Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp662482ybs;
        Sun, 24 May 2020 17:29:08 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyGv3RSv7bM1ZcrkBfex8z5zkgFOFY05z4THavinNpjclpRcratyf1pmJfJLU4M/Z6KQQE2
X-Received: by 2002:a17:906:3e56:: with SMTP id t22mr17258536eji.277.1590366548019;
        Sun, 24 May 2020 17:29:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590366548; cv=none;
        d=google.com; s=arc-20160816;
        b=pqBOwyZxLwZXKjCWDso9OSSESqs99ow1cF5nG8NXLr7lkM8uxX5mDEL3kbsbAuyehZ
         Bldy9/P2pWzA6r9iunJoQs2uIvvup857wu7LXjgZ0JgjaMp0x4/4UxHcVK6XU4MFejlV
         XcWUPvlm7HLvp8ymo3StR5vTM5MRSZKGbXzxTVHO014u3HMbVjmCO2hJtXenvvEXj6Ln
         d7wPepPB+AgX8P2FMtn9QNnyUYNNnoTEjLj0ePB25IFBXu1E6rlXXL+JPTd0HPd30Pd2
         oT/MHtGnPJt0hL9bFnvVEgwNzbm/gz3vq1/b4s4F0o7AeKW8Rg3L0YV4qMNvfKDsUaXT
         AvTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=TkFh/ltuSCZKIpIsO7Tn/NDZKFXDGHYiyontlywtpfI=;
        b=e6MBgT5jsG+vgk5X1XJ1uDN94QOsNwzLsuexZUjv9V5eoKoTZ4KfkMM+dtiU1Elzk1
         f2BZaC9TTafb8Cn3Y24UfVS7cRXN+we0oF8pw3x0U9fCw+p6cXyRlY8M6YxMx0XAV4zS
         VkNyDhYo4ENafu7npVZssXfdLFsszjLmrOP81VFK+c5NQdpBBzbgFmP8CVzl9RrIFNXF
         CZl2i++e9XaZTnHuCh50vS8G3sB7O0b4EvLtjDkBRzy3foJHMA0xTuIx2AErsAZvw93p
         +JTdASvEIMv+Y5LLr5+dTKUVVssALScHW4RCO84rwaW09KKl03ZZaXWo2b7VPyu7P7Jo
         XNDA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sargun.me header.s=google header.b="B/rL+GXX";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id no5si9145842ejb.204.2020.05.24.17.28.45;
        Sun, 24 May 2020 17:29:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sargun.me header.s=google header.b="B/rL+GXX";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388660AbgEXXkH (ORCPT <rfc822;ivid.suvarna@gmail.com>
        + 99 others); Sun, 24 May 2020 19:40:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48650 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2388641AbgEXXj7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 24 May 2020 19:39:59 -0400
Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ADEACC05BD43
        for <linux-kernel@vger.kernel.org>; Sun, 24 May 2020 16:39:59 -0700 (PDT)
Received: by mail-pj1-x1044.google.com with SMTP id nu7so7802064pjb.0
        for <linux-kernel@vger.kernel.org>; Sun, 24 May 2020 16:39:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sargun.me; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=TkFh/ltuSCZKIpIsO7Tn/NDZKFXDGHYiyontlywtpfI=;
        b=B/rL+GXXoD44Y6uC2o+7L7Oll3ncoP77DkflU7CuMOMuhPAZaZciH9ThUWMLEvGGBG
         x4ETO+xogPGVns5rOqi3OHrxKqd38kf21jjmtBh6zLTkl2r4PFT3l1IXWk2LKVFC0z/s
         H7UPaMvZIqV81Wc9A9E3woy/X5pPxB5bGHHSQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=TkFh/ltuSCZKIpIsO7Tn/NDZKFXDGHYiyontlywtpfI=;
        b=l21JvknmXXTecp2rNUQs6tJ/B3Z8WUfgyuIrUj+v8gyX5w9WLhH+W5v5vCSX4H1+kn
         rfWNvb0oioAl8/cKjkq8jDO06UXI56oRVZxIT8oN6RVn8QZB+DroFzgCCczIV6BMoGsy
         ozQ5TzkvT+FDFZZKk/kKk1kTwXzZVoWO94dxCuEOvgcZmbOoJT+Cg0+74C+u8CA5643q
         0WTx+CYdnwd+6oMeDw92q54oCtkFLvH2deRHxtbUVQZvaDULMj33LBs5TIYxc9N4onNb
         +CAjzTWzexWWZXezAh9wD6/Q6p+Mg6ZIvBThAOtb4iz9diaoNyN7DEBcKeAAUhJmGfsX
         WSLw==
X-Gm-Message-State: AOAM531Fk94aaIq7S3BAoJ6KbHymSZ7Srl1sFJEd8R4s1n4EEsw9/dwb
        Qi85CE1IAesNFAzsJm0ZZkC93B3b/TwZ8af8
X-Received: by 2002:a17:902:c3ca:: with SMTP id j10mr25898350plj.242.1590363598683;
        Sun, 24 May 2020 16:39:58 -0700 (PDT)
Received: from ubuntu.netflix.com (203.20.25.136.in-addr.arpa. [136.25.20.203])
        by smtp.gmail.com with ESMTPSA id b16sm11633177pfi.74.2020.05.24.16.39.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 24 May 2020 16:39:58 -0700 (PDT)
From:   Sargun Dhillon <sargun@sargun.me>
To:     linux-kernel@vger.kernel.org,
        containers@lists.linux-foundation.org, linux-api@vger.kernel.org
Cc:     Sargun Dhillon <sargun@sargun.me>, christian.brauner@ubuntu.com,
        tycho@tycho.ws, keescook@chromium.org, cyphar@cyphar.com,
        Jeffrey Vander Stoep <jeffv@google.com>, jannh@google.com,
        rsesek@google.com, palmer@google.com,
        Matt Denton <mpdenton@google.com>,
        Kees Cook <keescook@google.com>
Subject: [PATCH 5/5] selftests/seccomp: Add test for addfd move semantics
Date:   Sun, 24 May 2020 16:39:42 -0700
Message-Id: <20200524233942.8702-6-sargun@sargun.me>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200524233942.8702-1-sargun@sargun.me>
References: <20200524233942.8702-1-sargun@sargun.me>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This introduces another call to addfd, in which the move flag is set. It
may make sense to setup a cgroup v1 hierarchy, and check that the
netprioidx is changed.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Cc: Matt Denton <mpdenton@google.com>
Cc: Kees Cook <keescook@google.com>,
Cc: Jann Horn <jannh@google.com>,
Cc: Robert Sesek <rsesek@google.com>,
Cc: Chris Palmer <palmer@google.com>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Tycho Andersen <tycho@tycho.ws>
---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 1ec43fef2b93..f4b50cbbde42 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -188,6 +188,8 @@ struct seccomp_metadata {
 
 /* valid flags for seccomp_notif_addfd */
 #define SECCOMP_ADDFD_FLAG_SETFD	(1UL << 0) /* Specify remote fd */
+#define SECCOMP_ADDFD_FLAG_MOVE		(1UL << 1)
+
 
 struct seccomp_notif {
 	__u64 id;
@@ -3756,6 +3758,12 @@ TEST(user_notification_sendfd)
 	EXPECT_GE(ret, 0);
 	EXPECT_EQ(filecmp(getpid(), pid, memfd, ret), 0);
 
+	/* Move the FD */
+	addfd.flags = SECCOMP_ADDFD_FLAG_MOVE;
+	ret = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);
+	EXPECT_GE(ret, 0);
+	EXPECT_EQ(filecmp(getpid(), pid, memfd, ret), 0);
+
 	/* Verify we can set a specific remote fd */
 	addfd.remote_fd = 42;
 	addfd.flags = SECCOMP_ADDFD_FLAG_SETFD;
-- 
2.25.1