[linux-2.6-block.git] / tools / testing / selftests / exec / execveat.c

/*
 * Copyright (c) 2014 Google, Inc.
 *
 * Licensed under the terms of the GNU GPL License version 2
 *
 * Selftests for execveat(2).
 */

#define _GNU_SOURCE  /* to get O_PATH, AT_EMPTY_PATH */
#include <sys/sendfile.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

static char longpath[2 * PATH_MAX] = "";
static char *envp[] = { "IN_TEST=yes", NULL, NULL };
static char *argv[] = { "execveat", "99", NULL };

static int execveat_(int fd, const char *path, char **argv, char **envp,
		     int flags)
{
#ifdef __NR_execveat
	return syscall(__NR_execveat, fd, path, argv, envp, flags);
#else
	errno = -ENOSYS;
	return -1;
#endif
}

#define check_execveat_fail(fd, path, flags, errno)	\
	_check_execveat_fail(fd, path, flags, errno, #errno)
static int _check_execveat_fail(int fd, const char *path, int flags,
				int expected_errno, const char *errno_str)
{
	int rc;

	errno = 0;
	printf("Check failure of execveat(%d, '%s', %d) with %s... ",
		fd, path?:"(null)", flags, errno_str);
	rc = execveat_(fd, path, argv, envp, flags);

	if (rc > 0) {
		printf("[FAIL] (unexpected success from execveat(2))\n");
		return 1;
	}
	if (errno != expected_errno) {
		printf("[FAIL] (expected errno %d (%s) not %d (%s)\n",
			expected_errno, strerror(expected_errno),
			errno, strerror(errno));
		return 1;
	}
	printf("[OK]\n");
	return 0;
}

static int check_execveat_invoked_rc(int fd, const char *path, int flags,
				     int expected_rc, int expected_rc2)
{
	int status;
	int rc;
	pid_t child;
	int pathlen = path ? strlen(path) : 0;

	if (pathlen > 40)
		printf("Check success of execveat(%d, '%.20s...%s', %d)... ",
			fd, path, (path + pathlen - 20), flags);
	else
		printf("Check success of execveat(%d, '%s', %d)... ",
			fd, path?:"(null)", flags);
	child = fork();
	if (child < 0) {
		printf("[FAIL] (fork() failed)\n");
		return 1;
	}
	if (child == 0) {
		/* Child: do execveat(). */
		rc = execveat_(fd, path, argv, envp, flags);
		printf("[FAIL]: execveat() failed, rc=%d errno=%d (%s)\n",
			rc, errno, strerror(errno));
		exit(1);  /* should not reach here */
	}
	/* Parent: wait for & check child's exit status. */
	rc = waitpid(child, &status, 0);
	if (rc != child) {
		printf("[FAIL] (waitpid(%d,...) returned %d)\n", child, rc);
		return 1;
	}
	if (!WIFEXITED(status)) {
		printf("[FAIL] (child %d did not exit cleanly, status=%08x)\n",
			child, status);
		return 1;
	}
	if ((WEXITSTATUS(status) != expected_rc) &&
	    (WEXITSTATUS(status) != expected_rc2)) {
		printf("[FAIL] (child %d exited with %d not %d nor %d)\n",
			child, WEXITSTATUS(status), expected_rc, expected_rc2);
		return 1;
	}
	printf("[OK]\n");
	return 0;
}

static int check_execveat(int fd, const char *path, int flags)
{
	return check_execveat_invoked_rc(fd, path, flags, 99, 99);
}

static char *concat(const char *left, const char *right)
{
	char *result = malloc(strlen(left) + strlen(right) + 1);

	strcpy(result, left);
	strcat(result, right);
	return result;
}

static int open_or_die(const char *filename, int flags)
{
	int fd = open(filename, flags);

	if (fd < 0) {
		printf("Failed to open '%s'; "
			"check prerequisites are available\n", filename);
		exit(1);
	}
	return fd;
}

static void exe_cp(const char *src, const char *dest)
{
	int in_fd = open_or_die(src, O_RDONLY);
	int out_fd = open(dest, O_RDWR|O_CREAT|O_TRUNC, 0755);
	struct stat info;

	fstat(in_fd, &info);
	sendfile(out_fd, in_fd, NULL, info.st_size);
	close(in_fd);
	close(out_fd);
}

#define XX_DIR_LEN 200
static int check_execveat_pathmax(int dot_dfd, const char *src, int is_script)
{
	int fail = 0;
	int ii, count, len;
	char longname[XX_DIR_LEN + 1];
	int fd;

	if (*longpath == '\0') {
		/* Create a filename close to PATH_MAX in length */
		memset(longname, 'x', XX_DIR_LEN - 1);
		longname[XX_DIR_LEN - 1] = '/';
		longname[XX_DIR_LEN] = '\0';
		count = (PATH_MAX - 3) / XX_DIR_LEN;
		for (ii = 0; ii < count; ii++) {
			strcat(longpath, longname);
			mkdir(longpath, 0755);
		}
		len = (PATH_MAX - 3) - (count * XX_DIR_LEN);
		if (len <= 0)
			len = 1;
		memset(longname, 'y', len);
		longname[len] = '\0';
		strcat(longpath, longname);
	}
	exe_cp(src, longpath);

	/*
	 * Execute as a pre-opened file descriptor, which works whether this is
	 * a script or not (because the interpreter sees a filename like
	 * "/dev/fd/20").
	 */
	fd = open(longpath, O_RDONLY);
	if (fd > 0) {
		printf("Invoke copy of '%s' via filename of length %zu:\n",
			src, strlen(longpath));
		fail += check_execveat(fd, "", AT_EMPTY_PATH);
	} else {
		printf("Failed to open length %zu filename, errno=%d (%s)\n",
			strlen(longpath), errno, strerror(errno));
		fail++;
	}

	/*
	 * Execute as a long pathname relative to ".".  If this is a script,
	 * the interpreter will launch but fail to open the script because its
	 * name ("/dev/fd/5/xxx....") is bigger than PATH_MAX.
	 *
	 * The failure code is usually 127 (POSIX: "If a command is not found,
	 * the exit status shall be 127."), but some systems give 126 (POSIX:
	 * "If the command name is found, but it is not an executable utility,
	 * the exit status shall be 126."), so allow either.
	 */
	if (is_script)
		fail += check_execveat_invoked_rc(dot_dfd, longpath, 0,
						  127, 126);
	else
		fail += check_execveat(dot_dfd, longpath, 0);

	return fail;
}

static int run_tests(void)
{
	int fail = 0;
	char *fullname = realpath("execveat", NULL);
	char *fullname_script = realpath("script", NULL);
	char *fullname_symlink = concat(fullname, ".symlink");
	int subdir_dfd = open_or_die("subdir", O_DIRECTORY|O_RDONLY);
	int subdir_dfd_ephemeral = open_or_die("subdir.ephemeral",
					       O_DIRECTORY|O_RDONLY);
	int dot_dfd = open_or_die(".", O_DIRECTORY|O_RDONLY);
	int dot_dfd_path = open_or_die(".", O_DIRECTORY|O_RDONLY|O_PATH);
	int dot_dfd_cloexec = open_or_die(".", O_DIRECTORY|O_RDONLY|O_CLOEXEC);
	int fd = open_or_die("execveat", O_RDONLY);
	int fd_path = open_or_die("execveat", O_RDONLY|O_PATH);
	int fd_symlink = open_or_die("execveat.symlink", O_RDONLY);
	int fd_denatured = open_or_die("execveat.denatured", O_RDONLY);
	int fd_denatured_path = open_or_die("execveat.denatured",
					    O_RDONLY|O_PATH);
	int fd_script = open_or_die("script", O_RDONLY);
	int fd_ephemeral = open_or_die("execveat.ephemeral", O_RDONLY);
	int fd_ephemeral_path = open_or_die("execveat.path.ephemeral",
					    O_RDONLY|O_PATH);
	int fd_script_ephemeral = open_or_die("script.ephemeral", O_RDONLY);
	int fd_cloexec = open_or_die("execveat", O_RDONLY|O_CLOEXEC);
	int fd_script_cloexec = open_or_die("script", O_RDONLY|O_CLOEXEC);

	/* Change file position to confirm it doesn't affect anything */
	lseek(fd, 10, SEEK_SET);

	/* Normal executable file: */
	/*   dfd + path */
	fail += check_execveat(subdir_dfd, "../execveat", 0);
	fail += check_execveat(dot_dfd, "execveat", 0);
	fail += check_execveat(dot_dfd_path, "execveat", 0);
	/*   absolute path */
	fail += check_execveat(AT_FDCWD, fullname, 0);
	/*   absolute path with nonsense dfd */
	fail += check_execveat(99, fullname, 0);
	/*   fd + no path */
	fail += check_execveat(fd, "", AT_EMPTY_PATH);
	/*   O_CLOEXEC fd + no path */
	fail += check_execveat(fd_cloexec, "", AT_EMPTY_PATH);
	/*   O_PATH fd */
	fail += check_execveat(fd_path, "", AT_EMPTY_PATH);

	/* Mess with executable file that's already open: */
	/*   fd + no path to a file that's been renamed */
	rename("execveat.ephemeral", "execveat.moved");
	fail += check_execveat(fd_ephemeral, "", AT_EMPTY_PATH);
	/*   fd + no path to a file that's been deleted */
	unlink("execveat.moved"); /* remove the file now fd open */
	fail += check_execveat(fd_ephemeral, "", AT_EMPTY_PATH);

	/* Mess with executable file that's already open with O_PATH */
	/*   fd + no path to a file that's been deleted */
	unlink("execveat.path.ephemeral");
	fail += check_execveat(fd_ephemeral_path, "", AT_EMPTY_PATH);

	/* Invalid argument failures */
	fail += check_execveat_fail(fd, "", 0, ENOENT);
	fail += check_execveat_fail(fd, NULL, AT_EMPTY_PATH, EFAULT);

	/* Symlink to executable file: */
	/*   dfd + path */
	fail += check_execveat(dot_dfd, "execveat.symlink", 0);
	fail += check_execveat(dot_dfd_path, "execveat.symlink", 0);
	/*   absolute path */
	fail += check_execveat(AT_FDCWD, fullname_symlink, 0);
	/*   fd + no path, even with AT_SYMLINK_NOFOLLOW (already followed) */
	fail += check_execveat(fd_symlink, "", AT_EMPTY_PATH);
	fail += check_execveat(fd_symlink, "",
			       AT_EMPTY_PATH|AT_SYMLINK_NOFOLLOW);

	/* Symlink fails when AT_SYMLINK_NOFOLLOW set: */
	/*   dfd + path */
	fail += check_execveat_fail(dot_dfd, "execveat.symlink",
				    AT_SYMLINK_NOFOLLOW, ELOOP);
	fail += check_execveat_fail(dot_dfd_path, "execveat.symlink",
				    AT_SYMLINK_NOFOLLOW, ELOOP);
	/*   absolute path */
	fail += check_execveat_fail(AT_FDCWD, fullname_symlink,
				    AT_SYMLINK_NOFOLLOW, ELOOP);

	/* Shell script wrapping executable file: */
	/*   dfd + path */
	fail += check_execveat(subdir_dfd, "../script", 0);
	fail += check_execveat(dot_dfd, "script", 0);
	fail += check_execveat(dot_dfd_path, "script", 0);
	/*   absolute path */
	fail += check_execveat(AT_FDCWD, fullname_script, 0);
	/*   fd + no path */
	fail += check_execveat(fd_script, "", AT_EMPTY_PATH);
	fail += check_execveat(fd_script, "",
			       AT_EMPTY_PATH|AT_SYMLINK_NOFOLLOW);
	/*   O_CLOEXEC fd fails for a script (as script file inaccessible) */
	fail += check_execveat_fail(fd_script_cloexec, "", AT_EMPTY_PATH,
				    ENOENT);
	fail += check_execveat_fail(dot_dfd_cloexec, "script", 0, ENOENT);

	/* Mess with script file that's already open: */
	/*   fd + no path to a file that's been renamed */
	rename("script.ephemeral", "script.moved");
	fail += check_execveat(fd_script_ephemeral, "", AT_EMPTY_PATH);
	/*   fd + no path to a file that's been deleted */
	unlink("script.moved"); /* remove the file while fd open */
	fail += check_execveat(fd_script_ephemeral, "", AT_EMPTY_PATH);

	/* Rename a subdirectory in the path: */
	rename("subdir.ephemeral", "subdir.moved");
	fail += check_execveat(subdir_dfd_ephemeral, "../script", 0);
	fail += check_execveat(subdir_dfd_ephemeral, "script", 0);
	/* Remove the subdir and its contents */
	unlink("subdir.moved/script");
	unlink("subdir.moved");
	/* Shell loads via deleted subdir OK because name starts with .. */
	fail += check_execveat(subdir_dfd_ephemeral, "../script", 0);
	fail += check_execveat_fail(subdir_dfd_ephemeral, "script", 0, ENOENT);

	/* Flag values other than AT_SYMLINK_NOFOLLOW => EINVAL */
	fail += check_execveat_fail(dot_dfd, "execveat", 0xFFFF, EINVAL);
	/* Invalid path => ENOENT */
	fail += check_execveat_fail(dot_dfd, "no-such-file", 0, ENOENT);
	fail += check_execveat_fail(dot_dfd_path, "no-such-file", 0, ENOENT);
	fail += check_execveat_fail(AT_FDCWD, "no-such-file", 0, ENOENT);
	/* Attempt to execute directory => EACCES */
	fail += check_execveat_fail(dot_dfd, "", AT_EMPTY_PATH, EACCES);
	/* Attempt to execute non-executable => EACCES */
	fail += check_execveat_fail(dot_dfd, "Makefile", 0, EACCES);
	fail += check_execveat_fail(fd_denatured, "", AT_EMPTY_PATH, EACCES);
	fail += check_execveat_fail(fd_denatured_path, "", AT_EMPTY_PATH,
				    EACCES);
	/* Attempt to execute nonsense FD => EBADF */
	fail += check_execveat_fail(99, "", AT_EMPTY_PATH, EBADF);
	fail += check_execveat_fail(99, "execveat", 0, EBADF);
	/* Attempt to execute relative to non-directory => ENOTDIR */
	fail += check_execveat_fail(fd, "execveat", 0, ENOTDIR);

	fail += check_execveat_pathmax(dot_dfd, "execveat", 0);
	fail += check_execveat_pathmax(dot_dfd, "script", 1);
	return fail;
}

static void prerequisites(void)
{
	int fd;
	const char *script = "#!/bin/sh\nexit $*\n";

	/* Create ephemeral copies of files */
	exe_cp("execveat", "execveat.ephemeral");
	exe_cp("execveat", "execveat.path.ephemeral");
	exe_cp("script", "script.ephemeral");
	mkdir("subdir.ephemeral", 0755);

	fd = open("subdir.ephemeral/script", O_RDWR|O_CREAT|O_TRUNC, 0755);
	write(fd, script, strlen(script));
	close(fd);
}

int main(int argc, char **argv)
{
	int ii;
	int rc;
	const char *verbose = getenv("VERBOSE");

	if (argc >= 2) {
		/* If we are invoked with an argument, don't run tests. */
		const char *in_test = getenv("IN_TEST");

		if (verbose) {
			printf("  invoked with:");
			for (ii = 0; ii < argc; ii++)
				printf(" [%d]='%s'", ii, argv[ii]);
			printf("\n");
		}

		/* Check expected environment transferred. */
		if (!in_test || strcmp(in_test, "yes") != 0) {
			printf("[FAIL] (no IN_TEST=yes in env)\n");
			return 1;
		}

		/* Use the final argument as an exit code. */
		rc = atoi(argv[argc - 1]);
		fflush(stdout);
	} else {
		prerequisites();
		if (verbose)
			envp[1] = "VERBOSE=1";
		rc = run_tests();
		if (rc > 0)
			printf("%d tests failed\n", rc);
	}
	return rc;
}
Commit	Line	Data
c9b26b81 DD	1	/*
	2	* Copyright (c) 2014 Google, Inc.
	3	*
	4	* Licensed under the terms of the GNU GPL License version 2
	5	*
	6	* Selftests for execveat(2).
	7	*/
	8
	9	#define _GNU_SOURCE /* to get O_PATH, AT_EMPTY_PATH */
	10	#include <sys/sendfile.h>
	11	#include <sys/stat.h>
	12	#include <sys/syscall.h>
	13	#include <sys/types.h>
	14	#include <sys/wait.h>
	15	#include <errno.h>
	16	#include <fcntl.h>
	17	#include <limits.h>
	18	#include <stdio.h>
	19	#include <stdlib.h>
	20	#include <string.h>
	21	#include <unistd.h>
	22
	23	static char longpath[2 * PATH_MAX] = "";
	24	static char *envp[] = { "IN_TEST=yes", NULL, NULL };
	25	static char *argv[] = { "execveat", "99", NULL };
	26
	27	static int execveat_(int fd, const char path, char argv, char *envp,
	28	int flags)
	29	{
	30	#ifdef __NR_execveat
	31	return syscall(__NR_execveat, fd, path, argv, envp, flags);
	32	#else
	33	errno = -ENOSYS;
	34	return -1;
	35	#endif
	36	}
	37
	38	#define check_execveat_fail(fd, path, flags, errno) \
	39	_check_execveat_fail(fd, path, flags, errno, #errno)
	40	static int _check_execveat_fail(int fd, const char *path, int flags,
	41	int expected_errno, const char *errno_str)
	42	{
	43	int rc;
	44
	45	errno = 0;
	46	printf("Check failure of execveat(%d, '%s', %d) with %s... ",
	47	fd, path?:"(null)", flags, errno_str);
	48	rc = execveat_(fd, path, argv, envp, flags);
	49
	50	if (rc > 0) {
	51	printf("[FAIL] (unexpected success from execveat(2))\n");
	52	return 1;
	53	}
	54	if (errno != expected_errno) {
	55	printf("[FAIL] (expected errno %d (%s) not %d (%s)\n",
	56	expected_errno, strerror(expected_errno),
	57	errno, strerror(errno));
	58	return 1;
	59	}
	60	printf("[OK]\n");
	61	return 0;
	62	}
	63
	64	static int check_execveat_invoked_rc(int fd, const char *path, int flags,
cd805f36	65	int expected_rc, int expected_rc2)
c9b26b81 DD	66	{
	67	int status;
	68	int rc;
	69	pid_t child;
	70	int pathlen = path ? strlen(path) : 0;
	71
	72	if (pathlen > 40)
	73	printf("Check success of execveat(%d, '%.20s...%s', %d)... ",
	74	fd, path, (path + pathlen - 20), flags);
	75	else
	76	printf("Check success of execveat(%d, '%s', %d)... ",
	77	fd, path?:"(null)", flags);
	78	child = fork();
	79	if (child < 0) {
	80	printf("[FAIL] (fork() failed)\n");
	81	return 1;
	82	}
	83	if (child == 0) {
	84	/* Child: do execveat(). */
	85	rc = execveat_(fd, path, argv, envp, flags);
	86	printf("[FAIL]: execveat() failed, rc=%d errno=%d (%s)\n",
	87	rc, errno, strerror(errno));
	88	exit(1); /* should not reach here */
	89	}
	90	/* Parent: wait for & check child's exit status. */
	91	rc = waitpid(child, &status, 0);
	92	if (rc != child) {
	93	printf("[FAIL] (waitpid(%d,...) returned %d)\n", child, rc);
	94	return 1;
	95	}
	96	if (!WIFEXITED(status)) {
	97	printf("[FAIL] (child %d did not exit cleanly, status=%08x)\n",
	98	child, status);
	99	return 1;
	100	}
cd805f36 DD	101	if ((WEXITSTATUS(status) != expected_rc) &&
	102	(WEXITSTATUS(status) != expected_rc2)) {
	103	printf("[FAIL] (child %d exited with %d not %d nor %d)\n",
	104	child, WEXITSTATUS(status), expected_rc, expected_rc2);
c9b26b81 DD	105	return 1;
	106	}
	107	printf("[OK]\n");
	108	return 0;
	109	}
	110
	111	static int check_execveat(int fd, const char *path, int flags)
	112	{
cd805f36	113	return check_execveat_invoked_rc(fd, path, flags, 99, 99);
c9b26b81 DD	114	}
	115
	116	static char concat(const char left, const char *right)
	117	{
	118	char *result = malloc(strlen(left) + strlen(right) + 1);
	119
	120	strcpy(result, left);
	121	strcat(result, right);
	122	return result;
	123	}
	124
	125	static int open_or_die(const char *filename, int flags)
	126	{
	127	int fd = open(filename, flags);
	128
	129	if (fd < 0) {
	130	printf("Failed to open '%s'; "
	131	"check prerequisites are available\n", filename);
	132	exit(1);
	133	}
	134	return fd;
	135	}
	136
	137	static void exe_cp(const char src, const char dest)
	138	{
	139	int in_fd = open_or_die(src, O_RDONLY);
	140	int out_fd = open(dest, O_RDWR\|O_CREAT\|O_TRUNC, 0755);
	141	struct stat info;
	142
	143	fstat(in_fd, &info);
	144	sendfile(out_fd, in_fd, NULL, info.st_size);
	145	close(in_fd);
	146	close(out_fd);
	147	}
	148
	149	#define XX_DIR_LEN 200
	150	static int check_execveat_pathmax(int dot_dfd, const char *src, int is_script)
	151	{
	152	int fail = 0;
	153	int ii, count, len;
	154	char longname[XX_DIR_LEN + 1];
	155	int fd;
	156
	157	if (*longpath == '\0') {
	158	/* Create a filename close to PATH_MAX in length */
	159	memset(longname, 'x', XX_DIR_LEN - 1);
	160	longname[XX_DIR_LEN - 1] = '/';
	161	longname[XX_DIR_LEN] = '\0';
	162	count = (PATH_MAX - 3) / XX_DIR_LEN;
	163	for (ii = 0; ii < count; ii++) {
	164	strcat(longpath, longname);
	165	mkdir(longpath, 0755);
	166	}
	167	len = (PATH_MAX - 3) - (count * XX_DIR_LEN);
	168	if (len <= 0)
	169	len = 1;
	170	memset(longname, 'y', len);
	171	longname[len] = '\0';
	172	strcat(longpath, longname);
	173	}
	174	exe_cp(src, longpath);
	175
	176	/*
	177	* Execute as a pre-opened file descriptor, which works whether this is
178	* a script or not (because the interpreter sees a filename like
179	* "/dev/fd/20").
180	*/
181	fd = open(longpath, O_RDONLY);
182	if (fd > 0) {
6898b627	183	printf("Invoke copy of '%s' via filename of length %zu:\n",
c9b26b81 DD	184	src, strlen(longpath));
	185	fail += check_execveat(fd, "", AT_EMPTY_PATH);
	186	} else {
6898b627	187	printf("Failed to open length %zu filename, errno=%d (%s)\n",
c9b26b81 DD	188	strlen(longpath), errno, strerror(errno));
	189	fail++;
	190	}
	191
	192	/*
	193	* Execute as a long pathname relative to ".". If this is a script,
	194	* the interpreter will launch but fail to open the script because its
	195	* name ("/dev/fd/5/xxx....") is bigger than PATH_MAX.
cd805f36 DD	196	*
	197	* The failure code is usually 127 (POSIX: "If a command is not found,
	198	* the exit status shall be 127."), but some systems give 126 (POSIX:
	199	* "If the command name is found, but it is not an executable utility,
	200	* the exit status shall be 126."), so allow either.
c9b26b81 DD	201	*/
c9b26b81 DD	202	if (is_script)
cd805f36 DD	203	fail += check_execveat_invoked_rc(dot_dfd, longpath, 0,
cd805f36 DD	204	127, 126);
c9b26b81 DD	205	else
	206	fail += check_execveat(dot_dfd, longpath, 0);
	207
	208	return fail;
	209	}
	210
	211	static int run_tests(void)
	212	{
	213	int fail = 0;
	214	char *fullname = realpath("execveat", NULL);
	215	char *fullname_script = realpath("script", NULL);
	216	char *fullname_symlink = concat(fullname, ".symlink");
	217	int subdir_dfd = open_or_die("subdir", O_DIRECTORY\|O_RDONLY);
	218	int subdir_dfd_ephemeral = open_or_die("subdir.ephemeral",
	219	O_DIRECTORY\|O_RDONLY);
	220	int dot_dfd = open_or_die(".", O_DIRECTORY\|O_RDONLY);
	221	int dot_dfd_path = open_or_die(".", O_DIRECTORY\|O_RDONLY\|O_PATH);
	222	int dot_dfd_cloexec = open_or_die(".", O_DIRECTORY\|O_RDONLY\|O_CLOEXEC);
	223	int fd = open_or_die("execveat", O_RDONLY);
	224	int fd_path = open_or_die("execveat", O_RDONLY\|O_PATH);
	225	int fd_symlink = open_or_die("execveat.symlink", O_RDONLY);
	226	int fd_denatured = open_or_die("execveat.denatured", O_RDONLY);
	227	int fd_denatured_path = open_or_die("execveat.denatured",
	228	O_RDONLY\|O_PATH);
	229	int fd_script = open_or_die("script", O_RDONLY);
	230	int fd_ephemeral = open_or_die("execveat.ephemeral", O_RDONLY);
	231	int fd_ephemeral_path = open_or_die("execveat.path.ephemeral",
	232	O_RDONLY\|O_PATH);
	233	int fd_script_ephemeral = open_or_die("script.ephemeral", O_RDONLY);
	234	int fd_cloexec = open_or_die("execveat", O_RDONLY\|O_CLOEXEC);
	235	int fd_script_cloexec = open_or_die("script", O_RDONLY\|O_CLOEXEC);
	236
	237	/* Change file position to confirm it doesn't affect anything */
	238	lseek(fd, 10, SEEK_SET);
	239
	240	/* Normal executable file: */
	241	/* dfd + path */
	242	fail += check_execveat(subdir_dfd, "../execveat", 0);
	243	fail += check_execveat(dot_dfd, "execveat", 0);
	244	fail += check_execveat(dot_dfd_path, "execveat", 0);
	245	/* absolute path */
	246	fail += check_execveat(AT_FDCWD, fullname, 0);
	247	/* absolute path with nonsense dfd */
	248	fail += check_execveat(99, fullname, 0);
	249	/* fd + no path */
	250	fail += check_execveat(fd, "", AT_EMPTY_PATH);
	251	/* O_CLOEXEC fd + no path */
	252	fail += check_execveat(fd_cloexec, "", AT_EMPTY_PATH);
	253	/* O_PATH fd */
	254	fail += check_execveat(fd_path, "", AT_EMPTY_PATH);
	255
	256	/* Mess with executable file that's already open: */
	257	/* fd + no path to a file that's been renamed */
	258	rename("execveat.ephemeral", "execveat.moved");
	259	fail += check_execveat(fd_ephemeral, "", AT_EMPTY_PATH);
	260	/* fd + no path to a file that's been deleted */
	261	unlink("execveat.moved"); /* remove the file now fd open */
	262	fail += check_execveat(fd_ephemeral, "", AT_EMPTY_PATH);
	263
	264	/* Mess with executable file that's already open with O_PATH */
	265	/* fd + no path to a file that's been deleted */
	266	unlink("execveat.path.ephemeral");
	267	fail += check_execveat(fd_ephemeral_path, "", AT_EMPTY_PATH);
	268
269	/* Invalid argument failures */
270	fail += check_execveat_fail(fd, "", 0, ENOENT);
271	fail += check_execveat_fail(fd, NULL, AT_EMPTY_PATH, EFAULT);
272
273	/* Symlink to executable file: */
274	/* dfd + path */
275	fail += check_execveat(dot_dfd, "execveat.symlink", 0);
276	fail += check_execveat(dot_dfd_path, "execveat.symlink", 0);
277	/* absolute path */
278	fail += check_execveat(AT_FDCWD, fullname_symlink, 0);
279	/* fd + no path, even with AT_SYMLINK_NOFOLLOW (already followed) */
280	fail += check_execveat(fd_symlink, "", AT_EMPTY_PATH);
281	fail += check_execveat(fd_symlink, "",
282	AT_EMPTY_PATH\|AT_SYMLINK_NOFOLLOW);
283
284	/* Symlink fails when AT_SYMLINK_NOFOLLOW set: */
285	/* dfd + path */
286	fail += check_execveat_fail(dot_dfd, "execveat.symlink",
287	AT_SYMLINK_NOFOLLOW, ELOOP);
288	fail += check_execveat_fail(dot_dfd_path, "execveat.symlink",
289	AT_SYMLINK_NOFOLLOW, ELOOP);
290	/* absolute path */
291	fail += check_execveat_fail(AT_FDCWD, fullname_symlink,
292	AT_SYMLINK_NOFOLLOW, ELOOP);
293
294	/* Shell script wrapping executable file: */
295	/* dfd + path */
296	fail += check_execveat(subdir_dfd, "../script", 0);
297	fail += check_execveat(dot_dfd, "script", 0);
298	fail += check_execveat(dot_dfd_path, "script", 0);
299	/* absolute path */
300	fail += check_execveat(AT_FDCWD, fullname_script, 0);
301	/* fd + no path */
302	fail += check_execveat(fd_script, "", AT_EMPTY_PATH);
303	fail += check_execveat(fd_script, "",
304	AT_EMPTY_PATH\|AT_SYMLINK_NOFOLLOW);
305	/* O_CLOEXEC fd fails for a script (as script file inaccessible) */
306	fail += check_execveat_fail(fd_script_cloexec, "", AT_EMPTY_PATH,
307	ENOENT);
308	fail += check_execveat_fail(dot_dfd_cloexec, "script", 0, ENOENT);
309
310	/* Mess with script file that's already open: */
311	/* fd + no path to a file that's been renamed */
312	rename("script.ephemeral", "script.moved");
313	fail += check_execveat(fd_script_ephemeral, "", AT_EMPTY_PATH);
314	/* fd + no path to a file that's been deleted */
315	unlink("script.moved"); /* remove the file while fd open */
316	fail += check_execveat(fd_script_ephemeral, "", AT_EMPTY_PATH);
317
318	/* Rename a subdirectory in the path: */
319	rename("subdir.ephemeral", "subdir.moved");
320	fail += check_execveat(subdir_dfd_ephemeral, "../script", 0);
321	fail += check_execveat(subdir_dfd_ephemeral, "script", 0);
322	/* Remove the subdir and its contents */
323	unlink("subdir.moved/script");
324	unlink("subdir.moved");
325	/* Shell loads via deleted subdir OK because name starts with .. */
326	fail += check_execveat(subdir_dfd_ephemeral, "../script", 0);
327	fail += check_execveat_fail(subdir_dfd_ephemeral, "script", 0, ENOENT);
328
329	/* Flag values other than AT_SYMLINK_NOFOLLOW => EINVAL */
330	fail += check_execveat_fail(dot_dfd, "execveat", 0xFFFF, EINVAL);
331	/* Invalid path => ENOENT */
332	fail += check_execveat_fail(dot_dfd, "no-such-file", 0, ENOENT);
333	fail += check_execveat_fail(dot_dfd_path, "no-such-file", 0, ENOENT);
334	fail += check_execveat_fail(AT_FDCWD, "no-such-file", 0, ENOENT);
335	/* Attempt to execute directory => EACCES */
336	fail += check_execveat_fail(dot_dfd, "", AT_EMPTY_PATH, EACCES);
337	/* Attempt to execute non-executable => EACCES */
338	fail += check_execveat_fail(dot_dfd, "Makefile", 0, EACCES);
339	fail += check_execveat_fail(fd_denatured, "", AT_EMPTY_PATH, EACCES);
340	fail += check_execveat_fail(fd_denatured_path, "", AT_EMPTY_PATH,
341	EACCES);
342	/* Attempt to execute nonsense FD => EBADF */
343	fail += check_execveat_fail(99, "", AT_EMPTY_PATH, EBADF);
344	fail += check_execveat_fail(99, "execveat", 0, EBADF);
345	/* Attempt to execute relative to non-directory => ENOTDIR */
346	fail += check_execveat_fail(fd, "execveat", 0, ENOTDIR);
347
348	fail += check_execveat_pathmax(dot_dfd, "execveat", 0);
349	fail += check_execveat_pathmax(dot_dfd, "script", 1);
350	return fail;
351	}
352
353	static void prerequisites(void)
354	{
355	int fd;
356	const char script = "#!/bin/sh\nexit $\n";
357
358	/* Create ephemeral copies of files */
359	exe_cp("execveat", "execveat.ephemeral");
360	exe_cp("execveat", "execveat.path.ephemeral");
361	exe_cp("script", "script.ephemeral");
362	mkdir("subdir.ephemeral", 0755);
363
364	fd = open("subdir.ephemeral/script", O_RDWR\|O_CREAT\|O_TRUNC, 0755);
365	write(fd, script, strlen(script));
366	close(fd);
367	}
368
369	int main(int argc, char **argv)
370	{
371	int ii;
372	int rc;
373	const char *verbose = getenv("VERBOSE");
374
375	if (argc >= 2) {
376	/* If we are invoked with an argument, don't run tests. */
377	const char *in_test = getenv("IN_TEST");
378
379	if (verbose) {
380	printf(" invoked with:");
381	for (ii = 0; ii < argc; ii++)
382	printf(" [%d]='%s'", ii, argv[ii]);
383	printf("\n");
384	}
385
386	/* Check expected environment transferred. */
387	if (!in_test \|\| strcmp(in_test, "yes") != 0) {
388	printf("[FAIL] (no IN_TEST=yes in env)\n");
389	return 1;
390	}
391
392	/* Use the final argument as an exit code. */
393	rc = atoi(argv[argc - 1]);
394	fflush(stdout);
395	} else {
396	prerequisites();
397	if (verbose)
398	envp[1] = "VERBOSE=1";
399	rc = run_tests();
400	if (rc > 0)
401	printf("%d tests failed\n", rc);
402	}
403	return rc;
404	}