1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun * Copyright © 2018 Alexey Dobriyan <adobriyan@gmail.com>
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Permission to use, copy, modify, and distribute this software for any
5*4882a593Smuzhiyun * purpose with or without fee is hereby granted, provided that the above
6*4882a593Smuzhiyun * copyright notice and this permission notice appear in all copies.
7*4882a593Smuzhiyun *
8*4882a593Smuzhiyun * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9*4882a593Smuzhiyun * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10*4882a593Smuzhiyun * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11*4882a593Smuzhiyun * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12*4882a593Smuzhiyun * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13*4882a593Smuzhiyun * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14*4882a593Smuzhiyun * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15*4882a593Smuzhiyun */
16*4882a593Smuzhiyun // Test that /proc/$KERNEL_THREAD/fd/ is empty.
17*4882a593Smuzhiyun
18*4882a593Smuzhiyun #undef NDEBUG
19*4882a593Smuzhiyun #include <sys/syscall.h>
20*4882a593Smuzhiyun #include <assert.h>
21*4882a593Smuzhiyun #include <dirent.h>
22*4882a593Smuzhiyun #include <limits.h>
23*4882a593Smuzhiyun #include <stdio.h>
24*4882a593Smuzhiyun #include <string.h>
25*4882a593Smuzhiyun #include <sys/types.h>
26*4882a593Smuzhiyun #include <sys/stat.h>
27*4882a593Smuzhiyun #include <fcntl.h>
28*4882a593Smuzhiyun #include <unistd.h>
29*4882a593Smuzhiyun
30*4882a593Smuzhiyun #include "proc.h"
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun #define PF_KHTREAD 0x00200000
33*4882a593Smuzhiyun
34*4882a593Smuzhiyun /*
35*4882a593Smuzhiyun * Test for kernel threadness atomically with openat().
36*4882a593Smuzhiyun *
37*4882a593Smuzhiyun * Return /proc/$PID/fd descriptor if process is kernel thread.
38*4882a593Smuzhiyun * Return -1 if a process is userspace process.
39*4882a593Smuzhiyun */
kernel_thread_fd(unsigned int pid)40*4882a593Smuzhiyun static int kernel_thread_fd(unsigned int pid)
41*4882a593Smuzhiyun {
42*4882a593Smuzhiyun unsigned int flags = 0;
43*4882a593Smuzhiyun char buf[4096];
44*4882a593Smuzhiyun int dir_fd, fd;
45*4882a593Smuzhiyun ssize_t rv;
46*4882a593Smuzhiyun
47*4882a593Smuzhiyun snprintf(buf, sizeof(buf), "/proc/%u", pid);
48*4882a593Smuzhiyun dir_fd = open(buf, O_RDONLY|O_DIRECTORY);
49*4882a593Smuzhiyun if (dir_fd == -1)
50*4882a593Smuzhiyun return -1;
51*4882a593Smuzhiyun
52*4882a593Smuzhiyun /*
53*4882a593Smuzhiyun * Believe it or not, struct task_struct::flags is directly exposed
54*4882a593Smuzhiyun * to userspace!
55*4882a593Smuzhiyun */
56*4882a593Smuzhiyun fd = openat(dir_fd, "stat", O_RDONLY);
57*4882a593Smuzhiyun if (fd == -1) {
58*4882a593Smuzhiyun close(dir_fd);
59*4882a593Smuzhiyun return -1;
60*4882a593Smuzhiyun }
61*4882a593Smuzhiyun rv = read(fd, buf, sizeof(buf));
62*4882a593Smuzhiyun close(fd);
63*4882a593Smuzhiyun if (0 < rv && rv <= sizeof(buf)) {
64*4882a593Smuzhiyun unsigned long long flags_ull;
65*4882a593Smuzhiyun char *p, *end;
66*4882a593Smuzhiyun int i;
67*4882a593Smuzhiyun
68*4882a593Smuzhiyun assert(buf[rv - 1] == '\n');
69*4882a593Smuzhiyun buf[rv - 1] = '\0';
70*4882a593Smuzhiyun
71*4882a593Smuzhiyun /* Search backwards: ->comm can contain whitespace and ')'. */
72*4882a593Smuzhiyun for (i = 0; i < 43; i++) {
73*4882a593Smuzhiyun p = strrchr(buf, ' ');
74*4882a593Smuzhiyun assert(p);
75*4882a593Smuzhiyun *p = '\0';
76*4882a593Smuzhiyun }
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun p = strrchr(buf, ' ');
79*4882a593Smuzhiyun assert(p);
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun flags_ull = xstrtoull(p + 1, &end);
82*4882a593Smuzhiyun assert(*end == '\0');
83*4882a593Smuzhiyun assert(flags_ull == (unsigned int)flags_ull);
84*4882a593Smuzhiyun
85*4882a593Smuzhiyun flags = flags_ull;
86*4882a593Smuzhiyun }
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun fd = -1;
89*4882a593Smuzhiyun if (flags & PF_KHTREAD) {
90*4882a593Smuzhiyun fd = openat(dir_fd, "fd", O_RDONLY|O_DIRECTORY);
91*4882a593Smuzhiyun }
92*4882a593Smuzhiyun close(dir_fd);
93*4882a593Smuzhiyun return fd;
94*4882a593Smuzhiyun }
95*4882a593Smuzhiyun
test_readdir(int fd)96*4882a593Smuzhiyun static void test_readdir(int fd)
97*4882a593Smuzhiyun {
98*4882a593Smuzhiyun DIR *d;
99*4882a593Smuzhiyun struct dirent *de;
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun d = fdopendir(fd);
102*4882a593Smuzhiyun assert(d);
103*4882a593Smuzhiyun
104*4882a593Smuzhiyun de = xreaddir(d);
105*4882a593Smuzhiyun assert(streq(de->d_name, "."));
106*4882a593Smuzhiyun assert(de->d_type == DT_DIR);
107*4882a593Smuzhiyun
108*4882a593Smuzhiyun de = xreaddir(d);
109*4882a593Smuzhiyun assert(streq(de->d_name, ".."));
110*4882a593Smuzhiyun assert(de->d_type == DT_DIR);
111*4882a593Smuzhiyun
112*4882a593Smuzhiyun de = xreaddir(d);
113*4882a593Smuzhiyun assert(!de);
114*4882a593Smuzhiyun }
115*4882a593Smuzhiyun
sys_statx(int dirfd,const char * pathname,int flags,unsigned int mask,void * stx)116*4882a593Smuzhiyun static inline int sys_statx(int dirfd, const char *pathname, int flags,
117*4882a593Smuzhiyun unsigned int mask, void *stx)
118*4882a593Smuzhiyun {
119*4882a593Smuzhiyun return syscall(SYS_statx, dirfd, pathname, flags, mask, stx);
120*4882a593Smuzhiyun }
121*4882a593Smuzhiyun
test_lookup_fail(int fd,const char * pathname)122*4882a593Smuzhiyun static void test_lookup_fail(int fd, const char *pathname)
123*4882a593Smuzhiyun {
124*4882a593Smuzhiyun char stx[256] __attribute__((aligned(8)));
125*4882a593Smuzhiyun int rv;
126*4882a593Smuzhiyun
127*4882a593Smuzhiyun rv = sys_statx(fd, pathname, AT_SYMLINK_NOFOLLOW, 0, (void *)stx);
128*4882a593Smuzhiyun assert(rv == -1 && errno == ENOENT);
129*4882a593Smuzhiyun }
130*4882a593Smuzhiyun
test_lookup(int fd)131*4882a593Smuzhiyun static void test_lookup(int fd)
132*4882a593Smuzhiyun {
133*4882a593Smuzhiyun char buf[64];
134*4882a593Smuzhiyun unsigned int u;
135*4882a593Smuzhiyun int i;
136*4882a593Smuzhiyun
137*4882a593Smuzhiyun for (i = INT_MIN; i < INT_MIN + 1024; i++) {
138*4882a593Smuzhiyun snprintf(buf, sizeof(buf), "%d", i);
139*4882a593Smuzhiyun test_lookup_fail(fd, buf);
140*4882a593Smuzhiyun }
141*4882a593Smuzhiyun for (i = -1024; i < 1024; i++) {
142*4882a593Smuzhiyun snprintf(buf, sizeof(buf), "%d", i);
143*4882a593Smuzhiyun test_lookup_fail(fd, buf);
144*4882a593Smuzhiyun }
145*4882a593Smuzhiyun for (u = INT_MAX - 1024; u < (unsigned int)INT_MAX + 1024; u++) {
146*4882a593Smuzhiyun snprintf(buf, sizeof(buf), "%u", u);
147*4882a593Smuzhiyun test_lookup_fail(fd, buf);
148*4882a593Smuzhiyun }
149*4882a593Smuzhiyun for (u = UINT_MAX - 1024; u != 0; u++) {
150*4882a593Smuzhiyun snprintf(buf, sizeof(buf), "%u", u);
151*4882a593Smuzhiyun test_lookup_fail(fd, buf);
152*4882a593Smuzhiyun }
153*4882a593Smuzhiyun }
154*4882a593Smuzhiyun
main(void)155*4882a593Smuzhiyun int main(void)
156*4882a593Smuzhiyun {
157*4882a593Smuzhiyun unsigned int pid;
158*4882a593Smuzhiyun int fd;
159*4882a593Smuzhiyun
160*4882a593Smuzhiyun /*
161*4882a593Smuzhiyun * In theory this will loop indefinitely if kernel threads are exiled
162*4882a593Smuzhiyun * from /proc.
163*4882a593Smuzhiyun *
164*4882a593Smuzhiyun * Start with kthreadd.
165*4882a593Smuzhiyun */
166*4882a593Smuzhiyun pid = 2;
167*4882a593Smuzhiyun while ((fd = kernel_thread_fd(pid)) == -1 && pid < 1024) {
168*4882a593Smuzhiyun pid++;
169*4882a593Smuzhiyun }
170*4882a593Smuzhiyun /* EACCES if run as non-root. */
171*4882a593Smuzhiyun if (pid >= 1024)
172*4882a593Smuzhiyun return 1;
173*4882a593Smuzhiyun
174*4882a593Smuzhiyun test_readdir(fd);
175*4882a593Smuzhiyun test_lookup(fd);
176*4882a593Smuzhiyun
177*4882a593Smuzhiyun return 0;
178*4882a593Smuzhiyun }
179