Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp820557pxb; Tue, 12 Apr 2022 14:22:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxJhmNcZNwa4zbhIC2R6ahRRKmIETSav1YzLywC07LTgAhUCE3yYqvNnUwUSC42EiQ3M+/v X-Received: by 2002:a63:4a55:0:b0:399:5a4d:8606 with SMTP id j21-20020a634a55000000b003995a4d8606mr31992849pgl.19.1649798543157; Tue, 12 Apr 2022 14:22:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649798543; cv=none; d=google.com; s=arc-20160816; b=Rp/GNV96EDk6SphrJnZXyD2ox54SKqCH8eborP+cGwKF2UmwCwI42uOA8+3JKZ/V4q 4xMJXpDhR0h+Q4+TG6Z3WbqCH/OBcxpJHAvSh59U8zkD8uqPKbVnykEgi7CSFu2sViqZ fJv/d2V0BGYFAvxMIKbMPNjFj/Azcs75139NsbiWxgwp//QFAuF0igY4U+4rqdllpxbA bv40aPP0IOVxZHBzmG/F8bcTOOneGzUURSYsqUY0jXiqLL+fseJmuOZtfbRzVDCy5shE ES5BSVR7NVNcagwkKuGQyRZmjAQrco15XFzdjZ25dgRiszu+BiCahneaGNlnIeyMYkhu mc9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=g0erXzmt6PY8GHitoq4L6hM2AMjL6YNyqBjQTvbiUPw=; b=K3Cb1D7Jd5Ad2QwuvLFJ9Ou66gezwCYlEUhyNM+2vKgmG3tI2IQDpNwgIoGnJqvpJy m0/gemZcsPquJwgz84LTF5CBCEZGbhVnJsxSQH0wlvO/rVpLMLzkLHL/pHxp8E6OsaP5 qcU8At/dakMSzuWhwY35hs/BSNeF7VXjj6DcfK3zDrO+V/wBmKPec7adqK5CXTj3Rbxs eYE9Uq2e8S66iWPp5KSDg78vUnEHkkDwsjt4M0KffVr3OpivAePdRVTqUUrVUGZesgCi GU/hq7tg0oq8NFgWWWyyiifZ+VGo2ukdeGlxE3ItshswBQKwF8wl3q8CoRQkl2Lp5z77 kygg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ihvA4x71; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id e69-20020a636948000000b0039d1ee91117si3626788pgc.744.2022.04.12.14.22.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 14:22:23 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ihvA4x71; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A10ED10BD09; Tue, 12 Apr 2022 13:34:35 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344398AbiDLHAh (ORCPT + 99 others); Tue, 12 Apr 2022 03:00:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351475AbiDLGxm (ORCPT ); Tue, 12 Apr 2022 02:53:42 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88B6B37A0A; Mon, 11 Apr 2022 23:41:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 25B4D60A77; Tue, 12 Apr 2022 06:41:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 326CEC385A8; Tue, 12 Apr 2022 06:41:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649745672; bh=OhkQB/YB9JwzoHdchmhfRn/xWsDTrD2yFnyvdWKmG7M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ihvA4x71AnsViWOO9KHRVPWJEOCAPYl9J6Vee4R7Lw2dDmj5ppw6jrcB/xxU+c13f BInNzqcPOQAu9ioelS3iLyjiSPqVOmtuQZv0+OGzvMqG0uT1JG/n91mMFkJKZZm2E/ ypoc/eUpIhLi79VBLbXpqJk7SkYozLAdbc/pbMcw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Michal=20Koutn=C3=BD?= , Tejun Heo , Ovidiu Panait Subject: [PATCH 5.10 165/171] selftests: cgroup: Test open-time credential usage for migration checks Date: Tue, 12 Apr 2022 08:30:56 +0200 Message-Id: <20220412062932.675634011@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220412062927.870347203@linuxfoundation.org> References: <20220412062927.870347203@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tejun Heo commit 613e040e4dc285367bff0f8f75ea59839bc10947 upstream. When a task is writing to an fd opened by a different task, the perm check should use the credentials of the latter task. Add a test for it. Tested-by: Michal Koutný Signed-off-by: Tejun Heo Signed-off-by: Ovidiu Panait Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/cgroup/test_core.c | 68 +++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) --- a/tools/testing/selftests/cgroup/test_core.c +++ b/tools/testing/selftests/cgroup/test_core.c @@ -674,6 +674,73 @@ cleanup: return ret; } +/* + * cgroup migration permission check should be performed based on the + * credentials at the time of open instead of write. + */ +static int test_cgcore_lesser_euid_open(const char *root) +{ + const uid_t test_euid = 65534; /* usually nobody, any !root is fine */ + int ret = KSFT_FAIL; + char *cg_test_a = NULL, *cg_test_b = NULL; + char *cg_test_a_procs = NULL, *cg_test_b_procs = NULL; + int cg_test_b_procs_fd = -1; + uid_t saved_uid; + + cg_test_a = cg_name(root, "cg_test_a"); + cg_test_b = cg_name(root, "cg_test_b"); + + if (!cg_test_a || !cg_test_b) + goto cleanup; + + cg_test_a_procs = cg_name(cg_test_a, "cgroup.procs"); + cg_test_b_procs = cg_name(cg_test_b, "cgroup.procs"); + + if (!cg_test_a_procs || !cg_test_b_procs) + goto cleanup; + + if (cg_create(cg_test_a) || cg_create(cg_test_b)) + goto cleanup; + + if (cg_enter_current(cg_test_a)) + goto cleanup; + + if (chown(cg_test_a_procs, test_euid, -1) || + chown(cg_test_b_procs, test_euid, -1)) + goto cleanup; + + saved_uid = geteuid(); + if (seteuid(test_euid)) + goto cleanup; + + cg_test_b_procs_fd = open(cg_test_b_procs, O_RDWR); + + if (seteuid(saved_uid)) + goto cleanup; + + if (cg_test_b_procs_fd < 0) + goto cleanup; + + if (write(cg_test_b_procs_fd, "0", 1) >= 0 || errno != EACCES) + goto cleanup; + + ret = KSFT_PASS; + +cleanup: + cg_enter_current(root); + if (cg_test_b_procs_fd >= 0) + close(cg_test_b_procs_fd); + if (cg_test_b) + cg_destroy(cg_test_b); + if (cg_test_a) + cg_destroy(cg_test_a); + free(cg_test_b_procs); + free(cg_test_a_procs); + free(cg_test_b); + free(cg_test_a); + return ret; +} + #define T(x) { x, #x } struct corecg_test { int (*fn)(const char *root); @@ -689,6 +756,7 @@ struct corecg_test { T(test_cgcore_proc_migration), T(test_cgcore_thread_migration), T(test_cgcore_destroy), + T(test_cgcore_lesser_euid_open), }; #undef T