[igt-dev] [PATCH i-g-t] lib/core_auth: mount namespace magic to make the test work everywhere

Fri Feb 15 09:51:35 UTC 2019

Quoting Daniel Vetter (2019-02-13 20:36:11)
> We're creating our own namespace and then create a copy of the chardev
> that anyone can access before dropping root. Should hopefully work on
> any system.
> 
> This way we're also guaranteed to open the right device again.
> 
> v2: mount(2) instead of mount(3).
> 
> Cc: Emil Velikov <emil.velikov at collabora.com>
> Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
> ---
>  tests/core_auth.c | 35 +++++++++++++++++++++--------------
>  1 file changed, 21 insertions(+), 14 deletions(-)
> 
> diff --git a/tests/core_auth.c b/tests/core_auth.c
> index 0b9073cb0fce..bc2754ec30af 100644
> --- a/tests/core_auth.c
> +++ b/tests/core_auth.c
> @@ -36,6 +36,8 @@
>  #include <fcntl.h>
>  #include <inttypes.h>
>  #include <errno.h>
> +#include <sched.h>
> +#include <sys/mount.h>
>  #include <sys/stat.h>
>  #include <sys/ioctl.h>
>  #include <sys/time.h>
> @@ -243,17 +245,24 @@ static void test_unauth_vs_render(int master)
>  {
>         int slave;
>         uint32_t handle;
> +       struct stat statbuf;
> +       bool has_render;
>  
> -       /*
> -        * FIXME: when drm_open_driver() fails to open() a node (insufficient
> -        * permissions or otherwise, it will igt_skip.
> -        * As of today, igt_skip and igt_fork do not work together.
> -        */
> -       slave = __drm_open_driver(DRIVER_ANY);
> -       /*
> -        * FIXME: relate to the master fd passed with the above open and fix
> -        * all of IGT.
> -        */
> +       /* need to check for render nodes before we wreak the filesystem */
> +       has_render = has_render_node(master);
> +
> +       /* create a card node matching master which (only) we can access as
> +        * non-root */
> +       do_or_die(fstat(master, &statbuf));
> +       do_or_die(unshare(CLONE_NEWNS));

New mounts will occur in our private namespace, invisible to the rest of
the system.

> +       do_or_die(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL));

Make future modifications to / and beyond private to our namespace.

> +       do_or_die(mount("none", "/dev/dri", "tmpfs", 0, NULL));

Replace "/dev/dri" with an empty filesystem.

> +       umask(0);
> +       do_or_die(mknod("/dev/dri/card", S_IFCHR | 0777, statbuf.st_rdev));

Execute? What are you planning next? ;)

And make exactly one entry in that new fs, a device node matching the
original.

> +
> +       igt_drop_root();
> +
> +       slave = open("/dev/dri/card", O_RDWR);

And the unusual name doesn't matter because we open it directly :)

Since master is still open, this will be effectively a fresh open and a
slave to exactly the same device node as master opened.

Looks fancy, but why didn't we just do a gem_reopen_driver(), i.e.
open(/proc/self/fd/$master)?

Anyway, I like the private /dev/dri idea and I think it will come in
very useful in cases where we need to check a pristine system.
Reviewed-by: Chris Wilson <chris at chris-wilson.co.uk>
-Chris