From: Cyril Hrubis <chrubis@suse.cz>
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 4/4] Add error coverage for landlock network support
Date: Tue, 5 Nov 2024 16:39:15 +0100 [thread overview]
Message-ID: <Zyo8I-32MuJz_EFw@yuki.lan> (raw)
In-Reply-To: <20241105-landlock_network-v2-4-d58791487919@suse.com>
Hi!
> diff --git a/testcases/kernel/syscalls/landlock/landlock02.c b/testcases/kernel/syscalls/landlock/landlock02.c
> index 8566d407f6d17ab367695125f07d0a80cf4130e5..dbc405a8a01ac58e0d22f952f57bd603c62ab8be 100644
> --- a/testcases/kernel/syscalls/landlock/landlock02.c
> +++ b/testcases/kernel/syscalls/landlock/landlock02.c
> @@ -20,93 +20,146 @@
>
> #include "landlock_common.h"
>
> -static struct tst_landlock_ruleset_attr_abi1 *ruleset_attr;
> +static struct tst_landlock_ruleset_attr_abi4 *ruleset_attr;
> static struct landlock_path_beneath_attr *path_beneath_attr;
> static struct landlock_path_beneath_attr *rule_null;
> +static struct landlock_net_port_attr *net_port_attr;
> static int ruleset_fd;
> static int invalid_fd = -1;
> +static int abi_current;
>
> static struct tcase {
> int *fd;
> - enum landlock_rule_type rule_type;
> - struct landlock_path_beneath_attr **attr;
> + int rule_type;
> + struct landlock_path_beneath_attr **path_attr;
> + struct landlock_net_port_attr **net_attr;
> int access;
> int parent_fd;
> + int net_port;
> uint32_t flags;
> int exp_errno;
> + int abi_ver;
> char *msg;
> } tcases[] = {
> {
> .fd = &ruleset_fd,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
This is a static structure, so anything that is not initialized will be
zeroed anyways, so I would just omit the explicit NULL initializations.
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .flags = 1,
> .exp_errno = EINVAL,
> + .abi_ver = 1,
> .msg = "Invalid flags"
> },
> {
> .fd = &ruleset_fd,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .exp_errno = EINVAL,
> + .abi_ver = 1,
> .msg = "Invalid rule type"
> },
> {
> .fd = &ruleset_fd,
> .rule_type = LANDLOCK_RULE_PATH_BENEATH,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .exp_errno = ENOMSG,
> + .abi_ver = 1,
> .msg = "Empty accesses"
> },
> {
> .fd = &invalid_fd,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .exp_errno = EBADF,
> + .abi_ver = 1,
> .msg = "Invalid file descriptor"
> },
> {
> .fd = &ruleset_fd,
> .rule_type = LANDLOCK_RULE_PATH_BENEATH,
> - .attr = &path_beneath_attr,
> + .path_attr = &path_beneath_attr,
> + .net_attr = NULL,
> .access = LANDLOCK_ACCESS_FS_EXECUTE,
> .parent_fd = -1,
> .exp_errno = EBADF,
> + .abi_ver = 1,
> .msg = "Invalid parent fd"
> },
> {
> .fd = &ruleset_fd,
> .rule_type = LANDLOCK_RULE_PATH_BENEATH,
> - .attr = &rule_null,
> + .path_attr = &rule_null,
> + .net_attr = NULL,
> .exp_errno = EFAULT,
> + .abi_ver = 1,
> .msg = "Invalid rule attr"
> },
> + {
> + .fd = &ruleset_fd,
> + .rule_type = LANDLOCK_RULE_NET_PORT,
> + .path_attr = NULL,
> + .net_attr = &net_port_attr,
> + .access = LANDLOCK_ACCESS_FS_EXECUTE,
> + .net_port = 448,
> + .exp_errno = EINVAL,
> + .abi_ver = 4,
> + .msg = "Invalid access rule for network type"
> + },
> + {
> + .fd = &ruleset_fd,
> + .rule_type = LANDLOCK_RULE_NET_PORT,
> + .path_attr = NULL,
> + .net_attr = &net_port_attr,
> + .access = LANDLOCK_ACCESS_NET_BIND_TCP,
> + .net_port = INT16_MAX + 1,
> + .exp_errno = EINVAL,
> + .abi_ver = 4,
> + .msg = "Socket port greater than 65535"
> + },
> };
>
> static void run(unsigned int n)
> {
> struct tcase *tc = &tcases[n];
>
> - if (*tc->attr) {
> - (*tc->attr)->allowed_access = tc->access;
> - (*tc->attr)->parent_fd = tc->parent_fd;
> + if (tc->abi_ver > abi_current) {
> + tst_res(TCONF, "Minimum ABI required: %d", tc->abi_ver);
> + return;
> }
>
> - TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> - *tc->fd, tc->rule_type, *tc->attr, tc->flags),
> - tc->exp_errno,
> - "%s",
> - tc->msg);
> + if (tc->path_attr) {
> + if (*tc->path_attr) {
> + (*tc->path_attr)->allowed_access = tc->access;
> + (*tc->path_attr)->parent_fd = tc->parent_fd;
> + }
> +
> + TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> + *tc->fd, tc->rule_type, *tc->path_attr, tc->flags),
> + tc->exp_errno, "%s", tc->msg);
> + } else if (tc->net_attr) {
> + if (*tc->net_attr) {
> + (*tc->net_attr)->allowed_access = tc->access;
> + (*tc->net_attr)->port = tc->net_port;
> + }
> +
> + TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> + *tc->fd, tc->rule_type, *tc->net_attr, tc->flags),
> + tc->exp_errno, "%s", tc->msg);
if we assing the attr into a pointer this TST_EPX_FAIL() can be outside
of the if as:
void *attr;
if (path_attr) {
...
attr = *path_attr;
} else {
...
attr = *net_attr;
}
TST_EXP_FAIL(..., attr, ...);
> + }
> }
>
> static void setup(void)
> {
> - verify_landlock_is_enabled();
> + abi_current = verify_landlock_is_enabled();
>
> ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE;
>
> ruleset_fd = TST_EXP_FD_SILENT(tst_syscall(__NR_landlock_create_ruleset,
> - ruleset_attr, sizeof(struct tst_landlock_ruleset_attr_abi1), 0));
> + ruleset_attr, sizeof(struct tst_landlock_ruleset_attr_abi4), 0));
^
This should be abi_current otherwise we
will fail on v1 only system.
> }
>
> static void cleanup(void)
> @@ -122,8 +175,9 @@ static struct tst_test test = {
> .cleanup = cleanup,
> .needs_root = 1,
> .bufs = (struct tst_buffers []) {
> - {&ruleset_attr, .size = sizeof(struct tst_landlock_ruleset_attr_abi1)},
> + {&ruleset_attr, .size = sizeof(struct tst_landlock_ruleset_attr_abi4)},
> {&path_beneath_attr, .size = sizeof(struct landlock_path_beneath_attr)},
> + {&net_port_attr, .size = sizeof(struct landlock_net_port_attr)},
> {},
> },
> .caps = (struct tst_cap []) {
The rest looks good to me, with the minor probles fixed:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-11-05 15:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 9:34 [LTP] [PATCH v2 0/4] landlock network coverage support Andrea Cervesato
2024-11-05 9:34 ` [LTP] [PATCH v2 1/4] Fallback landlock network support Andrea Cervesato
2024-11-05 12:31 ` Li Wang
2024-11-05 12:42 ` Li Wang
2024-11-05 12:59 ` Andrea Cervesato via ltp
2024-11-05 13:15 ` Cyril Hrubis
2024-11-05 15:13 ` Cyril Hrubis
2024-11-06 7:13 ` Li Wang
2024-11-05 12:47 ` Andrea Cervesato via ltp
2024-11-05 13:08 ` Cyril Hrubis
2024-11-05 13:15 ` Andrea Cervesato via ltp
2024-11-05 9:34 ` [LTP] [PATCH v2 2/4] Network helpers in landlock suite common functions Andrea Cervesato
2024-11-05 15:27 ` Cyril Hrubis
2024-11-05 9:34 ` [LTP] [PATCH v2 3/4] Add landlock08 test Andrea Cervesato
2024-11-05 15:26 ` Cyril Hrubis
2024-11-05 9:34 ` [LTP] [PATCH v2 4/4] Add error coverage for landlock network support Andrea Cervesato
2024-11-05 15:39 ` Cyril Hrubis [this message]
2024-11-05 17:45 ` Cyril Hrubis
2024-11-06 10:29 ` Andrea Cervesato via ltp
2024-11-06 10:38 ` Cyril Hrubis
2024-11-06 11:01 ` Andrea Cervesato via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zyo8I-32MuJz_EFw@yuki.lan \
--to=chrubis@suse.cz \
--cc=andrea.cervesato@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox