There's planned tests != run tests in pidfd_test when some test is
skipped:
$ ./pidfd_test
TAP version 13
1..8
[...]
# pidfd_send_signal signal recycled pid test: Skipping test
# Planned tests != run tests (8 != 7)
# Totals: pass:7 fail:0 xfail:0 xpass:0 skip:0 error:0
Fix by using ksft_test_result_skip():
$ ./pidfd_test
TAP version 13
1..8
[...]
ok 8 # SKIP pidfd_send_signal signal recycled pid test: Unsharing pid namespace not permitted
# Totals: pass:7 fail:0 xfail:0 xpass:0 skip:1 error:0
Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Drop unneeded <linux/wait.h> header inclusion to fix pidfd compilation
errors seen in Fedora 32:
In file included from pidfd_open_test.c:9:
../../../../usr/include/linux/wait.h:17:16: error: expected identifier before numeric constant
17 | #define P_ALL 0
| ^
Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Pull pidfd updates from Christian Brauner:
"This introduces a new extension to the pidfd_open() syscall. Users can
now raise the new PIDFD_NONBLOCK flag to support non-blocking pidfd
file descriptors. This has been requested for uses in async process
management libraries such as async-pidfd in Rust.
Ever since the introduction of pidfds and more advanced async io
various programming languages such as Rust have grown support for
async event libraries. These libraries are created to help build
epoll-based event loops around file descriptors. A common pattern is
to automatically make all file descriptors they manage to O_NONBLOCK.
For such libraries the EAGAIN error code is treated specially. When a
function is called that returns EAGAIN the function isn't called again
until the event loop indicates the the file descriptor is ready.
Supporting EAGAIN when waiting on pidfds makes such libraries just
work with little effort.
This introduces a new flag PIDFD_NONBLOCK that is equivalent to
O_NONBLOCK. This follows the same patterns we have for other (anon
inode) file descriptors such as EFD_NONBLOCK, IN_NONBLOCK,
SFD_NONBLOCK, TFD_NONBLOCK and the same for close-on-exec flags.
Passing a non-blocking pidfd to waitid() currently has no effect, i.e.
is not supported. There are users which would like to use waitid() on
pidfds that are O_NONBLOCK and mix it with pidfds that are blocking
and both pass them to waitid().
The expected behavior is to have waitid() return -EAGAIN for
non-blocking pidfds and to block for blocking pidfds without needing
to perform any additional checks for flags set on the pidfd before
passing it to waitid(). Non-blocking pidfds will return EAGAIN from
waitid() when no child process is ready yet. Returning -EAGAIN for
non-blocking pidfds makes it easier for event loops that handle EAGAIN
specially.
It also makes the API more consistent and uniform. In essence,
waitid() is treated like a read on a non-blocking pidfd or a recvmsg()
on a non-blocking socket.
With the addition of support for non-blocking pidfds we support the
same functionality that sockets do. For sockets() recvmsg() supports
MSG_DONTWAIT for pidfds waitid() supports WNOHANG. Both flags are
per-call options. In contrast non-blocking pidfds and non-blocking
sockets are a setting on an open file description affecting all
threads in the calling process as well as other processes that hold
file descriptors referring to the same open file description. Both
behaviors, per call and per open file description, have genuine
use-cases.
The interaction with the WNOHANG flag is documented as follows:
- If a non-blocking pidfd is passed and WNOHANG is not raised we
simply raise the WNOHANG flag internally. When do_wait() returns
indicating that there are eligible child processes but none have
exited yet we set EAGAIN. If no child process exists we continue
returning ECHILD.
- If a non-blocking pidfd is passed and WNOHANG is raised waitid()
will continue returning 0, i.e. it will not set EAGAIN. This ensure
backwards compatibility with applications passing WNOHANG
explicitly with pidfds"
* tag 'threads-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
tests: remove O_NONBLOCK before waiting for WSTOPPED
tests: add waitid() tests for non-blocking pidfds
tests: port pidfd_wait to kselftest harness
pidfd: support PIDFD_NONBLOCK in pidfd_open()
exit: support non-blocking pidfds
Naresh reported that selftests: pidfd: pidfd_wait hangs on linux next kernel on
x86_64, i386 and arm64 Juno-r2
These devices are using NFS mounted rootfs.
I have tested pidfd testcases independently and all test PASS.
The Hang or exit from test run noticed when run by run_kselftest.sh
pidfd_wait.c:208:wait_nonblock:Expected sys_waitid(P_PIDFD, pidfd,
&info, WSTOPPED, NULL) (-1) == 0 (0)
wait_nonblock: Test terminated by assertion
metadata:
git branch: master
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git commit: e64997027d5f171148687e58b78c8b3c869a6158
git describe: next-20200922
make_kernelversion: 5.9.0-rc6
kernel-config:
http://snapshots.linaro.org/openembedded/lkft/lkft/sumo/intel-core2-32/lkft/linux-next/865/config
The reason for this is a simple race in the selftests, that I overlooked and
which is more likely to hit when there's a lot of processes running on the
system. Basically the child process hasn't SIGSTOPed itself yet but the parent
is already calling waitid() on a O_NONBLOCK pidfd. Since it doesn't find a
WSTOPPED process it returns -EAGAIN correctly.
The fix for this is to move the line where we're removing the O_NONBLOCK
property from the fd before the waitid() WSTOPPED call so we hang until the
child becomes stopped.
Fixes: cd89597bbe ("tests: add waitid() tests for non-blocking pidfds")
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Link: https://lkft.validation.linaro.org/scheduler/job/1813223
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Verify that the PIDFD_NONBLOCK flag works with pidfd_open() and that
waitid() with a non-blocking pidfd returns EAGAIN:
TAP version 13
1..3
# Starting 3 tests from 1 test cases.
# RUN global.wait_simple ...
# OK global.wait_simple
ok 1 global.wait_simple
# RUN global.wait_states ...
# OK global.wait_states
ok 2 global.wait_states
# RUN global.wait_nonblock ...
# OK global.wait_nonblock
ok 3 global.wait_nonblock
# PASSED: 3 / 3 tests passed.
# Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Link: https://lore.kernel.org/r/20200902102130.147672-5-christian.brauner@ubuntu.com
Pull kselftest updates form Shuah Khan:
- TAP output reporting related fixes from Paolo Bonzini and Kees Cook.
These fixes make it skip reporting consistent with TAP format.
- Cleanup fixes to framework run_tests from Yauheni Kaliuta
* tag 'linux-kselftest-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (23 commits)
selftests/harness: Limit step counter reporting
selftests/seccomp: Check ENOSYS under tracing
selftests/seccomp: Refactor to use fixture variants
selftests/harness: Clean up kern-doc for fixtures
selftests: kmod: Add module address visibility test
Replace HTTP links with HTTPS ones: KMOD KERNEL MODULE LOADER - USERMODE HELPER
selftests: fix condition in run_tests
selftests: do not use .ONESHELL
selftests: pidfd: skip test if unshare fails with EPERM
selftests: pidfd: do not use ksft_exit_skip after ksft_set_plan
selftests/harness: Report skip reason
selftests/harness: Display signed values correctly
selftests/harness: Refactor XFAIL into SKIP
selftests/harness: Switch to TAP output
selftests: Add header documentation and helpers
selftests/binderfs: Fix harness API usage
selftests: Remove unneeded selftest API headers
selftests/clone3: Reorder reporting output
selftests: sync_test: do not use ksft_exit_skip after ksft_set_plan
selftests: sigaltstack: do not use ksft_exit_skip after ksft_set_plan
...
Similar to how ENOSYS causes a skip if pidfd_send_signal is not present,
we can do the same for unshare if it fails with EPERM. This way, running
the test without privileges causes four tests to skip but no early bail out.
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Calling ksft_exit_skip after ksft_set_plan results in executing fewer tests
than planned. Use ksft_test_result_skip instead.
The plan passed to ksft_set_plan was wrong, too, so fix it while at it.
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
This is basically a test-suite for setns() and as of now contains:
- test that we can't pass garbage flags
- test that we can't attach to the namespaces of task that has already exited
- test that we can incrementally setns into all namespaces of a target task
using a pidfd
- test that we can setns atomically into all namespaces of a target task
- test that we can't cross setns into a user namespace outside of our user
namespace hierarchy
- test that we can't setns into namespaces owned by user namespaces over which
we are not privileged
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20200505140432.181565-4-christian.brauner@ubuntu.com
Pull thread updates from Christian Brauner:
"The main change for this cycle was the extension for clone3() to
support spawning processes directly into cgroups via CLONE_INTO_CGROUP
(commit ef2c41cf38: "clone3: allow spawning processes
into cgroups").
But since I had to touch kernel/cgroup/ quite a bit I had Tejun route
that through his tree this time around to make it easier for him to
handle other changes.
So here is just the unexciting leftovers: a regression test for the
ENOMEM regression we fixed in commit b26ebfe12f ("pid: Fix error
return value in some cases") verifying that we report ENOMEM when
trying to create a new process in a pid namespace whose init
process/subreaper has already exited"
* tag 'threads-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
selftests: add pid namespace ENOMEM regression test
We recently regressed (cf. [1] and its corresponding fix in [2]) returning
ENOMEM when trying to create a process in a pid namespace whose init
process/child subreaper has already died. This has caused confusion at
least once before that (cf. [3]). Let's add a simple regression test to
catch this in the future.
[1]: 49cb2fc42c ("fork: extend clone3() to support setting a PID")
[2]: b26ebfe12f ("pid: Fix error return value in some cases")
[3]: 35f71bc0a0 ("fork: report pid reservation failure properly")
Cc: Corey Minyard <cminyard@mvista.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Adrian Reber <areber@redhat.com>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Andrei Vagin <avagin@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Add a test that checks that if pid namespaces are configured the fdinfo
file of a pidfd contains an NSpid: entry containing the process id in
the current and additionally all nested namespaces. In the case that
a pidfd is from a pid namespace not in the same namespace hierarchy as
the process accessing the fdinfo file, ensure the 'NSpid' shows 0 for
that pidfd, analogous to the 'Pid' entry.
Signed-off-by: Christian Kellner <christian@kellner.me>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20191014162034.2185-2-ckellner@redhat.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
