1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2018 FUJITSU LIMITED. All rights reserved.
4 * Copyright (c) 2021 CTERA Networks. All Rights Reserved.
5 *
6 * User ns support by: Xiao Yang <[email protected]>
7 * Forked from getxattr05.c by Amir Goldstein <[email protected]>
8 */
9
10 /*\
11 * [Description]
12 * Check that fanotify groups and marks limits are enforced correctly.
13 * If user ns is supported, verify that global limit and per user ns
14 * limits are both enforced.
15 * Otherwise, we only check that global groups limit is enforced.
16 */
17
18 #define _GNU_SOURCE
19 #include "config.h"
20 #include <errno.h>
21 #include <unistd.h>
22 #include <sys/types.h>
23 #include <stdlib.h>
24
25 #include "tst_test.h"
26 #include "lapi/sched.h"
27
28 #ifdef HAVE_SYS_FANOTIFY_H
29 #include "fanotify.h"
30
31 #define MOUNT_PATH "fs_mnt"
32 #define TEST_FILE MOUNT_PATH "/testfile"
33 #define SELF_USERNS "/proc/self/ns/user"
34 #define MAX_USERNS "/proc/sys/user/max_user_namespaces"
35 #define UID_MAP "/proc/self/uid_map"
36
37 #define GLOBAL_MAX_GROUPS "/proc/sys/fs/fanotify/max_user_groups"
38 #define GLOBAL_MAX_MARKS "/proc/sys/fs/fanotify/max_user_marks"
39 #define USERNS_MAX_GROUPS "/proc/sys/user/max_fanotify_groups"
40 #define USERNS_MAX_MARKS "/proc/sys/user/max_fanotify_marks"
41
42 /*
43 * In older kernels those limits were fixed in kernel.
44 * The fanotify_init() man page documents the max groups limit is 128, but the
45 * implementation actually allows one extra group.
46 */
47 #define DEFAULT_MAX_GROUPS 129
48 #define DEFAULT_MAX_MARKS 8192
49
50 static int orig_max_userns = -1;
51 static int user_ns_supported = 1;
52 static int max_groups = DEFAULT_MAX_GROUPS;
53 static int max_marks = DEFAULT_MAX_MARKS;
54
55 static struct tcase {
56 const char *tname;
57 unsigned int init_flags;
58 /* 0: without userns, 1: with userns */
59 int set_userns;
60 /* 0: don't map root UID in userns, 1: map root UID in userns */
61 int map_root;
62 /* 0: unlimited groups in userns */
63 int max_user_groups;
64 /* 0: unlimited marks in userns */
65 int max_user_marks;
66 } tcases[] = {
67 {
68 "Global groups limit in init user ns",
69 FAN_CLASS_NOTIF,
70 0, 0, 0, 0,
71 },
72 {
73 "Global groups limit in privileged user ns",
74 FANOTIFY_REQUIRED_USER_INIT_FLAGS,
75 1, 1, 0, 0,
76 },
77 {
78 "Local groups limit in unprivileged user ns",
79 FANOTIFY_REQUIRED_USER_INIT_FLAGS,
80 1, 0, 10, 0,
81 },
82 {
83 "Local marks limit in unprivileged user ns",
84 FANOTIFY_REQUIRED_USER_INIT_FLAGS,
85 1, 0, 0, 10,
86 },
87 };
88
89 /* Verify that groups and marks cannot be created beyond limit */
verify_user_limits(unsigned int init_flags,int groups,int marks)90 static void verify_user_limits(unsigned int init_flags, int groups, int marks)
91 {
92 int i, fd = 0, ret = 0;
93
94 for (i = 0; i <= groups; i++) {
95 fd = fanotify_init(init_flags, O_RDONLY);
96 /*
97 * Don't bother closing fd's, the child process will exit
98 * and all fd's will be closed.
99 */
100 if (fd < 0)
101 break;
102
103 ret = fanotify_mark(fd, FAN_MARK_ADD, FAN_OPEN, AT_FDCWD,
104 TEST_FILE);
105 if (ret < 0)
106 break;
107
108 }
109 if (fd > 0 && i > groups) {
110 tst_res(TFAIL,
111 "Created %d groups and marks - "
112 "groups limit (%d) exceeded", i, groups);
113 } else if (!ret && i > marks) {
114 tst_res(TFAIL,
115 "Created %d groups and marks - "
116 "marks limit (%d) exceeded", i, marks);
117 } else if (ret < 0 && errno == ENOSPC && marks < groups) {
118 /*
119 * ENOSPC is to be returned to the calling process when
120 * fanotify marks limit is reached.
121 */
122 tst_res(TPASS,
123 "Created %d marks - "
124 "below marks limit (%d)", i, marks);
125 } else if (fd < 0 && errno == EMFILE) {
126 /*
127 * EMFILE is to be returned to the calling process when
128 * fanotify groups limit is reached.
129 */
130 tst_res(TPASS,
131 "Created %d groups - "
132 "below groups limit (%d)", i, groups);
133 } else if (errno == EPERM) {
134 tst_res(TCONF,
135 "unprivileged fanotify not supported by kernel?");
136 } else if (fd < 0) {
137 tst_brk(TBROK | TERRNO,
138 "fd=%d, fanotify_init(%x, O_RDONLY) failed",
139 fd, init_flags);
140 } else if (ret < 0) {
141 tst_brk(TBROK | TERRNO,
142 "ret=%d, fanotify_mark(%d, FAN_MARK_ADD, FAN_OPEN, "
143 "AT_FDCWD, '" TEST_FILE "') failed", ret, fd);
144 }
145 }
146
do_unshare(int map_root)147 static void do_unshare(int map_root)
148 {
149 int res;
150
151 /* unshare() should support CLONE_NEWUSER flag since Linux 3.8 */
152 res = unshare(CLONE_NEWUSER);
153 if (res == -1)
154 tst_brk(TFAIL | TERRNO, "unshare(CLONE_NEWUSER) failed");
155
156 if (map_root) {
157 /*
158 * uid_map file should exist since Linux 3.8 because
159 * it is available on Linux 3.5
160 */
161 SAFE_ACCESS(UID_MAP, F_OK);
162
163 SAFE_FILE_PRINTF(UID_MAP, "%d %d %d", 0, 0, 1);
164 }
165 }
166
test_fanotify(unsigned int n)167 static void test_fanotify(unsigned int n)
168 {
169 struct tcase *tc = &tcases[n];
170 int groups = max_groups;
171 int marks = max_marks;
172 pid_t pid;
173
174 tst_res(TINFO, "Test #%d: %s", n, tc->tname);
175
176 if (tc->set_userns && !user_ns_supported) {
177 tst_res(TCONF, "fanotify inside user namespace is not supported");
178 return;
179 }
180
181 pid = SAFE_FORK();
182 if (!pid) {
183 if (tc->set_userns) {
184 do_unshare(tc->map_root);
185 /* Not changing global limits, only per userns limits */
186 if (tc->max_user_groups && tc->max_user_groups < groups) {
187 /* Further limit user ns groups */
188 marks = groups = tc->max_user_groups;
189 SAFE_FILE_PRINTF(USERNS_MAX_GROUPS, "%d", groups);
190 }
191 if (tc->max_user_marks && tc->max_user_marks < marks) {
192 /* Further limit user ns marks */
193 marks = tc->max_user_marks;
194 SAFE_FILE_PRINTF(USERNS_MAX_MARKS, "%d", marks);
195 }
196 }
197 verify_user_limits(tc->init_flags, groups, marks);
198 exit(0);
199 }
200
201 tst_reap_children();
202 }
203
setup_rlimit(unsigned int max_files)204 static void setup_rlimit(unsigned int max_files)
205 {
206 struct rlimit rlim;
207
208 SAFE_GETRLIMIT(RLIMIT_NOFILE, &rlim);
209 rlim.rlim_cur = max_files;
210 SAFE_SETRLIMIT(RLIMIT_NOFILE, &rlim);
211 }
212
setup(void)213 static void setup(void)
214 {
215 SAFE_TOUCH(TEST_FILE, 0666, NULL);
216 /* Check for kernel fanotify support */
217 REQUIRE_FANOTIFY_INIT_FLAGS_SUPPORTED_ON_FS(FAN_REPORT_FID, TEST_FILE);
218
219 /*
220 * The default value of max_user_namespaces is set to 0 on some distros,
221 * We need to change the default value to call unshare().
222 */
223 if (access(SELF_USERNS, F_OK) != 0) {
224 user_ns_supported = 0;
225 } else if (!access(MAX_USERNS, F_OK)) {
226 SAFE_FILE_SCANF(MAX_USERNS, "%d", &orig_max_userns);
227 SAFE_FILE_PRINTF(MAX_USERNS, "%d", 10);
228 }
229
230 /*
231 * In older kernels those limits were fixed in kernel and fanotify is
232 * not permitted inside user ns.
233 */
234 if (access(GLOBAL_MAX_GROUPS, F_OK) && errno == ENOENT) {
235 user_ns_supported = 0;
236 } else {
237 SAFE_FILE_SCANF(GLOBAL_MAX_GROUPS, "%d", &max_groups);
238 SAFE_FILE_SCANF(GLOBAL_MAX_MARKS, "%d", &max_marks);
239 }
240 tst_res(TINFO, "max_fanotify_groups=%d max_fanotify_marks=%d",
241 max_groups, max_marks);
242
243 /* Make sure we are not limited by nr of open files */
244 setup_rlimit(max_groups * 2);
245 }
246
cleanup(void)247 static void cleanup(void)
248 {
249 if (orig_max_userns != -1)
250 SAFE_FILE_PRINTF(MAX_USERNS, "%d", orig_max_userns);
251 }
252
253 static struct tst_test test = {
254 .test = test_fanotify,
255 .tcnt = ARRAY_SIZE(tcases),
256 .setup = setup,
257 .cleanup = cleanup,
258 .needs_root = 1,
259 .forks_child = 1,
260 .mount_device = 1,
261 .mntpoint = MOUNT_PATH,
262 };
263 #else
264 TST_TEST_TCONF("system doesn't have required fanotify support");
265 #endif
266