19938") 159 } 160 } 161 162 // Launch some threads in C. 163 const cts = 5 164 C.trial(cts) 165 defer C.cleanup() 166 167 vs := []struct { 168 call string 169 fn func() error 170 filter, expect string 171 }{ 172 {call: "Setegid(1)", fn: func() error { return syscall.Setegid(1) }, filter: "Gid:", expect: "\t0\t1\t0\t1"}, 173 {call: "Setegid(0)", fn: func() error { return syscall.Setegid(0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"}, 174 175 {call: "Seteuid(1)", fn: func() error { return syscall.Seteuid(1) }, filter: "Uid:", expect: "\t0\t1\t0\t1"}, 176 {call: "Setuid(0)", fn: func() error { return syscall.Setuid(0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"}, 177 178 {call: "Setgid(1)", fn: func() error { return syscall.Setgid(1) }, filter: "Gid:", expect: "\t1\t1\t1\t1"}, 179 {call: "Setgid(0)", fn: func() error { return syscall.Setgid(0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"}, 180 181 {call: "Setgroups([]int{0,1,2,3})", fn: func() error { return syscall.Setgroups([]int{0, 1, 2, 3}) }, filter: "Groups:", expect: "\t0 1 2 3"}, 182 {call: "Setgroups(nil)", fn: func() error { return syscall.Setgroups(nil) }, filter: "Groups:", expect: ""}, 183 {call: "Setgroups([]int{0})", fn: func() error { return syscall.Setgroups([]int{0}) }, filter: "Groups:", expect: "\t0"}, 184 185 {call: "Setregid(101,0)", fn: func() error { return syscall.Setregid(101, 0) }, filter: "Gid:", expect: "\t101\t0\t0\t0"}, 186 {call: "Setregid(0,102)", fn: func() error { return syscall.Setregid(0, 102) }, filter: "Gid:", expect: "\t0\t102\t102\t102"}, 187 {call: "Setregid(0,0)", fn: func() error { return syscall.Setregid(0, 0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"}, 188 189 {call: "Setreuid(1,0)", fn: func() error { return syscall.Setreuid(1, 0) }, filter: "Uid:", expect: "\t1\t0\t0\t0"}, 190 {call: "Setreuid(0,2)", fn: func() error { return syscall.Setreuid(0, 2) }, filter: "Uid:", expect: "\t0\t2\t2\t2"}, 191 {call: "Setreuid(0,0)", fn: func() error { return syscall.Setreuid(0, 0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"}, 192 193 {call: "Setresgid(101,0,102)", fn: func() error { return syscall.Setresgid(101, 0, 102) }, filter: "Gid:", expect: "\t101\t0\t102\t0"}, 194 {call: "Setresgid(0,102,101)", fn: func() error { return syscall.Setresgid(0, 102, 101) }, filter: "Gid:", expect: "\t0\t102\t101\t102"}, 195 {call: "Setresgid(0,0,0)", fn: func() error { return syscall.Setresgid(0, 0, 0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"}, 196 197 {call: "Setresuid(1,0,2)", fn: func() error { return syscall.Setresuid(1, 0, 2) }, filter: "Uid:", expect: "\t1\t0\t2\t0"}, 198 {call: "Setresuid(0,2,1)", fn: func() error { return syscall.Setresuid(0, 2, 1) }, filter: "Uid:", expect: "\t0\t2\t1\t2"}, 199 {call: "Setresuid(0,0,0)", fn: func() error { return syscall.Setresuid(0, 0, 0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"}, 200 } 201 202 for i, v := range vs { 203 if err := v.fn(); err != nil { 204 t.Errorf("[%d] %q failed: %v", i, v.call, err) 205 continue 206 } 207 if err := compareStatus(v.filter, v.expect); err != nil { 208 t.Errorf("[%d] %q comparison: %v", i, v.call, err) 209 } 210 } 211} 212