1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2017 SUSE. All Rights Reserved.
4 *
5 * Started by Jan Kara <[email protected]>
6 */
7
8 /*\
9 * [Description]
10 * Check that fanotify permission events are handled properly on instance destruction.
11 */
12
13 /*
14 * Kernel crashes should be fixed by:
15 * 96d41019e3ac "fanotify: fix list corruption in fanotify_get_response()"
16 *
17 * Kernel hangs should be fixed by:
18 * 05f0e38724e8 "fanotify: Release SRCU lock when waiting for userspace response"
19 */
20
21 #define _GNU_SOURCE
22 #include "config.h"
23
24 #include <stdio.h>
25 #include <unistd.h>
26 #include <stdlib.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <sys/wait.h>
30 #include <errno.h>
31 #include <string.h>
32 #include <signal.h>
33 #include <sys/syscall.h>
34 #include "tst_test.h"
35 #include "lapi/syscalls.h"
36
37 #ifdef HAVE_SYS_FANOTIFY_H
38 #include "fanotify.h"
39
40 #define BUF_SIZE 256
41 static char fname[BUF_SIZE];
42 static char buf[BUF_SIZE];
43 static volatile int fd_notify;
44
45 /* Number of children we start */
46 #define MAX_CHILDREN 16
47 static pid_t child_pid[MAX_CHILDREN];
48
49 /* Number of children we don't respond to before stopping */
50 #define MAX_NOT_RESPONDED 4
51
generate_events(void)52 static void generate_events(void)
53 {
54 int fd;
55
56 /*
57 * generate sequence of events
58 */
59 fd = SAFE_OPEN(fname, O_RDWR | O_CREAT, 0700);
60
61 /* Run until killed... */
62 while (1) {
63 SAFE_LSEEK(fd, 0, SEEK_SET);
64 SAFE_READ(0, fd, buf, BUF_SIZE);
65 }
66 }
67
run_children(void)68 static void run_children(void)
69 {
70 int i;
71
72 for (i = 0; i < MAX_CHILDREN; i++) {
73 child_pid[i] = SAFE_FORK();
74 if (!child_pid[i]) {
75 /* Child will generate events now */
76 SAFE_CLOSE(fd_notify);
77 generate_events();
78 exit(0);
79 }
80 }
81 }
82
stop_children(void)83 static int stop_children(void)
84 {
85 int child_ret;
86 int i, ret = 0;
87
88 for (i = 0; i < MAX_CHILDREN; i++) {
89 if (!child_pid[i])
90 continue;
91
92 SAFE_KILL(child_pid[i], SIGKILL);
93 }
94
95 for (i = 0; i < MAX_CHILDREN; i++) {
96 if (!child_pid[i])
97 continue;
98
99 SAFE_WAITPID(child_pid[i], &child_ret, 0);
100
101 if (!WIFSIGNALED(child_ret))
102 ret = 1;
103
104 child_pid[i] = 0;
105 }
106
107 return ret;
108 }
109
setup_instance(void)110 static int setup_instance(void)
111 {
112 int fd;
113
114 fd = SAFE_FANOTIFY_INIT(FAN_CLASS_CONTENT, O_RDONLY);
115 SAFE_FANOTIFY_MARK(fd, FAN_MARK_ADD, FAN_ACCESS_PERM, AT_FDCWD, fname);
116
117 return fd;
118 }
119
loose_fanotify_events(void)120 static void loose_fanotify_events(void)
121 {
122 int not_responded = 0;
123
124 /*
125 * check events
126 */
127 while (not_responded < MAX_NOT_RESPONDED) {
128 struct fanotify_event_metadata event;
129 struct fanotify_response resp;
130
131 /* Get more events */
132 SAFE_READ(1, fd_notify, &event, sizeof(event));
133
134 if (event.mask != FAN_ACCESS_PERM) {
135 tst_res(TFAIL,
136 "got event: mask=%llx (expected %llx) "
137 "pid=%u fd=%d",
138 (unsigned long long)event.mask,
139 (unsigned long long)FAN_ACCESS_PERM,
140 (unsigned int)event.pid, event.fd);
141 break;
142 }
143
144 /* We respond to permission event with 95% percent probability. */
145 if (random() % 100 > 5) {
146 /* Write response to permission event */
147 resp.fd = event.fd;
148 resp.response = FAN_ALLOW;
149 SAFE_WRITE(SAFE_WRITE_ALL, fd_notify, &resp, sizeof(resp));
150 } else {
151 not_responded++;
152 }
153 SAFE_CLOSE(event.fd);
154 }
155 }
156
test_fanotify(void)157 static void test_fanotify(void)
158 {
159 int newfd;
160 int ret;
161
162 fd_notify = setup_instance();
163 run_children();
164 loose_fanotify_events();
165
166 /*
167 * Create and destroy another instance. This may hang if
168 * unanswered fanotify events block notification subsystem.
169 */
170 newfd = setup_instance();
171
172 SAFE_CLOSE(newfd);
173
174 tst_res(TPASS, "second instance destroyed successfully");
175
176 /*
177 * Now destroy the fanotify instance while there are permission
178 * events at various stages of processing. This may provoke
179 * kernel hangs or crashes.
180 */
181 SAFE_CLOSE(fd_notify);
182
183 ret = stop_children();
184 if (ret)
185 tst_res(TFAIL, "child exited for unexpected reason");
186 else
187 tst_res(TPASS, "all children exited successfully");
188 }
189
setup(void)190 static void setup(void)
191 {
192 sprintf(fname, "fname_%d", getpid());
193 SAFE_FILE_PRINTF(fname, "%s", fname);
194 require_fanotify_access_permissions_supported_on_fs(fname);
195 }
196
cleanup(void)197 static void cleanup(void)
198 {
199 stop_children();
200
201 if (fd_notify > 0)
202 SAFE_CLOSE(fd_notify);
203 }
204
205 static struct tst_test test = {
206 .test_all = test_fanotify,
207 .setup = setup,
208 .cleanup = cleanup,
209 .needs_tmpdir = 1,
210 .forks_child = 1,
211 .needs_root = 1,
212 };
213
214 #else
215 TST_TEST_TCONF("system doesn't have required fanotify support");
216 #endif
217