wip: debug code cleanup, fix erroneous goto and other improvements

realsdx · realsdx · commit 805517e704b3 · 2025-10-04T00:27:31.000Z
Signed-off-by: Sudipta Pandit &lt;sudpandit@microsoft.com&gt;
diff --git a/src/system.c b/src/system.c
@@ -585,11 +585,12 @@ int sys_notify_id_valid(int fd, uint64_t id)
  */
 int sys_notify_addfd(int fd, struct seccomp_notif_addfd *addfd)
 {
+	int rc;
 	if (state.sup_user_notif <= 0)
 		return -EOPNOTSUPP;
 
-	int rc = ioctl(fd, SECCOMP_IOCTL_NOTIF_ADDFD, addfd);
-	if ( rc < 0 && errno == EINVAL)
+	rc = ioctl(fd, SECCOMP_IOCTL_NOTIF_ADDFD, addfd);
+	if (rc < 0 && errno == EINVAL)
 		return -EOPNOTSUPP;
 	if (rc < 0)
 		return -ECANCELED;
diff --git a/tests/63-live-notify_addfd.c b/tests/63-live-notify_addfd.c
@@ -21,6 +21,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <signal.h>
 #include <seccomp.h>
 #include <string.h>
 #include <sys/socket.h>
@@ -31,7 +32,7 @@
 int send_fd(int sock, int fd)
 {
 	struct iovec iov = {.iov_base = "F", .iov_len = 1};
-	char buffer[CMSG_SPACE(sizeof(fd))]; // Do i need to set it to zero?
+	char buffer[CMSG_SPACE(sizeof(fd))];
 	memset(buffer, 0, sizeof(buffer));
 
 	struct msghdr msg = {
@@ -73,14 +74,116 @@ int recv_fd(int sock)
 	return fd;
 }
 
-int main(int argc, char *argv[])
+void child_process(scmp_filter_ctx ctx, int sock_fd)
 {
-	int rc, status;
-	int sock_pair[2];
-	int notify_fd = -1, new_fd = -1;
+	int rc;
+	int ret = -1;
+	int notify_fd = -1;
+	char buf[128];
+	ssize_t bytes_read = -1;
+
+	rc = seccomp_load(ctx);
+	if (rc < 0)
+		goto out;
+
+	rc = seccomp_notify_fd(ctx);
+	if (rc < 0)
+		goto out;
+	notify_fd = rc;
+
+	rc = send_fd(sock_fd, notify_fd);
+	if (rc < 0) {
+		rc = -errno;
+		goto out;
+	}
+
+	ret = openat(AT_FDCWD, "/etc/hostname", O_RDONLY);
+	if (ret < 0) {
+		rc = -errno;
+		goto out;
+	}
+
+	bytes_read = read(ret, buf, sizeof(buf));
+	rc = bytes_read;
+
+out:
+	if (notify_fd >= 0)
+		close(notify_fd);
+	if (ret >= 0)
+		close(ret);
+	close(sock_fd);
+	exit(rc);
+}
+
+int parent_process(int sock_fd)
+{
+	int rc;
+	int notify_fd = -1;
+	int new_fd = -1;
+	int installed_fd = -1;
 	struct seccomp_notif *req = NULL;
 	struct seccomp_notif_resp *resp = NULL;
 	struct seccomp_notif_addfd addfd = {0};
+
+	rc = recv_fd(sock_fd);
+	if (rc < 0) {
+		rc = -errno;
+		goto out;
+	}
+	notify_fd = rc;
+
+	rc = seccomp_notify_alloc(&req, &resp);
+	if (rc)
+		goto out;
+
+	rc = seccomp_notify_receive(notify_fd, req);
+	if (rc)
+		goto out;
+	if (req->data.nr != __NR_openat) {
+		rc = -EFAULT;
+		goto out;
+	}
+
+	new_fd = openat(AT_FDCWD, "/dev/null", O_RDONLY);
+	if (new_fd < 0) {
+		rc = -errno;
+		goto out;
+	}
+
+	memset(&addfd, 0, sizeof(addfd));
+	addfd.id = req->id;
+	addfd.srcfd = new_fd;
+	addfd.newfd = 0;
+	addfd.flags = 0;
+	rc = seccomp_notify_addfd(notify_fd, &addfd);
+	if (rc < 0)
+		goto out;
+	installed_fd = rc;
+
+	rc = seccomp_notify_id_valid(notify_fd, req->id);
+	if (rc)
+		goto out;
+
+	resp->id = req->id;
+	resp->val = installed_fd;
+	resp->error = 0;
+	resp->flags = 0;
+	rc = seccomp_notify_respond(notify_fd, resp);
+
+out:
+	if (notify_fd >= 0)
+		close(notify_fd);
+	if (new_fd >= 0)
+		close(new_fd);
+	close(sock_fd);
+	seccomp_notify_free(req, resp);
+	return rc;
+}
+
+int main(int argc, char *argv[])
+{
+	int rc, status;
+	int sock_pair[2];
 	scmp_filter_ctx ctx = NULL;
 	pid_t pid = 0;
 
@@ -92,7 +195,7 @@ int main(int argc, char *argv[])
 	if (rc)
 		goto out;
 
-	// set up socket pair for sending notify_fd
+	/* set up socket pair for sending notify_fd */
 	rc = socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sock_pair);
 	if (rc < 0) {
 		rc = -errno;
@@ -101,83 +204,11 @@ int main(int argc, char *argv[])
 
 	pid = fork();
 	if (pid == 0) {
-		close(sock_pair[0]); // close the parent's end
-
-		rc = seccomp_load(ctx);
-		if (rc < 0)
-			goto out;
-
-		rc = seccomp_notify_fd(ctx);
-		if (rc < 0)
-			goto out;
-		notify_fd = rc;
-
-		rc = send_fd(sock_pair[1], notify_fd);
-		if (rc < 0) {
-			rc = -errno;
-			goto out;
-		}
-		close(notify_fd);
-
-		int ret = openat(AT_FDCWD, "/etc/hostname", O_RDONLY);
-		if (ret < 0) {
-			exit(ret);
-		}
-
-		char buf[128];
-		ssize_t bytes_read = read(ret, buf, sizeof(buf));
-
-		close(ret);
-		close(sock_pair[1]);
-		exit(bytes_read); // bytes_read should be 0, as it's reading /dev/null
+		close(sock_pair[0]); /* close the parent's end */
+		child_process(ctx, sock_pair[1]);
 	} else {
-		close(sock_pair[1]); // close the child's end
-		rc = recv_fd(sock_pair[0]);
-		if (rc < 0) {
-			rc = -errno;
-			goto out;
-		}
-		notify_fd = rc;
-
-		rc = seccomp_notify_alloc(&req, &resp);
-		if (rc)
-			goto out;
-
-		rc = seccomp_notify_receive(notify_fd, req);
-		if (rc)
-			goto out;
-		if (req->data.nr != __NR_openat) {
-			rc = -EFAULT;
-			goto out;
-		}
-
-		new_fd = openat(AT_FDCWD, "/dev/null", O_RDONLY);
-		if (new_fd < 0) {
-			rc = -errno;
-			goto out;
-		}
-
-		memset(&addfd, 0, sizeof(addfd));
-		addfd.id = req->id;
-		addfd.srcfd = new_fd;
-		addfd.newfd = 0;
-		addfd.flags = 0;
-		rc = seccomp_notify_addfd(notify_fd, &addfd);
-		if (rc < 0)
-			goto out;
-		int installed_fd = rc;
-
-		rc = seccomp_notify_id_valid(notify_fd, req->id);
-		if (rc)
-			goto out;
-
-		resp->id = req->id;
-		resp->val = installed_fd;
-		resp->error = 0;
-		resp->flags = 0;
-		rc = seccomp_notify_respond(notify_fd, resp);
-		if (rc)
-			goto out;
+		close(sock_pair[1]); /* close the child's end */
+		rc = parent_process(sock_pair[0]);
 
 		if (waitpid(pid, &status, 0) != pid) {
 			rc = -EFAULT;
@@ -192,19 +223,14 @@ int main(int argc, char *argv[])
 			rc = -EFAULT;
 			goto out;
 		}
+	}
 
 out:
-		if (notify_fd >= 0)
-			close(notify_fd);
-		if (new_fd >= 0)
-			close(new_fd);
-		if (pid)
-			kill(pid, SIGKILL);
-		seccomp_notify_free(req, resp);
-		seccomp_release(ctx);
-
-		if (rc != 0)
-			return (rc < 0 ? -rc : rc);
-		return 160;
-	}
+	if (pid)
+		kill(pid, SIGKILL);
+	seccomp_release(ctx);
+
+	if (rc != 0)
+		return (rc < 0 ? -rc : rc);
+	return 160;
 }
diff --git a/tests/63-live-notify_addfd.py b/tests/63-live-notify_addfd.py
@@ -59,7 +59,6 @@ def test():
 
         ret_fd = os.open("/etc/hostname", os.O_RDONLY)
         if ret_fd < 0:
-            # raise RuntimeError("Response return value failed")
             quit(ret_fd)
 
         ret_bytes = os.read(ret_fd, 128)
@@ -80,9 +79,7 @@ def test():
             raise RuntimeError("Notification failed")
         
         new_fd = os.open("/dev/null", os.O_RDONLY)
-        # print("New fd", new_fd)
         installed_fd = f.notify_addfd(NotificationAddfd(notify, 0, new_fd), fd=notify_fd)
-        # print("Installed fd", installed_fd)
         f.respond_notify(NotificationResponse(notify, installed_fd, 0, 0), fd=notify_fd)
 
         # No longer need the fds
