[LTP] [PATCH v1 1/2] cgroup_core01: Use correct linux tag

[LTP] [PATCH v1 1/2] cgroup_core01: Use correct linux tag

[Yang Xu]

Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 testcases/kernel/controllers/cgroup/cgroup_core01.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/testcases/kernel/controllers/cgroup/cgroup_core01.c b/testcases/kernel/controllers/cgroup/cgroup_core01.c
index 8b6243f7c..2e695deed 100644
--- a/testcases/kernel/controllers/cgroup/cgroup_core01.c
+++ b/testcases/kernel/controllers/cgroup/cgroup_core01.c
@@ -16,11 +16,11 @@
  *
  * It is a regression test for
  *
- * commit e57457641613fef0d147ede8bd6a3047df588b95
+ * commit 1756d7994ad85c2479af6ae5a9750b92324685af
  * Author: Tejun Heo <tj@kernel.org>
- * Date:   Thu Jan 6 11:02:29 2022 -1000
+ * Date:   Thu Jan 6 11:02:28 2022 -1000
  *
- * cgroup: Use open-time cgroup namespace for process migration perm checks
+ * cgroup: Use open-time credentials for process migraton perm checks
  */
 
 #include <stdlib.h>
@@ -101,7 +101,7 @@ static struct tst_test test = {
 	.needs_root = 1,
 	.needs_cgroup_ctrls = (const char *const[]){"memory",  NULL},
 	.tags = (const struct tst_tag[]) {
-		{"linux-git", "e57457641613"},
+		{"linux-git", "1756d7994ad8"},
 		{"CVE", "2021-4197"},
 		{}
 	},
-- 
2.23.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v1 2/2] cgroup_core02: copy from kernel selftest test_cgcore_lesser_ns_open

[Yang Xu]

Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 runtest/controllers                           |   1 +
 .../kernel/controllers/cgroup/.gitignore      |   1 +
 .../kernel/controllers/cgroup/cgroup_core02.c | 129 ++++++++++++++++++
 3 files changed, 131 insertions(+)
 create mode 100644 testcases/kernel/controllers/cgroup/cgroup_core02.c

diff --git a/runtest/controllers b/runtest/controllers
index 41f8367e4..8d1b936bf 100644
--- a/runtest/controllers
+++ b/runtest/controllers
@@ -1,5 +1,6 @@
 #DESCRIPTION:Resource Management testing
 cgroup_core01	cgroup_core01
+cgroup_core02	cgroup_core02
 cgroup		cgroup_regression_test.sh
 memcg_regression	memcg_regression_test.sh
 memcg_test_3	memcg_test_3
diff --git a/testcases/kernel/controllers/cgroup/.gitignore b/testcases/kernel/controllers/cgroup/.gitignore
index 382f2d9f2..012aedcca 100644
--- a/testcases/kernel/controllers/cgroup/.gitignore
+++ b/testcases/kernel/controllers/cgroup/.gitignore
@@ -2,3 +2,4 @@
 /cgroup_regression_getdelays
 /cgroup_regression_6_2
 /cgroup_core01
+/cgroup_core02
diff --git a/testcases/kernel/controllers/cgroup/cgroup_core02.c b/testcases/kernel/controllers/cgroup/cgroup_core02.c
new file mode 100644
index 000000000..0dff71eea
--- /dev/null
+++ b/testcases/kernel/controllers/cgroup/cgroup_core02.c
@@ -0,0 +1,129 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved.
+ * Author: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * When a task is writing to an fd opened by a different task, the perm check
+ * should use the cgroup namespace of the latter task.
+ *
+ * It is copy from kernel selftests cgroup test_core test_cgcore_lesser_ns_open
+ * subcase. Note that this case only runs on cgroup2 as cgroup1 doesn't have
+ * namespace support.
+ *
+ * It is a regression test for
+ *
+ * commit e57457641613fef0d147ede8bd6a3047df588b95
+ * Author: Tejun Heo <tj@kernel.org>
+ * Date:   Thu Jan 6 11:02:29 2022 -1000
+ *
+ * cgroup: Use open-time cgroup namespace for process migration perm checks
+ */
+
+#define _GNU_SOURCE
+#include <sched.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include "tst_test.h"
+#include "tst_safe_file_at.h"
+
+static struct tst_cg_group *cg_child_a, *cg_child_b;
+static uid_t nobody_uid;
+
+struct lesser_ns_open_thread_arg {
+	int fds[TST_CG_ROOTS_MAX];
+	int loops;
+};
+
+static int lesser_ns_open_thread_fn(void *arg)
+{
+	struct lesser_ns_open_thread_arg *targ = arg;
+
+	targ->loops = SAFE_CG_OPEN(cg_child_b, "cgroup.procs", O_RDWR, targ->fds);
+	return 0;
+}
+
+static void test_lesser_ns_open(void)
+{
+	int i;
+	static char stack[65536];
+	pid_t pid;
+	int status;
+	struct lesser_ns_open_thread_arg targ = { .fds = {0}, .loops = -1};
+
+	cg_child_a = tst_cg_group_mk(tst_cg, "child_a");
+	cg_child_b = tst_cg_group_mk(tst_cg, "child_b");
+
+	if (!SAFE_FORK()) {
+		SAFE_CG_PRINT(cg_child_a, "cgroup.procs", "0");
+		SAFE_CG_FCHOWN(cg_child_a, "cgroup.procs",  nobody_uid, -1);
+		SAFE_CG_FCHOWN(cg_child_b, "cgroup.procs",  nobody_uid, -1);
+		pid  = ltp_clone(CLONE_NEWCGROUP | CLONE_FILES | CLONE_VM | SIGCHLD,
+					lesser_ns_open_thread_fn, &targ, 65536, stack);
+		if (pid < 0)  {
+			tst_res(TFAIL, "unexpected negative pid %d", pid);
+			exit(1);
+		}
+
+		SAFE_WAITPID(pid, &status, 0);
+		for (i = 0; i < targ.loops; i++) {
+			if (targ.fds[i] < 1) {
+				tst_res(TFAIL, "unexpected negative fd %d", targ.fds[i]);
+				exit(1);
+			}
+
+			TEST(write(targ.fds[i], "0", 1));
+			if (TST_RET >= 0 || TST_ERR != ENOENT)
+				tst_res(TFAIL, "%s failed", __func__);
+			else
+				tst_res(TPASS | TTERRNO, "%s passed", __func__);
+
+			SAFE_CLOSE(targ.fds[i]);
+		}
+		exit(0);
+	}
+
+	tst_reap_children();
+	cg_child_b = tst_cg_group_rm(cg_child_b);
+	cg_child_a = tst_cg_group_rm(cg_child_a);
+}
+
+static void setup(void)
+{
+	struct passwd *pw;
+
+	pw = SAFE_GETPWNAM("nobody");
+	nobody_uid = pw->pw_uid;
+}
+
+static void cleanup(void)
+{
+	if (cg_child_a) {
+		SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
+		cg_child_a = tst_cg_group_rm(cg_child_a);
+	}
+	if (cg_child_b) {
+		SAFE_CG_PRINTF(tst_cg_drain, "cgroup.procs", "%d", getpid());
+		cg_child_b = tst_cg_group_rm(cg_child_b);
+	}
+}
+
+static struct tst_test test = {
+	.setup = setup,
+	.cleanup = cleanup,
+	.test_all = test_lesser_ns_open,
+	.forks_child = 1,
+	.needs_root = 1,
+	.needs_cgroup_ctrls = (const char *const[]){"memory",  NULL},
+	.needs_cgroup_ver = TST_CG_V2,
+	.tags = (const struct tst_tag[]) {
+		{"linux-git", "e57457641613"},
+		{"CVE", "2021-4197"},
+		{}
+	},
+};
-- 
2.23.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v1 1/2] cgroup_core01: Use correct linux tag

[xuyang2018.jy]

Hi ALL

ping!

Best Regards
Yang Xu

> Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
> ---
>   testcases/kernel/controllers/cgroup/cgroup_core01.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/testcases/kernel/controllers/cgroup/cgroup_core01.c b/testcases/kernel/controllers/cgroup/cgroup_core01.c
> index 8b6243f7c..2e695deed 100644
> --- a/testcases/kernel/controllers/cgroup/cgroup_core01.c
> +++ b/testcases/kernel/controllers/cgroup/cgroup_core01.c
> @@ -16,11 +16,11 @@
>    *
>    * It is a regression test for
>    *
> - * commit e57457641613fef0d147ede8bd6a3047df588b95
> + * commit 1756d7994ad85c2479af6ae5a9750b92324685af
>    * Author: Tejun Heo <tj@kernel.org>
> - * Date:   Thu Jan 6 11:02:29 2022 -1000
> + * Date:   Thu Jan 6 11:02:28 2022 -1000
>    *
> - * cgroup: Use open-time cgroup namespace for process migration perm checks
> + * cgroup: Use open-time credentials for process migraton perm checks
>    */
>   
>   #include <stdlib.h>
> @@ -101,7 +101,7 @@ static struct tst_test test = {
>   	.needs_root = 1,
>   	.needs_cgroup_ctrls = (const char *const[]){"memory",  NULL},
>   	.tags = (const struct tst_tag[]) {
> -		{"linux-git", "e57457641613"},
> +		{"linux-git", "1756d7994ad8"},
>   		{"CVE", "2021-4197"},
>   		{}
>   	},

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v1 1/2] cgroup_core01: Use correct linux tag

[Richard Palethorpe]

Hello,

Thanks, merged!

Yang Xu <xuyang2018.jy@fujitsu.com> writes:

> Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
> ---
>  testcases/kernel/controllers/cgroup/cgroup_core01.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/testcases/kernel/controllers/cgroup/cgroup_core01.c b/testcases/kernel/controllers/cgroup/cgroup_core01.c
> index 8b6243f7c..2e695deed 100644
> --- a/testcases/kernel/controllers/cgroup/cgroup_core01.c
> +++ b/testcases/kernel/controllers/cgroup/cgroup_core01.c
> @@ -16,11 +16,11 @@
>   *
>   * It is a regression test for
>   *
> - * commit e57457641613fef0d147ede8bd6a3047df588b95
> + * commit 1756d7994ad85c2479af6ae5a9750b92324685af
>   * Author: Tejun Heo <tj@kernel.org>
> - * Date:   Thu Jan 6 11:02:29 2022 -1000
> + * Date:   Thu Jan 6 11:02:28 2022 -1000
>   *
> - * cgroup: Use open-time cgroup namespace for process migration perm checks
> + * cgroup: Use open-time credentials for process migraton perm checks
>   */
>  
>  #include <stdlib.h>
> @@ -101,7 +101,7 @@ static struct tst_test test = {
>  	.needs_root = 1,
>  	.needs_cgroup_ctrls = (const char *const[]){"memory",  NULL},
>  	.tags = (const struct tst_tag[]) {
> -		{"linux-git", "e57457641613"},
> +		{"linux-git", "1756d7994ad8"},
>  		{"CVE", "2021-4197"},
>  		{}
>  	},
> -- 
> 2.23.0


-- 
Thank you,
Richard.

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v1 2/2] cgroup_core02: copy from kernel selftest test_cgcore_lesser_ns_open

[Richard Palethorpe]

Hello,

Yang Xu <xuyang2018.jy@fujitsu.com> writes:

> Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
> ---
>  runtest/controllers                           |   1 +
>  .../kernel/controllers/cgroup/.gitignore      |   1 +
>  .../kernel/controllers/cgroup/cgroup_core02.c | 129 ++++++++++++++++++
>  3 files changed, 131 insertions(+)
>  create mode 100644 testcases/kernel/controllers/cgroup/cgroup_core02.c
>
> diff --git a/runtest/controllers b/runtest/controllers
> index 41f8367e4..8d1b936bf 100644
> --- a/runtest/controllers
> +++ b/runtest/controllers
> @@ -1,5 +1,6 @@
>  #DESCRIPTION:Resource Management testing
>  cgroup_core01	cgroup_core01
> +cgroup_core02	cgroup_core02
>  cgroup		cgroup_regression_test.sh
>  memcg_regression	memcg_regression_test.sh
>  memcg_test_3	memcg_test_3
> diff --git a/testcases/kernel/controllers/cgroup/.gitignore b/testcases/kernel/controllers/cgroup/.gitignore
> index 382f2d9f2..012aedcca 100644
> --- a/testcases/kernel/controllers/cgroup/.gitignore
> +++ b/testcases/kernel/controllers/cgroup/.gitignore
> @@ -2,3 +2,4 @@
>  /cgroup_regression_getdelays
>  /cgroup_regression_6_2
>  /cgroup_core01
> +/cgroup_core02
> diff --git a/testcases/kernel/controllers/cgroup/cgroup_core02.c b/testcases/kernel/controllers/cgroup/cgroup_core02.c
> new file mode 100644
> index 000000000..0dff71eea
> --- /dev/null
> +++ b/testcases/kernel/controllers/cgroup/cgroup_core02.c
> @@ -0,0 +1,129 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2022 FUJITSU LIMITED. All rights reserved.
> + * Author: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * When a task is writing to an fd opened by a different task, the perm check
> + * should use the cgroup namespace of the latter task.
> + *
> + * It is copy from kernel selftests cgroup test_core test_cgcore_lesser_ns_open
> + * subcase. Note that this case only runs on cgroup2 as cgroup1 doesn't have
> + * namespace support.
> + *
> + * It is a regression test for
> + *
> + * commit e57457641613fef0d147ede8bd6a3047df588b95
> + * Author: Tejun Heo <tj@kernel.org>
> + * Date:   Thu Jan 6 11:02:29 2022 -1000
> + *
> + * cgroup: Use open-time cgroup namespace for process migration perm checks
> + */
> +
> +#define _GNU_SOURCE
> +#include <sched.h>
> +#include <stdlib.h>
> +#include <stdio.h>
> +#include <sys/types.h>
> +#include <pwd.h>
> +#include "tst_test.h"
> +#include "tst_safe_file_at.h"
> +
> +static struct tst_cg_group *cg_child_a, *cg_child_b;
> +static uid_t nobody_uid;
> +
> +struct lesser_ns_open_thread_arg {
> +	int fds[TST_CG_ROOTS_MAX];
> +	int loops;
> +};
> +
> +static int lesser_ns_open_thread_fn(void *arg)
> +{
> +	struct lesser_ns_open_thread_arg *targ = arg;
> +
> +	targ->loops = SAFE_CG_OPEN(cg_child_b, "cgroup.procs", O_RDWR, targ->fds);
> +	return 0;
> +}
> +
> +static void test_lesser_ns_open(void)
> +{
> +	int i;
> +	static char stack[65536];
> +	pid_t pid;
> +	int status;
> +	struct lesser_ns_open_thread_arg targ = { .fds = {0}, .loops = -1};
> +
> +	cg_child_a = tst_cg_group_mk(tst_cg, "child_a");
> +	cg_child_b = tst_cg_group_mk(tst_cg, "child_b");
> +
> +	if (!SAFE_FORK()) {
> +		SAFE_CG_PRINT(cg_child_a, "cgroup.procs", "0");
> +		SAFE_CG_FCHOWN(cg_child_a, "cgroup.procs",  nobody_uid, -1);
> +		SAFE_CG_FCHOWN(cg_child_b, "cgroup.procs",  nobody_uid, -1);
> +		pid  = ltp_clone(CLONE_NEWCGROUP | CLONE_FILES | CLONE_VM | SIGCHLD,
> +					lesser_ns_open_thread_fn, &targ,
> 65536, stack);

FYI, I would like to replace this with tst_clone.

However merged, thanks!

-- 
Thank you,
Richard.

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp