[CRIU] [PATCH 4/6] zdtm: add new dumpable02 test to check that dumpable flag set to 0 or 2 works

Filipe Brandenburger filbranden at google.com
Tue Jun 17 20:33:52 PDT 2014 

This confirms that the fix to handle dumpable flag set to 2 still works after
restore.

To force dumpable flag set to 0 or 2 (whatever the fs.suid_dumpable is set to),
chmod the test binary to 0111 (executable, but not readable) and execv() it
while running as non-root.  The kernel will unset the dumpable flag to prevent
a core dump or ptrace to giving the user access to the pages of the binary
(which are supposedly not readable by that user.)

Tested:
- # test/zdtm.sh static/dumpable02
  Test: zdtm/live/static/dumpable02, Result: PASS
- # test/zdtm.sh ns/static/dumpable02
  Test: zdtm/live/static/dumpable02, Result: PASS
- Used -DDEBUG to confirm the value of the dumpable flag was 0 or 2 to match
  the fs.suid_dumpable sysctl in the tests (both in and out of namespaces.)
- Confirmed that the test fails if the commit that fixes handling of dumpable
  flag with value 2 is reverted and the fs.suid_dumpable sysctl is set to 2.

Signed-off-by: Filipe Brandenburger <filbranden at google.com>
---
 test/zdtm.sh                       |   1 +
 test/zdtm/.gitignore               |   1 +
 test/zdtm/live/static/Makefile     |   1 +
 test/zdtm/live/static/dumpable02.c | 207 +++++++++++++++++++++++++++++++++++++
 4 files changed, 210 insertions(+)
 create mode 100644 test/zdtm/live/static/dumpable02.c

diff --git a/test/zdtm.sh b/test/zdtm.sh
index a48e647b9a54..5012c9d537af 100755
--- a/test/zdtm.sh
+++ b/test/zdtm.sh
@@ -108,6 +108,7 @@ static/chroot-file
 static/rtc
 transition/maps007
 static/dumpable01
+static/dumpable02
 "
 # Duplicate list with ns/ prefix
 TEST_LIST=$TEST_LIST$(echo $TEST_LIST | tr ' ' '\n' | sed 's#^#ns/#')
diff --git a/test/zdtm/.gitignore b/test/zdtm/.gitignore
index 5dd49056b4b5..238ffb5bb08a 100644
--- a/test/zdtm/.gitignore
+++ b/test/zdtm/.gitignore
@@ -16,6 +16,7 @@
 /live/static/deleted_dev
 /live/static/deleted_unix_sock
 /live/static/dumpable01
+/live/static/dumpable02
 /live/static/env00
 /live/static/eventfs00
 /live/static/fanotify00
diff --git a/test/zdtm/live/static/Makefile b/test/zdtm/live/static/Makefile
index 83de77ab6a9e..319e552ec978 100644
--- a/test/zdtm/live/static/Makefile
+++ b/test/zdtm/live/static/Makefile
@@ -110,6 +110,7 @@ TST_NOFILE	=				\
 		rtc				\
 		clean_mntns			\
 		dumpable01			\
+		dumpable02			\
 #		jobctl00			\
 
 TST_FILE	=				\
diff --git a/test/zdtm/live/static/dumpable02.c b/test/zdtm/live/static/dumpable02.c
new file mode 100644
index 000000000000..48b0e40f500a
--- /dev/null
+++ b/test/zdtm/live/static/dumpable02.c
@@ -0,0 +1,207 @@
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "zdtmtst.h"
+
+const char *test_doc    = "Check dumpable flag handling (non-dumpable case)";
+const char *test_author = "Filipe Brandenburger <filbranden at google.com>";
+
+int dumpable_server() {
+	char buf[256];
+	int ret;
+
+	for (;;) {
+		ret = read(0, buf, sizeof(buf));
+		if (ret == 0)
+			break;
+		ret = snprintf(buf, sizeof(buf), "DUMPABLE:%d\n", prctl(PR_GET_DUMPABLE));
+		write(1, buf, ret);
+	}
+	return 0;
+}
+
+int get_dumpable_from_pipes(int pipe_input, int pipe_output) {
+	char buf[256];
+	int len;
+	long value;
+	char *endptr = NULL;
+
+	/* input and output are from the child's point of view. */
+
+	write(pipe_input, "GET\n", 4);
+	len = read(pipe_output, buf, sizeof(buf));
+	if (len < 0) {
+		err("error in parent reading from pipe");
+		return -1;
+	}
+
+	if (memcmp(buf, "DUMPABLE:", 9) != 0) {
+		err("child returned [%s]", buf);
+		return -1;
+	}
+
+	value = strtol(&buf[9], &endptr, 10);
+	if (!endptr || *endptr != '\n' || endptr != buf + len - 1) {
+		err("child returned [%s]", buf);
+		return -1;
+	}
+
+	return (int)value;
+}
+
+
+int main(int argc, char **argv)
+{
+	int pipe_input[2];
+	int pipe_output[2];
+	int save_dumpable;
+	int dumpable;
+	int ret;
+	pid_t pid;
+	pid_t waited;
+	int status;
+
+	/*
+	 * Check if we are being re-executed to spawn the dumpable server. This
+	 * re-execution is what essentially causes the dumpable flag to be
+	 * cleared since we have execute but not read permissions to the
+	 * binary.
+	 */
+	if (getenv("DUMPABLE_SERVER"))
+		return dumpable_server();
+
+	/*
+	 * Otherwise, do normal startup and spawn a dumpable server. While we
+	 * are still running as root, chmod() the binary to give it execute but
+	 * not read permissions, that way when we execv() it as a non-root user
+	 * the kernel will drop our dumpable flag and reset it to the value in
+	 * /proc/sys/fs/suid_dumpable.
+	 */
+	ret = chmod(argv[0], 0111);
+	if (ret < 0) {
+		err("error chmodding %s", argv[0]);
+		return 1;
+	}
+
+	test_init(argc, argv);
+
+	ret = pipe(pipe_input);
+	if (ret < 0) {
+		err("error creating input pipe");
+		return 1;
+	}
+
+	ret = pipe(pipe_output);
+	if (ret < 0) {
+		err("error creating output pipe");
+		return 1;
+	}
+
+	pid = fork();
+	if (pid < 0) {
+		err("error forking the dumpable server");
+		return 1;
+	}
+
+	if (pid == 0) {
+		/*
+		 * Child process will execv() the dumpable server. Start by
+		 * reopening stdin and stdout to use the pipes, then set the
+		 * environment variable and execv() the same binary.
+		 */
+		close(0);
+		close(1);
+
+		ret = dup2(pipe_input[0], 0);
+		if (ret < 0) {
+			err("could not dup2 pipe into child's stdin");
+			return 1;
+		}
+
+		ret = dup2(pipe_output[1], 1);
+		if (ret < 0) {
+			err("could not dup2 pipe into child's stdout");
+			return 1;
+		}
+
+		close(pipe_output[0]);
+		close(pipe_output[1]);
+		close(pipe_input[0]);
+		close(pipe_input[1]);
+
+		ret = setenv("DUMPABLE_SERVER", "yes", 1);
+		if (ret < 0) {
+			err("could not set the DUMPABLE_SERVER env variable");
+			return 1;
+		}
+
+		ret = execl(argv[0], "dumpable_server", NULL);
+		err("could not execv %s as a dumpable_server", argv[0]);
+		return 1;
+	}
+
+	/*
+	 * Parent process, write to the pipe_input socket to ask the server
+	 * child to tell us what its dumpable flag value is on its side.
+	 */
+	close(pipe_input[0]);
+	close(pipe_output[1]);
+
+	save_dumpable = get_dumpable_from_pipes(pipe_input[1], pipe_output[0]);
+	if (save_dumpable < 0) return 1;
+#ifdef DEBUG
+	test_msg("DEBUG: before dump: dumpable=%d\n", save_dumpable);
+#endif
+
+	/* Wait for dump and restore. */
+	test_daemon();
+	test_waitsig();
+
+	dumpable = get_dumpable_from_pipes(pipe_input[1], pipe_output[0]);
+	if (dumpable < 0) return 1;
+#ifdef DEBUG
+	test_msg("DEBUG: after restore: dumpable=%d\n", dumpable);
+#endif
+
+	if (dumpable != save_dumpable) {
+		errno = 0;
+		fail("dumpable flag was not preserved over migration");
+		return 1;
+	}
+
+	/* Closing the pipes will terminate the child server. */
+	close(pipe_input[1]);
+	close(pipe_output[0]);
+
+	waited = wait(&status);
+	if (waited < 0) {
+		err("error calling wait on the child");
+		return 1;
+	}
+	errno = 0;
+	if (waited != pid) {
+		err("waited pid %d did not match child pid %d",
+		    waited, pid);
+		return 1;
+	}
+	if (!WIFEXITED(status)) {
+		err("child dumpable server returned abnormally with status=%d",
+		    status);
+		return 1;
+	}
+	if (WEXITSTATUS(status) != 0) {
+		err("child dumpable server returned rc=%d",
+		    WEXITSTATUS(status));
+		return 1;
+	}
+
+	pass();
+	return 0;
+}
-- 
1.9.3

More information about the CRIU mailing list