From: kernel test robot <lkp@intel.com>
To: Tingmao Wang <m@maowtm.org>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev
Subject: Re: [RFC PATCH 9/9] Enhance the sandboxer example to support landlock-supervise
Date: Wed, 5 Mar 2025 11:36:52 +0800 [thread overview]
Message-ID: <202503051100.TdwYRUDj-lkp@intel.com> (raw)
In-Reply-To: <9dc2b112c4be1aadff612b226c603db66ef79955.1741047969.git.m@maowtm.org>
Hi Tingmao,
[This is a private test report for your RFC patch.]
kernel test robot noticed the following build warnings:
[auto build test WARNING on linus/master]
[also build test WARNING on v6.14-rc5 next-20250304]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Tingmao-Wang/Define-the-supervisor-and-event-structure/20250304-092354
base: linus/master
patch link: https://lore.kernel.org/r/9dc2b112c4be1aadff612b226c603db66ef79955.1741047969.git.m%40maowtm.org
patch subject: [RFC PATCH 9/9] Enhance the sandboxer example to support landlock-supervise
config: i386-buildonly-randconfig-004-20250305 (https://download.01.org/0day-ci/archive/20250305/202503051100.TdwYRUDj-lkp@intel.com/config)
compiler: clang version 19.1.7 (https://github.com/llvm/llvm-project cd708029e0b2869e80abe31ddb175f7c35361f90)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250305/202503051100.TdwYRUDj-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503051100.TdwYRUDj-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> samples/landlock/sandboxer.c:1193:4: warning: label followed by a declaration is a C23 extension [-Wc23-extensions]
1193 | ssize_t count = read(supervisor_fd, io_buf, io_buf_len);
| ^
1 warning generated.
vim +1193 samples/landlock/sandboxer.c
1001
1002 int interactive_sandboxer(int supervisor_fd, int child_stdin, int child_stdout,
1003 int child_stderr, pid_t child_pid)
1004 {
1005 char *write_buf = NULL;
1006 size_t write_buf_len = 0;
1007
1008 size_t io_buf_len = 4096;
1009 char *io_buf = malloc(io_buf_len);
1010 if (!io_buf) {
1011 fprintf(stderr, "Failed to allocate I/O buffer");
1012 return -1;
1013 }
1014
1015 int status = 0;
1016
1017 struct pollfd pfds[5] = {
1018 { .fd = STDIN_FILENO, .events = POLLIN },
1019 { .fd = child_stdout, .events = POLLIN },
1020 { .fd = child_stderr, .events = POLLIN },
1021 { .fd = supervisor_fd, .events = POLLIN },
1022 { .fd = child_stdin, .events = POLLOUT },
1023 };
1024 const int pfd_idx_stdin = 0;
1025 const int pfd_idx_child_stdout = 1;
1026 const int pfd_idx_child_stderr = 2;
1027 const int pfd_idx_supervisor = 3;
1028 const int pfd_idx_child_stdin = 4;
1029 const int poll_len = 5;
1030
1031 struct context context = {
1032 .supervisor_fd = supervisor_fd,
1033 .allowed_paths = NULL,
1034 .num_allowed_paths = 0,
1035 };
1036
1037 bool child_stdin_closed = false;
1038
1039 /*
1040 * Don't deadlock by us trying to write to child, and child
1041 * waiting to write to us.
1042 */
1043 f_set_noblock(child_stdin);
1044
1045 /* Don't get killed by SIGPIPE when child closes stdout/err */
1046 signal(SIGPIPE, SIG_IGN);
1047
1048 while (1) {
1049 if (write_buf_len > 0 && !child_stdin_closed) {
1050 pfds[pfd_idx_child_stdin].fd = child_stdin;
1051 } else {
1052 pfds[pfd_idx_child_stdin].fd = -1;
1053 }
1054
1055 for (int i = 0; i < poll_len; i++) {
1056 pfds[i].revents = 0;
1057 }
1058
1059 if (ppoll(pfds, poll_len, NULL, NULL) < 0) {
1060 if (errno != EINTR) {
1061 perror("ppoll");
1062 goto err_kill_child;
1063 }
1064 }
1065
1066 if (pfds[0].revents & POLLIN) {
1067 /*
1068 * Our stdin -> temp buffer for child's stdin.
1069 * Need to do this before handling any supervisor
1070 * events so that inputs intended for the child is
1071 * not interperted as user decision.
1072 */
1073 const int read_len = 4096;
1074 write_buf =
1075 realloc(write_buf, write_buf_len + read_len);
1076 if (!write_buf) {
1077 fprintf(stderr,
1078 "Failed to realloc write buffer\n");
1079 goto err_kill_child;
1080 }
1081 ssize_t count = read(STDIN_FILENO,
1082 write_buf + write_buf_len,
1083 read_len);
1084 if (count > 0) {
1085 write_buf_len += count;
1086 } else if (count == 0) {
1087 /* Our stdin is closed. Don't read from it anymore. */
1088 pfds[pfd_idx_stdin].fd = -1;
1089 } else {
1090 perror("Failed to read from stdin");
1091 goto err_kill_child;
1092 }
1093 }
1094
1095 if (write_buf_len > 0) {
1096 /* Attempt to write any outstanding stdin to child */
1097 ssize_t written =
1098 write(child_stdin, write_buf, write_buf_len);
1099 if (written > 0) {
1100 if (written > write_buf_len) {
1101 abort();
1102 } else if (written == write_buf_len) {
1103 write_buf_len = 0;
1104 } else {
1105 memmove(write_buf, write_buf + written,
1106 write_buf_len - written);
1107 write_buf_len -= written;
1108 }
1109 } else {
1110 if (errno == EPIPE) {
1111 close(child_stdin);
1112 child_stdin_closed = true;
1113 pfds[pfd_idx_child_stdin].fd = -1;
1114 write_buf_len = 0;
1115 } else if (errno != EAGAIN) {
1116 perror("Failed to write to child stdin");
1117 goto err_kill_child;
1118 }
1119 }
1120 }
1121
1122 if (pfds[pfd_idx_stdin].fd == -1 && write_buf_len == 0) {
1123 /* We can safely close child's stdin now */
1124 close(child_stdin);
1125 child_stdin_closed = true;
1126 pfds[pfd_idx_child_stdin].fd = -1;
1127 }
1128
1129 if (pfds[pfd_idx_child_stdout].revents & POLLIN) {
1130 /* Child stdout -> our stdout */
1131 ssize_t count = read(child_stdout, io_buf, io_buf_len);
1132 if (count > 0) {
1133 if (write_all(STDOUT_FILENO, io_buf, count) <
1134 0) {
1135 perror("Failed to write to stdout");
1136 goto err_kill_child;
1137 }
1138 } else if (count == 0 ||
1139 (count < 0 && errno == EPIPE)) {
1140 close(child_stdout);
1141 pfds[pfd_idx_child_stdout].fd = -1;
1142 } else if (count < 0 && errno != EAGAIN) {
1143 perror("Failed to read from child stdout");
1144 goto err_kill_child;
1145 }
1146 }
1147
1148 if (pfds[2].revents & POLLIN) {
1149 /* Child stderr -> our stderr */
1150 ssize_t count = read(child_stderr, io_buf, io_buf_len);
1151 if (count > 0) {
1152 if (write_all(STDERR_FILENO, io_buf, count) <
1153 0) {
1154 perror("Failed to write to stderr");
1155 goto err_kill_child;
1156 }
1157 } else if (count == 0 ||
1158 (count < 0 && errno == EPIPE)) {
1159 close(child_stderr);
1160 pfds[pfd_idx_child_stderr].fd = -1;
1161 } else if (count < 0 && errno != EAGAIN) {
1162 perror("Failed to read from child stderr");
1163 goto err_kill_child;
1164 }
1165 }
1166
1167 if (waitpid(child_pid, &status, WNOHANG) == child_pid) {
1168 /*
1169 * Write out any remaining child stdout/stderr.
1170 * If child died, read would just return EOF.
1171 */
1172 while (1) {
1173 ssize_t count =
1174 read(child_stdout, io_buf, io_buf_len);
1175 if (count > 0)
1176 write_all(STDOUT_FILENO, io_buf, count);
1177 else
1178 break;
1179 }
1180 while (1) {
1181 ssize_t count =
1182 read(child_stderr, io_buf, io_buf_len);
1183 if (count > 0)
1184 write_all(STDERR_FILENO, io_buf, count);
1185 else
1186 break;
1187 }
1188 return WIFEXITED(status) ? WEXITSTATUS(status) : 1;
1189 }
1190
1191 if (pfds[pfd_idx_supervisor].revents) {
1192 retry:
> 1193 ssize_t count = read(supervisor_fd, io_buf, io_buf_len);
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2025-03-05 3:37 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 1:12 [RFC PATCH 0/9] Landlock supervise: a mechanism for interactive permission requests Tingmao Wang
2025-03-04 1:12 ` [RFC PATCH 1/9] Define the supervisor and event structure Tingmao Wang
2025-03-04 1:12 ` [RFC PATCH 2/9] Refactor per-layer information in rulesets and rules Tingmao Wang
2025-03-04 19:49 ` Mickaël Salaün
2025-03-06 2:58 ` Tingmao Wang
2025-03-08 18:57 ` Mickaël Salaün
2025-03-10 0:38 ` Tingmao Wang
2025-03-04 1:12 ` [RFC PATCH 3/9] Adds a supervisor reference in the per-layer information Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 4/9] User-space API for creating a supervisor-fd Tingmao Wang
2025-03-05 16:09 ` Mickaël Salaün
2025-03-10 0:41 ` Tingmao Wang
2025-03-11 19:28 ` Mickaël Salaün
2025-03-26 0:06 ` Tingmao Wang
2025-04-11 10:55 ` Mickaël Salaün
2025-03-04 1:13 ` [RFC PATCH 5/9] Define user structure for events and responses Tingmao Wang
2025-03-04 19:49 ` Mickaël Salaün
2025-03-06 3:05 ` Tingmao Wang
2025-03-08 19:07 ` Mickaël Salaün
2025-03-10 0:39 ` Tingmao Wang
2025-03-11 19:29 ` Mickaël Salaün
2025-03-10 0:39 ` Tingmao Wang
2025-03-11 19:28 ` Mickaël Salaün
2025-03-11 23:18 ` Tingmao Wang
2025-03-12 11:49 ` Mickaël Salaün
2025-03-26 0:02 ` Tingmao Wang
2025-03-05 4:13 ` kernel test robot
2025-03-04 1:13 ` [RFC PATCH 6/9] Creating supervisor events for filesystem operations Tingmao Wang
2025-03-04 19:50 ` Mickaël Salaün
2025-03-10 0:39 ` Tingmao Wang
2025-03-11 19:29 ` Mickaël Salaün
2025-03-05 5:05 ` kernel test robot
2025-03-04 1:13 ` [RFC PATCH 7/9] Implement fdinfo for ruleset and supervisor fd Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 8/9] Implement fops for supervisor-fd Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 9/9] Enhance the sandboxer example to support landlock-supervise Tingmao Wang
2025-03-05 3:36 ` kernel test robot [this message]
2025-03-04 19:48 ` [RFC PATCH 0/9] Landlock supervise: a mechanism for interactive permission requests Mickaël Salaün
2025-03-06 2:57 ` Tingmao Wang
2025-03-06 17:07 ` Amir Goldstein
2025-03-08 19:14 ` Mickaël Salaün
2025-03-11 0:42 ` Tingmao Wang
2025-03-11 19:28 ` Mickaël Salaün
2025-03-11 20:58 ` Song Liu
2025-03-11 22:03 ` Tingmao Wang
2025-03-11 23:23 ` Song Liu
2025-03-12 11:50 ` Mickaël Salaün
2025-03-12 10:58 ` Jan Kara
2025-03-12 12:26 ` Amir Goldstein
2025-03-08 18:57 ` Mickaël Salaün
2025-03-06 21:04 ` Jan Kara
2025-03-08 19:15 ` Mickaël Salaün
2025-03-12 6:20 ` Tetsuo Handa
2025-03-24 1:58 ` Tingmao Wang
2025-03-24 10:43 ` Tetsuo Handa
2026-02-15 2:41 ` Tingmao Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202503051100.TdwYRUDj-lkp@intel.com \
--to=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=m@maowtm.org \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.