zdtm/static/sock_opts00: use unix socket to test SO_PASSCRED and SO_PASSSEC

SO_PASSCRED and SO_PASSSEC are only valid for AF_UNIX and AF_NETLINK
This patch updates the test logic to use a unix socket for these options,
while preserving the original value consistency check

Fixes: #2705
Signed-off-by: Dong Sunchao <[email protected]>

criu/sockets: Restrict SO_PASSCRED and SO_PASSSEC to supported families

Linux 6.16+ restricts SO_PASSCRED and SO_PASSSEC to AF_UNIX, AF_NETLINK, and AF_BLUETOOTH
This patch updates CRIU to check the socket family before dumping these options

Fixes: #2705
Signed-off-by: Dong Sunchao <[email protected]>

Author: Dong Sunchao

criu/include/sockets.h

@@ -25,7 +25,7 @@ struct socket_desc {
 };
 
 extern int dump_socket(struct fd_parms *p, int lfd, FdinfoEntry *);
-extern int dump_socket_opts(int sk, SkOptsEntry *soe);
+extern int dump_socket_opts(int sk, int family, SkOptsEntry *soe);
 extern int restore_socket_opts(int sk, SkOptsEntry *soe);
 extern int sk_setbufs(int sk, uint32_t *bufs);
 extern void release_skopts(SkOptsEntry *);

criu/sk-inet.c

@@ -581,7 +581,7 @@ static int do_dump_one_inet_fd(int lfd, u32 id, const struct fd_parms *p, int fa
 	if (dump_ip_opts(lfd, family, type, proto, &ipopts))
 		goto err;
 
-	if (dump_socket_opts(lfd, &skopts))
+	if (dump_socket_opts(lfd, family, &skopts))
 		goto err;
 
 	pr_info("Dumping inet socket at %d\n", p->fd);

criu/sk-netlink.c

@@ -165,7 +165,7 @@ static int dump_one_netlink_fd(int lfd, u32 id, const struct fd_parms *p)
 	ne.fown = (FownEntry *)&p->fown;
 	ne.opts = &skopts;
 
-	if (dump_socket_opts(lfd, &skopts))
+	if (dump_socket_opts(lfd, AF_NETLINK, &skopts))
 		goto err;
 
 	fe.type = FD_TYPES__NETLINKSK;

criu/sk-packet.c

@@ -173,7 +173,7 @@ static int dump_one_packet_fd(int lfd, u32 id, const struct fd_parms *p)
 	psk.fown = (FownEntry *)&p->fown;
 	psk.opts = &skopts;
 
-	if (dump_socket_opts(lfd, &skopts))
+	if (dump_socket_opts(lfd, AF_PACKET, &skopts))
 		return -1;
 
 	psk.protocol = sd->proto;

criu/sk-unix.c

@@ -527,7 +527,7 @@ static int dump_one_unix_fd(int lfd, uint32_t id, const struct fd_parms *p)
 			}
 	}
 dump:
-	if (dump_socket_opts(lfd, skopts))
+	if (dump_socket_opts(lfd, AF_UNIX, skopts))
 		goto err;
 
 	pr_info("Dumping unix socket at %d\n", p->fd);

criu/sockets.c

@@ -649,7 +649,7 @@ int do_dump_opt(int sk, int level, int name, void *val, int len)
 	return 0;
 }
 
-int dump_socket_opts(int sk, SkOptsEntry *soe)
+int dump_socket_opts(int sk, int family, SkOptsEntry *soe)
 {
 	int ret = 0, val;
 	struct timeval tv;
@@ -688,13 +688,15 @@ int dump_socket_opts(int sk, SkOptsEntry *soe)
 	soe->so_reuseport = val ? true : false;
 	soe->has_so_reuseport = true;
 
-	ret |= dump_opt(sk, SOL_SOCKET, SO_PASSCRED, &val);
-	soe->has_so_passcred = true;
-	soe->so_passcred = val ? true : false;
+	if(family == AF_UNIX || family == AF_NETLINK)
+		ret |= dump_opt(sk, SOL_SOCKET, SO_PASSCRED, &val);
+		soe->has_so_passcred = true;
+		soe->so_passcred = val ? true : false;
 
-	ret |= dump_opt(sk, SOL_SOCKET, SO_PASSSEC, &val);
-	soe->has_so_passsec = true;
-	soe->so_passsec = val ? true : false;
+		ret |= dump_opt(sk, SOL_SOCKET, SO_PASSSEC, &val);
+		soe->has_so_passsec = true;
+		soe->so_passsec = val ? true : false;
+	}
 
 	ret |= dump_opt(sk, SOL_SOCKET, SO_DONTROUTE, &val);
 	soe->has_so_dontroute = true;

test/zdtm/static/sock_opts00.c

@@ -31,7 +31,7 @@ int main(int argc, char **argv)
 	static const int NOPTS = sizeof(vname) / sizeof(*vname);
 	#undef OPT
 
-	int sock, ret = 0, val[NOPTS], rval, i;
+	int sock, usock, sk, ret = 0, val[NOPTS], rval, i;
 	socklen_t len = sizeof(int);
 
 	test_init(argc, argv);
@@ -42,22 +42,29 @@ int main(int argc, char **argv)
 		return 1;
 	}
 
+	usock = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (usock < 0) {
+		pr_perror("can't create unix socket");
+		return 1;
+	}
+
 	for (i = 0; i < NOPTS; i++) {
-		ret = getsockopt(sock, SOL_SOCKET, vname[i].opt, &val[i], &len);
+		sk = vname[i].opt == SO_PASSCRED || vname[i].opt == SO_PASSSEC ? usock : sock;
+		ret = getsockopt(sk, SOL_SOCKET, vname[i].opt, &val[i], &len);
 		if (ret) {
 			pr_perror("can't get %s", vname[i].name);
 			return 1;
 		}
 
 		val[i]++;
 
-		ret = setsockopt(sock, SOL_SOCKET, vname[i].opt, &val[i], len);
+		ret = setsockopt(sk, SOL_SOCKET, vname[i].opt, &val[i], len);
 		if (ret) {
 			pr_perror("can't set %s = %d", vname[i].name, val[i]);
 			return 1;
 		}
 
-		ret = getsockopt(sock, SOL_SOCKET, vname[i].opt, &rval, &len);
+		ret = getsockopt(sk, SOL_SOCKET, vname[i].opt, &rval, &len);
 		if (ret) {
 			pr_perror("can't re-get %s", vname[i].name);
 			return 1;
@@ -78,7 +85,8 @@ int main(int argc, char **argv)
 	test_waitsig();
 
 	for (i = 0; i < NOPTS; i++) {
-		ret = getsockopt(sock, SOL_SOCKET, vname[i].opt, &rval, &len);
+		sk = vname[i].opt == SO_PASSCRED || vname[i].opt == SO_PASSSEC ? usock : sock;
+		ret = getsockopt(sk, SOL_SOCKET, vname[i].opt, &rval, &len);
 		if (ret) {
 			pr_perror("can't verify %s", vname[i].name);
 			return 1;
@@ -93,6 +101,6 @@ int main(int argc, char **argv)
 
 	pass();
 	close(sock);
-
+	close(usock);
 	return 0;
 }