commit 2f9046fb059e94fe254c9a4ff5bcd52182069e44

Author: Stefan Liebler <stli@linux.ibm.com>

Date:   Wed Sep 18 12:40:00 2019 +0200

    Add UNSUPPORTED check in elf/tst-pldd.

    The testcase forks a child process and runs pldd with PID of

    this child.  On systems where /proc/sys/kernel/yama/ptrace_scope

    differs from zero, pldd will fail with

    /usr/bin/pldd: cannot attach to process 3: Operation not permitted

    This patch checks if ptrace_scope exists, is zero "classic ptrace permissions"

    or one "restricted ptrace".  If ptrace_scope exists and has a higher

    restriction, then the test is marked as UNSUPPORTED.

    The case "restricted ptrace" is handled by rearranging the processes involved

    during the test.  Now we have the following process tree:

    -parent: do_test (performs output checks)

    --subprocess 1: pldd_process (becomes pldd via execve)

    ---subprocess 2: target_process (ptraced via pldd)

    ChangeLog:

            * elf/tst-pldd.c (do_test): Add UNSUPPORTED check.

            Rearrange subprocesses.

            (pldd_process): New function.

            * support/Makefile (libsupport-routines): Add support_ptrace.

            * support/xptrace.h: New file.

            * support/support_ptrace.c: Likewise.

Conflicts:

	elf/tst-pldd.c

	  (Original backport uses spaces instead of tabs.)

diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c

index e2de31282a131166..f381cb0fa7e6b93d 100644

--- a/elf/tst-pldd.c

+++ b/elf/tst-pldd.c

@@ -30,6 +30,11 @@

 #include <support/capture_subprocess.h>

 #include <support/check.h>

 #include <support/support.h>

+#include <support/xptrace.h>

+#include <support/xunistd.h>

+#include <sys/mman.h>

+#include <errno.h>

+#include <signal.h>

 static void

 target_process (void *arg)

@@ -37,6 +42,34 @@ target_process (void *arg)

   pause ();

 }

+static void

+pldd_process (void *arg)

+{

+  pid_t *target_pid_ptr = (pid_t *) arg;

+

+  /* Create a copy of current test to check with pldd.  As the

+     target_process is a child of this pldd_process, pldd is also able

+     to attach to target_process if YAMA is configured to 1 =

+     "restricted ptrace".  */

+  struct support_subprocess target = support_subprocess (target_process, NULL);

+

+  /* Store the pid of target-process as do_test needs it in order to

+     e.g. terminate it at end of the test.  */

+  *target_pid_ptr = target.pid;

+

+  /* Three digits per byte plus null terminator.  */

+  char pid[3 * sizeof (uint32_t) + 1];

+  snprintf (pid, array_length (pid), "%d", target.pid);

+

+  char *prog = xasprintf ("%s/pldd", support_bindir_prefix);

+

+  /* Run pldd and use the pid of target_process as argument.  */

+  execve (prog, (char *const []) { (char *) prog, pid, NULL },

+	  (char *const []) { NULL });

+

+  FAIL_EXIT1 ("Returned from execve: errno=%d=%m\n", errno);

+}

+

 /* The test runs in a container because pldd does not support tracing

    a binary started by the loader iself (as with testrun.sh).  */

@@ -52,25 +85,22 @@ in_str_list (const char *libname, const char *const strlist[])

 static int

 do_test (void)

 {

-  /* Create a copy of current test to check with pldd.  */

-  struct support_subprocess target = support_subprocess (target_process, NULL);

-

-  /* Run 'pldd' on test subprocess.  */

-  struct support_capture_subprocess pldd;

+  /* Check if our subprocess can be debugged with ptrace.  */

   {

-    /* Three digits per byte plus null terminator.  */

-    char pid[3 * sizeof (uint32_t) + 1];

-    snprintf (pid, array_length (pid), "%d", target.pid);

-

-    char *prog = xasprintf ("%s/pldd", support_bindir_prefix);

-

-    pldd = support_capture_subprogram (prog,

-      (char *const []) { (char *) prog, pid, NULL });

+    int ptrace_scope = support_ptrace_scope ();

+    if (ptrace_scope >= 2)

+      FAIL_UNSUPPORTED ("/proc/sys/kernel/yama/ptrace_scope >= 2");

+  }

-    support_capture_subprocess_check (&pldd, "pldd", 0, sc_allow_stdout);

+  pid_t *target_pid_ptr = (pid_t *) xmmap (NULL, sizeof (pid_t),

+					   PROT_READ | PROT_WRITE,

+					   MAP_SHARED | MAP_ANONYMOUS, -1);

-    free (prog);

-  }

+  /* Run 'pldd' on test subprocess which will be created in pldd_process.

+     The pid of the subprocess will be written to target_pid_ptr.  */

+  struct support_capture_subprocess pldd;

+  pldd = support_capture_subprocess (pldd_process, target_pid_ptr);

+  support_capture_subprocess_check (&pldd, "pldd", 0, sc_allow_stdout);

   /* Check 'pldd' output.  The test is expected to be linked against only

      loader and libc.  */

@@ -85,15 +115,15 @@ do_test (void)

     /* First line is in the form of <pid>: <full path of executable>  */

     TEST_COMPARE (fscanf (out, "%u: " STRINPUT (512), &pid, buffer), 2);

-    TEST_COMPARE (pid, target.pid);

+    TEST_COMPARE (pid, *target_pid_ptr);

     TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);

     /* It expects only one loader and libc loaded by the program.  */

     bool interpreter_found = false, libc_found = false;

     while (fgets (buffer, array_length (buffer), out) != NULL)

       {

-       /* Ignore vDSO.  */

-        if (buffer[0] != '/')

+	/* Ignore vDSO.  */

+	if (buffer[0] != '/')

 	  continue;

 	/* Remove newline so baseline (buffer) can compare against the

@@ -128,7 +158,9 @@ do_test (void)

   }

   support_capture_subprocess_free (&pldd);

-  support_process_terminate (&target);

+  if (kill (*target_pid_ptr, SIGKILL) != 0)

+    FAIL_EXIT1 ("Unable to kill target_process: errno=%d=%m\n", errno);

+  xmunmap (target_pid_ptr, sizeof (pid_t));

   return 0;

 }

diff --git a/support/Makefile b/support/Makefile

index 65b16299573af1ed..79d03bd6bfe02540 100644

--- a/support/Makefile

+++ b/support/Makefile

@@ -58,6 +58,7 @@ libsupport-routines = \

   support_format_hostent \

   support_format_netent \

   support_isolate_in_subprocess \

+  support_ptrace \

   support_openpty \

   support_paths \

   support_quote_blob \

diff --git a/support/support_ptrace.c b/support/support_ptrace.c

new file mode 100644

index 0000000000000000..616b08cff33022ef

--- /dev/null

+++ b/support/support_ptrace.c

@@ -0,0 +1,44 @@

+/* Support functions handling ptrace_scope.

+   Copyright (C) 2019 Free Software Foundation, Inc.

+   This file is part of the GNU C Library.

+

+   The GNU C Library is free software; you can redistribute it and/or

+   modify it under the terms of the GNU Lesser General Public

+   License as published by the Free Software Foundation; either

+   version 2.1 of the License, or (at your option) any later version.

+

+   The GNU C Library is distributed in the hope that it will be useful,

+   but WITHOUT ANY WARRANTY; without even the implied warranty of

+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+   Lesser General Public License for more details.

+

+   You should have received a copy of the GNU Lesser General Public

+   License along with the GNU C Library; if not, see

+   <https://www.gnu.org/licenses/>.  */

+

+#include <support/check.h>

+#include <support/xstdio.h>

+#include <support/xptrace.h>

+#include <sys/prctl.h>

+

+int

+support_ptrace_scope (void)

+{

+  int ptrace_scope = -1;

+

+#ifdef __linux__

+  /* YAMA may be not enabled.  Otherwise it contains a value from 0 to 3:

+     - 0 classic ptrace permissions

+     - 1 restricted ptrace

+     - 2 admin-only attach

+     - 3 no attach  */

+  FILE *f = fopen ("/proc/sys/kernel/yama/ptrace_scope", "r");

+  if (f != NULL)

+    {

+      TEST_COMPARE (fscanf (f, "%d", &ptrace_scope), 1);

+      xfclose (f);

+    }

+#endif

+

+  return ptrace_scope;

+}

diff --git a/support/xptrace.h b/support/xptrace.h

new file mode 100644

index 0000000000000000..7af892680578fffd

--- /dev/null

+++ b/support/xptrace.h

@@ -0,0 +1,32 @@

+/* Support functions handling ptrace_scope.

+   Copyright (C) 2019 Free Software Foundation, Inc.

+   This file is part of the GNU C Library.

+

+   The GNU C Library is free software; you can redistribute it and/or

+   modify it under the terms of the GNU Lesser General Public

+   License as published by the Free Software Foundation; either

+   version 2.1 of the License, or (at your option) any later version.

+

+   The GNU C Library is distributed in the hope that it will be useful,

+   but WITHOUT ANY WARRANTY; without even the implied warranty of

+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+   Lesser General Public License for more details.

+

+   You should have received a copy of the GNU Lesser General Public

+   License along with the GNU C Library; if not, see

+   <https://www.gnu.org/licenses/>.  */

+

+#ifndef SUPPORT_PTRACE_H

+#define SUPPORT_PTRACE_H

+

+#include <sys/cdefs.h>

+

+__BEGIN_DECLS

+

+/* Return the current YAMA mode set on the machine (0 to 3) or -1

+   if YAMA is not supported.  */

+int support_ptrace_scope (void);

+

+__END_DECLS

+

+#endif