From: Cyril Hrubis <chrubis@suse.cz>
To: Jan Stancek <jstancek@redhat.com>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2] syscalls/statmount07: change "invalid buffer size" test
Date: Tue, 15 Oct 2024 14:07:39 +0200 [thread overview]
Message-ID: <Zw5bCxNMuCz4aKWC@yuki.lan> (raw)
In-Reply-To: <d53bcc8476d4c2ef37b92543b2f7fe8338420f0b.1728992854.git.jstancek@redhat.com>
Hi!
> Signed-off-by: Jan Stancek <jstancek@redhat.com>
> ---
> testcases/kernel/syscalls/statmount/statmount07.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/testcases/kernel/syscalls/statmount/statmount07.c b/testcases/kernel/syscalls/statmount/statmount07.c
> index 0cc83429872f..58fcc20acce7 100644
> --- a/testcases/kernel/syscalls/statmount/statmount07.c
> +++ b/testcases/kernel/syscalls/statmount/statmount07.c
> @@ -20,10 +20,10 @@
> static struct statmount *st_mount;
> static struct statmount *st_mount_null;
> static struct statmount *st_mount_small;
> +static struct statmount *st_mount_bad;
> static uint64_t mnt_id;
> static uint64_t mnt_id_dont_exist = -1;
> static size_t buff_size;
> -static size_t buff_size_invalid = -1;
>
> struct tcase {
> int exp_errno;
> @@ -90,12 +90,12 @@ struct tcase {
> },
> {
> EFAULT,
> - "invalid buffer size",
> + "buffer crosses to PROT_NONE",
> &mnt_id,
> 0,
> 0,
> - &buff_size_invalid,
> - &st_mount
> + &buff_size,
> + &st_mount_bad
> },
> {
> EFAULT,
> @@ -139,6 +139,7 @@ static struct tst_test test = {
> .bufs = (struct tst_buffers []) {
> {&st_mount, .size = sizeof(struct statmount)},
> {&st_mount_small, .size = sizeof(struct statmount)},
> + {&st_mount_bad, .size = 1},
With this we create a mapping where PROT_NONE is before the buffer, not
after it, since guarded buffers are primarily guarding about off-by-one
at the start of the buffer. There is a canaray after after the allocated
buffer that will potentialy be rewritten, but that would be detected
only at the test exit.
If I remmeber correctly the mappings will look like:
| PROT_NONE |_ CANARY BYTES |
^
And this is our 1-byte buffer.
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-10-15 12:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-15 7:57 [LTP] [PATCH] syscalls/statmount07: drop "invalid buffer size" test Jan Stancek
2024-10-15 9:50 ` Cyril Hrubis
2024-10-15 10:10 ` Jan Stancek
2024-10-15 10:59 ` Cyril Hrubis
2024-10-15 11:51 ` Jan Stancek
2024-10-15 11:48 ` [LTP] [PATCH v2] syscalls/statmount07: change " Jan Stancek
2024-10-15 12:07 ` Cyril Hrubis [this message]
2024-10-15 12:41 ` Jan Stancek
2024-10-15 13:43 ` Cyril Hrubis
2024-10-15 13:54 ` Jan Stancek
2024-10-18 10:23 ` Petr Vorel
2024-10-18 10:25 ` Jan Stancek
2024-10-15 13:45 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zw5bCxNMuCz4aKWC@yuki.lan \
--to=chrubis@suse.cz \
--cc=jstancek@redhat.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox