diff options
-rw-r--r-- | tests/filesystem.yml | 42 | ||||
-rw-r--r-- | tests/filesystem/ext4/freeze-protection-bypass/Makefile | 56 | ||||
-rw-r--r-- | tests/filesystem/ext4/freeze-protection-bypass/PURPOSE | 5 | ||||
-rwxr-xr-x | tests/filesystem/ext4/freeze-protection-bypass/runtest.sh | 86 | ||||
-rwxr-xr-x | tests/filesystem/ext4/inventory | 3 | ||||
-rw-r--r-- | tests/memory.yml | 15 | ||||
-rw-r--r-- | tests/memory/memfd_create/Makefile | 70 | ||||
-rw-r--r-- | tests/memory/memfd_create/PURPOSE | 3 | ||||
-rw-r--r-- | tests/memory/memfd_create/_env | 8 | ||||
-rwxr-xr-x | tests/memory/memfd_create/runtest.sh | 54 | ||||
-rw-r--r-- | tests/memory/memfd_create/t_get_seals.c | 62 | ||||
-rw-r--r-- | tests/memory/memfd_create/t_memfd_create.c | 102 | ||||
-rw-r--r-- | tests/tests.yml | 6 |
13 files changed, 512 insertions, 0 deletions
diff --git a/tests/filesystem.yml b/tests/filesystem.yml new file mode 100644 index 000000000..09b1c4344 --- /dev/null +++ b/tests/filesystem.yml @@ -0,0 +1,42 @@ +--- +# Tests suitable to run in a classic environment +- hosts: localhost + tags: + - classic + roles: + - role: standard-test-beakerlib + tests: + - filesystem/ext4/freeze-protection-bypass + required_packages: + - kernel + - e2fsprogs + - util-linux + ignore_errors: yes + +# Tests suitable to run in a docker environment +- hosts: localhost + tags: + - container + roles: + - role: standard-test-beakerlib + tests: + - filesystem/ext4/freeze-protection-bypass + required_packages: + - kernel + - e2fsprogs + - util-linux + ignore_errors: yes + +# Tests suitable to run in an Atomic Host environment +- hosts: localhost + tags: + - atomic + roles: + - role: standard-test-beakerlib + tests: + - filesystem/ext4/freeze-protection-bypass + required_packages: + - kernel + - e2fsprogs + - util-linux + ignore_errors: yes
\ No newline at end of file diff --git a/tests/filesystem/ext4/freeze-protection-bypass/Makefile b/tests/filesystem/ext4/freeze-protection-bypass/Makefile new file mode 100644 index 000000000..24233a4b0 --- /dev/null +++ b/tests/filesystem/ext4/freeze-protection-bypass/Makefile @@ -0,0 +1,56 @@ +# Copyright (c) 2018 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Boyang Xue <bxue@redhat.com> + +TOPLEVEL_NAMESPACE= +PACKAGE_NAME=kernel + +export TEST=freeze-protection-bypass +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x ./runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Boyang Xue <bxue@redhat.com>" > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test for Bug - ext4: fix freeze protection bypass" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 3m" >> $(METADATA) + @echo "RunFor: kernel" >> $(METADATA) + @echo "Requires: " >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/filesystem/ext4/freeze-protection-bypass/PURPOSE b/tests/filesystem/ext4/freeze-protection-bypass/PURPOSE new file mode 100644 index 000000000..fa8df1870 --- /dev/null +++ b/tests/filesystem/ext4/freeze-protection-bypass/PURPOSE @@ -0,0 +1,5 @@ +Test Name: freeze-protection-bypass +Author: Boyang Xue <bxue@redhat.com> +Location: /kernel/filesystem/freeze-protection-bypass + +Description: regression test for Bug - ext4: fix freeze protection bypass diff --git a/tests/filesystem/ext4/freeze-protection-bypass/runtest.sh b/tests/filesystem/ext4/freeze-protection-bypass/runtest.sh new file mode 100755 index 000000000..b70c2b130 --- /dev/null +++ b/tests/filesystem/ext4/freeze-protection-bypass/runtest.sh @@ -0,0 +1,86 @@ +#!/bin/bash +# +# Copyright (c) 2018 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author: Boyang Xue <bxue@redhat.com> + +PACKAGE=kernel + +. /usr/share/beakerlib/beakerlib.sh + +rlJournalStart + +WDIR=/tmp/TC_freeze-protection-bypass.tmp.workdir +ODIR=/tmp/TC_freeze-protection-bypass.tmp.oldmnt +NDIR=/tmp/TC_freeze-protection-bypass.tmp.newmnt +mkdir $ODIR $NDIR $WDIR + +cd $WDIR +fallocate -l 64M 64M.img +mkfs.ext4 -qF 64M.img +TDEV=$(losetup -f --show 64M.img) + +TRID=$RANDOM + +rlPhaseStartSetup + + # The following patch for this bug is integrated in kernel v4.18 + # + # vfs: add the sb_start_intwrite_trylock() helper + # ext4: factor out helper ext4_sample_last_mounted() + # ext4: do not update s_last_mounted of a frozen fs + KNVR=$(uname -r | cut -d '-' -f1) + rlCmpVersion $KNVR 4.18.0 >/dev/null + if [[ $? -eq 2 ]]; then + ISFIXED=0 + rlPass "Kernel version < 4.18, indicating it's vulnerable to this bug. Test skipped as pass." + exit 0 + else + ISFIXED=1 + fi + + rlRun "mount $TDEV $ODIR" + rlRun "echo TC_freeze-protection-bypass > $ODIR/TC_freeze-protection-bypass" + rlRun "umount $ODIR" +rlPhaseEnd + +rlPhaseStartTest + rlRun "echo \"run TC_freeze-protection-bypass#${TRID}\" >/dev/kmsg" + rlRun "mount $TDEV $NDIR" + rlLog "Run 'fsfreeze -f $NDIR &'" + fsfreeze -f $NDIR & + wait $! + rlRun "grep TC_freeze-protection-bypass $NDIR/TC_freeze-protection-bypass" + rlRun "! dmesg | tac | sed -ne \"0,\#run TC_freeze-protection-bypass\#${TRID}#p\" | tac | grep -E \"ext4_journal_check_start|ext4_journal_start_sb\"" + if [[ $? -eq 0 ]]; then + rlPass "The kernel warning isn't triggered. Test passes." + else + rlFail "The kernel warning is triggered. Test fails." + fi +rlPhaseEnd + +rlPhaseStartCleanup + rlRun "fsfreeze -u $NDIR" + rlRun "umount $TDEV" + rlRun "losetup -d $TDEV" + rlRun "rm -f 64M.img" + rlRun "rm -rf $NDIR" + rlRun "rm -rf $ODIR" + rlRun "rm -rf $WDIR" +rlPhaseEnd + +rlJournalPrintText +rlJournalEnd diff --git a/tests/filesystem/ext4/inventory b/tests/filesystem/ext4/inventory new file mode 100755 index 000000000..fe5129040 --- /dev/null +++ b/tests/filesystem/ext4/inventory @@ -0,0 +1,3 @@ +#!/bin/bash +export TEST_DOCKER_EXTRA_ARGS="--privileged -v /dev:/dev" +exec merge-standard-inventory "$@" diff --git a/tests/memory.yml b/tests/memory.yml new file mode 100644 index 000000000..90c74a4c0 --- /dev/null +++ b/tests/memory.yml @@ -0,0 +1,15 @@ +--- +# Tests suitable to run in a classic environment +- hosts: localhost + tags: + - classic + roles: + - role: standard-test-beakerlib + tests: + - memory/memfd_create + required_packages: + - gcc + - libgcc + - glibc-devel + - glibc-static + ignore_errors: yes diff --git a/tests/memory/memfd_create/Makefile b/tests/memory/memfd_create/Makefile new file mode 100644 index 000000000..132cdb891 --- /dev/null +++ b/tests/memory/memfd_create/Makefile @@ -0,0 +1,70 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Description: memfd_create test +# Author: Shu Wang <shuwang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +TENV=_env +ifeq ($(PKG_TOP_DIR),) + export PKG_TOP_DIR := $(shell p=$$PWD; while :; do \ + [ -e $$p/env.mk -o -z "$$p" ] && { echo $$p; break; }; p=$${p%/*}; done) + export _TOP_DIR := $(shell p=$$PWD; while :; do \ + [ -d $$p/.git -o -z "$$p" ] && { echo $$p; break; }; p=$${p%/*}; done) + -include $(PKG_TOP_DIR)/env.mk +endif +include $(TENV) +ifeq ($(_TOP_DIR),) + _TOP_DIR=/mnt/tests/$(TOPLEVEL_NAMESPACE) +endif + +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE _env t_get_seals.c t_memfd_create.c + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Shu Wang <shuwang@redhat.com>" > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test for memfd_create syscall." >> $(METADATA) + @echo "Type: Function" >> $(METADATA) + @echo "TestTime: 20m" >> $(METADATA) + @echo "RunFor: kernel" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + rhts-lint $(METADATA) diff --git a/tests/memory/memfd_create/PURPOSE b/tests/memory/memfd_create/PURPOSE new file mode 100644 index 000000000..f588ec734 --- /dev/null +++ b/tests/memory/memfd_create/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE: +Description: tests for memfd_create syscall. +Author: Shu Wang <shuwang@redhat.com> diff --git a/tests/memory/memfd_create/_env b/tests/memory/memfd_create/_env new file mode 100644 index 000000000..5dd5fe078 --- /dev/null +++ b/tests/memory/memfd_create/_env @@ -0,0 +1,8 @@ +#This file was generated automatically,do not manually change it. +export TOPLEVEL_NAMESPACE=kernel +export PKG_NAMESPACE=kernel/general +export RELATIVE_PATH=memory/function/memfd_create +export PACKAGE=general +export PACKAGE_NAME=general +export PKG_LIST= +export TEST=/kernel/general/memory/function/memfd_create diff --git a/tests/memory/memfd_create/runtest.sh b/tests/memory/memfd_create/runtest.sh new file mode 100755 index 000000000..24dfeb5b6 --- /dev/null +++ b/tests/memory/memfd_create/runtest.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Description: memfd_create test +# Author: Shu Wang <shuwang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2016 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +gcc t_memfd_create.c -o t_memfd_create && +gcc t_get_seals.c -o t_get_seals +if [ $? != 0 ]; then + rlLog "memfd_create is not supported." + report_result Test_Skipped PASS 99 + exit 0 +fi + +function sanity_memfd_create() +{ + rlRun "./t_memfd_create memf 1024 gswS &" + rlRun "./t_get_seals /proc/$!/fd/3 > seals" + rlRun "cat ./seals" + rlAssertGrep "SEAL GROW WRITE SHRINK" ./seals + rlRun "pkill t_memfd_create" +} + + +rlJournalStart + rlPhaseStartTest "sanity" + sanity_memfd_create + rlPhaseEnd +rlJournalEnd +rlJournalPrintText diff --git a/tests/memory/memfd_create/t_get_seals.c b/tests/memory/memfd_create/t_get_seals.c new file mode 100644 index 000000000..8babe34d2 --- /dev/null +++ b/tests/memory/memfd_create/t_get_seals.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2016 Red Hat, Inc. + * + * This program is free software: you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be + * useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see http://www.gnu.org/licenses/. + * + */ + +#include <linux/fcntl.h> +#include <unistd.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \ +} while (0) + +int main(int argc, char *argv[]) +{ + int fd; + unsigned int seals; + + if (argc != 2) { + fprintf(stderr, "%s /proc/PID/fd/FD\n", argv[0]); + exit(EXIT_FAILURE); + } + + fd = open(argv[1], O_RDWR); + if (fd == -1) + errExit("open"); + + seals = fcntl(fd, F_GET_SEALS); + if (seals == -1) + errExit("fcntl"); + + printf("Existing seals:"); + if (seals & F_SEAL_SEAL) + printf(" SEAL"); + if (seals & F_SEAL_GROW) + printf(" GROW"); + if (seals & F_SEAL_WRITE) + printf(" WRITE"); + if (seals & F_SEAL_SHRINK) + printf(" SHRINK"); + printf("\n"); + + /* Code to map the file and access the contents of the + resulting mapping omitted */ + + exit(EXIT_SUCCESS); +} + diff --git a/tests/memory/memfd_create/t_memfd_create.c b/tests/memory/memfd_create/t_memfd_create.c new file mode 100644 index 000000000..73d641a6e --- /dev/null +++ b/tests/memory/memfd_create/t_memfd_create.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2016 Red Hat, Inc. + * + * This program is free software: you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be + * useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see http://www.gnu.org/licenses/. + * + */ + +#include <linux/memfd.h> +#include <linux/fcntl.h> +#include <sys/syscall.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <stdio.h> + +#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \ +} while (0) + +int main(int argc, char *argv[]) +{ + int fd; + unsigned int seals; + char *addr; + char *name, *seals_arg; + ssize_t len; + char* message = "this is a test message for memfd\n"; + + if (argc < 3) { + fprintf(stderr, "%s name size [seals]\n", argv[0]); + fprintf(stderr, "\t'seals' can contain any of the " + "following characters:\n"); + fprintf(stderr, "\t\tg - F_SEAL_GROW\n"); + fprintf(stderr, "\t\ts - F_SEAL_SHRINK\n"); + fprintf(stderr, "\t\tw - F_SEAL_WRITE\n"); + fprintf(stderr, "\t\tS - F_SEAL_SEAL\n"); + exit(EXIT_FAILURE); + } + + name = argv[1]; + len = atoi(argv[2]); + seals_arg = argv[3]; + + /* Create an anonymous file in tmpfs; allow seals to be + placed on the file */ + + fd = syscall(SYS_memfd_create, name, MFD_ALLOW_SEALING); + if (fd == -1) + errExit("memfd_create"); + + /* Size the file as specified on the command line */ + + if (ftruncate(fd, len) == -1) + errExit("truncate"); + + if (write(fd, message, strlen(message)) <= 0) + errExit("write"); + + //printf("PID: %ld; fd: %d; /proc/%ld/fd/%d\n", + // (long) getpid(), fd, (long) getpid(), fd); + printf("/proc/%ld/fd/%d\n", (long) getpid(), fd); + + /* Code to map the file and populate the mapping with data + omitted */ + + /* If a 'seals' command-line argument was supplied, set some + seals on the file */ + + if (seals_arg != NULL) { + seals = 0; + + if (strchr(seals_arg, 'g') != NULL) + seals |= F_SEAL_GROW; + if (strchr(seals_arg, 's') != NULL) + seals |= F_SEAL_SHRINK; + if (strchr(seals_arg, 'w') != NULL) + seals |= F_SEAL_WRITE; + if (strchr(seals_arg, 'S') != NULL) + seals |= F_SEAL_SEAL; + + if (fcntl(fd, F_ADD_SEALS, seals) == -1) + errExit("fcntl"); + } + + /* Keep running, so that the file created by memfd_create() + continues to exist */ + + pause(); + + exit(EXIT_SUCCESS); +} + diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 000000000..9e4fb3826 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,6 @@ +--- +- name: memory test + import_playbook: memory.yml + +- name: filesystem test + import_playbook: filesystem.yml |