linux/tools/testing/selftests/proc/fd-003-kthread.c

/*
 * Copyright © 2018 Alexey Dobriyan <adobriyan@gmail.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
// Test that /proc/$KERNEL_THREAD/fd/ is empty.

#undef NDEBUG
#include <sys/syscall.h>
#include <assert.h>
#include <dirent.h>
#include <limits.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>

#include "proc.h"

#define PF_KHTREAD 0x00200000

/*
 * Test for kernel threadness atomically with openat().
 *
 * Return /proc/$PID/fd descriptor if process is kernel thread.
 * Return -1 if a process is userspace process.
 */
static int kernel_thread_fd(unsigned int pid)
{
	unsigned int flags = 0;
	char buf[4096];
	int dir_fd, fd;
	ssize_t rv;

	snprintf(buf, sizeof(buf), "/proc/%u", pid);
	dir_fd = open(buf, O_RDONLY|O_DIRECTORY);
	if (dir_fd == -1)
		return -1;

	/*
	 * Believe it or not, struct task_struct::flags is directly exposed
	 * to userspace!
	 */
	fd = openat(dir_fd, "stat", O_RDONLY);
	if (fd == -1) {
		close(dir_fd);
		return -1;
	}
	rv = read(fd, buf, sizeof(buf));
	close(fd);
	if (0 < rv && rv <= sizeof(buf)) {
		unsigned long long flags_ull;
		char *p, *end;
		int i;

		assert(buf[rv - 1] == '\n');
		buf[rv - 1] = '\0';

		/* Search backwards: ->comm can contain whitespace and ')'. */
		for (i = 0; i < 43; i++) {
			p = strrchr(buf, ' ');
			assert(p);
			*p = '\0';
		}

		p = strrchr(buf, ' ');
		assert(p);

		flags_ull = xstrtoull(p + 1, &end);
		assert(*end == '\0');
		assert(flags_ull == (unsigned int)flags_ull);

		flags = flags_ull;
	}

	fd = -1;
	if (flags & PF_KHTREAD) {
		fd = openat(dir_fd, "fd", O_RDONLY|O_DIRECTORY);
	}
	close(dir_fd);
	return fd;
}

static void test_readdir(int fd)
{
	DIR *d;
	struct dirent *de;

	d = fdopendir(fd);
	assert(d);

	de = xreaddir(d);
	assert(streq(de->d_name, "."));
	assert(de->d_type == DT_DIR);

	de = xreaddir(d);
	assert(streq(de->d_name, ".."));
	assert(de->d_type == DT_DIR);

	de = xreaddir(d);
	assert(!de);
}

static inline int sys_statx(int dirfd, const char *pathname, int flags,
			    unsigned int mask, void *stx)
{
	return syscall(SYS_statx, dirfd, pathname, flags, mask, stx);
}

static void test_lookup_fail(int fd, const char *pathname)
{
	char stx[256] __attribute__((aligned(8)));
	int rv;

	rv = sys_statx(fd, pathname, AT_SYMLINK_NOFOLLOW, 0, (void *)stx);
	assert(rv == -1 && errno == ENOENT);
}

static void test_lookup(int fd)
{
	char buf[64];
	unsigned int u;
	int i;

	for (i = INT_MIN; i < INT_MIN + 1024; i++) {
		snprintf(buf, sizeof(buf), "%d", i);
		test_lookup_fail(fd, buf);
	}
	for (i = -1024; i < 1024; i++) {
		snprintf(buf, sizeof(buf), "%d", i);
		test_lookup_fail(fd, buf);
	}
	for (u = INT_MAX - 1024; u < (unsigned int)INT_MAX + 1024; u++) {
		snprintf(buf, sizeof(buf), "%u", u);
		test_lookup_fail(fd, buf);
	}
	for (u = UINT_MAX - 1024; u != 0; u++) {
		snprintf(buf, sizeof(buf), "%u", u);
		test_lookup_fail(fd, buf);
	}
}

int main(void)
{
	unsigned int pid;
	int fd;

	/*
	 * In theory this will loop indefinitely if kernel threads are exiled
	 * from /proc.
	 *
	 * Start with kthreadd.
	 */
	pid = 2;
	while ((fd = kernel_thread_fd(pid)) == -1 && pid < 1024) {
		pid++;
	}
	/* EACCES if run as non-root. */
	if (pid >= 1024)
		return 1;

	test_readdir(fd);
	test_lookup(fd);

	return 0;
}
tools/testing/selftests/proc: test /proc//fd a bit (+ PF_KTHREAD is ABI!) Test lookup in /proc/self/fd. "map_files" lookup story showed that lookup is not that simple. * Test that all those symlinks open the same file. Check with (st_dev, st_info). * Test that kernel threads do not have anything in their /proc//fd/ directory. Now this is where things get interesting. First, kernel threads aren't pinned by /proc/self or equivalent, thus some "atomicity" is required. Second, ->comm can contain whitespace and ')'. No, they are not escaped. Third, the only reliable way to check if process is kernel thread appears to be field #9 in /proc//stat. This field is struct task_struct::flags in decimal! Check is done by testing PF_KTHREAD flags like we do in kernel. PF_KTREAD value is a part of userspace ABI !!! Other methods for determining kernel threadness are not reliable: * RSS can be 0 if everything is swapped, even while reading from /proc/self. * ->total_vm CAN BE ZERO if process is finishing munmap(NULL, whole address space); * /proc/*/maps and similar files can be empty because unmapping everything works. Read returning 0 can't distinguish between kernel thread and such suicide process. Link: http://lkml.kernel.org/r/20180505000414.GA15090@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2018-06-07 17:10:20 -07:00			`/*`
			`* Copyright © 2018 Alexey Dobriyan <adobriyan@gmail.com>`
			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*/`
			`// Test that /proc/$KERNEL_THREAD/fd/ is empty.`
selftests: fix warning: "_GNU_SOURCE" redefined Makefile contains -D_GNU_SOURCE. remove define "_GNU_SOURCE" in c files. Signed-off-by: Peng Hao <peng.hao2@zte.com.cn> Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org> 2018-10-12 03:53:50 +08:00
tools/testing/selftests/proc: test /proc//fd a bit (+ PF_KTHREAD is ABI!) Test lookup in /proc/self/fd. "map_files" lookup story showed that lookup is not that simple. * Test that all those symlinks open the same file. Check with (st_dev, st_info). * Test that kernel threads do not have anything in their /proc//fd/ directory. Now this is where things get interesting. First, kernel threads aren't pinned by /proc/self or equivalent, thus some "atomicity" is required. Second, ->comm can contain whitespace and ')'. No, they are not escaped. Third, the only reliable way to check if process is kernel thread appears to be field #9 in /proc//stat. This field is struct task_struct::flags in decimal! Check is done by testing PF_KTHREAD flags like we do in kernel. PF_KTREAD value is a part of userspace ABI !!! Other methods for determining kernel threadness are not reliable: * RSS can be 0 if everything is swapped, even while reading from /proc/self. * ->total_vm CAN BE ZERO if process is finishing munmap(NULL, whole address space); * /proc/*/maps and similar files can be empty because unmapping everything works. Read returning 0 can't distinguish between kernel thread and such suicide process. Link: http://lkml.kernel.org/r/20180505000414.GA15090@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2018-06-07 17:10:20 -07:00			`#undef NDEBUG`
			`#include <sys/syscall.h>`
			`#include <assert.h>`
			`#include <dirent.h>`
			`#include <limits.h>`
			`#include <stdio.h>`
			`#include <string.h>`
			`#include <sys/types.h>`
			`#include <sys/stat.h>`
			`#include <fcntl.h>`
			`#include <unistd.h>`

			`#include "proc.h"`

			`#define PF_KHTREAD 0x00200000`

			`/*`
			`* Test for kernel threadness atomically with openat().`
			`*`
			`* Return /proc/$PID/fd descriptor if process is kernel thread.`
			`* Return -1 if a process is userspace process.`
			`*/`
			`static int kernel_thread_fd(unsigned int pid)`
			`{`
			`unsigned int flags = 0;`
			`char buf[4096];`
			`int dir_fd, fd;`
			`ssize_t rv;`

			`snprintf(buf, sizeof(buf), "/proc/%u", pid);`
			`dir_fd = open(buf, O_RDONLY\|O_DIRECTORY);`
			`if (dir_fd == -1)`
			`return -1;`

			`/*`
			`* Believe it or not, struct task_struct::flags is directly exposed`
			`* to userspace!`
			`*/`
			`fd = openat(dir_fd, "stat", O_RDONLY);`
			`if (fd == -1) {`
			`close(dir_fd);`
			`return -1;`
			`}`
			`rv = read(fd, buf, sizeof(buf));`
			`close(fd);`
			`if (0 < rv && rv <= sizeof(buf)) {`
			`unsigned long long flags_ull;`
			`char p, end;`
			`int i;`

			`assert(buf[rv - 1] == '\n');`
			`buf[rv - 1] = '\0';`

			`/* Search backwards: ->comm can contain whitespace and ')'. */`
			`for (i = 0; i < 43; i++) {`
			`p = strrchr(buf, ' ');`
			`assert(p);`
			`*p = '\0';`
			`}`

			`p = strrchr(buf, ' ');`
			`assert(p);`

			`flags_ull = xstrtoull(p + 1, &end);`
			`assert(*end == '\0');`
			`assert(flags_ull == (unsigned int)flags_ull);`

			`flags = flags_ull;`
			`}`

			`fd = -1;`
			`if (flags & PF_KHTREAD) {`
			`fd = openat(dir_fd, "fd", O_RDONLY\|O_DIRECTORY);`
			`}`
			`close(dir_fd);`
			`return fd;`
			`}`

			`static void test_readdir(int fd)`
			`{`
			`DIR *d;`
			`struct dirent *de;`

			`d = fdopendir(fd);`
			`assert(d);`

			`de = xreaddir(d);`
			`assert(streq(de->d_name, "."));`
			`assert(de->d_type == DT_DIR);`

			`de = xreaddir(d);`
			`assert(streq(de->d_name, ".."));`
			`assert(de->d_type == DT_DIR);`

			`de = xreaddir(d);`
			`assert(!de);`
			`}`

			`static inline int sys_statx(int dirfd, const char *pathname, int flags,`
			`unsigned int mask, void *stx)`
			`{`
			`return syscall(SYS_statx, dirfd, pathname, flags, mask, stx);`
			`}`

			`static void test_lookup_fail(int fd, const char *pathname)`
			`{`
			`char stx[256] __attribute__((aligned(8)));`
			`int rv;`

			`rv = sys_statx(fd, pathname, AT_SYMLINK_NOFOLLOW, 0, (void *)stx);`
			`assert(rv == -1 && errno == ENOENT);`
			`}`

			`static void test_lookup(int fd)`
			`{`
			`char buf[64];`
			`unsigned int u;`
			`int i;`

			`for (i = INT_MIN; i < INT_MIN + 1024; i++) {`
			`snprintf(buf, sizeof(buf), "%d", i);`
			`test_lookup_fail(fd, buf);`
			`}`
			`for (i = -1024; i < 1024; i++) {`
			`snprintf(buf, sizeof(buf), "%d", i);`
			`test_lookup_fail(fd, buf);`
			`}`
			`for (u = INT_MAX - 1024; u < (unsigned int)INT_MAX + 1024; u++) {`
			`snprintf(buf, sizeof(buf), "%u", u);`
			`test_lookup_fail(fd, buf);`
			`}`
			`for (u = UINT_MAX - 1024; u != 0; u++) {`
			`snprintf(buf, sizeof(buf), "%u", u);`
			`test_lookup_fail(fd, buf);`
			`}`
			`}`

			`int main(void)`
			`{`
			`unsigned int pid;`
			`int fd;`

			`/*`
			`* In theory this will loop indefinitely if kernel threads are exiled`
			`* from /proc.`
			`*`
			`* Start with kthreadd.`
			`*/`
			`pid = 2;`
			`while ((fd = kernel_thread_fd(pid)) == -1 && pid < 1024) {`
			`pid++;`
			`}`
			`/* EACCES if run as non-root. */`
			`if (pid >= 1024)`
			`return 1;`

			`test_readdir(fd);`
			`test_lookup(fd);`

			`return 0;`
			`}`