From: Cyril Hrubis <chrubis@suse.cz>
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 6/7] Add lsm_list_modules02 test
Date: Tue, 4 Mar 2025 14:24:17 +0100 [thread overview]
Message-ID: <Z8b_ASCxF6gTvanH@yuki.lan> (raw)
In-Reply-To: <20250110-lsm-v2-6-bd38035f86bc@suse.com>
Hi!
> +#include "lsm_common.h"
> +
> +#define MAX_LSM_NUM 32
> +
> +static char lsm_names[MAX_LSM_NUM][BUFSIZ];
> +static size_t lsm_names_count;
> +static uint32_t page_size;
> +static uint64_t *ids;
> +static uint32_t *size;
> +
> +static void run(void)
> +{
> + uint32_t lsm_num;
> + size_t count;
> +
> + memset(ids, 0, sizeof(uint64_t) * MAX_LSM_NUM);
> + *size = page_size;
> +
> + lsm_num = TST_EXP_POSITIVE(lsm_list_modules(ids, size, 0));
If we want to pass the size as page_size here the buffer passed to the
syscall would have to be page_size in size. The whole point of passing
the size here is to tell the kernel the size of the buffer it can use
and it's a pointer because kernel will return the size of the buffer it
used back.
> +
> + TST_EXP_EQ_LI(lsm_num, lsm_names_count);
> + TST_EXP_EQ_LI(*size, lsm_num * sizeof(uint64_t));
> +
> + for (uint32_t i = 0; i < lsm_num; i++) {
> + char *name = NULL;
> +
> + switch (ids[i]) {
> + case LSM_ID_CAPABILITY:
> + name = "capability";
> + break;
> + case LSM_ID_SELINUX:
> + name = "selinux";
> + break;
> + case LSM_ID_SMACK:
> + name = "smack";
> + break;
> + case LSM_ID_TOMOYO:
> + name = "tomoyo";
> + break;
> + case LSM_ID_APPARMOR:
> + name = "apparmor";
> + break;
> + case LSM_ID_YAMA:
> + name = "yama";
> + break;
> + case LSM_ID_LOADPIN:
> + name = "loadpin";
> + break;
> + case LSM_ID_SAFESETID:
> + name = "safesetid";
> + break;
> + case LSM_ID_LOCKDOWN:
> + name = "lockdown";
> + break;
> + case LSM_ID_BPF:
> + name = "bpf";
> + break;
> + case LSM_ID_LANDLOCK:
> + name = "landlock";
> + break;
> + case LSM_ID_IMA:
> + name = "ima";
> + break;
> + case LSM_ID_EVM:
> + name = "evm";
> + break;
> + case LSM_ID_IPE:
> + name = "ipe";
> + break;
> + default:
> + break;
> + }
I guess that it may be also a good idea to have an array where we would
record which LSM we have seen in the buffer to make sure that we didn't
get any of them twice.
I suppose that we can turn the lsm_names into a structure and add
counters there with:
struct lsm_name {
int cnt;
char name[MAX_LSM_NAME];
};
struct lsm_name lsm_names[MAX_LSM_NUM];
> + if (!name)
> + tst_brk(TBROK, "Unsupported LSM: %lu", ids[i]);
> +
> + for (count = 0; count < lsm_names_count; count++) {
> + if (!strcmp(name, lsm_names[count])) {
> + tst_res(TPASS, "'%s' is enabled", name);
And then we can (assuming we zero the counters at the start of this
function) do:
if (lsm_names[count].cnt)
tst_res(TFAIL, "Duplicated LSM entry %s", lsm_names[count].name);
lsm_names[count].cnt++;
> + break;
> + }
> + }
> +
> + if (count >= lsm_names_count)
> + tst_res(TFAIL, "'%s' has not been found", name);
> + }
> +}
> +
> +static void setup(void)
> +{
> + int fd;
> + char *ptr;
> + char data[BUFSIZ];
> +
> + memset(data, 0, BUFSIZ);
> +
> + page_size = SAFE_SYSCONF(_SC_PAGESIZE);
> + fd = SAFE_OPEN("/sys/kernel/security/lsm", O_RDONLY);
> + SAFE_READ(0, fd, data, BUFSIZ);
> + SAFE_CLOSE(fd);
> +
> + ptr = strtok(data, ",");
> +
> + while (ptr != NULL) {
> + strcpy(lsm_names[lsm_names_count], ptr);
> + ptr = strtok(NULL, ",");
> + lsm_names_count++;
> + }
> +}
> +
> +static struct tst_test test = {
> + .test_all = run,
> + .setup = setup,
> + .min_kver = "6.8",
> + .bufs = (struct tst_buffers []) {
> + {&ids, .size = sizeof(uint64_t) * MAX_LSM_NUM},
> + {&size, .size = sizeof(uint32_t)},
> + {},
> + },
> +};
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-03-04 13:24 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-10 12:55 [LTP] [PATCH v2 0/7] LSM testing suite Andrea Cervesato
2025-01-10 12:55 ` [LTP] [PATCH v2 1/7] Add fallback definitions of LSM syscalls Andrea Cervesato
2025-03-04 12:00 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 2/7] Add lsm_get_self_attr01 test Andrea Cervesato
2025-03-04 12:21 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 3/7] Add lsm_get_self_attr02 test Andrea Cervesato
2025-03-04 12:29 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 4/7] Add lsm_get_self_attr03 test Andrea Cervesato
2025-03-04 13:11 ` Cyril Hrubis
2025-03-21 12:23 ` Andrea Cervesato via ltp
2025-04-28 14:50 ` Cyril Hrubis
2025-01-10 12:55 ` [LTP] [PATCH v2 5/7] Add lsm_list_modules01 test Andrea Cervesato
2025-01-10 12:55 ` [LTP] [PATCH v2 6/7] Add lsm_list_modules02 test Andrea Cervesato
2025-03-04 13:24 ` Cyril Hrubis [this message]
2025-01-10 12:55 ` [LTP] [PATCH v2 7/7] Add lsm_set_self_attr01 test Andrea Cervesato
2025-03-04 13:26 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8b_ASCxF6gTvanH@yuki.lan \
--to=chrubis@suse.cz \
--cc=andrea.cervesato@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox