1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (c) 2014 Google, Inc.
4 *
5 * Selftests for execveat(2).
6 */
7
8#ifndef _GNU_SOURCE
9#define _GNU_SOURCE /* to get O_PATH, AT_EMPTY_PATH */
10#endif
11#include <sys/sendfile.h>
12#include <sys/stat.h>
13#include <sys/syscall.h>
14#include <sys/types.h>
15#include <sys/wait.h>
16#include <errno.h>
17#include <fcntl.h>
18#include <limits.h>
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22#include <unistd.h>
23
24#include "../kselftest.h"
25
26#define TESTS_EXPECTED 51
27#define TEST_NAME_LEN (PATH_MAX * 4)
28
29static char longpath[2 * PATH_MAX] = "";
30static char *envp[] = { "IN_TEST=yes", NULL, NULL };
31static char *argv[] = { "execveat", "99", NULL };
32
33static int execveat_(int fd, const char *path, char **argv, char **envp,
34 int flags)
35{
36#ifdef __NR_execveat
37 return syscall(__NR_execveat, fd, path, argv, envp, flags);
38#else
39 errno = ENOSYS;
40 return -1;
41#endif
42}
43
44#define check_execveat_fail(fd, path, flags, errno) \
45 _check_execveat_fail(fd, path, flags, errno, #errno)
46static int _check_execveat_fail(int fd, const char *path, int flags,
47 int expected_errno, const char *errno_str)
48{
49 char test_name[TEST_NAME_LEN];
50 int rc;
51
52 errno = 0;
53 snprintf(test_name, sizeof(test_name),
54 "Check failure of execveat(%d, '%s', %d) with %s",
55 fd, path?:"(null)", flags, errno_str);
56 rc = execveat_(fd, path, argv, envp, flags);
57
58 if (rc > 0) {
59 ksft_print_msg(msg: "unexpected success from execveat(2)\n");
60 ksft_test_result_fail(msg: "%s\n", test_name);
61 return 1;
62 }
63 if (errno != expected_errno) {
64 ksft_print_msg(msg: "expected errno %d (%s) not %d (%s)\n",
65 expected_errno, strerror(expected_errno),
66 errno, strerror(errno));
67 ksft_test_result_fail(msg: "%s\n", test_name);
68 return 1;
69 }
70 ksft_test_result_pass(msg: "%s\n", test_name);
71 return 0;
72}
73
74static int check_execveat_invoked_rc(int fd, const char *path, int flags,
75 int expected_rc, int expected_rc2)
76{
77 char test_name[TEST_NAME_LEN];
78 int status;
79 int rc;
80 pid_t child;
81 int pathlen = path ? strlen(path) : 0;
82
83 if (pathlen > 40)
84 snprintf(test_name, sizeof(test_name),
85 "Check success of execveat(%d, '%.20s...%s', %d)... ",
86 fd, path, (path + pathlen - 20), flags);
87 else
88 snprintf(test_name, sizeof(test_name),
89 "Check success of execveat(%d, '%s', %d)... ",
90 fd, path?:"(null)", flags);
91
92 child = fork();
93 if (child < 0) {
94 ksft_perror(msg: "fork() failed");
95 ksft_test_result_fail(msg: "%s\n", test_name);
96 return 1;
97 }
98 if (child == 0) {
99 /* Child: do execveat(). */
100 rc = execveat_(fd, path, argv, envp, flags);
101 ksft_print_msg(msg: "child execveat() failed, rc=%d errno=%d (%s)\n",
102 rc, errno, strerror(errno));
103 exit(errno);
104 }
105 /* Parent: wait for & check child's exit status. */
106 rc = waitpid(child, &status, 0);
107 if (rc != child) {
108 ksft_print_msg("waitpid(%d,...) returned %d\n", child, rc);
109 ksft_test_result_fail(msg: "%s\n", test_name);
110 return 1;
111 }
112 if (!WIFEXITED(status)) {
113 ksft_print_msg("child %d did not exit cleanly, status=%08x\n",
114 child, status);
115 ksft_test_result_fail(msg: "%s\n", test_name);
116 return 1;
117 }
118 if ((WEXITSTATUS(status) != expected_rc) &&
119 (WEXITSTATUS(status) != expected_rc2)) {
120 ksft_print_msg("child %d exited with %d not %d nor %d\n",
121 child, WEXITSTATUS(status), expected_rc,
122 expected_rc2);
123 ksft_test_result_fail(msg: "%s\n", test_name);
124 return 1;
125 }
126 ksft_test_result_pass(msg: "%s\n", test_name);
127 return 0;
128}
129
130static int check_execveat(int fd, const char *path, int flags)
131{
132 return check_execveat_invoked_rc(fd, path, flags, expected_rc: 99, expected_rc2: 99);
133}
134
135static char *concat(const char *left, const char *right)
136{
137 char *result = malloc(strlen(left) + strlen(right) + 1);
138
139 strcpy(result, left);
140 strcat(result, right);
141 return result;
142}
143
144static int open_or_die(const char *filename, int flags)
145{
146 int fd = open(filename, flags);
147
148 if (fd < 0)
149 ksft_exit_fail_msg(msg: "Failed to open '%s'; "
150 "check prerequisites are available\n", filename);
151 return fd;
152}
153
154static void exe_cp(const char *src, const char *dest)
155{
156 int in_fd = open_or_die(filename: src, flags: O_RDONLY);
157 int out_fd = open(dest, O_RDWR|O_CREAT|O_TRUNC, 0755);
158 struct stat info;
159
160 fstat(in_fd, &info);
161 sendfile(out_fd, in_fd, NULL, info.st_size);
162 close(in_fd);
163 close(out_fd);
164}
165
166#define XX_DIR_LEN 200
167static int check_execveat_pathmax(int root_dfd, const char *src, int is_script)
168{
169 int fail = 0;
170 int ii, count, len;
171 char longname[XX_DIR_LEN + 1];
172 int fd;
173
174 if (*longpath == '\0') {
175 /* Create a filename close to PATH_MAX in length */
176 char *cwd = getcwd(NULL, 0);
177
178 if (!cwd) {
179 ksft_perror(msg: "Failed to getcwd()");
180 return 2;
181 }
182 strcpy(longpath, cwd);
183 strcat(longpath, "/");
184 memset(longname, 'x', XX_DIR_LEN - 1);
185 longname[XX_DIR_LEN - 1] = '/';
186 longname[XX_DIR_LEN] = '\0';
187 count = (PATH_MAX - 3 - strlen(cwd)) / XX_DIR_LEN;
188 for (ii = 0; ii < count; ii++) {
189 strcat(longpath, longname);
190 mkdir(longpath, 0755);
191 }
192 len = (PATH_MAX - 3 - strlen(cwd)) - (count * XX_DIR_LEN);
193 if (len <= 0)
194 len = 1;
195 memset(longname, 'y', len);
196 longname[len] = '\0';
197 strcat(longpath, longname);
198 free(cwd);
199 }
200 exe_cp(src, dest: longpath);
201
202 /*
203 * Execute as a pre-opened file descriptor, which works whether this is
204 * a script or not (because the interpreter sees a filename like
205 * "/dev/fd/20").
206 */
207 fd = open(longpath, O_RDONLY);
208 if (fd > 0) {
209 ksft_print_msg(msg: "Invoke copy of '%s' via filename of length %zu:\n",
210 src, strlen(longpath));
211 fail += check_execveat(fd, path: "", flags: AT_EMPTY_PATH);
212 } else {
213 ksft_print_msg(msg: "Failed to open length %zu filename, errno=%d (%s)\n",
214 strlen(longpath), errno, strerror(errno));
215 fail++;
216 }
217
218 /*
219 * Execute as a long pathname relative to "/". If this is a script,
220 * the interpreter will launch but fail to open the script because its
221 * name ("/dev/fd/5/xxx....") is bigger than PATH_MAX.
222 *
223 * The failure code is usually 127 (POSIX: "If a command is not found,
224 * the exit status shall be 127."), but some systems give 126 (POSIX:
225 * "If the command name is found, but it is not an executable utility,
226 * the exit status shall be 126."), so allow either.
227 */
228 if (is_script) {
229 ksft_print_msg(msg: "Invoke script via root_dfd and relative filename\n");
230 fail += check_execveat_invoked_rc(fd: root_dfd, path: longpath + 1, flags: 0,
231 expected_rc: 127, expected_rc2: 126);
232 } else {
233 ksft_print_msg(msg: "Invoke exec via root_dfd and relative filename\n");
234 fail += check_execveat(fd: root_dfd, path: longpath + 1, flags: 0);
235 }
236
237 return fail;
238}
239
240static int run_tests(void)
241{
242 int fail = 0;
243 char *fullname = realpath("execveat", NULL);
244 char *fullname_script = realpath("script", NULL);
245 char *fullname_symlink = concat(left: fullname, right: ".symlink");
246 int subdir_dfd = open_or_die("subdir", O_DIRECTORY|O_RDONLY);
247 int subdir_dfd_ephemeral = open_or_die("subdir.ephemeral",
248 O_DIRECTORY|O_RDONLY);
249 int dot_dfd = open_or_die(".", O_DIRECTORY|O_RDONLY);
250 int root_dfd = open_or_die("/", O_DIRECTORY|O_RDONLY);
251 int dot_dfd_path = open_or_die(".", O_DIRECTORY|O_RDONLY|O_PATH);
252 int dot_dfd_cloexec = open_or_die(".", O_DIRECTORY|O_RDONLY|O_CLOEXEC);
253 int fd = open_or_die("execveat", O_RDONLY);
254 int fd_path = open_or_die("execveat", O_RDONLY|O_PATH);
255 int fd_symlink = open_or_die("execveat.symlink", O_RDONLY);
256 int fd_denatured = open_or_die("execveat.denatured", O_RDONLY);
257 int fd_denatured_path = open_or_die("execveat.denatured",
258 O_RDONLY|O_PATH);
259 int fd_script = open_or_die("script", O_RDONLY);
260 int fd_ephemeral = open_or_die("execveat.ephemeral", O_RDONLY);
261 int fd_ephemeral_path = open_or_die("execveat.path.ephemeral",
262 O_RDONLY|O_PATH);
263 int fd_script_ephemeral = open_or_die("script.ephemeral", O_RDONLY);
264 int fd_cloexec = open_or_die("execveat", O_RDONLY|O_CLOEXEC);
265 int fd_script_cloexec = open_or_die("script", O_RDONLY|O_CLOEXEC);
266
267 /* Check if we have execveat at all, and bail early if not */
268 errno = 0;
269 execveat_(-1, NULL, NULL, NULL, 0);
270 if (errno == ENOSYS) {
271 ksft_exit_skip(
272 msg: "ENOSYS calling execveat - no kernel support?\n");
273 }
274
275 /* Change file position to confirm it doesn't affect anything */
276 lseek(fd, 10, SEEK_SET);
277
278 /* Normal executable file: */
279 /* dfd + path */
280 fail += check_execveat(fd: subdir_dfd, path: "../execveat", flags: 0);
281 fail += check_execveat(fd: dot_dfd, path: "execveat", flags: 0);
282 fail += check_execveat(fd: dot_dfd_path, path: "execveat", flags: 0);
283 /* absolute path */
284 fail += check_execveat(AT_FDCWD, fullname, 0);
285 /* absolute path with nonsense dfd */
286 fail += check_execveat(fd: 99, path: fullname, flags: 0);
287 /* fd + no path */
288 fail += check_execveat(fd, "", AT_EMPTY_PATH);
289 /* O_CLOEXEC fd + no path */
290 fail += check_execveat(fd_cloexec, "", AT_EMPTY_PATH);
291 /* O_PATH fd */
292 fail += check_execveat(fd_path, "", AT_EMPTY_PATH);
293
294 /* Mess with executable file that's already open: */
295 /* fd + no path to a file that's been renamed */
296 rename("execveat.ephemeral", "execveat.moved");
297 fail += check_execveat(fd_ephemeral, "", AT_EMPTY_PATH);
298 /* fd + no path to a file that's been deleted */
299 unlink("execveat.moved"); /* remove the file now fd open */
300 fail += check_execveat(fd_ephemeral, "", AT_EMPTY_PATH);
301
302 /* Mess with executable file that's already open with O_PATH */
303 /* fd + no path to a file that's been deleted */
304 unlink("execveat.path.ephemeral");
305 fail += check_execveat(fd_ephemeral_path, "", AT_EMPTY_PATH);
306
307 /* Invalid argument failures */
308 fail += check_execveat_fail(fd, "", 0, ENOENT);
309 fail += check_execveat_fail(fd, NULL, AT_EMPTY_PATH, EFAULT);
310
311 /* Symlink to executable file: */
312 /* dfd + path */
313 fail += check_execveat(fd: dot_dfd, path: "execveat.symlink", flags: 0);
314 fail += check_execveat(fd: dot_dfd_path, path: "execveat.symlink", flags: 0);
315 /* absolute path */
316 fail += check_execveat(AT_FDCWD, fullname_symlink, 0);
317 /* fd + no path, even with AT_SYMLINK_NOFOLLOW (already followed) */
318 fail += check_execveat(fd_symlink, "", AT_EMPTY_PATH);
319 fail += check_execveat(fd_symlink, "",
320 AT_EMPTY_PATH|AT_SYMLINK_NOFOLLOW);
321
322 /* Symlink fails when AT_SYMLINK_NOFOLLOW set: */
323 /* dfd + path */
324 fail += check_execveat_fail(dot_dfd, "execveat.symlink",
325 AT_SYMLINK_NOFOLLOW, ELOOP);
326 fail += check_execveat_fail(dot_dfd_path, "execveat.symlink",
327 AT_SYMLINK_NOFOLLOW, ELOOP);
328 /* absolute path */
329 fail += check_execveat_fail(AT_FDCWD, fullname_symlink,
330 AT_SYMLINK_NOFOLLOW, ELOOP);
331
332 /* Non-regular file failure */
333 fail += check_execveat_fail(dot_dfd, "pipe", 0, EACCES);
334 unlink("pipe");
335
336 /* Shell script wrapping executable file: */
337 /* dfd + path */
338 fail += check_execveat(fd: subdir_dfd, path: "../script", flags: 0);
339 fail += check_execveat(fd: dot_dfd, path: "script", flags: 0);
340 fail += check_execveat(fd: dot_dfd_path, path: "script", flags: 0);
341 /* absolute path */
342 fail += check_execveat(AT_FDCWD, fullname_script, 0);
343 /* fd + no path */
344 fail += check_execveat(fd_script, "", AT_EMPTY_PATH);
345 fail += check_execveat(fd_script, "",
346 AT_EMPTY_PATH|AT_SYMLINK_NOFOLLOW);
347 /* O_CLOEXEC fd fails for a script (as script file inaccessible) */
348 fail += check_execveat_fail(fd_script_cloexec, "", AT_EMPTY_PATH,
349 ENOENT);
350 fail += check_execveat_fail(dot_dfd_cloexec, "script", 0, ENOENT);
351
352 /* Mess with script file that's already open: */
353 /* fd + no path to a file that's been renamed */
354 rename("script.ephemeral", "script.moved");
355 fail += check_execveat(fd_script_ephemeral, "", AT_EMPTY_PATH);
356 /* fd + no path to a file that's been deleted */
357 unlink("script.moved"); /* remove the file while fd open */
358 fail += check_execveat(fd_script_ephemeral, "", AT_EMPTY_PATH);
359
360 /* Rename a subdirectory in the path: */
361 rename("subdir.ephemeral", "subdir.moved");
362 fail += check_execveat(fd: subdir_dfd_ephemeral, path: "../script", flags: 0);
363 fail += check_execveat(fd: subdir_dfd_ephemeral, path: "script", flags: 0);
364 /* Remove the subdir and its contents */
365 unlink("subdir.moved/script");
366 unlink("subdir.moved");
367 /* Shell loads via deleted subdir OK because name starts with .. */
368 fail += check_execveat(fd: subdir_dfd_ephemeral, path: "../script", flags: 0);
369 fail += check_execveat_fail(subdir_dfd_ephemeral, "script", 0, ENOENT);
370
371 /* Flag values other than AT_SYMLINK_NOFOLLOW => EINVAL */
372 fail += check_execveat_fail(dot_dfd, "execveat", 0xFFFF, EINVAL);
373 /* Invalid path => ENOENT */
374 fail += check_execveat_fail(dot_dfd, "no-such-file", 0, ENOENT);
375 fail += check_execveat_fail(dot_dfd_path, "no-such-file", 0, ENOENT);
376 fail += check_execveat_fail(AT_FDCWD, "no-such-file", 0, ENOENT);
377 /* Attempt to execute directory => EACCES */
378 fail += check_execveat_fail(dot_dfd, "", AT_EMPTY_PATH, EACCES);
379 /* Attempt to execute non-executable => EACCES */
380 fail += check_execveat_fail(dot_dfd, "Makefile", 0, EACCES);
381 fail += check_execveat_fail(fd_denatured, "", AT_EMPTY_PATH, EACCES);
382 fail += check_execveat_fail(fd_denatured_path, "", AT_EMPTY_PATH,
383 EACCES);
384 /* Attempt to execute nonsense FD => EBADF */
385 fail += check_execveat_fail(99, "", AT_EMPTY_PATH, EBADF);
386 fail += check_execveat_fail(99, "execveat", 0, EBADF);
387 /* Attempt to execute relative to non-directory => ENOTDIR */
388 fail += check_execveat_fail(fd, "execveat", 0, ENOTDIR);
389
390 fail += check_execveat_pathmax(root_dfd, src: "execveat", is_script: 0);
391 fail += check_execveat_pathmax(root_dfd, src: "script", is_script: 1);
392 return fail;
393}
394
395static void prerequisites(void)
396{
397 int fd;
398 const char *script = "#!/bin/bash\nexit $*\n";
399
400 /* Create ephemeral copies of files */
401 exe_cp(src: "execveat", dest: "execveat.ephemeral");
402 exe_cp(src: "execveat", dest: "execveat.path.ephemeral");
403 exe_cp(src: "script", dest: "script.ephemeral");
404 mkdir("subdir.ephemeral", 0755);
405
406 fd = open("subdir.ephemeral/script", O_RDWR|O_CREAT|O_TRUNC, 0755);
407 write(fd, script, strlen(script));
408 close(fd);
409
410 mkfifo("pipe", 0755);
411}
412
413int main(int argc, char **argv)
414{
415 int ii;
416 int rc;
417 const char *verbose = getenv("VERBOSE");
418
419 if (argc >= 2) {
420 /* If we are invoked with an argument, don't run tests. */
421 const char *in_test = getenv("IN_TEST");
422
423 if (verbose) {
424 ksft_print_msg(msg: "invoked with:\n");
425 for (ii = 0; ii < argc; ii++)
426 ksft_print_msg(msg: "\t[%d]='%s\n'", ii, argv[ii]);
427 }
428
429 /* Check expected environment transferred. */
430 if (!in_test || strcmp(in_test, "yes") != 0) {
431 ksft_print_msg(msg: "no IN_TEST=yes in env\n");
432 return 1;
433 }
434
435 /* Use the final argument as an exit code. */
436 rc = atoi(argv[argc - 1]);
437 exit(rc);
438 } else {
439 ksft_print_header();
440 ksft_set_plan(TESTS_EXPECTED);
441 prerequisites();
442 if (verbose)
443 envp[1] = "VERBOSE=1";
444 rc = run_tests();
445 if (rc > 0)
446 printf("%d tests failed\n", rc);
447 ksft_finished();
448 }
449
450 return rc;
451}
452

source code of linux/tools/testing/selftests/exec/execveat.c