From: "Günther Noack" <gnoack@google.com>
To: Matthieu Buffet <matthieu@buffet.re>
Cc: "Mickaël Salaün" <mic@digikod.net>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] selftests/landlock: Remove invalid unix socket bind()
Date: Tue, 2 Dec 2025 09:37:24 +0100 [thread overview]
Message-ID: <aS6lMPTlUo9bWYEG@google.com> (raw)
In-Reply-To: <20251201003631.190817-1-matthieu@buffet.re>
Hello!
On Mon, Dec 01, 2025 at 01:36:31AM +0100, Matthieu Buffet wrote:
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index eee814e09dd7..7d378bdf3bce 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -4391,9 +4391,6 @@ TEST_F_FORK(layout1, named_unix_domain_socket_ioctl)
> cli_fd = socket(AF_UNIX, SOCK_STREAM, 0);
> ASSERT_LE(0, cli_fd);
>
> - size = offsetof(struct sockaddr_un, sun_path) + strlen(cli_un.sun_path);
> - ASSERT_EQ(0, bind(cli_fd, (struct sockaddr *)&cli_un, size));
> -
> bzero(&cli_un, sizeof(cli_un));
> cli_un.sun_family = AF_UNIX;
> strncpy(cli_un.sun_path, path, sizeof(cli_un.sun_path));
>
> base-commit: 54f9baf537b0a091adad860ec92e3e18e0a0754c
> --
> 2.47.3
>
Reviewed-by: Günther Noack <gnoack@google.com>
It looks like I must have fumbled with the copy&paste in that test,
this bind() call does not make sense in the place where it is and is
not necessary for the test. Apologies for that and thank you for
spotting this!
Optional: In hindsight, I think it would be nice to simplify the way
that we calculate the address length here. I probably mis-read
unix(7) at the time, where a similar formula is used (but with a
"+1"). Re-reading it, it seems that just passing sizeof(cli_un) as
the address length would have been the simpler and less error prone
solution:
From unix(7) (emphasis mine):
The addrlen argument that describes the enclosing sockaddr_un
structure should have a value of at least:
offsetof(struct sockaddr_un, sun_path)+strlen(addr.sun_path)+1
or, more simply, addrlen **can be specified as sizeof(struct
sockaddr_un).**
So, I believe that all the places where we calculate the size in this
function can just disappear and we can directly use sizeof(cli_un) and
sizeof(srv_un) in the bind() and connect() calls instead.
(Let me know whether you want to do it in this change, otherwise I am
also happy to send a follow-up fix.)
Thanks,
—Günther
next prev parent reply other threads:[~2025-12-02 8:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-01 0:36 [PATCH] selftests/landlock: Remove invalid unix socket bind() Matthieu Buffet
2025-12-02 8:37 ` Günther Noack [this message]
2025-12-02 21:46 ` Matthieu Buffet
2025-12-02 21:51 ` [PATCH] selftests/landlock: NULL-terminate unix pathname addresses Matthieu Buffet
2025-12-03 9:48 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aS6lMPTlUo9bWYEG@google.com \
--to=gnoack@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=matthieu@buffet.re \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).