Tree - rpms/glibc - CentOS Git server

rpms / glibc

Files

Commit: e7c47cc01d790e434e41d42ca5e8117bec496a57

Blob Blame History Raw

 commit 2f9046fb059e94fe254c9a4ff5bcd52182069e44
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Wed Sep 18 12:40:00 2019 +0200
 
    Add UNSUPPORTED check in elf/tst-pldd.
    
    The testcase forks a child process and runs pldd with PID of
    this child.  On systems where /proc/sys/kernel/yama/ptrace_scope
    differs from zero, pldd will fail with
    /usr/bin/pldd: cannot attach to process 3: Operation not permitted
    
    This patch checks if ptrace_scope exists, is zero "classic ptrace permissions"
    or one "restricted ptrace".  If ptrace_scope exists and has a higher
    restriction, then the test is marked as UNSUPPORTED.
    
    The case "restricted ptrace" is handled by rearranging the processes involved
    during the test.  Now we have the following process tree:
    -parent: do_test (performs output checks)
    --subprocess 1: pldd_process (becomes pldd via execve)
    ---subprocess 2: target_process (ptraced via pldd)
    
    ChangeLog:
    
            * elf/tst-pldd.c (do_test): Add UNSUPPORTED check.
            Rearrange subprocesses.
            (pldd_process): New function.
            * support/Makefile (libsupport-routines): Add support_ptrace.
            * support/xptrace.h: New file.
            * support/support_ptrace.c: Likewise.
 
Conflicts:
	elf/tst-pldd.c
	  (Original backport uses spaces instead of tabs.)
 
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index e2de31282a131166..f381cb0fa7e6b93d 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -30,6 +30,11 @@
 #include <support/capture_subprocess.h>
 #include <support/check.h>
 #include <support/support.h>
+#include <support/xptrace.h>
+#include <support/xunistd.h>
+#include <sys/mman.h>
+#include <errno.h>
+#include <signal.h>
 
 static void
 target_process (void *arg)
@@ -37,6 +42,34 @@ target_process (void *arg)
   pause ();
 }
 
+static void
+pldd_process (void *arg)
+{
+  pid_t *target_pid_ptr = (pid_t *) arg;
+
+  /* Create a copy of current test to check with pldd.  As the
+     target_process is a child of this pldd_process, pldd is also able
+     to attach to target_process if YAMA is configured to 1 =
+     "restricted ptrace".  */
+  struct support_subprocess target = support_subprocess (target_process, NULL);
+
+  /* Store the pid of target-process as do_test needs it in order to
+     e.g. terminate it at end of the test.  */
+  *target_pid_ptr = target.pid;
+
+  /* Three digits per byte plus null terminator.  */
+  char pid[3 * sizeof (uint32_t) + 1];
+  snprintf (pid, array_length (pid), "%d", target.pid);
+
+  char *prog = xasprintf ("%s/pldd", support_bindir_prefix);
+
+  /* Run pldd and use the pid of target_process as argument.  */
+  execve (prog, (char *const []) { (char *) prog, pid, NULL },
+	  (char *const []) { NULL });
+
+  FAIL_EXIT1 ("Returned from execve: errno=%d=%m\n", errno);
+}
+
 /* The test runs in a container because pldd does not support tracing
    a binary started by the loader iself (as with testrun.sh).  */
 
@@ -52,25 +85,22 @@ in_str_list (const char *libname, const char *const strlist[])
 static int
 do_test (void)
 {
-  /* Create a copy of current test to check with pldd.  */
-  struct support_subprocess target = support_subprocess (target_process, NULL);
-
-  /* Run 'pldd' on test subprocess.  */
-  struct support_capture_subprocess pldd;
+  /* Check if our subprocess can be debugged with ptrace.  */
   {
-    /* Three digits per byte plus null terminator.  */
-    char pid[3 * sizeof (uint32_t) + 1];
-    snprintf (pid, array_length (pid), "%d", target.pid);
-
-    char *prog = xasprintf ("%s/pldd", support_bindir_prefix);
-
-    pldd = support_capture_subprogram (prog,
-      (char *const []) { (char *) prog, pid, NULL });
+    int ptrace_scope = support_ptrace_scope ();
+    if (ptrace_scope >= 2)
+      FAIL_UNSUPPORTED ("/proc/sys/kernel/yama/ptrace_scope >= 2");
+  }
 
-    support_capture_subprocess_check (&pldd, "pldd", 0, sc_allow_stdout);
+  pid_t *target_pid_ptr = (pid_t *) xmmap (NULL, sizeof (pid_t),
+					   PROT_READ | PROT_WRITE,
+					   MAP_SHARED | MAP_ANONYMOUS, -1);
 
-    free (prog);
-  }
+  /* Run 'pldd' on test subprocess which will be created in pldd_process.
+     The pid of the subprocess will be written to target_pid_ptr.  */
+  struct support_capture_subprocess pldd;
+  pldd = support_capture_subprocess (pldd_process, target_pid_ptr);
+  support_capture_subprocess_check (&pldd, "pldd", 0, sc_allow_stdout);
 
   /* Check 'pldd' output.  The test is expected to be linked against only
      loader and libc.  */
@@ -85,15 +115,15 @@ do_test (void)
     /* First line is in the form of <pid>: <full path of executable>  */
     TEST_COMPARE (fscanf (out, "%u: " STRINPUT (512), &pid, buffer), 2);
 
-    TEST_COMPARE (pid, target.pid);
+    TEST_COMPARE (pid, *target_pid_ptr);
     TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);
 
     /* It expects only one loader and libc loaded by the program.  */
     bool interpreter_found = false, libc_found = false;
     while (fgets (buffer, array_length (buffer), out) != NULL)
       {
-       /* Ignore vDSO.  */
-        if (buffer[0] != '/')
+	/* Ignore vDSO.  */
+	if (buffer[0] != '/')
 	  continue;
 
 	/* Remove newline so baseline (buffer) can compare against the
@@ -128,7 +158,9 @@ do_test (void)
   }
 
   support_capture_subprocess_free (&pldd);
-  support_process_terminate (&target);
+  if (kill (*target_pid_ptr, SIGKILL) != 0)
+    FAIL_EXIT1 ("Unable to kill target_process: errno=%d=%m\n", errno);
+  xmunmap (target_pid_ptr, sizeof (pid_t));
 
   return 0;
 }
diff --git a/support/Makefile b/support/Makefile
index 65b16299573af1ed..79d03bd6bfe02540 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -58,6 +58,7 @@ libsupport-routines = \
   support_format_hostent \
   support_format_netent \
   support_isolate_in_subprocess \
+  support_ptrace \
   support_openpty \
   support_paths \
   support_quote_blob \
diff --git a/support/support_ptrace.c b/support/support_ptrace.c
new file mode 100644
index 0000000000000000..616b08cff33022ef
--- /dev/null
+++ b/support/support_ptrace.c
@@ -0,0 +1,44 @@
+/* Support functions handling ptrace_scope.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <support/check.h>
+#include <support/xstdio.h>
+#include <support/xptrace.h>
+#include <sys/prctl.h>
+
+int
+support_ptrace_scope (void)
+{
+  int ptrace_scope = -1;
+
+#ifdef __linux__
+  /* YAMA may be not enabled.  Otherwise it contains a value from 0 to 3:
+     - 0 classic ptrace permissions
+     - 1 restricted ptrace
+     - 2 admin-only attach
+     - 3 no attach  */
+  FILE *f = fopen ("/proc/sys/kernel/yama/ptrace_scope", "r");
+  if (f != NULL)
+    {
+      TEST_COMPARE (fscanf (f, "%d", &ptrace_scope), 1);
+      xfclose (f);
+    }
+#endif
+
+  return ptrace_scope;
+}
diff --git a/support/xptrace.h b/support/xptrace.h
new file mode 100644
index 0000000000000000..7af892680578fffd
--- /dev/null
+++ b/support/xptrace.h
@@ -0,0 +1,32 @@
+/* Support functions handling ptrace_scope.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef SUPPORT_PTRACE_H
+#define SUPPORT_PTRACE_H
+
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+
+/* Return the current YAMA mode set on the machine (0 to 3) or -1
+   if YAMA is not supported.  */
+int support_ptrace_scope (void);
+
+__END_DECLS
+
+#endif

	commit 2f9046fb059e94fe254c9a4ff5bcd52182069e44
	Author: Stefan Liebler <stli@linux.ibm.com>
	Date: Wed Sep 18 12:40:00 2019 +0200

	Add UNSUPPORTED check in elf/tst-pldd.

	The testcase forks a child process and runs pldd with PID of
	this child. On systems where /proc/sys/kernel/yama/ptrace_scope
	differs from zero, pldd will fail with
	/usr/bin/pldd: cannot attach to process 3: Operation not permitted

	This patch checks if ptrace_scope exists, is zero "classic ptrace permissions"
	or one "restricted ptrace". If ptrace_scope exists and has a higher
	restriction, then the test is marked as UNSUPPORTED.

	The case "restricted ptrace" is handled by rearranging the processes involved
	during the test. Now we have the following process tree:
	-parent: do_test (performs output checks)
	--subprocess 1: pldd_process (becomes pldd via execve)
	---subprocess 2: target_process (ptraced via pldd)

	ChangeLog:

	* elf/tst-pldd.c (do_test): Add UNSUPPORTED check.
	Rearrange subprocesses.
	(pldd_process): New function.
	* support/Makefile (libsupport-routines): Add support_ptrace.
	* support/xptrace.h: New file.
	* support/support_ptrace.c: Likewise.

	Conflicts:
	elf/tst-pldd.c
	(Original backport uses spaces instead of tabs.)

	diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
	index e2de31282a131166..f381cb0fa7e6b93d 100644
	--- a/elf/tst-pldd.c
	+++ b/elf/tst-pldd.c
	@@ -30,6 +30,11 @@
	#include <support/capture_subprocess.h>
	#include <support/check.h>
	#include <support/support.h>
	+#include <support/xptrace.h>
	+#include <support/xunistd.h>
	+#include <sys/mman.h>
	+#include <errno.h>
	+#include <signal.h>

	static void
	target_process (void *arg)
	@@ -37,6 +42,34 @@ target_process (void *arg)
	pause ();
	}

	+static void
	+pldd_process (void *arg)
	+{
	+ pid_t target_pid_ptr = (pid_t ) arg;
	+
	+ /* Create a copy of current test to check with pldd. As the
	+ target_process is a child of this pldd_process, pldd is also able
	+ to attach to target_process if YAMA is configured to 1 =
	+ "restricted ptrace". */
	+ struct support_subprocess target = support_subprocess (target_process, NULL);
	+
	+ /* Store the pid of target-process as do_test needs it in order to
	+ e.g. terminate it at end of the test. */
	+ *target_pid_ptr = target.pid;
	+
	+ /* Three digits per byte plus null terminator. */
	+ char pid[3 * sizeof (uint32_t) + 1];
	+ snprintf (pid, array_length (pid), "%d", target.pid);
	+
	+ char *prog = xasprintf ("%s/pldd", support_bindir_prefix);
	+
	+ /* Run pldd and use the pid of target_process as argument. */
	+ execve (prog, (char const []) { (char ) prog, pid, NULL },
	+ (char *const []) { NULL });
	+
	+ FAIL_EXIT1 ("Returned from execve: errno=%d=%m\n", errno);
	+}
	+
	/* The test runs in a container because pldd does not support tracing
	a binary started by the loader iself (as with testrun.sh). */

	@@ -52,25 +85,22 @@ in_str_list (const char libname, const char const strlist[])
	static int
	do_test (void)
	{
	- /* Create a copy of current test to check with pldd. */
	- struct support_subprocess target = support_subprocess (target_process, NULL);
	-
	- /* Run 'pldd' on test subprocess. */
	- struct support_capture_subprocess pldd;
	+ /* Check if our subprocess can be debugged with ptrace. */
	{
	- /* Three digits per byte plus null terminator. */
	- char pid[3 * sizeof (uint32_t) + 1];
	- snprintf (pid, array_length (pid), "%d", target.pid);
	-
	- char *prog = xasprintf ("%s/pldd", support_bindir_prefix);
	-
	- pldd = support_capture_subprogram (prog,
	- (char const []) { (char ) prog, pid, NULL });
	+ int ptrace_scope = support_ptrace_scope ();
	+ if (ptrace_scope >= 2)
	+ FAIL_UNSUPPORTED ("/proc/sys/kernel/yama/ptrace_scope >= 2");
	+ }

	- support_capture_subprocess_check (&pldd, "pldd", 0, sc_allow_stdout);
	+ pid_t target_pid_ptr = (pid_t ) xmmap (NULL, sizeof (pid_t),
	+ PROT_READ \| PROT_WRITE,
	+ MAP_SHARED \| MAP_ANONYMOUS, -1);

	- free (prog);
	- }
	+ /* Run 'pldd' on test subprocess which will be created in pldd_process.
	+ The pid of the subprocess will be written to target_pid_ptr. */
	+ struct support_capture_subprocess pldd;
	+ pldd = support_capture_subprocess (pldd_process, target_pid_ptr);
	+ support_capture_subprocess_check (&pldd, "pldd", 0, sc_allow_stdout);

	/* Check 'pldd' output. The test is expected to be linked against only
	loader and libc. */
	@@ -85,15 +115,15 @@ do_test (void)
	/* First line is in the form of <pid>: <full path of executable> */
	TEST_COMPARE (fscanf (out, "%u: " STRINPUT (512), &pid, buffer), 2);

	- TEST_COMPARE (pid, target.pid);
	+ TEST_COMPARE (pid, *target_pid_ptr);
	TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);

	/* It expects only one loader and libc loaded by the program. */
	bool interpreter_found = false, libc_found = false;
	while (fgets (buffer, array_length (buffer), out) != NULL)
	{
	- /* Ignore vDSO. */
	- if (buffer[0] != '/')
	+ /* Ignore vDSO. */
	+ if (buffer[0] != '/')
	continue;

	/* Remove newline so baseline (buffer) can compare against the
	@@ -128,7 +158,9 @@ do_test (void)
	}

	support_capture_subprocess_free (&pldd);
	- support_process_terminate (&target);
	+ if (kill (*target_pid_ptr, SIGKILL) != 0)
	+ FAIL_EXIT1 ("Unable to kill target_process: errno=%d=%m\n", errno);
	+ xmunmap (target_pid_ptr, sizeof (pid_t));

	return 0;
	}
	diff --git a/support/Makefile b/support/Makefile
	index 65b16299573af1ed..79d03bd6bfe02540 100644
	--- a/support/Makefile
	+++ b/support/Makefile
	@@ -58,6 +58,7 @@ libsupport-routines = \
	support_format_hostent \
	support_format_netent \
	support_isolate_in_subprocess \
	+ support_ptrace \
	support_openpty \
	support_paths \
	support_quote_blob \
	diff --git a/support/support_ptrace.c b/support/support_ptrace.c
	new file mode 100644
	index 0000000000000000..616b08cff33022ef
	--- /dev/null
	+++ b/support/support_ptrace.c
	@@ -0,0 +1,44 @@
	+/* Support functions handling ptrace_scope.
	+ Copyright (C) 2019 Free Software Foundation, Inc.
	+ This file is part of the GNU C Library.
	+
	+ The GNU C Library is free software; you can redistribute it and/or
	+ modify it under the terms of the GNU Lesser General Public
	+ License as published by the Free Software Foundation; either
	+ version 2.1 of the License, or (at your option) any later version.
	+
	+ The GNU C Library is distributed in the hope that it will be useful,
	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ Lesser General Public License for more details.
	+
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with the GNU C Library; if not, see
	+ <https://www.gnu.org/licenses/>. */
	+
	+#include <support/check.h>
	+#include <support/xstdio.h>
	+#include <support/xptrace.h>
	+#include <sys/prctl.h>
	+
	+int
	+support_ptrace_scope (void)
	+{
	+ int ptrace_scope = -1;
	+
	+#ifdef __linux__
	+ /* YAMA may be not enabled. Otherwise it contains a value from 0 to 3:
	+ - 0 classic ptrace permissions
	+ - 1 restricted ptrace
	+ - 2 admin-only attach
	+ - 3 no attach */
	+ FILE *f = fopen ("/proc/sys/kernel/yama/ptrace_scope", "r");
	+ if (f != NULL)
	+ {
	+ TEST_COMPARE (fscanf (f, "%d", &ptrace_scope), 1);
	+ xfclose (f);
	+ }
	+#endif
	+
	+ return ptrace_scope;
	+}
	diff --git a/support/xptrace.h b/support/xptrace.h
	new file mode 100644
	index 0000000000000000..7af892680578fffd
	--- /dev/null
	+++ b/support/xptrace.h
	@@ -0,0 +1,32 @@
	+/* Support functions handling ptrace_scope.
	+ Copyright (C) 2019 Free Software Foundation, Inc.
	+ This file is part of the GNU C Library.
	+
	+ The GNU C Library is free software; you can redistribute it and/or
	+ modify it under the terms of the GNU Lesser General Public
	+ License as published by the Free Software Foundation; either
	+ version 2.1 of the License, or (at your option) any later version.
	+
	+ The GNU C Library is distributed in the hope that it will be useful,
	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ Lesser General Public License for more details.
	+
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with the GNU C Library; if not, see
	+ <https://www.gnu.org/licenses/>. */
	+
	+#ifndef SUPPORT_PTRACE_H
	+#define SUPPORT_PTRACE_H
	+
	+#include <sys/cdefs.h>
	+
	+__BEGIN_DECLS
	+
	+/* Return the current YAMA mode set on the machine (0 to 3) or -1
	+ if YAMA is not supported. */
	+int support_ptrace_scope (void);
	+
	+__END_DECLS
	+
	+#endif

rpms / glibc

Source Code

Files