1 // SPDX-License-Identifier: GPL-2.0
6 #include <linux/netlink.h>
12 #include <sys/prctl.h>
13 #include <sys/socket.h>
15 #include <sys/eventfd.h>
17 #include <sys/syscall.h>
18 #include <sys/types.h>
22 #include "../kselftest_harness.h"
24 #define __DEV_FULL "/sys/devices/virtual/mem/full/uevent"
25 #define __UEVENT_BUFFER_SIZE (2048 * 2)
26 #define __UEVENT_HEADER "add@/devices/virtual/mem/full"
27 #define __UEVENT_HEADER_LEN sizeof("add@/devices/virtual/mem/full")
28 #define __UEVENT_LISTEN_ALL -1
30 ssize_t read_nointr(int fd, void *buf, size_t count)
35 ret = read(fd, buf, count);
36 if (ret < 0 && errno == EINTR)
42 ssize_t write_nointr(int fd, const void *buf, size_t count)
47 ret = write(fd, buf, count);
48 if (ret < 0 && errno == EINTR)
54 int wait_for_pid(pid_t pid)
59 ret = waitpid(pid, &status, 0);
70 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
76 static int uevent_listener(unsigned long post_flags, bool expect_uevent,
80 socklen_t sk_addr_len;
81 int fret = -1, rcv_buf_sz = __UEVENT_BUFFER_SIZE;
82 uint64_t sync_add = 1;
83 struct sockaddr_nl sk_addr = { 0 }, rcv_addr = { 0 };
84 char buf[__UEVENT_BUFFER_SIZE] = { 0 };
85 struct iovec iov = { buf, __UEVENT_BUFFER_SIZE };
86 char control[CMSG_SPACE(sizeof(struct ucred))];
88 &rcv_addr, sizeof(rcv_addr), &iov, 1,
89 control, sizeof(control), 0,
92 sk_fd = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC,
93 NETLINK_KOBJECT_UEVENT);
95 fprintf(stderr, "%s - Failed to open uevent socket\n", strerror(errno));
99 ret = setsockopt(sk_fd, SOL_SOCKET, SO_RCVBUF, &rcv_buf_sz,
102 fprintf(stderr, "%s - Failed to set socket options\n", strerror(errno));
106 sk_addr.nl_family = AF_NETLINK;
107 sk_addr.nl_groups = __UEVENT_LISTEN_ALL;
109 sk_addr_len = sizeof(sk_addr);
110 ret = bind(sk_fd, (struct sockaddr *)&sk_addr, sk_addr_len);
112 fprintf(stderr, "%s - Failed to bind socket\n", strerror(errno));
116 ret = getsockname(sk_fd, (struct sockaddr *)&sk_addr, &sk_addr_len);
118 fprintf(stderr, "%s - Failed to retrieve socket name\n", strerror(errno));
122 if ((size_t)sk_addr_len != sizeof(sk_addr)) {
123 fprintf(stderr, "Invalid socket address size\n");
127 if (post_flags & CLONE_NEWUSER) {
128 ret = unshare(CLONE_NEWUSER);
131 "%s - Failed to unshare user namespace\n",
137 if (post_flags & CLONE_NEWNET) {
138 ret = unshare(CLONE_NEWNET);
141 "%s - Failed to unshare network namespace\n",
147 ret = write_nointr(sync_fd, &sync_add, sizeof(sync_add));
149 if (ret != sizeof(sync_add)) {
150 fprintf(stderr, "Failed to synchronize with parent process\n");
158 r = recvmsg(sk_fd, &hdr, 0);
160 fprintf(stderr, "%s - Failed to receive uevent\n", strerror(errno));
165 /* ignore libudev messages */
166 if (memcmp(buf, "libudev", 8) == 0)
169 /* ignore uevents we didn't trigger */
170 if (memcmp(buf, __UEVENT_HEADER, __UEVENT_HEADER_LEN) != 0)
173 if (!expect_uevent) {
174 fprintf(stderr, "Received unexpected uevent:\n");
178 if (TH_LOG_ENABLED) {
179 /* If logging is enabled dump the received uevent. */
180 (void)write_nointr(STDERR_FILENO, buf, r);
181 (void)write_nointr(STDERR_FILENO, "\n", 1);
193 int trigger_uevent(unsigned int times)
198 fd = open(__DEV_FULL, O_RDWR | O_CLOEXEC);
206 for (i = 0; i < times; i++) {
207 ret = write_nointr(fd, "add\n", sizeof("add\n") - 1);
209 fprintf(stderr, "Failed to trigger uevent\n");
218 int set_death_signal(void)
223 ret = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
225 /* Check whether we have been orphaned. */
231 ret = kill(self, SIGKILL);
240 static int do_test(unsigned long pre_flags, unsigned long post_flags,
241 bool expect_uevent, int sync_fd)
248 struct timespec timeout;
251 sigaddset(&mask, SIGCHLD);
253 ret = sigprocmask(SIG_BLOCK, &mask, &orig_mask);
255 fprintf(stderr, "%s- Failed to block SIGCHLD\n", strerror(errno));
261 fprintf(stderr, "%s - Failed to fork() new process\n", strerror(errno));
266 /* Make sure that we go away when our parent dies. */
267 ret = set_death_signal();
269 fprintf(stderr, "Failed to set PR_SET_PDEATHSIG to SIGKILL\n");
273 if (pre_flags & CLONE_NEWUSER) {
274 ret = unshare(CLONE_NEWUSER);
277 "%s - Failed to unshare user namespace\n",
283 if (pre_flags & CLONE_NEWNET) {
284 ret = unshare(CLONE_NEWNET);
287 "%s - Failed to unshare network namespace\n",
293 if (uevent_listener(post_flags, expect_uevent, sync_fd) < 0)
299 ret = read_nointr(sync_fd, &wait_val, sizeof(wait_val));
300 if (ret != sizeof(wait_val)) {
301 fprintf(stderr, "Failed to synchronize with child process\n");
305 /* Trigger 10 uevents to account for the case where the kernel might
308 ret = trigger_uevent(10);
310 fprintf(stderr, "Failed triggering uevents\n");
312 /* Wait for 2 seconds before considering this failed. This should be
313 * plenty of time for the kernel to deliver the uevent even under heavy
320 ret = sigtimedwait(&mask, NULL, &timeout);
326 ret = kill(pid, SIGTERM); /* success */
328 ret = kill(pid, SIGUSR1); /* error */
333 ret = wait_for_pid(pid);
340 static void signal_handler(int sig)
348 TEST(uevent_filtering)
351 struct sigaction act;
354 TH_LOG("Uevent filtering tests require root privileges. Skipping test");
358 ret = access(__DEV_FULL, F_OK);
360 if (errno == ENOENT) {
361 TH_LOG(__DEV_FULL " does not exist. Skipping test");
368 act.sa_handler = signal_handler;
370 sigemptyset(&act.sa_mask);
372 ret = sigaction(SIGTERM, &act, NULL);
375 sync_fd = eventfd(0, EFD_CLOEXEC);
376 ASSERT_GE(sync_fd, 0);
380 * - Open uevent listening socket in initial network namespace owned by
381 * initial user namespace.
382 * - Trigger uevent in initial network namespace owned by initial user
385 * - uevent listening socket receives uevent
387 ret = do_test(0, 0, true, sync_fd);
394 * - Open uevent listening socket in non-initial network namespace
395 * owned by initial user namespace.
396 * - Trigger uevent in initial network namespace owned by initial user
399 * - uevent listening socket receives uevent
401 ret = do_test(CLONE_NEWNET, 0, true, sync_fd);
408 * - unshare user namespace
409 * - Open uevent listening socket in initial network namespace
410 * owned by initial user namespace.
411 * - Trigger uevent in initial network namespace owned by initial user
414 * - uevent listening socket receives uevent
416 ret = do_test(CLONE_NEWUSER, 0, true, sync_fd);
423 * - Open uevent listening socket in non-initial network namespace
424 * owned by non-initial user namespace.
425 * - Trigger uevent in initial network namespace owned by initial user
428 * - uevent listening socket receives no uevent
430 ret = do_test(CLONE_NEWUSER | CLONE_NEWNET, 0, false, sync_fd);
437 * - Open uevent listening socket in initial network namespace
438 * owned by initial user namespace.
439 * - unshare network namespace
440 * - Trigger uevent in initial network namespace owned by initial user
443 * - uevent listening socket receives uevent
445 ret = do_test(0, CLONE_NEWNET, true, sync_fd);
452 * - Open uevent listening socket in initial network namespace
453 * owned by initial user namespace.
454 * - unshare user namespace
455 * - Trigger uevent in initial network namespace owned by initial user
458 * - uevent listening socket receives uevent
460 ret = do_test(0, CLONE_NEWUSER, true, sync_fd);
467 * - Open uevent listening socket in initial network namespace
468 * owned by initial user namespace.
469 * - unshare user namespace
470 * - unshare network namespace
471 * - Trigger uevent in initial network namespace owned by initial user
474 * - uevent listening socket receives uevent
476 ret = do_test(0, CLONE_NEWUSER | CLONE_NEWNET, true, sync_fd);