selftests/timens: add a test for vfork+exit

* check that a child process is in parent's time namespace after vfork.
* check that a child process is in the target namespace after exec.

Output on success:
$ ./vfork_exec
1..1
ok 1 exec

Signed-off-by: Andrei Vagin <avagin@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220613060723.197407-2-avagin@gmail.com

diff --git a/tools/testing/selftests/timens/Makefile b/tools/testing/selftests/timens/Makefile
index 3a5936c..f0d51d4 100644 (file)
--- a/tools/testing/selftests/timens/Makefile
+++ b/tools/testing/selftests/timens/Makefile
@@ -1,4 +1,4 @@
-TEST_GEN_PROGS := timens timerfd timer clock_nanosleep procfs exec futex
+TEST_GEN_PROGS := timens timerfd timer clock_nanosleep procfs exec futex vfork_exec
 TEST_GEN_PROGS_EXTENDED := gettime_perf
 
 CFLAGS := -Wall -Werror -pthread

diff --git a/tools/testing/selftests/timens/vfork_exec.c b/tools/testing/selftests/timens/vfork_exec.c
new file mode 100644 (file)
index 0000000..e6ccd90
--- /dev/null
+++ b/tools/testing/selftests/timens/vfork_exec.c
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0
+#define _GNU_SOURCE
+#include <errno.h>
+#include <fcntl.h>
+#include <sched.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
+#include <string.h>
+
+#include "log.h"
+#include "timens.h"
+
+#define OFFSET (36000)
+
+int main(int argc, char *argv[])
+{
+       struct timespec now, tst;
+       int status, i;
+       pid_t pid;
+
+       if (argc > 1) {
+               if (sscanf(argv[1], "%ld", &now.tv_sec) != 1)
+                       return pr_perror("sscanf");
+
+               for (i = 0; i < 2; i++) {
+                       _gettime(CLOCK_MONOTONIC, &tst, i);
+                       if (abs(tst.tv_sec - now.tv_sec) > 5)
+                               return pr_fail("%ld %ld\n", now.tv_sec, tst.tv_sec);
+               }
+               return 0;
+       }
+
+       nscheck();
+
+       ksft_set_plan(1);
+
+       clock_gettime(CLOCK_MONOTONIC, &now);
+
+       if (unshare_timens())
+               return 1;
+
+       if (_settime(CLOCK_MONOTONIC, OFFSET))
+               return 1;
+
+       for (i = 0; i < 2; i++) {
+               _gettime(CLOCK_MONOTONIC, &tst, i);
+               if (abs(tst.tv_sec - now.tv_sec) > 5)
+                       return pr_fail("%ld %ld\n",
+                                       now.tv_sec, tst.tv_sec);
+       }
+
+       pid = vfork();
+       if (pid < 0)
+               return pr_perror("fork");
+
+       if (pid == 0) {
+               char now_str[64];
+               char *cargv[] = {"exec", now_str, NULL};
+               char *cenv[] = {NULL};
+
+               // Check that we are still in the source timens.
+               for (i = 0; i < 2; i++) {
+                       _gettime(CLOCK_MONOTONIC, &tst, i);
+                       if (abs(tst.tv_sec - now.tv_sec) > 5)
+                               return pr_fail("%ld %ld\n",
+                                               now.tv_sec, tst.tv_sec);
+               }
+
+               /* Check for proper vvar offsets after execve. */
+               snprintf(now_str, sizeof(now_str), "%ld", now.tv_sec + OFFSET);
+               execve("/proc/self/exe", cargv, cenv);
+               return pr_perror("execve");
+       }
+
+       if (waitpid(pid, &status, 0) != pid)
+               return pr_perror("waitpid");
+
+       if (status)
+               ksft_exit_fail();
+
+       ksft_test_result_pass("exec\n");
+       ksft_exit_pass();
+       return 0;
+}