From: Tingmao Wang <m@maowtm.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: audit@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v7 09/28] landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials
Date: Thu, 27 Mar 2025 21:38:05 +0000 [thread overview]
Message-ID: <20250327213807.12964-1-m@maowtm.org> (raw)
In-Reply-To: <20250320190717.2287696-10-mic@digikod.net>
Hi Mickaël,
On 3/20/25 19:06, Mickaël Salaün wrote:
[...]
> +static struct landlock_hierarchy *
> +get_hierarchy(const struct landlock_ruleset *const domain, const size_t layer)
> +{
> + struct landlock_hierarchy *hierarchy = domain->hierarchy;
> + ssize_t i;
> +
> + if (WARN_ON_ONCE(layer >= domain->num_layers))
> + return hierarchy;
> +
> + for (i = domain->num_layers - 1; i > layer; i--) {
> + if (WARN_ON_ONCE(!hierarchy->parent))
> + break;
> +
> + hierarchy = hierarchy->parent;
> + }
> +
> + return hierarchy;
> +}
> +
> +#ifdef CONFIG_SECURITY_LANDLOCK_KUNIT_TEST
> +
> +static void test_get_hierarchy(struct kunit *const test)
> +{
> + struct landlock_hierarchy dom0_hierarchy = {
> + .id = 10,
> + };
> + struct landlock_hierarchy dom1_hierarchy = {
> + .parent = &dom0_hierarchy,
> + .id = 20,
> + };
> + struct landlock_hierarchy dom2_hierarchy = {
> + .parent = &dom1_hierarchy,
> + .id = 30,
> + };
> + struct landlock_ruleset dom2 = {
> + .hierarchy = &dom2_hierarchy,
> + .num_layers = 3,
> + };
> +
> + KUNIT_EXPECT_EQ(test, 10, get_hierarchy(&dom2, 0)->id);
> + KUNIT_EXPECT_EQ(test, 20, get_hierarchy(&dom2, 1)->id);
> + KUNIT_EXPECT_EQ(test, 30, get_hierarchy(&dom2, 2)->id);
> + KUNIT_EXPECT_EQ(test, 30, get_hierarhy(&dom2, -1)->id);
This causes a warning from WARN_ON_ONCE(layer >= domain->num_layers)
when running this test, I guess because layer is unsigned. Should it
be ssize_t, if this is an expected usage?
------------[ cut here ]------------
WARNING: CPU: 7 PID: 145 at security/landlock/audit.c:142 get_hierarchy (security/landlock/audit.c:142)
Modules linked in:
CPU: 7 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G N 6.14.0-next-20250326-dev-00004-g4e57edc3e062-dirty #5 PREEMPT(undef)
Tainted: [N]=TEST
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:get_hierarchy (security/landlock/audit.c:142)
Code: 83 e8 02 e8 18 00 84 c0 75 02 0f 0b 48 83 c4 08 48 89 d8 5b 41 5c 41 5e 5d c3 48 c7 c7 00 f3 21 83 e8 e2 e7 18 00 84 c0 75 e2 <0f> 0b eb de 48 89 75 e0 e8 a1 a9 a7 ff 48 8b 75 e0 e9 76 ff ff ff
// snip //
Call Trace:
<TASK>
test_get_hierarchy (security/landlock/audit.c:178 (discriminator 5))
? test_get_denied_layer (security/landlock/audit.c:158)
? lock_repin_lock (kernel/locking/lockdep.c:5649 kernel/locking/lockdep.c:5978)
? __lock_acquire (kernel/locking/lockdep.c:4675 kernel/locking/lockdep.c:5189)
? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)
? find_held_lock (kernel/locking/lockdep.c:5348)
? trace_irq_enable (./include/trace/events/preemptirq.h:40 (discriminator 17))
? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:80)
? kvm_clock_get_cycles (./arch/x86/include/asm/preempt.h:95 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86)
? ktime_get_ts64 (kernel/time/timekeeping.c:318 (discriminator 4) kernel/time/timekeeping.c:335 (discriminator 4) kernel/time/timekeeping.c:907 (discriminator 4))
kunit_try_run_case (lib/kunit/test.c:400 lib/kunit/test.c:443)
? kunit_try_run_case_cleanup (lib/kunit/test.c:430)
next prev parent reply other threads:[~2025-03-27 21:38 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-20 19:06 [PATCH v7 00/28] Landlock audit support Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 01/28] lsm: Add audit_log_lsm_data() helper Mickaël Salaün
2025-03-25 19:35 ` Günther Noack
2025-03-20 19:06 ` [PATCH v7 02/28] landlock: Add unique ID generator Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 03/28] landlock: Move domain hierarchy management Mickaël Salaün
2025-03-25 19:37 ` Günther Noack
2025-03-20 19:06 ` [PATCH v7 04/28] landlock: Prepare to use credential instead of domain for filesystem Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 05/28] landlock: Prepare to use credential instead of domain for network Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 06/28] landlock: Prepare to use credential instead of domain for scope Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 07/28] landlock: Prepare to use credential instead of domain for fowner Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 08/28] landlock: Identify domain execution crossing Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 09/28] landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials Mickaël Salaün
2025-03-27 21:38 ` Tingmao Wang [this message]
2025-03-28 10:33 ` Mickaël Salaün
2025-03-20 19:06 ` [PATCH v7 10/28] landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 11/28] landlock: Log mount-related denials Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 12/28] landlock: Log file-related denials Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 13/28] landlock: Factor out IOCTL hooks Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 14/28] landlock: Log truncate and IOCTL denials Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 15/28] landlock: Log TCP bind and connect denials Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 16/28] landlock: Log scoped denials Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 17/28] landlock: Add LANDLOCK_RESTRICT_SELF_LOG_*_EXEC_* flags Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 18/28] landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 19/28] samples/landlock: Enable users to log sandbox denials Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 20/28] selftests/landlock: Add test for invalid ruleset file descriptor Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 21/28] selftests/landlock: Extend tests for landlock_restrict_self(2)'s flags Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 22/28] selftests/landlock: Add tests for audit flags and domain IDs Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 23/28] selftests/landlock: Test audit with restrict flags Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 24/28] selftests/landlock: Add audit tests for ptrace Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 25/28] selftests/landlock: Add audit tests for abstract UNIX socket scoping Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 26/28] selftests/landlock: Add audit tests for filesystem Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 27/28] selftests/landlock: Add audit tests for network Mickaël Salaün
2025-03-20 19:07 ` [PATCH v7 28/28] landlock: Add audit documentation Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250327213807.12964-1-m@maowtm.org \
--to=m@maowtm.org \
--cc=audit@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox