Re: [LTP] [PATCH 2/7] Add lsm_get_self_attr01 test

[Cyril Hrubis <chrubis@suse.cz>]

Hi!
> @@ -0,0 +1,57 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LSM_GET_SELF_ATTR_H
> +#define LSM_GET_SELF_ATTR_H
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static inline struct lsm_ctx *next_ctx(struct lsm_ctx *tctx)
> +{
> +	return (struct lsm_ctx *)((void *)tctx + sizeof(*tctx) + tctx->ctx_len);

The cast to (struct lsm_ctx *) here is useless, C will cast it
automatically upon returning the value from the function.

> +}
> +
> +static inline void read_proc_attr(const char *attr, char *val, const size_t size)
> +{
> +	int fd;
> +	char *ptr;
> +	char path[BUFSIZ];
> +
> +	memset(val, 0, size);
> +	memset(path, 0, BUFSIZ);
> +
> +	snprintf(path, BUFSIZ, "/proc/self/attr/%s", attr);
> +
> +	tst_res(TINFO, "Reading %s", path);
> +
> +	fd = SAFE_OPEN(path, O_RDONLY);
> +
> +	if (read(fd, val, size) > 0) {
> +		ptr = strchr(val, '\n');
> +		if (ptr)
> +			*ptr = '\0';
> +	}
> +
> +	SAFE_CLOSE(fd);
> +}
> +
> +static inline int verify_enabled_lsm(const char *name)
> +{
> +	int fd;
> +	char data[BUFSIZ];
> +
> +	fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> +	SAFE_READ(0, fd, data, BUFSIZ);
> +	SAFE_CLOSE(fd);
> +
> +	if (!strstr(data, name)) {
> +		tst_res(TINFO, "%s is running", name);
> +		return 1;
> +	}

The strstr() is not future proof here. If somebody adds a lsm with a
name that is substring of current lsm name, the strstr() will produce
false possitive.

It's better to iterate over the data with strtok() and compare exact
names with strcmp().

> +	return 0;
> +}
> +#endif
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..2317941af1b73240368820e6a51591e7c18cc140
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr01.c
> @@ -0,0 +1,81 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Verify that lsm_get_self_attr syscall is raising errors when invalid data is
> + * provided.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/lsm.h"
> +
> +static struct lsm_ctx *ctx;
> +static uint32_t ctx_size;
> +static uint32_t ctx_size_small;
> +
> +static struct tcase {
> +	uint32_t attr;
> +	struct lsm_ctx **ctx;
> +	uint32_t *size;
> +	uint32_t flags;
> +	int exp_err;
> +	char *msg;
> +} tcases[] = {
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.exp_err = EINVAL,
> +		.msg = "size is NULL",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = LSM_FLAG_SINGLE | (LSM_FLAG_SINGLE << 1),
> +		.exp_err = EINVAL,
> +		.msg = "flags is invalid",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size_small,
> +		.exp_err = E2BIG,
> +		.msg = "size is too smal",
> +	},
> +	{
> +		.attr = LSM_ATTR_CURRENT,
> +		.ctx = &ctx,
> +		.size = &ctx_size,
> +		.flags = LSM_FLAG_SINGLE,
> +		.exp_err = EINVAL,
> +		.msg = "flags force to use ctx attributes",
> +	},
> +};
> +
> +static void run(unsigned int n)
> +{
> +	struct tcase *tc = &tcases[n];
> +
> +	memset(ctx, 0, sizeof(struct lsm_ctx));
> +	ctx_size = sizeof(struct lsm_ctx);
> +	ctx_size_small = 1;
> +
> +	TST_EXP_FAIL(lsm_get_self_attr(
> +		LSM_ATTR_CURRENT, *tc->ctx, tc->size, tc->flags),
> +		tc->exp_err,
> +		"%s", tc->msg);
> +}
> +
> +static struct tst_test test = {
> +	.test = run,
> +	.tcnt = ARRAY_SIZE(tcases),
> +	.min_kver = "6.8",
> +	.bufs = (struct tst_buffers[]) {
> +		{&ctx, .size = sizeof(struct lsm_ctx)},
> +		{}
> +	},
> +};

The test itself looks good.

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp