execve fixes for v6.9-rc2

- Fix selftests to conform to the TAP output format (Muhammad Usama Anjum)
 
 - Fix NOMMU linux_binprm::exec pointer in auxv (Max Filippov)
 
 - Replace deprecated strncpy usage (Justin Stitt)
 
 - Replace another /bin/sh instance in selftests
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmYDT3sWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJjxlD/49PYpA4hMReEJ/01UkMn7IT2DP
 QWV9IfaPTodj9tjQngalhcF7r6O5guRR7MRfZxyaXriq4aJNzOLm2STmwSG1cOgP
 hP9D0HnMSc5CrqMJ2kSTr3ETK0a2mTivWl375TUgGdW+QJo7YYInHYaH2THhme1Z
 MkLHqSkruHw6YVvSvzoWiwZ4taiia7op8HbAEvJQiwnJdiVeCLIYbf2AxXNop2xv
 xcmoGkSh6KSiQ0XQ7VXs4LC3v/ElHBINSbChoXPBDY5kBWZybyxRwYCVt8mJftgF
 mVGXBFFpnaLU/gDayPg/Pyq9sW1bLpi8w0BBu419BVfAQ475K+YZ/V8nj4fm95e3
 gIWm3x1O48r0OxdzmPb5re/s7lG5uNLzzFEWIus18NmqgA8S1CyFveRB3Zh8LlXB
 9UEt4mlcgp/CLAo1Zv6IBe6UDcAf4AR4Tq+d+etmORTqHmM7n399XivNuft9myyB
 9ObLCfKvOa71uF0n714XLHc5STk2KTK70Me2L/H5gitSqjIEKFNQ5SOaSbsGImDv
 i4YPnptCJFTQumE0Tu5hna8uyjOXFIxq/zkfDmzc1wP8FcijwRx3UPoO6WlQsdfx
 5cmJSaIX1bhFC+4gxAoEHUDWPh/f4kLeDpIXX6NPH28Do1wxLnri3ryvkfgkw5Vj
 /1E03LXfcnnSbjQAPQ==
 =Siss
 -----END PGP SIGNATURE-----

Merge tag 'execve-v6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull execve fixes from Kees Cook:

 - Fix selftests to conform to the TAP output format (Muhammad Usama
   Anjum)

 - Fix NOMMU linux_binprm::exec pointer in auxv (Max Filippov)

 - Replace deprecated strncpy usage (Justin Stitt)

 - Replace another /bin/sh instance in selftests

* tag 'execve-v6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  binfmt: replace deprecated strncpy
  exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
  selftests/exec: Convert remaining /bin/sh to /bin/bash
  selftests/exec: execveat: Improve debug reporting
  selftests/exec: recursion-depth: conform test to TAP format output
  selftests/exec: load_address: conform test to TAP format output
  selftests/exec: binfmt_script: Add the overall result line according to TAP
This commit is contained in:
Linus Torvalds 2024-03-27 09:57:30 -07:00
commit f4a432914a
7 changed files with 62 additions and 56 deletions

View File

@ -1359,7 +1359,7 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
rcu_read_unlock(); rcu_read_unlock();
strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); get_task_comm(psinfo->pr_fname, p);
return 0; return 0;
} }

View File

@ -895,6 +895,7 @@ int transfer_args_to_stack(struct linux_binprm *bprm,
goto out; goto out;
} }
bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE;
*sp_location = sp; *sp_location = sp;
out: out:

View File

@ -19,8 +19,8 @@ include ../lib.mk
$(OUTPUT)/subdir: $(OUTPUT)/subdir:
mkdir -p $@ mkdir -p $@
$(OUTPUT)/script: $(OUTPUT)/script: Makefile
echo '#!/bin/sh' > $@ echo '#!/bin/bash' > $@
echo 'exit $$*' >> $@ echo 'exit $$*' >> $@
chmod +x $@ chmod +x $@
$(OUTPUT)/execveat.symlink: $(OUTPUT)/execveat $(OUTPUT)/execveat.symlink: $(OUTPUT)/execveat

View File

@ -16,6 +16,8 @@ SIZE=256
NAME_MAX=int(subprocess.check_output(["getconf", "NAME_MAX", "."])) NAME_MAX=int(subprocess.check_output(["getconf", "NAME_MAX", "."]))
test_num=0 test_num=0
pass_num=0
fail_num=0
code='''#!/usr/bin/perl code='''#!/usr/bin/perl
print "Executed interpreter! Args:\n"; print "Executed interpreter! Args:\n";
@ -42,7 +44,7 @@ foreach my $a (@ARGV) {
# ... # ...
def test(name, size, good=True, leading="", root="./", target="/perl", def test(name, size, good=True, leading="", root="./", target="/perl",
fill="A", arg="", newline="\n", hashbang="#!"): fill="A", arg="", newline="\n", hashbang="#!"):
global test_num, tests, NAME_MAX global test_num, pass_num, fail_num, tests, NAME_MAX
test_num += 1 test_num += 1
if test_num > tests: if test_num > tests:
raise ValueError("more binfmt_script tests than expected! (want %d, expected %d)" raise ValueError("more binfmt_script tests than expected! (want %d, expected %d)"
@ -80,16 +82,20 @@ def test(name, size, good=True, leading="", root="./", target="/perl",
if good: if good:
print("ok %d - binfmt_script %s (successful good exec)" print("ok %d - binfmt_script %s (successful good exec)"
% (test_num, name)) % (test_num, name))
pass_num += 1
else: else:
print("not ok %d - binfmt_script %s succeeded when it should have failed" print("not ok %d - binfmt_script %s succeeded when it should have failed"
% (test_num, name)) % (test_num, name))
fail_num = 1
else: else:
if good: if good:
print("not ok %d - binfmt_script %s failed when it should have succeeded (rc:%d)" print("not ok %d - binfmt_script %s failed when it should have succeeded (rc:%d)"
% (test_num, name, proc.returncode)) % (test_num, name, proc.returncode))
fail_num = 1
else: else:
print("ok %d - binfmt_script %s (correctly failed bad exec)" print("ok %d - binfmt_script %s (correctly failed bad exec)"
% (test_num, name)) % (test_num, name))
pass_num += 1
# Clean up crazy binaries # Clean up crazy binaries
os.unlink(script) os.unlink(script)
@ -166,6 +172,8 @@ test(name="two-under-trunc-arg", size=int(SIZE/2), arg=" ")
test(name="two-under-leading", size=int(SIZE/2), leading=" ") test(name="two-under-leading", size=int(SIZE/2), leading=" ")
test(name="two-under-lead-trunc-arg", size=int(SIZE/2), leading=" ", arg=" ") test(name="two-under-lead-trunc-arg", size=int(SIZE/2), leading=" ", arg=" ")
print("# Totals: pass:%d fail:%d xfail:0 xpass:0 skip:0 error:0" % (pass_num, fail_num))
if test_num != tests: if test_num != tests:
raise ValueError("fewer binfmt_script tests than expected! (ran %d, expected %d" raise ValueError("fewer binfmt_script tests than expected! (ran %d, expected %d"
% (test_num, tests)) % (test_num, tests))

View File

@ -98,10 +98,9 @@ static int check_execveat_invoked_rc(int fd, const char *path, int flags,
if (child == 0) { if (child == 0) {
/* Child: do execveat(). */ /* Child: do execveat(). */
rc = execveat_(fd, path, argv, envp, flags); rc = execveat_(fd, path, argv, envp, flags);
ksft_print_msg("execveat() failed, rc=%d errno=%d (%s)\n", ksft_print_msg("child execveat() failed, rc=%d errno=%d (%s)\n",
rc, errno, strerror(errno)); rc, errno, strerror(errno));
ksft_test_result_fail("%s\n", test_name); exit(errno);
exit(1); /* should not reach here */
} }
/* Parent: wait for & check child's exit status. */ /* Parent: wait for & check child's exit status. */
rc = waitpid(child, &status, 0); rc = waitpid(child, &status, 0);
@ -226,11 +225,14 @@ static int check_execveat_pathmax(int root_dfd, const char *src, int is_script)
* "If the command name is found, but it is not an executable utility, * "If the command name is found, but it is not an executable utility,
* the exit status shall be 126."), so allow either. * the exit status shall be 126."), so allow either.
*/ */
if (is_script) if (is_script) {
ksft_print_msg("Invoke script via root_dfd and relative filename\n");
fail += check_execveat_invoked_rc(root_dfd, longpath + 1, 0, fail += check_execveat_invoked_rc(root_dfd, longpath + 1, 0,
127, 126); 127, 126);
else } else {
ksft_print_msg("Invoke exec via root_dfd and relative filename\n");
fail += check_execveat(root_dfd, longpath + 1, 0); fail += check_execveat(root_dfd, longpath + 1, 0);
}
return fail; return fail;
} }

View File

@ -5,6 +5,7 @@
#include <link.h> #include <link.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include "../kselftest.h"
struct Statistics { struct Statistics {
unsigned long long load_address; unsigned long long load_address;
@ -41,28 +42,23 @@ int main(int argc, char **argv)
unsigned long long misalign; unsigned long long misalign;
int ret; int ret;
ret = dl_iterate_phdr(ExtractStatistics, &extracted); ksft_print_header();
if (ret != 1) { ksft_set_plan(1);
fprintf(stderr, "FAILED\n");
return 1;
}
if (extracted.alignment == 0) { ret = dl_iterate_phdr(ExtractStatistics, &extracted);
fprintf(stderr, "No alignment found\n"); if (ret != 1)
return 1; ksft_exit_fail_msg("FAILED: dl_iterate_phdr\n");
} else if (extracted.alignment & (extracted.alignment - 1)) {
fprintf(stderr, "Alignment is not a power of 2\n"); if (extracted.alignment == 0)
return 1; ksft_exit_fail_msg("FAILED: No alignment found\n");
} else if (extracted.alignment & (extracted.alignment - 1))
ksft_exit_fail_msg("FAILED: Alignment is not a power of 2\n");
misalign = extracted.load_address & (extracted.alignment - 1); misalign = extracted.load_address & (extracted.alignment - 1);
if (misalign) { if (misalign)
printf("alignment = %llu, load_address = %llu\n", ksft_exit_fail_msg("FAILED: alignment = %llu, load_address = %llu\n",
extracted.alignment, extracted.load_address); extracted.alignment, extracted.load_address);
fprintf(stderr, "FAILED\n");
return 1;
}
fprintf(stderr, "PASS\n"); ksft_test_result_pass("Completed\n");
return 0; ksft_finished();
} }

View File

@ -23,45 +23,44 @@
#include <fcntl.h> #include <fcntl.h>
#include <sys/mount.h> #include <sys/mount.h>
#include <unistd.h> #include <unistd.h>
#include "../kselftest.h"
int main(void) int main(void)
{ {
int fd, rv;
ksft_print_header();
ksft_set_plan(1);
if (unshare(CLONE_NEWNS) == -1) { if (unshare(CLONE_NEWNS) == -1) {
if (errno == ENOSYS || errno == EPERM) { if (errno == ENOSYS || errno == EPERM) {
fprintf(stderr, "error: unshare, errno %d\n", errno); ksft_test_result_skip("error: unshare, errno %d\n", errno);
return 4; ksft_finished();
} }
fprintf(stderr, "error: unshare, errno %d\n", errno); ksft_exit_fail_msg("error: unshare, errno %d\n", errno);
return 1;
}
if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) == -1) {
fprintf(stderr, "error: mount '/', errno %d\n", errno);
return 1;
} }
if (mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) == -1)
ksft_exit_fail_msg("error: mount '/', errno %d\n", errno);
/* Require "exec" filesystem. */ /* Require "exec" filesystem. */
if (mount(NULL, "/tmp", "ramfs", 0, NULL) == -1) { if (mount(NULL, "/tmp", "ramfs", 0, NULL) == -1)
fprintf(stderr, "error: mount ramfs, errno %d\n", errno); ksft_exit_fail_msg("error: mount ramfs, errno %d\n", errno);
return 1;
}
#define FILENAME "/tmp/1" #define FILENAME "/tmp/1"
int fd = creat(FILENAME, 0700); fd = creat(FILENAME, 0700);
if (fd == -1) { if (fd == -1)
fprintf(stderr, "error: creat, errno %d\n", errno); ksft_exit_fail_msg("error: creat, errno %d\n", errno);
return 1;
}
#define S "#!" FILENAME "\n" #define S "#!" FILENAME "\n"
if (write(fd, S, strlen(S)) != strlen(S)) { if (write(fd, S, strlen(S)) != strlen(S))
fprintf(stderr, "error: write, errno %d\n", errno); ksft_exit_fail_msg("error: write, errno %d\n", errno);
return 1;
}
close(fd); close(fd);
int rv = execve(FILENAME, NULL, NULL); rv = execve(FILENAME, NULL, NULL);
if (rv == -1 && errno == ELOOP) { ksft_test_result(rv == -1 && errno == ELOOP,
return 0; "execve failed as expected (ret %d, errno %d)\n", rv, errno);
} ksft_finished();
fprintf(stderr, "error: execve, rv %d, errno %d\n", rv, errno);
return 1;
} }