199 lines
6.9 KiB
Go
199 lines
6.9 KiB
Go
// Copyright 2019 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
//go:build linux && cgo
|
|
// +build linux,cgo
|
|
|
|
package cgotest
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"sort"
|
|
"strings"
|
|
"syscall"
|
|
"testing"
|
|
)
|
|
|
|
// #include <stdio.h>
|
|
// #include <stdlib.h>
|
|
// #include <pthread.h>
|
|
// #include <unistd.h>
|
|
// #include <sys/types.h>
|
|
//
|
|
// pthread_t *t = NULL;
|
|
// pthread_mutex_t mu;
|
|
// int nts = 0;
|
|
// int all_done = 0;
|
|
//
|
|
// static void *aFn(void *vargp) {
|
|
// int done = 0;
|
|
// while (!done) {
|
|
// usleep(100);
|
|
// pthread_mutex_lock(&mu);
|
|
// done = all_done;
|
|
// pthread_mutex_unlock(&mu);
|
|
// }
|
|
// return NULL;
|
|
// }
|
|
//
|
|
// void trial(int argc) {
|
|
// int i;
|
|
// nts = argc;
|
|
// t = calloc(nts, sizeof(pthread_t));
|
|
// pthread_mutex_init(&mu, NULL);
|
|
// for (i = 0; i < nts; i++) {
|
|
// pthread_create(&t[i], NULL, aFn, NULL);
|
|
// }
|
|
// }
|
|
//
|
|
// void cleanup(void) {
|
|
// int i;
|
|
// pthread_mutex_lock(&mu);
|
|
// all_done = 1;
|
|
// pthread_mutex_unlock(&mu);
|
|
// for (i = 0; i < nts; i++) {
|
|
// pthread_join(t[i], NULL);
|
|
// }
|
|
// pthread_mutex_destroy(&mu);
|
|
// free(t);
|
|
// }
|
|
import "C"
|
|
|
|
// compareStatus is used to confirm the contents of the thread
|
|
// specific status files match expectations.
|
|
func compareStatus(filter, expect string) error {
|
|
expected := filter + expect
|
|
pid := syscall.Getpid()
|
|
fs, err := os.ReadDir(fmt.Sprintf("/proc/%d/task", pid))
|
|
if err != nil {
|
|
return fmt.Errorf("unable to find %d tasks: %v", pid, err)
|
|
}
|
|
expectedProc := fmt.Sprintf("Pid:\t%d", pid)
|
|
foundAThread := false
|
|
for _, f := range fs {
|
|
tf := fmt.Sprintf("/proc/%s/status", f.Name())
|
|
d, err := os.ReadFile(tf)
|
|
if err != nil {
|
|
// There are a surprising number of ways this
|
|
// can error out on linux. We've seen all of
|
|
// the following, so treat any error here as
|
|
// equivalent to the "process is gone":
|
|
// os.IsNotExist(err),
|
|
// "... : no such process",
|
|
// "... : bad file descriptor.
|
|
continue
|
|
}
|
|
lines := strings.Split(string(d), "\n")
|
|
for _, line := range lines {
|
|
// Different kernel vintages pad differently.
|
|
line = strings.TrimSpace(line)
|
|
if strings.HasPrefix(line, "Pid:\t") {
|
|
// On loaded systems, it is possible
|
|
// for a TID to be reused really
|
|
// quickly. As such, we need to
|
|
// validate that the thread status
|
|
// info we just read is a task of the
|
|
// same process PID as we are
|
|
// currently running, and not a
|
|
// recently terminated thread
|
|
// resurfaced in a different process.
|
|
if line != expectedProc {
|
|
break
|
|
}
|
|
// Fall through in the unlikely case
|
|
// that filter at some point is
|
|
// "Pid:\t".
|
|
}
|
|
if strings.HasPrefix(line, filter) {
|
|
if line == expected {
|
|
foundAThread = true
|
|
break
|
|
}
|
|
if filter == "Groups:" && strings.HasPrefix(line, "Groups:\t") {
|
|
// https://github.com/golang/go/issues/46145
|
|
// Containers don't reliably output this line in sorted order so manually sort and compare that.
|
|
a := strings.Split(line[8:], " ")
|
|
sort.Strings(a)
|
|
got := strings.Join(a, " ")
|
|
if got == expected[8:] {
|
|
foundAThread = true
|
|
break
|
|
}
|
|
|
|
}
|
|
return fmt.Errorf("%q got:%q want:%q (bad) [pid=%d file:'%s' %v]\n", tf, line, expected, pid, string(d), expectedProc)
|
|
}
|
|
}
|
|
}
|
|
if !foundAThread {
|
|
return fmt.Errorf("found no thread /proc/<TID>/status files for process %q", expectedProc)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// test1435 test 9 glibc implemented setuid/gid syscall functions are
|
|
// mapped. This test is a slightly more expansive test than that of
|
|
// src/syscall/syscall_linux_test.go:TestSetuidEtc() insofar as it
|
|
// launches concurrent threads from C code via CGo and validates that
|
|
// they are subject to the system calls being tested. For the actual
|
|
// Go functionality being tested here, the syscall_linux_test version
|
|
// is considered authoritative, but non-trivial improvements to that
|
|
// should be mirrored here.
|
|
func test1435(t *testing.T) {
|
|
if syscall.Getuid() != 0 {
|
|
t.Skip("skipping root only test")
|
|
}
|
|
|
|
// Launch some threads in C.
|
|
const cts = 5
|
|
C.trial(cts)
|
|
defer C.cleanup()
|
|
|
|
vs := []struct {
|
|
call string
|
|
fn func() error
|
|
filter, expect string
|
|
}{
|
|
{call: "Setegid(1)", fn: func() error { return syscall.Setegid(1) }, filter: "Gid:", expect: "\t0\t1\t0\t1"},
|
|
{call: "Setegid(0)", fn: func() error { return syscall.Setegid(0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Seteuid(1)", fn: func() error { return syscall.Seteuid(1) }, filter: "Uid:", expect: "\t0\t1\t0\t1"},
|
|
{call: "Setuid(0)", fn: func() error { return syscall.Setuid(0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setgid(1)", fn: func() error { return syscall.Setgid(1) }, filter: "Gid:", expect: "\t1\t1\t1\t1"},
|
|
{call: "Setgid(0)", fn: func() error { return syscall.Setgid(0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setgroups([]int{0,1,2,3})", fn: func() error { return syscall.Setgroups([]int{0, 1, 2, 3}) }, filter: "Groups:", expect: "\t0 1 2 3"},
|
|
{call: "Setgroups(nil)", fn: func() error { return syscall.Setgroups(nil) }, filter: "Groups:", expect: ""},
|
|
{call: "Setgroups([]int{0})", fn: func() error { return syscall.Setgroups([]int{0}) }, filter: "Groups:", expect: "\t0"},
|
|
|
|
{call: "Setregid(101,0)", fn: func() error { return syscall.Setregid(101, 0) }, filter: "Gid:", expect: "\t101\t0\t0\t0"},
|
|
{call: "Setregid(0,102)", fn: func() error { return syscall.Setregid(0, 102) }, filter: "Gid:", expect: "\t0\t102\t102\t102"},
|
|
{call: "Setregid(0,0)", fn: func() error { return syscall.Setregid(0, 0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setreuid(1,0)", fn: func() error { return syscall.Setreuid(1, 0) }, filter: "Uid:", expect: "\t1\t0\t0\t0"},
|
|
{call: "Setreuid(0,2)", fn: func() error { return syscall.Setreuid(0, 2) }, filter: "Uid:", expect: "\t0\t2\t2\t2"},
|
|
{call: "Setreuid(0,0)", fn: func() error { return syscall.Setreuid(0, 0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setresgid(101,0,102)", fn: func() error { return syscall.Setresgid(101, 0, 102) }, filter: "Gid:", expect: "\t101\t0\t102\t0"},
|
|
{call: "Setresgid(0,102,101)", fn: func() error { return syscall.Setresgid(0, 102, 101) }, filter: "Gid:", expect: "\t0\t102\t101\t102"},
|
|
{call: "Setresgid(0,0,0)", fn: func() error { return syscall.Setresgid(0, 0, 0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setresuid(1,0,2)", fn: func() error { return syscall.Setresuid(1, 0, 2) }, filter: "Uid:", expect: "\t1\t0\t2\t0"},
|
|
{call: "Setresuid(0,2,1)", fn: func() error { return syscall.Setresuid(0, 2, 1) }, filter: "Uid:", expect: "\t0\t2\t1\t2"},
|
|
{call: "Setresuid(0,0,0)", fn: func() error { return syscall.Setresuid(0, 0, 0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"},
|
|
}
|
|
|
|
for i, v := range vs {
|
|
if err := v.fn(); err != nil {
|
|
t.Errorf("[%d] %q failed: %v", i, v.call, err)
|
|
continue
|
|
}
|
|
if err := compareStatus(v.filter, v.expect); err != nil {
|
|
t.Errorf("[%d] %q comparison: %v", i, v.call, err)
|
|
}
|
|
}
|
|
}
|