On Fri, Apr 26, 2024 at 12:47:16PM -0700, Kees Cook wrote:
On Fri, Apr 26, 2024 at 07:22:52PM +0200, Mickaël Salaün wrote:
Setting the time namespace with CLONE_NEWTIME returns -EUSERS if the calling thread shares memory with another thread (because of the shared vDSO), which is the case when it is created with vfork().
Fix pidfd_setns_test by replacing test harness's vfork() call with a clone3() call with CLONE_VFORK, and an explicit sharing of the __test_metadata and self objects.
Replace _metadata->teardown_parent with a new FIXTURE_TEARDOWN_PARENT() helper that can replace FIXTURE_TEARDOWN(). This is a cleaner approach and it enables to selectively share the fixture data between the child process running tests and the parent process running the fixture teardown. This also avoids updating several tests to not rely on the self object's copy-on-write property (e.g. storing the returned value of a fork() call).
In the Landlock filesystem tests, don't allocate self->dir_path in the test process because this would not be visible in the FIXTURE_TEARDOWN_PARENT() process when not sharing the memory mapping.
Unconditionally share _metadata between all forked processes, which enables to actually catch errors (which were previously ignored).
Replace a wrong EXPECT_GT(self->child_pid_exited, 0) with EXPECT_GE(), which is now actually tested on the parent and child sides.
FIXTURE_VARIANT_ADD() doesn't need to be MAP_SHARED because it should not be modified: it is already passed as const pointers to FIXTURE_TEARDOWN(). Make that explicit by constifying the variants declarations.
This patch makes at least(?) 3 different logical changes. Can you split these up a bit; I think it would make review a bit easier.
OK
I don't quite understand why the need for the explicit shared memory setup for the fixture metadata? Is this to deal with the vfork?
This change is needed for the parent process to check if any error happened in the test child process during FIXTURE_SETUP(), TEST_F(), and FIXTURE_TEARDOWN(). With vfork(), the sharing was implicit between the parent and the child, but without sharing the full memory mapping we need to MAP_SHARE it explicitly.