[PATCH 5/5] selftests/seccomp: Add test for atomic addfd+send

Wed, 17 Mar 2021 22:20:08 -0700 

This just adds a test to verify that when using the new introduced flag
to ADDFD, a valid fd is added and returned as the syscall result.
Signed-off-by: Rodrigo Campos <rodr...@kinvolk.io>
Signed-off-by: Sargun Dhillon <sar...@sargun.me>
---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c 
b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 48ad53030d5a..f7242294a2d5 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -239,6 +239,10 @@ struct seccomp_notif_addfd {
 #define SECCOMP_USER_NOTIF_FLAG_WAIT_KILLABLE  (1UL << 0) /* Prevent task from 
being interrupted */
 #endif
 
+#ifndef SECCOMP_ADDFD_FLAG_SEND
+#define SECCOMP_ADDFD_FLAG_SEND        (1UL << 1) /* Addfd and return it, 
atomically */
+#endif
+
 struct seccomp_notif_addfd_small {
        __u64 id;
        char weird[4];
@@ -3980,8 +3984,14 @@ TEST(user_notification_addfd)
        ASSERT_GE(pid, 0);
 
        if (pid == 0) {
+               /* fds will be added and this value is expected */
                if (syscall(__NR_getppid) != USER_NOTIF_MAGIC)
                        exit(1);
+
+               /* Atomic addfd+send is received here. Check it is a valid fd */
+               if (fcntl(syscall(__NR_getppid), F_GETFD) == -1)
+                       exit(1);
+
                exit(syscall(__NR_getppid) != USER_NOTIF_MAGIC);
        }
 
@@ -4064,6 +4074,30 @@ TEST(user_notification_addfd)
        ASSERT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
        ASSERT_EQ(addfd.id, req.id);
 
+       /* Verify we can do an atomic addfd and send */
+       addfd.newfd = 0;
+       addfd.flags = SECCOMP_ADDFD_FLAG_SEND;
+       fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);
+
+       /* Child has fds 0-6 and 42 used, we expect the lower fd available: 7 */
+       EXPECT_EQ(fd, 7);
+       EXPECT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
+
+       /*
+        * This sets the ID of the ADD FD to the last request plus 1. The
+        * notification ID increments 1 per notification.
+        */
+       addfd.id = req.id + 1;
+
+       /* This spins until the underlying notification is generated */
+       while (ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd) != -1 &&
+              errno != -EINPROGRESS)
+               nanosleep(&delay, NULL);
+
+       memset(&req, 0, sizeof(req));
+       ASSERT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
+       ASSERT_EQ(addfd.id, req.id);
+
        resp.id = req.id;
        resp.error = 0;
        resp.val = USER_NOTIF_MAGIC;
@@ -4124,6 +4158,10 @@ TEST(user_notification_addfd_rlimit)
        EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1);
        EXPECT_EQ(errno, EMFILE);
 
+       addfd.flags = SECCOMP_ADDFD_FLAG_SEND;
+       EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1);
+       EXPECT_EQ(errno, EMFILE);
+
        addfd.newfd = 100;
        addfd.flags = SECCOMP_ADDFD_FLAG_SETFD;
        EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1);
-- 
2.25.1

Reply via email to