1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com> 4 * Copyright (c) 2016 Jan Horn <jann@thejh.net> 5 */ 6/* 7 * Test for CVE-2016-10044, which was fixed in commit 8 * 22f6b4d34fcf039c aio: mark AIO pseudo-fs noexec. 9 * 10 * The test checks that we can not implicitly mark AIO mappings as 11 * executable using the READ_IMPLIES_EXEC personality. 12 */ 13 14#include <stdio.h> 15#include <stdint.h> 16#include <string.h> 17#include "lapi/personality.h" 18#include "tst_test.h" 19#include "tst_safe_stdio.h" 20#include "lapi/syscalls.h" 21 22static FILE * f; 23 24static void cleanup(void) 25{ 26 if (f) 27 SAFE_FCLOSE(f); 28} 29 30static void run(void) 31{ 32 void *ctx = 0; 33 char perms[8], line[BUFSIZ]; 34 35 SAFE_PERSONALITY(READ_IMPLIES_EXEC); 36 if (tst_syscall(__NR_io_setup, 1, &ctx)) 37 tst_brk(TBROK | TERRNO, "Failed to create AIO context"); 38 39 f = SAFE_FOPEN("/proc/self/maps", "r"); 40 while (fgets(line, BUFSIZ, f) != NULL) { 41 if (strstr(line, "[aio]") != NULL) 42 goto found_mapping; 43 } 44 tst_brk(TCONF, "Could not find mapping in /proc/self/maps"); 45 46found_mapping: 47 if (sscanf(line, "%*x-%*x %s", perms) != 1) 48 tst_brk(TBROK, "failed to find permission string in %s", line); 49 if (strchr(perms, (int)'x')) 50 tst_res(TFAIL, "AIO mapping is executable: %s!", perms); 51 else 52 tst_res(TPASS, "AIO mapping is not executable: %s", perms); 53 54 if (tst_syscall(__NR_io_destroy, ctx)) 55 tst_brk(TBROK | TERRNO, "Failed to destroy AIO context"); 56 57 SAFE_FCLOSE(f); 58 f = NULL; 59} 60 61static struct tst_test test = { 62 .test_all = run, 63 .cleanup = cleanup, 64 .tags = (const struct tst_tag[]) { 65 {"linux-git", "22f6b4d34fcf"}, 66 {"CVE", "2016-10044"}, 67 {} 68 } 69}; 70