Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3494075pxb; Mon, 16 Nov 2020 16:45:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJy0HWaO+Eq7ARuLlGw1t/FnrLWup/w6OFB7XtNQskEl+LKrKzFsG+XjmLYFVmcVNFsC3/de X-Received: by 2002:a05:6402:759:: with SMTP id p25mr18565890edy.22.1605573942967; Mon, 16 Nov 2020 16:45:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1605573942; cv=pass; d=google.com; s=arc-20160816; b=Ana7MukVRfcSAjxach2Ew5IC44k9GaSXvlG7m8SsyhGrK0rWQnWF9w40k4x0SS/fmp NWcMkn5ZXYHuKnFTG9V4t/filsDZUYQ95xl7KCxPdi03jCQFFL5kUM0tx00hpQ7gC1Wi s8bM2K8d/sYgV6HbRSkdognpGvBAeabdJxlYYxCzMMVtdJuPqhfT8fz+CtdKIzznY6zw etkJE2aGB8LWQpJJiVmT/aPkNsC56X2UHVVLcECvq0VsAyRGEwfIrXLc223/tI6uZGkZ nzHOl1+qidUbOYEsgAzHociFHtScj8lazaB97r5ASpRE0SfqF+31kk21gjioCboc1iZH zimA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:in-reply-to:content-disposition :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=S00pb+GeQU1Zfd1U4XC+4/fXk0CPOz08L1s0Vb5ICjQ=; b=UneM75iOQuT8rZqWVE9yJj0NmBWXO1pGRfUcrLzB70s73dRBTEuNT+TeWj307APfGA NIG0PEAZKzQYi+4xa37OVg1n3s8RPYEoUNiT/MW6lPG35WlF9NEEUxI1b/a0MjIwgi0p F5iMdUMUkeTbAICOhGa1rq5/xi+272hi9q4a8ZW8tB+u8USwPfpSsq8zxqP3gTzMKGxn K7bktpuMexjUjPsY+v2zlI2Yc9mAmtkZWSLc+04PXQI97gNPLXYXXxIMQ5eTbv+Y9geg s8tHVqlws7lZrxcB0eSsTQyA8QFSBhbssbK7u+ULcgZ1dE9eFQ9UQyH039g9UWxRTaRv XFeg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=VnSlpwZl; dkim=pass header.i=@fb.onmicrosoft.com header.s=selector2-fb-onmicrosoft-com header.b=cYXEQh3C; arc=pass (i=1 spf=pass spfdomain=fb.com dkim=pass dkdomain=fb.com dmarc=pass fromdomain=fb.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t20si13412493edc.90.2020.11.16.16.45.19; Mon, 16 Nov 2020 16:45:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=VnSlpwZl; dkim=pass header.i=@fb.onmicrosoft.com header.s=selector2-fb-onmicrosoft-com header.b=cYXEQh3C; arc=pass (i=1 spf=pass spfdomain=fb.com dkim=pass dkdomain=fb.com dmarc=pass fromdomain=fb.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731575AbgKQAnq (ORCPT + 99 others); Mon, 16 Nov 2020 19:43:46 -0500 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:4734 "EHLO mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730583AbgKQAnp (ORCPT ); Mon, 16 Nov 2020 19:43:45 -0500 Received: from pps.filterd (m0109331.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AH0hSqq032321; Mon, 16 Nov 2020 16:43:29 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=date : from : to : cc : subject : message-id : references : content-type : in-reply-to : mime-version; s=facebook; bh=S00pb+GeQU1Zfd1U4XC+4/fXk0CPOz08L1s0Vb5ICjQ=; b=VnSlpwZl1GPM4Be+TnhnVRkoRH7EoEGiUDokhsU1tURZwfIHQVy2dFy6rBXWFDA1rEzy McWUaBiemZW4qmutdLIx5bHV6rMa1UfqZC224gZYWVydWusyvzEctUPYFuplD1mWpqkL WxUmdGVUCo3A7WHB9F0Plu1z6CkhZGbv+wk= Received: from maileast.thefacebook.com ([163.114.130.16]) by mx0a-00082601.pphosted.com with ESMTP id 34uwyg27cf-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 16 Nov 2020 16:43:29 -0800 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (100.104.31.183) by o365-in.thefacebook.com (100.104.36.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Mon, 16 Nov 2020 16:43:11 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Blzg/DETaosO0D2IVVxTLgl6ukHOgVe9lwrO6arQ09++EMGT4YiReT1Qet36OJrV2Lmuu0/GMIxmIgwtXb2+o50HIFpGXufFV7skCL7LjtqGY2laxT1/+2g/E8Rukxodw4snLlZoyYcY4WnyPJRqT/qxQePIKWQ4xHnNhxrW0FsdW7cpcVHR92qz6U3U3oozFHnrsm8TWBEzhIc/Xy3PzS0s56JniJyLwQHmz2D68DAe/F6tAPkAz8CMKu1L4I7RCz0Is8BQlvhjotU87zLsmvFn4/ozn4VcbDhJ3O3QnUgJ0DKWaRaxhlBxlvDYt9ZhTkrXbYrOeNaOGFv9CVuiwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S00pb+GeQU1Zfd1U4XC+4/fXk0CPOz08L1s0Vb5ICjQ=; b=c0399vLEqGEWz7QP7xi68zSP88kcbpgNZ4DCVU3TeQo2FYR3/uBupvSLl3ivSsM/W+umM1Hp7KsnNHqEmqKdNd/OZBtnCYFF7E1IXUgw8TKJcu8yBjrzlq8uPG19aYOJ4TlDCP3QQpqnA1KKMQyGuF8NpaGk3Z5zGWpM1mM6sISV+Ex30HuEOU5sU6nyo8bMWFFGOkb5W3uz1D6zPU+Z2pmrJTJzcwYpvpRlJLjTJ2ToEzstaZi+d1PHIn12mB8HrP+FKV+UQltqxUmf57xaa5+8cRNoq41njxUJ/GxItGb0Ou5x/LpBgXiiBo3ohd33vmhEGjNqZcYzhciDHRHCIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector2-fb-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S00pb+GeQU1Zfd1U4XC+4/fXk0CPOz08L1s0Vb5ICjQ=; b=cYXEQh3CVK+iYu5cZdGy4Aw8zpp4pOuTUbQZFpY80u/JGXfc5iRyHBrlLiTjLgj4X/AECh+RaRAd1TM4i25J/GdK/ujET/JMthVJ1xapLcgqVBcwQkQGeENOEqkH/Qzajqnx/a6z5GTcOnXp+7ZezNuBnrP62p5bZJE3qlVWCMc= Authentication-Results: chromium.org; dkim=none (message not signed) header.d=none;chromium.org; dmarc=none action=none header.from=fb.com; Received: from BY5PR15MB3571.namprd15.prod.outlook.com (2603:10b6:a03:1f6::32) by BYAPR15MB2373.namprd15.prod.outlook.com (2603:10b6:a02:92::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.23; Tue, 17 Nov 2020 00:43:09 +0000 Received: from BY5PR15MB3571.namprd15.prod.outlook.com ([fe80::bc1d:484f:cb1f:78ee]) by BY5PR15MB3571.namprd15.prod.outlook.com ([fe80::bc1d:484f:cb1f:78ee%4]) with mapi id 15.20.3564.028; Tue, 17 Nov 2020 00:43:09 +0000 Date: Mon, 16 Nov 2020 16:43:03 -0800 From: Martin KaFai Lau To: KP Singh CC: , , Alexei Starovoitov , Daniel Borkmann , Florent Revest , Brendan Jackman , Pauline Middelink Subject: Re: [PATCH bpf-next v2 2/2] bpf: Add tests for bpf_lsm_set_bprm_opts Message-ID: <20201117004303.zpzoqluhslwbp7ce@kafai-mbp.dhcp.thefacebook.com> References: <20201116232536.1752908-1-kpsingh@chromium.org> <20201116232536.1752908-2-kpsingh@chromium.org> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201116232536.1752908-2-kpsingh@chromium.org> X-Originating-IP: [2620:10d:c090:400::5:8f7f] X-ClientProxiedBy: MWHPR19CA0069.namprd19.prod.outlook.com (2603:10b6:300:94::31) To BY5PR15MB3571.namprd15.prod.outlook.com (2603:10b6:a03:1f6::32) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from kafai-mbp.dhcp.thefacebook.com (2620:10d:c090:400::5:8f7f) by MWHPR19CA0069.namprd19.prod.outlook.com (2603:10b6:300:94::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.25 via Frontend Transport; Tue, 17 Nov 2020 00:43:08 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4177c7c8-71fd-42b3-7816-08d88a91c191 X-MS-TrafficTypeDiagnostic: BYAPR15MB2373: X-Microsoft-Antispam-PRVS: X-FB-Source: Internal X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XFVT64jIlcwObSbDf0il/rnBr0cMx2lRPU5Q7sJ9vJxN+qM+ozc5SBs2Wfmm9Zrn0hoOCAwqHz/51ocz3146+VM5DexIT4wW26P8LdJkzSTHplmQN6mxHJkC0KrfR6x0bfuxgkOqk9Oy5rpQgQpO5EbJ31WYztM67uCY18kaynyYOK4os0ZnBzgnn5aR6zptALVBXpSXUhgvJI2pMRUJ8RhNWwtJ2VQat879MeCRTYHigH5JeNhdmtLmMUlU8OmrXfL5qbF7WAfOlvb6yrm5jCr8qInxpvK+MPdhlnVveB4eY8GXEZPpAf+G+8d3SH/rGCYrGBMAWutWcF2ZVwuoaQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR15MB3571.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(39860400002)(376002)(136003)(346002)(366004)(478600001)(55016002)(54906003)(86362001)(8676002)(9686003)(83380400001)(2906002)(6506007)(6666004)(1076003)(16526019)(66476007)(7696005)(66556008)(5660300002)(66946007)(6916009)(186003)(52116002)(8936002)(316002)(4326008);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData: W5G5T7yDTWoHJdRN2bfsX5ZYWpzp3fV7S7rRv6X8JA/AzfXtI178Zeq1FT7w+ekgycc9fZXgaCVd46YDK3cRm5MPBHOGlM6iTvyc3pJuye/TWw8lRuawz+Ufly0axWaIKNOfYVlHxmtOj197vBq2oeQiny0Q+GJ9EYT/L1kWeeFc4p+8fGxaZuhQIZrVZm5Futw2r+VKGsXyBsLUUpr6gbztgXA2KqY1ox67Uw3JtTPHzNmxsf6UuAK+T+qy3oMNf4NMERJc0njZOSsSMV0uTdZ+qftEh75ZUGe75D035Jpzu9juE4FwNbds/rcROt33nsYkMKDwbKSiOpvxwqzg+2lSYhfiVLOXlR1yI6HiJCsfIe4U8cCIqwcG5Yxzj4r+o5DvGBTUhQK3c7rDhim8/EG8JWYylfEVQE1aWPhE3tVj6LtJGIxVJTAZvkPC5mBas3gCS1N+Ip3XO2w73FBPxF/pGCXI3UirVzR9z2Py/ncM6S7UshmjKttxjSNkuk8bDDthKjE1tg42CpVC6DIfGu+IHsL8hjG6ZSrqElgGnwTMHskBai1NBNLCcu5V4QiNRn3uS4qJItXHJer/TfdSoexcQO8THmW4TY+l9R6PBTiYcsUtdgLmEDnI9is6/GpwW17kYJxNr//StjSoAzibtKt8zZODE0M1YCGNl6aGljrAMYWPedFF722qjwn1pjszsAbbqxWyxULmZHAJlbuFK97P//p2msB+0+s3AbWrM+ASmfjnUvzLia78qc5N7+VOUCzQRNbF2ie4hVObn6hS4IapDZSLkSwM5jVqCSq+TmaxZZyF0chOIjtTxfmbMjx4glqfkkqPGOLNF9C6DvCHmNEolUjQSKs2h7r5nQrHp9Ak7IjGyGSMCVgGKRRSCvDwEbgQUvZzCTJntT+5qecLP3DPglgKpf0+6MabvfFxf3M= X-MS-Exchange-CrossTenant-Network-Message-Id: 4177c7c8-71fd-42b3-7816-08d88a91c191 X-MS-Exchange-CrossTenant-AuthSource: BY5PR15MB3571.namprd15.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2020 00:43:09.7211 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: l4S+u1Uh4UI7bKsJqdWKD1cg3JWVR54FIO3JZ/GZU2GUY9qcib+E3RXbBeCLGSvW X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2373 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312,18.0.737 definitions=2020-11-16_13:2020-11-13,2020-11-16 signatures=0 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 mlxscore=0 impostorscore=0 malwarescore=0 adultscore=0 lowpriorityscore=0 spamscore=0 phishscore=0 suspectscore=1 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011170005 X-FB-Internal: deliver Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 16, 2020 at 11:25:36PM +0000, KP Singh wrote: > From: KP Singh > > The test forks a child process, updates the local storage to set/unset > the securexec bit. > > The BPF program in the test attaches to bprm_creds_for_exec which checks > the local storage of the current task to set the secureexec bit on the > binary parameters (bprm). > > The child then execs a bash command with the environment variable > TMPDIR set in the envp. The bash command returns a different exit code > based on its observed value of the TMPDIR variable. > > Since TMPDIR is one of the variables that is ignored by the dynamic > loader when the secureexec bit is set, one should expect the > child execution to not see this value when the secureexec bit is set. > > Signed-off-by: KP Singh > --- > .../selftests/bpf/prog_tests/test_bprm_opts.c | 124 ++++++++++++++++++ > tools/testing/selftests/bpf/progs/bprm_opts.c | 34 +++++ > 2 files changed, 158 insertions(+) > create mode 100644 tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c > create mode 100644 tools/testing/selftests/bpf/progs/bprm_opts.c > > diff --git a/tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c b/tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c > new file mode 100644 > index 000000000000..cba1ef3dc8b4 > --- /dev/null > +++ b/tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c > @@ -0,0 +1,124 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +/* > + * Copyright (C) 2020 Google LLC. > + */ > + > +#include > +#include Is it needed? > +#include > +#include > + > +#include "bprm_opts.skel.h" > +#include "network_helpers.h" > + > +#ifndef __NR_pidfd_open > +#define __NR_pidfd_open 434 > +#endif > + > +static const char * const bash_envp[] = { "TMPDIR=shouldnotbeset", NULL }; > + > +static inline int sys_pidfd_open(pid_t pid, unsigned int flags) > +{ > + return syscall(__NR_pidfd_open, pid, flags); > +} > + > +static int update_storage(int map_fd, int secureexec) > +{ > + int task_fd, ret = 0; > + > + task_fd = sys_pidfd_open(getpid(), 0); > + if (task_fd < 0) > + return errno; > + > + ret = bpf_map_update_elem(map_fd, &task_fd, &secureexec, BPF_NOEXIST); > + if (ret) > + ret = errno; > + > + close(task_fd); > + return ret; > +} > + > +static int run_set_secureexec(int map_fd, int secureexec) > +{ > + > + int child_pid, child_status, ret, null_fd; > + > + child_pid = fork(); > + if (child_pid == 0) { > + null_fd = open("/dev/null", O_WRONLY); > + if (null_fd == -1) > + exit(errno); > + dup2(null_fd, STDOUT_FILENO); > + dup2(null_fd, STDERR_FILENO); > + close(null_fd); > + > + /* Ensure that all executions from hereon are > + * secure by setting a local storage which is read by > + * the bprm_creds_for_exec hook and sets bprm->secureexec. > + */ > + ret = update_storage(map_fd, secureexec); > + if (ret) > + exit(ret); > + > + /* If the binary is executed with securexec=1, the dynamic > + * loader ingores and unsets certain variables like LD_PRELOAD, > + * TMPDIR etc. TMPDIR is used here to simplify the example, as > + * LD_PRELOAD requires a real .so file. > + * > + * If the value of TMPDIR is set, the bash command returns 10 > + * and if the value is unset, it returns 20. > + */ > + ret = execle("/bin/bash", "bash", "-c", > + "[[ -z \"${TMPDIR}\" ]] || exit 10 && exit 20", > + NULL, bash_envp); > + if (ret) It should never reach here? May be just exit() unconditionally instead of having a chance to fall-through and then return -EINVAL. > + exit(errno); > + } else if (child_pid > 0) { > + waitpid(child_pid, &child_status, 0); > + ret = WEXITSTATUS(child_status); > + > + /* If a secureexec occured, the exit status should be 20. > + */ > + if (secureexec && ret == 20) > + return 0; > + > + /* If normal execution happened the exit code should be 10. > + */ > + if (!secureexec && ret == 10) > + return 0; > + > + return ret; Any chance that ret may be 0? > + } > + > + return -EINVAL; > +} > + > +void test_test_bprm_opts(void) > +{ > + int err, duration = 0; > + struct bprm_opts *skel = NULL; > + > + skel = bprm_opts__open_and_load(); > + if (CHECK(!skel, "skel_load", "skeleton failed\n")) > + goto close_prog; > + > + err = bprm_opts__attach(skel); > + if (CHECK(err, "attach", "attach failed: %d\n", err)) > + goto close_prog; > + > + /* Run the test with the secureexec bit unset */ > + err = run_set_secureexec(bpf_map__fd(skel->maps.secure_exec_task_map), > + 0 /* secureexec */); > + if (CHECK(err, "run_set_secureexec:0", "err = %d", err)) nit. err = %d"\n" > + goto close_prog; > + > + /* Run the test with the secureexec bit set */ > + err = run_set_secureexec(bpf_map__fd(skel->maps.secure_exec_task_map), > + 1 /* secureexec */); > + if (CHECK(err, "run_set_secureexec:1", "err = %d", err)) Same here. Others LGTM.