1*053f45beSAndroid Build Coastguard Worker /*
2*053f45beSAndroid Build Coastguard Worker * Copyright © 2018 Alexey Dobriyan <[email protected]>
3*053f45beSAndroid Build Coastguard Worker *
4*053f45beSAndroid Build Coastguard Worker * Permission to use, copy, modify, and distribute this software for any
5*053f45beSAndroid Build Coastguard Worker * purpose with or without fee is hereby granted, provided that the above
6*053f45beSAndroid Build Coastguard Worker * copyright notice and this permission notice appear in all copies.
7*053f45beSAndroid Build Coastguard Worker *
8*053f45beSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9*053f45beSAndroid Build Coastguard Worker * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10*053f45beSAndroid Build Coastguard Worker * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11*053f45beSAndroid Build Coastguard Worker * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12*053f45beSAndroid Build Coastguard Worker * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13*053f45beSAndroid Build Coastguard Worker * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14*053f45beSAndroid Build Coastguard Worker * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15*053f45beSAndroid Build Coastguard Worker */
16*053f45beSAndroid Build Coastguard Worker // Test that /proc/$KERNEL_THREAD/fd/ is empty.
17*053f45beSAndroid Build Coastguard Worker
18*053f45beSAndroid Build Coastguard Worker #undef NDEBUG
19*053f45beSAndroid Build Coastguard Worker #include <sys/syscall.h>
20*053f45beSAndroid Build Coastguard Worker #include <assert.h>
21*053f45beSAndroid Build Coastguard Worker #include <dirent.h>
22*053f45beSAndroid Build Coastguard Worker #include <limits.h>
23*053f45beSAndroid Build Coastguard Worker #include <stdio.h>
24*053f45beSAndroid Build Coastguard Worker #include <string.h>
25*053f45beSAndroid Build Coastguard Worker #include <sys/types.h>
26*053f45beSAndroid Build Coastguard Worker #include <sys/stat.h>
27*053f45beSAndroid Build Coastguard Worker #include <fcntl.h>
28*053f45beSAndroid Build Coastguard Worker #include <unistd.h>
29*053f45beSAndroid Build Coastguard Worker
30*053f45beSAndroid Build Coastguard Worker #include "proc.h"
31*053f45beSAndroid Build Coastguard Worker
32*053f45beSAndroid Build Coastguard Worker #define PF_KHTREAD 0x00200000
33*053f45beSAndroid Build Coastguard Worker
34*053f45beSAndroid Build Coastguard Worker /*
35*053f45beSAndroid Build Coastguard Worker * Test for kernel threadness atomically with openat().
36*053f45beSAndroid Build Coastguard Worker *
37*053f45beSAndroid Build Coastguard Worker * Return /proc/$PID/fd descriptor if process is kernel thread.
38*053f45beSAndroid Build Coastguard Worker * Return -1 if a process is userspace process.
39*053f45beSAndroid Build Coastguard Worker */
kernel_thread_fd(unsigned int pid)40*053f45beSAndroid Build Coastguard Worker static int kernel_thread_fd(unsigned int pid)
41*053f45beSAndroid Build Coastguard Worker {
42*053f45beSAndroid Build Coastguard Worker unsigned int flags = 0;
43*053f45beSAndroid Build Coastguard Worker char buf[4096];
44*053f45beSAndroid Build Coastguard Worker int dir_fd, fd;
45*053f45beSAndroid Build Coastguard Worker ssize_t rv;
46*053f45beSAndroid Build Coastguard Worker
47*053f45beSAndroid Build Coastguard Worker snprintf(buf, sizeof(buf), "/proc/%u", pid);
48*053f45beSAndroid Build Coastguard Worker dir_fd = open(buf, O_RDONLY|O_DIRECTORY);
49*053f45beSAndroid Build Coastguard Worker if (dir_fd == -1)
50*053f45beSAndroid Build Coastguard Worker return -1;
51*053f45beSAndroid Build Coastguard Worker
52*053f45beSAndroid Build Coastguard Worker /*
53*053f45beSAndroid Build Coastguard Worker * Believe it or not, struct task_struct::flags is directly exposed
54*053f45beSAndroid Build Coastguard Worker * to userspace!
55*053f45beSAndroid Build Coastguard Worker */
56*053f45beSAndroid Build Coastguard Worker fd = openat(dir_fd, "stat", O_RDONLY);
57*053f45beSAndroid Build Coastguard Worker if (fd == -1) {
58*053f45beSAndroid Build Coastguard Worker close(dir_fd);
59*053f45beSAndroid Build Coastguard Worker return -1;
60*053f45beSAndroid Build Coastguard Worker }
61*053f45beSAndroid Build Coastguard Worker rv = read(fd, buf, sizeof(buf));
62*053f45beSAndroid Build Coastguard Worker close(fd);
63*053f45beSAndroid Build Coastguard Worker if (0 < rv && rv <= sizeof(buf)) {
64*053f45beSAndroid Build Coastguard Worker unsigned long long flags_ull;
65*053f45beSAndroid Build Coastguard Worker char *p, *end;
66*053f45beSAndroid Build Coastguard Worker int i;
67*053f45beSAndroid Build Coastguard Worker
68*053f45beSAndroid Build Coastguard Worker assert(buf[rv - 1] == '\n');
69*053f45beSAndroid Build Coastguard Worker buf[rv - 1] = '\0';
70*053f45beSAndroid Build Coastguard Worker
71*053f45beSAndroid Build Coastguard Worker /* Search backwards: ->comm can contain whitespace and ')'. */
72*053f45beSAndroid Build Coastguard Worker for (i = 0; i < 43; i++) {
73*053f45beSAndroid Build Coastguard Worker p = strrchr(buf, ' ');
74*053f45beSAndroid Build Coastguard Worker assert(p);
75*053f45beSAndroid Build Coastguard Worker *p = '\0';
76*053f45beSAndroid Build Coastguard Worker }
77*053f45beSAndroid Build Coastguard Worker
78*053f45beSAndroid Build Coastguard Worker p = strrchr(buf, ' ');
79*053f45beSAndroid Build Coastguard Worker assert(p);
80*053f45beSAndroid Build Coastguard Worker
81*053f45beSAndroid Build Coastguard Worker flags_ull = xstrtoull(p + 1, &end);
82*053f45beSAndroid Build Coastguard Worker assert(*end == '\0');
83*053f45beSAndroid Build Coastguard Worker assert(flags_ull == (unsigned int)flags_ull);
84*053f45beSAndroid Build Coastguard Worker
85*053f45beSAndroid Build Coastguard Worker flags = flags_ull;
86*053f45beSAndroid Build Coastguard Worker }
87*053f45beSAndroid Build Coastguard Worker
88*053f45beSAndroid Build Coastguard Worker fd = -1;
89*053f45beSAndroid Build Coastguard Worker if (flags & PF_KHTREAD) {
90*053f45beSAndroid Build Coastguard Worker fd = openat(dir_fd, "fd", O_RDONLY|O_DIRECTORY);
91*053f45beSAndroid Build Coastguard Worker }
92*053f45beSAndroid Build Coastguard Worker close(dir_fd);
93*053f45beSAndroid Build Coastguard Worker return fd;
94*053f45beSAndroid Build Coastguard Worker }
95*053f45beSAndroid Build Coastguard Worker
test_readdir(int fd)96*053f45beSAndroid Build Coastguard Worker static void test_readdir(int fd)
97*053f45beSAndroid Build Coastguard Worker {
98*053f45beSAndroid Build Coastguard Worker DIR *d;
99*053f45beSAndroid Build Coastguard Worker struct dirent *de;
100*053f45beSAndroid Build Coastguard Worker
101*053f45beSAndroid Build Coastguard Worker d = fdopendir(fd);
102*053f45beSAndroid Build Coastguard Worker assert(d);
103*053f45beSAndroid Build Coastguard Worker
104*053f45beSAndroid Build Coastguard Worker de = xreaddir(d);
105*053f45beSAndroid Build Coastguard Worker assert(streq(de->d_name, "."));
106*053f45beSAndroid Build Coastguard Worker assert(de->d_type == DT_DIR);
107*053f45beSAndroid Build Coastguard Worker
108*053f45beSAndroid Build Coastguard Worker de = xreaddir(d);
109*053f45beSAndroid Build Coastguard Worker assert(streq(de->d_name, ".."));
110*053f45beSAndroid Build Coastguard Worker assert(de->d_type == DT_DIR);
111*053f45beSAndroid Build Coastguard Worker
112*053f45beSAndroid Build Coastguard Worker de = xreaddir(d);
113*053f45beSAndroid Build Coastguard Worker assert(!de);
114*053f45beSAndroid Build Coastguard Worker }
115*053f45beSAndroid Build Coastguard Worker
sys_statx(int dirfd,const char * pathname,int flags,unsigned int mask,void * stx)116*053f45beSAndroid Build Coastguard Worker static inline int sys_statx(int dirfd, const char *pathname, int flags,
117*053f45beSAndroid Build Coastguard Worker unsigned int mask, void *stx)
118*053f45beSAndroid Build Coastguard Worker {
119*053f45beSAndroid Build Coastguard Worker return syscall(SYS_statx, dirfd, pathname, flags, mask, stx);
120*053f45beSAndroid Build Coastguard Worker }
121*053f45beSAndroid Build Coastguard Worker
test_lookup_fail(int fd,const char * pathname)122*053f45beSAndroid Build Coastguard Worker static void test_lookup_fail(int fd, const char *pathname)
123*053f45beSAndroid Build Coastguard Worker {
124*053f45beSAndroid Build Coastguard Worker char stx[256] __attribute__((aligned(8)));
125*053f45beSAndroid Build Coastguard Worker int rv;
126*053f45beSAndroid Build Coastguard Worker
127*053f45beSAndroid Build Coastguard Worker rv = sys_statx(fd, pathname, AT_SYMLINK_NOFOLLOW, 0, (void *)stx);
128*053f45beSAndroid Build Coastguard Worker assert(rv == -1 && errno == ENOENT);
129*053f45beSAndroid Build Coastguard Worker }
130*053f45beSAndroid Build Coastguard Worker
test_lookup(int fd)131*053f45beSAndroid Build Coastguard Worker static void test_lookup(int fd)
132*053f45beSAndroid Build Coastguard Worker {
133*053f45beSAndroid Build Coastguard Worker char buf[64];
134*053f45beSAndroid Build Coastguard Worker unsigned int u;
135*053f45beSAndroid Build Coastguard Worker int i;
136*053f45beSAndroid Build Coastguard Worker
137*053f45beSAndroid Build Coastguard Worker for (i = INT_MIN; i < INT_MIN + 1024; i++) {
138*053f45beSAndroid Build Coastguard Worker snprintf(buf, sizeof(buf), "%d", i);
139*053f45beSAndroid Build Coastguard Worker test_lookup_fail(fd, buf);
140*053f45beSAndroid Build Coastguard Worker }
141*053f45beSAndroid Build Coastguard Worker for (i = -1024; i < 1024; i++) {
142*053f45beSAndroid Build Coastguard Worker snprintf(buf, sizeof(buf), "%d", i);
143*053f45beSAndroid Build Coastguard Worker test_lookup_fail(fd, buf);
144*053f45beSAndroid Build Coastguard Worker }
145*053f45beSAndroid Build Coastguard Worker for (u = INT_MAX - 1024; u < (unsigned int)INT_MAX + 1024; u++) {
146*053f45beSAndroid Build Coastguard Worker snprintf(buf, sizeof(buf), "%u", u);
147*053f45beSAndroid Build Coastguard Worker test_lookup_fail(fd, buf);
148*053f45beSAndroid Build Coastguard Worker }
149*053f45beSAndroid Build Coastguard Worker for (u = UINT_MAX - 1024; u != 0; u++) {
150*053f45beSAndroid Build Coastguard Worker snprintf(buf, sizeof(buf), "%u", u);
151*053f45beSAndroid Build Coastguard Worker test_lookup_fail(fd, buf);
152*053f45beSAndroid Build Coastguard Worker }
153*053f45beSAndroid Build Coastguard Worker }
154*053f45beSAndroid Build Coastguard Worker
main(void)155*053f45beSAndroid Build Coastguard Worker int main(void)
156*053f45beSAndroid Build Coastguard Worker {
157*053f45beSAndroid Build Coastguard Worker unsigned int pid;
158*053f45beSAndroid Build Coastguard Worker int fd;
159*053f45beSAndroid Build Coastguard Worker
160*053f45beSAndroid Build Coastguard Worker /*
161*053f45beSAndroid Build Coastguard Worker * In theory this will loop indefinitely if kernel threads are exiled
162*053f45beSAndroid Build Coastguard Worker * from /proc.
163*053f45beSAndroid Build Coastguard Worker *
164*053f45beSAndroid Build Coastguard Worker * Start with kthreadd.
165*053f45beSAndroid Build Coastguard Worker */
166*053f45beSAndroid Build Coastguard Worker pid = 2;
167*053f45beSAndroid Build Coastguard Worker while ((fd = kernel_thread_fd(pid)) == -1 && pid < 1024) {
168*053f45beSAndroid Build Coastguard Worker pid++;
169*053f45beSAndroid Build Coastguard Worker }
170*053f45beSAndroid Build Coastguard Worker /* EACCES if run as non-root. */
171*053f45beSAndroid Build Coastguard Worker if (pid >= 1024)
172*053f45beSAndroid Build Coastguard Worker return 1;
173*053f45beSAndroid Build Coastguard Worker
174*053f45beSAndroid Build Coastguard Worker test_readdir(fd);
175*053f45beSAndroid Build Coastguard Worker test_lookup(fd);
176*053f45beSAndroid Build Coastguard Worker
177*053f45beSAndroid Build Coastguard Worker return 0;
178*053f45beSAndroid Build Coastguard Worker }
179