From: Cyril Hrubis <chrubis@suse.cz>
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 4/4] Add error coverage for landlock network support
Date: Tue, 5 Nov 2024 16:39:15 +0100 [thread overview]
Message-ID: <Zyo8I-32MuJz_EFw@yuki.lan> (raw)
In-Reply-To: <20241105-landlock_network-v2-4-d58791487919@suse.com>
Hi!
> diff --git a/testcases/kernel/syscalls/landlock/landlock02.c b/testcases/kernel/syscalls/landlock/landlock02.c
> index 8566d407f6d17ab367695125f07d0a80cf4130e5..dbc405a8a01ac58e0d22f952f57bd603c62ab8be 100644
> --- a/testcases/kernel/syscalls/landlock/landlock02.c
> +++ b/testcases/kernel/syscalls/landlock/landlock02.c
> @@ -20,93 +20,146 @@
>
> #include "landlock_common.h"
>
> -static struct tst_landlock_ruleset_attr_abi1 *ruleset_attr;
> +static struct tst_landlock_ruleset_attr_abi4 *ruleset_attr;
> static struct landlock_path_beneath_attr *path_beneath_attr;
> static struct landlock_path_beneath_attr *rule_null;
> +static struct landlock_net_port_attr *net_port_attr;
> static int ruleset_fd;
> static int invalid_fd = -1;
> +static int abi_current;
>
> static struct tcase {
> int *fd;
> - enum landlock_rule_type rule_type;
> - struct landlock_path_beneath_attr **attr;
> + int rule_type;
> + struct landlock_path_beneath_attr **path_attr;
> + struct landlock_net_port_attr **net_attr;
> int access;
> int parent_fd;
> + int net_port;
> uint32_t flags;
> int exp_errno;
> + int abi_ver;
> char *msg;
> } tcases[] = {
> {
> .fd = &ruleset_fd,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
This is a static structure, so anything that is not initialized will be
zeroed anyways, so I would just omit the explicit NULL initializations.
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .flags = 1,
> .exp_errno = EINVAL,
> + .abi_ver = 1,
> .msg = "Invalid flags"
> },
> {
> .fd = &ruleset_fd,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .exp_errno = EINVAL,
> + .abi_ver = 1,
> .msg = "Invalid rule type"
> },
> {
> .fd = &ruleset_fd,
> .rule_type = LANDLOCK_RULE_PATH_BENEATH,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .exp_errno = ENOMSG,
> + .abi_ver = 1,
> .msg = "Empty accesses"
> },
> {
> .fd = &invalid_fd,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .exp_errno = EBADF,
> + .abi_ver = 1,
> .msg = "Invalid file descriptor"
> },
> {
> .fd = &ruleset_fd,
> .rule_type = LANDLOCK_RULE_PATH_BENEATH,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .parent_fd = -1,
> .exp_errno = EBADF,
> + .abi_ver = 1,
> .msg = "Invalid parent fd"
> },
> {
> .fd = &ruleset_fd,
> .rule_type = LANDLOCK_RULE_PATH_BENEATH,
> - .attr = &rule_null,
> + .path_attr = &rule_null,
> + .net_attr = NULL,
> .exp_errno = EFAULT,
> + .abi_ver = 1,
> .msg = "Invalid rule attr"
> },
> + {
> + .fd = &ruleset_fd,
> + .rule_type = LANDLOCK_RULE_NET_PORT,
> + .path_attr = NULL,
> + .net_attr = &net_port_attr,
> + .access = LANDLOCK_ACCESS_FS_EXECUTE,
> + .net_port = 448,
> + .exp_errno = EINVAL,
> + .abi_ver = 4,
> + .msg = "Invalid access rule for network type"
> + },
> + {
> + .fd = &ruleset_fd,
> + .rule_type = LANDLOCK_RULE_NET_PORT,
> + .path_attr = NULL,
> + .net_attr = &net_port_attr,
> + .access = LANDLOCK_ACCESS_NET_BIND_TCP,
> + .net_port = INT16_MAX + 1,
> + .exp_errno = EINVAL,
> + .abi_ver = 4,
> + .msg = "Socket port greater than 65535"
> + },
> };
>
> static void run(unsigned int n)
> {
> struct tcase *tc = &tcases[n];
>
> - if (*tc->attr) {
> - (*tc->attr)->allowed_access = tc->access;
> - (*tc->attr)->parent_fd = tc->parent_fd;
> + if (tc->abi_ver > abi_current) {
> + tst_res(TCONF, "Minimum ABI required: %d", tc->abi_ver);
> + return;
> }
>
> - TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> - *tc->fd, tc->rule_type, *tc->attr, tc->flags),
> - tc->exp_errno,
> - "%s",
> - tc->msg);
> + if (tc->path_attr) {
> + if (*tc->path_attr) {
> + (*tc->path_attr)->allowed_access = tc->access;
> + (*tc->path_attr)->parent_fd = tc->parent_fd;
> + }
> +
> + TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> + *tc->fd, tc->rule_type, *tc->path_attr, tc->flags),
> + tc->exp_errno, "%s", tc->msg);
> + } else if (tc->net_attr) {
> + if (*tc->net_attr) {
> + (*tc->net_attr)->allowed_access = tc->access;
> + (*tc->net_attr)->port = tc->net_port;
> + }
> +
> + TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> + *tc->fd, tc->rule_type, *tc->net_attr, tc->flags),
> + tc->exp_errno, "%s", tc->msg);
if we assing the attr into a pointer this TST_EPX_FAIL() can be outside
of the if as:
void *attr;
if (path_attr) {
...
attr = *path_attr;
} else {
...
attr = *net_attr;
}
TST_EXP_FAIL(..., attr, ...);
> + }
> }
>
> static void setup(void)
> {
> - verify_landlock_is_enabled();
> + abi_current = verify_landlock_is_enabled();
>
> ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE;
>
> ruleset_fd = TST_EXP_FD_SILENT(tst_syscall(__NR_landlock_create_ruleset,
> - ruleset_attr, sizeof(struct tst_landlock_ruleset_attr_abi1), 0));
> + ruleset_attr, sizeof(struct tst_landlock_ruleset_attr_abi4), 0));
^
This should be abi_current otherwise we
will fail on v1 only system.
> }
>
> static void cleanup(void)
> @@ -122,8 +175,9 @@ static struct tst_test test = {
> .cleanup = cleanup,
> .needs_root = 1,
> .bufs = (struct tst_buffers []) {
> - {&ruleset_attr, .size = sizeof(struct tst_landlock_ruleset_attr_abi1)},
> + {&ruleset_attr, .size = sizeof(struct tst_landlock_ruleset_attr_abi4)},
> {&path_beneath_attr, .size = sizeof(struct landlock_path_beneath_attr)},
> + {&net_port_attr, .size = sizeof(struct landlock_net_port_attr)},
> {},
> },
> .caps = (struct tst_cap []) {
The rest looks good to me, with the minor probles fixed:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-11-05 15:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 9:34 [LTP] [PATCH v2 0/4] landlock network coverage support Andrea Cervesato
2024-11-05 9:34 ` [LTP] [PATCH v2 1/4] Fallback landlock network support Andrea Cervesato
2024-11-05 12:31 ` Li Wang
2024-11-05 12:42 ` Li Wang
2024-11-05 12:59 ` Andrea Cervesato via ltp
2024-11-05 13:15 ` Cyril Hrubis
2024-11-05 15:13 ` Cyril Hrubis
2024-11-06 7:13 ` Li Wang
2024-11-05 12:47 ` Andrea Cervesato via ltp
2024-11-05 13:08 ` Cyril Hrubis
2024-11-05 13:15 ` Andrea Cervesato via ltp
2024-11-05 9:34 ` [LTP] [PATCH v2 2/4] Network helpers in landlock suite common functions Andrea Cervesato
2024-11-05 15:27 ` Cyril Hrubis
2024-11-05 9:34 ` [LTP] [PATCH v2 3/4] Add landlock08 test Andrea Cervesato
2024-11-05 15:26 ` Cyril Hrubis
2024-11-05 9:34 ` [LTP] [PATCH v2 4/4] Add error coverage for landlock network support Andrea Cervesato
2024-11-05 15:39 ` Cyril Hrubis [this message]
2024-11-05 17:45 ` Cyril Hrubis
2024-11-06 10:29 ` Andrea Cervesato via ltp
2024-11-06 10:38 ` Cyril Hrubis
2024-11-06 11:01 ` Andrea Cervesato via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zyo8I-32MuJz_EFw@yuki.lan \
--to=chrubis@suse.cz \
--cc=andrea.cervesato@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.