execve fixes for v6.9-rc2

- Fix selftests to conform to the TAP output format (Muhammad Usama Anjum)
 
 - Fix NOMMU linux_binprm::exec pointer in auxv (Max Filippov)
 
 - Replace deprecated strncpy usage (Justin Stitt)
 
 - Replace another /bin/sh instance in selftests
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmYDT3sWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJjxlD/49PYpA4hMReEJ/01UkMn7IT2DP
 QWV9IfaPTodj9tjQngalhcF7r6O5guRR7MRfZxyaXriq4aJNzOLm2STmwSG1cOgP
 hP9D0HnMSc5CrqMJ2kSTr3ETK0a2mTivWl375TUgGdW+QJo7YYInHYaH2THhme1Z
 MkLHqSkruHw6YVvSvzoWiwZ4taiia7op8HbAEvJQiwnJdiVeCLIYbf2AxXNop2xv
 xcmoGkSh6KSiQ0XQ7VXs4LC3v/ElHBINSbChoXPBDY5kBWZybyxRwYCVt8mJftgF
 mVGXBFFpnaLU/gDayPg/Pyq9sW1bLpi8w0BBu419BVfAQ475K+YZ/V8nj4fm95e3
 gIWm3x1O48r0OxdzmPb5re/s7lG5uNLzzFEWIus18NmqgA8S1CyFveRB3Zh8LlXB
 9UEt4mlcgp/CLAo1Zv6IBe6UDcAf4AR4Tq+d+etmORTqHmM7n399XivNuft9myyB
 9ObLCfKvOa71uF0n714XLHc5STk2KTK70Me2L/H5gitSqjIEKFNQ5SOaSbsGImDv
 i4YPnptCJFTQumE0Tu5hna8uyjOXFIxq/zkfDmzc1wP8FcijwRx3UPoO6WlQsdfx
 5cmJSaIX1bhFC+4gxAoEHUDWPh/f4kLeDpIXX6NPH28Do1wxLnri3ryvkfgkw5Vj
 /1E03LXfcnnSbjQAPQ==
 =Siss
 -----END PGP SIGNATURE-----

Merge tag 'execve-v6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull execve fixes from Kees Cook:

 - Fix selftests to conform to the TAP output format (Muhammad Usama
   Anjum)

 - Fix NOMMU linux_binprm::exec pointer in auxv (Max Filippov)

 - Replace deprecated strncpy usage (Justin Stitt)

 - Replace another /bin/sh instance in selftests

* tag 'execve-v6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  binfmt: replace deprecated strncpy
  exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
  selftests/exec: Convert remaining /bin/sh to /bin/bash
  selftests/exec: execveat: Improve debug reporting
  selftests/exec: recursion-depth: conform test to TAP format output
  selftests/exec: load_address: conform test to TAP format output
  selftests/exec: binfmt_script: Add the overall result line according to TAP
This commit is contained in:
Linus Torvalds 2024-03-27 09:57:30 -07:00
commit f4a432914a
7 changed files with 62 additions and 56 deletions

View File

@ -1359,7 +1359,7 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
rcu_read_unlock();
strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
get_task_comm(psinfo->pr_fname, p);
return 0;
}

View File

@ -895,6 +895,7 @@ int transfer_args_to_stack(struct linux_binprm *bprm,
goto out;
}
bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE;
*sp_location = sp;
out:

View File

@ -19,8 +19,8 @@ include ../lib.mk
$(OUTPUT)/subdir:
mkdir -p $@
$(OUTPUT)/script:
echo '#!/bin/sh' > $@
$(OUTPUT)/script: Makefile
echo '#!/bin/bash' > $@
echo 'exit $$*' >> $@
chmod +x $@
$(OUTPUT)/execveat.symlink: $(OUTPUT)/execveat

View File

@ -16,6 +16,8 @@ SIZE=256
NAME_MAX=int(subprocess.check_output(["getconf", "NAME_MAX", "."]))
test_num=0
pass_num=0
fail_num=0
code='''#!/usr/bin/perl
print "Executed interpreter! Args:\n";
@ -42,7 +44,7 @@ foreach my $a (@ARGV) {
# ...
def test(name, size, good=True, leading="", root="./", target="/perl",
fill="A", arg="", newline="\n", hashbang="#!"):
global test_num, tests, NAME_MAX
global test_num, pass_num, fail_num, tests, NAME_MAX
test_num += 1
if test_num > tests:
raise ValueError("more binfmt_script tests than expected! (want %d, expected %d)"
@ -80,16 +82,20 @@ def test(name, size, good=True, leading="", root="./", target="/perl",
if good:
print("ok %d - binfmt_script %s (successful good exec)"
% (test_num, name))
pass_num += 1
else:
print("not ok %d - binfmt_script %s succeeded when it should have failed"
% (test_num, name))
fail_num = 1
else:
if good:
print("not ok %d - binfmt_script %s failed when it should have succeeded (rc:%d)"
% (test_num, name, proc.returncode))
fail_num = 1
else:
print("ok %d - binfmt_script %s (correctly failed bad exec)"
% (test_num, name))
pass_num += 1
# Clean up crazy binaries
os.unlink(script)
@ -166,6 +172,8 @@ test(name="two-under-trunc-arg", size=int(SIZE/2), arg=" ")
test(name="two-under-leading", size=int(SIZE/2), leading=" ")
test(name="two-under-lead-trunc-arg", size=int(SIZE/2), leading=" ", arg=" ")
print("# Totals: pass:%d fail:%d xfail:0 xpass:0 skip:0 error:0" % (pass_num, fail_num))
if test_num != tests:
raise ValueError("fewer binfmt_script tests than expected! (ran %d, expected %d"
% (test_num, tests))

View File

@ -98,10 +98,9 @@ static int check_execveat_invoked_rc(int fd, const char *path, int flags,
if (child == 0) {
/* Child: do execveat(). */
rc = execveat_(fd, path, argv, envp, flags);
ksft_print_msg("execveat() failed, rc=%d errno=%d (%s)\n",
ksft_print_msg("child execveat() failed, rc=%d errno=%d (%s)\n",
rc, errno, strerror(errno));
ksft_test_result_fail("%s\n", test_name);
exit(1); /* should not reach here */
exit(errno);
}
/* Parent: wait for & check child's exit status. */
rc = waitpid(child, &status, 0);
@ -226,11 +225,14 @@ static int check_execveat_pathmax(int root_dfd, const char *src, int is_script)
* "If the command name is found, but it is not an executable utility,
* the exit status shall be 126."), so allow either.
*/
if (is_script)
if (is_script) {
ksft_print_msg("Invoke script via root_dfd and relative filename\n");
fail += check_execveat_invoked_rc(root_dfd, longpath + 1, 0,
127, 126);
else
} else {
ksft_print_msg("Invoke exec via root_dfd and relative filename\n");
fail += check_execveat(root_dfd, longpath + 1, 0);
}
return fail;
}

View File

@ -5,6 +5,7 @@
#include <link.h>
#include <stdio.h>
#include <stdlib.h>
#include "../kselftest.h"
struct Statistics {
unsigned long long load_address;
@ -41,28 +42,23 @@ int main(int argc, char **argv)
unsigned long long misalign;
int ret;
ret = dl_iterate_phdr(ExtractStatistics, &extracted);
if (ret != 1) {
fprintf(stderr, "FAILED\n");
return 1;
}
ksft_print_header();
ksft_set_plan(1);
if (extracted.alignment == 0) {
fprintf(stderr, "No alignment found\n");
return 1;
} else if (extracted.alignment & (extracted.alignment - 1)) {
fprintf(stderr, "Alignment is not a power of 2\n");
return 1;
}
ret = dl_iterate_phdr(ExtractStatistics, &extracted);
if (ret != 1)
ksft_exit_fail_msg("FAILED: dl_iterate_phdr\n");
if (extracted.alignment == 0)
ksft_exit_fail_msg("FAILED: No alignment found\n");
else if (extracted.alignment & (extracted.alignment - 1))
ksft_exit_fail_msg("FAILED: Alignment is not a power of 2\n");
misalign = extracted.load_address & (extracted.alignment - 1);
if (misalign) {
printf("alignment = %llu, load_address = %llu\n",
extracted.alignment, extracted.load_address);
fprintf(stderr, "FAILED\n");
return 1;
}
if (misalign)
ksft_exit_fail_msg("FAILED: alignment = %llu, load_address = %llu\n",
extracted.alignment, extracted.load_address);
fprintf(stderr, "PASS\n");
return 0;
ksft_test_result_pass("Completed\n");
ksft_finished();
}

View File

@ -23,45 +23,44 @@
#include <fcntl.h>
#include <sys/mount.h>
#include <unistd.h>
#include "../kselftest.h"
int main(void)
{
int fd, rv;
ksft_print_header();
ksft_set_plan(1);
if (unshare(CLONE_NEWNS) == -1) {
if (errno == ENOSYS || errno == EPERM) {
fprintf(stderr, "error: unshare, errno %d\n", errno);
return 4;
ksft_test_result_skip("error: unshare, errno %d\n", errno);
ksft_finished();
}
fprintf(stderr, "error: unshare, errno %d\n", errno);
return 1;
}
if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) == -1) {
fprintf(stderr, "error: mount '/', errno %d\n", errno);
return 1;
ksft_exit_fail_msg("error: unshare, errno %d\n", errno);
}
if (mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) == -1)
ksft_exit_fail_msg("error: mount '/', errno %d\n", errno);
/* Require "exec" filesystem. */
if (mount(NULL, "/tmp", "ramfs", 0, NULL) == -1) {
fprintf(stderr, "error: mount ramfs, errno %d\n", errno);
return 1;
}
if (mount(NULL, "/tmp", "ramfs", 0, NULL) == -1)
ksft_exit_fail_msg("error: mount ramfs, errno %d\n", errno);
#define FILENAME "/tmp/1"
int fd = creat(FILENAME, 0700);
if (fd == -1) {
fprintf(stderr, "error: creat, errno %d\n", errno);
return 1;
}
fd = creat(FILENAME, 0700);
if (fd == -1)
ksft_exit_fail_msg("error: creat, errno %d\n", errno);
#define S "#!" FILENAME "\n"
if (write(fd, S, strlen(S)) != strlen(S)) {
fprintf(stderr, "error: write, errno %d\n", errno);
return 1;
}
if (write(fd, S, strlen(S)) != strlen(S))
ksft_exit_fail_msg("error: write, errno %d\n", errno);
close(fd);
int rv = execve(FILENAME, NULL, NULL);
if (rv == -1 && errno == ELOOP) {
return 0;
}
fprintf(stderr, "error: execve, rv %d, errno %d\n", rv, errno);
return 1;
rv = execve(FILENAME, NULL, NULL);
ksft_test_result(rv == -1 && errno == ELOOP,
"execve failed as expected (ret %d, errno %d)\n", rv, errno);
ksft_finished();
}