Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 | // SPDX-License-Identifier: GPL-2.0 /* Test triggering of loading of firmware from different mount * namespaces. Expect firmware to be always loaded from the mount * namespace of PID 1. */ #define _GNU_SOURCE #include <errno.h> #include <fcntl.h> #include <sched.h> #include <stdarg.h> #include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/mount.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #ifndef CLONE_NEWNS # define CLONE_NEWNS 0x00020000 #endif static char *fw_path = NULL; static void die(char *fmt, ...) { va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); if (fw_path) unlink(fw_path); umount("/lib/firmware"); exit(EXIT_FAILURE); } static void trigger_fw(const char *fw_name, const char *sys_path) { int fd; fd = open(sys_path, O_WRONLY); if (fd < 0) die("open failed: %s\n", strerror(errno)); if (write(fd, fw_name, strlen(fw_name)) != strlen(fw_name)) exit(EXIT_FAILURE); close(fd); } static void setup_fw(const char *fw_path) { int fd; const char fw[] = "ABCD0123"; fd = open(fw_path, O_WRONLY | O_CREAT, 0600); if (fd < 0) die("open failed: %s\n", strerror(errno)); if (write(fd, fw, sizeof(fw) -1) != sizeof(fw) -1) die("write failed: %s\n", strerror(errno)); close(fd); } static bool test_fw_in_ns(const char *fw_name, const char *sys_path, bool block_fw_in_parent_ns) { pid_t child; if (block_fw_in_parent_ns) if (mount("test", "/lib/firmware", "tmpfs", MS_RDONLY, NULL) == -1) die("blocking firmware in parent ns failed\n"); child = fork(); if (child == -1) { die("fork failed: %s\n", strerror(errno)); } if (child != 0) { /* parent */ pid_t pid; int status; pid = waitpid(child, &status, 0); if (pid == -1) { die("waitpid failed: %s\n", strerror(errno)); } if (pid != child) { die("waited for %d got %d\n", child, pid); } if (!WIFEXITED(status)) { die("child did not terminate cleanly\n"); } if (block_fw_in_parent_ns) umount("/lib/firmware"); return WEXITSTATUS(status) == EXIT_SUCCESS; } if (unshare(CLONE_NEWNS) != 0) { die("unshare(CLONE_NEWNS) failed: %s\n", strerror(errno)); } if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) == -1) die("remount root in child ns failed\n"); if (!block_fw_in_parent_ns) { if (mount("test", "/lib/firmware", "tmpfs", MS_RDONLY, NULL) == -1) die("blocking firmware in child ns failed\n"); } else umount("/lib/firmware"); trigger_fw(fw_name, sys_path); exit(EXIT_SUCCESS); } int main(int argc, char **argv) { const char *fw_name = "test-firmware.bin"; char *sys_path; if (argc != 2) die("usage: %s sys_path\n", argv[0]); /* Mount tmpfs to /lib/firmware so we don't have to assume that it is writable for us.*/ if (mount("test", "/lib/firmware", "tmpfs", 0, NULL) == -1) die("mounting tmpfs to /lib/firmware failed\n"); sys_path = argv[1]; if (asprintf(&fw_path, "/lib/firmware/%s", fw_name) < 0) die("error: failed to build full fw_path\n"); setup_fw(fw_path); setvbuf(stdout, NULL, _IONBF, 0); /* Positive case: firmware in PID1 mount namespace */ printf("Testing with firmware in parent namespace (assumed to be same file system as PID1)\n"); if (!test_fw_in_ns(fw_name, sys_path, false)) die("error: failed to access firmware\n"); /* Negative case: firmware in child mount namespace, expected to fail */ printf("Testing with firmware in child namespace\n"); if (test_fw_in_ns(fw_name, sys_path, true)) die("error: firmware access did not fail\n"); unlink(fw_path); free(fw_path); umount("/lib/firmware"); exit(EXIT_SUCCESS); } |