[LTP] [PATCH v2 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve
Guangwen Feng
fenggw-fnst@cn.fujitsu.com
Fri Aug 25 05:14:33 CEST 2017
Hi!
Please ignore the v2, I found there are some problem, sorry.
I will send a v3 soon.
Best Regards,
Guangwen Feng
在 08/24/2017 09:28 PM, Guangwen Feng 写道:
> 1.syscalls/keyctl02 and syscalls/keyctl03 make use of lapi/keyctl.h
>
> 2.syscalls/keyctl0* use keyutils.h fallback definition in lapi/keyctl.h
> instead of raw syscall, thus we would test the keyutils library if the
> header is present and these tests will not be disabled otherwise.
>
> 3.Add syscalls/keyctl02 and commands/keyctl01 to the CVE runtest file as
> cve-2015-7550 and cve-2016-4470 respectively.
>
> Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
> ---
> runtest/cve | 2 ++
> testcases/kernel/syscalls/keyctl/Makefile | 4 ++--
> testcases/kernel/syscalls/keyctl/keyctl01.c | 20 +++++++++++---------
> testcases/kernel/syscalls/keyctl/keyctl02.c | 16 ++++++----------
> testcases/kernel/syscalls/keyctl/keyctl03.c | 20 ++++++++++----------
> testcases/kernel/syscalls/keyctl/keyctl04.c | 20 +++++++++++---------
> testcases/kernel/syscalls/keyctl/keyctl05.c | 29 ++++++++++++++++-------------
> 7 files changed, 58 insertions(+), 53 deletions(-)
>
> diff --git a/runtest/cve b/runtest/cve
> index 468f0b2..5b16e9e 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -5,6 +5,8 @@ cve-2011-2496 vma03
> cve-2012-0957 cve-2012-0957
> cve-2014-0196 cve-2014-0196
> cve-2015-0235 gethostbyname_r01
> +cve-2015-7550 keyctl02
> +cve-2016-4470 keyctl01.sh
> cve-2016-4997 cve-2016-4997
> cve-2016-5195 dirtyc0w
> cve-2016-7042 cve-2016-7042
> diff --git a/testcases/kernel/syscalls/keyctl/Makefile b/testcases/kernel/syscalls/keyctl/Makefile
> index bb3d3a4..dd1f6b4 100644
> --- a/testcases/kernel/syscalls/keyctl/Makefile
> +++ b/testcases/kernel/syscalls/keyctl/Makefile
> @@ -18,8 +18,8 @@
>
> top_srcdir ?= ../../../..
>
> -keyctl02: LDLIBS +=-lpthread $(KEYUTILS_LIBS)
> -keyctl03: LDLIBS +=$(KEYUTILS_LIBS)
> +LDLIBS += $(KEYUTILS_LIBS)
> +keyctl02: LDLIBS += -lpthread
>
> include $(top_srcdir)/include/mk/testcases.mk
>
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
> index 30d51bd..345fa8c 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl01.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
> @@ -28,31 +28,25 @@
> #include <stdint.h>
>
> #include "tst_test.h"
> -#include "lapi/syscalls.h"
> #include "lapi/keyctl.h"
>
> -typedef int32_t key_serial_t;
> -
> static void do_test(void)
> {
> key_serial_t key;
>
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> - KEY_SPEC_USER_SESSION_KEYRING));
> -
> + TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING));
> if (TEST_RETURN != -1)
> tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
> else
> tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
>
> for (key = INT32_MAX; key > INT32_MIN; key--) {
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
> + TEST(keyctl(KEYCTL_READ, key));
> if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
> break;
> }
>
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
> -
> + TEST(keyctl(KEYCTL_REVOKE, key));
> if (TEST_RETURN != -1) {
> tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
> return;
> @@ -66,6 +60,14 @@ static void do_test(void)
> tst_res(TPASS | TTERRNO, "KEYCTL_REVOKE failed as expected");
> }
>
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> + tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
> static struct tst_test test = {
> + .setup = setup,
> .test_all = do_test,
> };
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
> index b783bf7..f285212 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl02.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
> @@ -35,17 +35,13 @@
> * KEYS: Fix race between read and revoke
> */
>
> -#include "config.h"
> #include <errno.h>
> #include <pthread.h>
> #include <sys/types.h>
> -#ifdef HAVE_KEYUTILS_H
> -# include <keyutils.h>
> -#endif
> +
> #include "tst_safe_pthread.h"
> #include "tst_test.h"
> -
> -#ifdef HAVE_KEYUTILS_H
> +#include "lapi/keyctl.h"
>
> #define LOOPS 20000
> #define PATH_KEY_COUNT_QUOTA "/proc/sys/kernel/keys/root_maxkeys"
> @@ -103,6 +99,10 @@ static void do_test(void)
>
> static void setup(void)
> {
> +#ifndef HAVE_KEYUTILS_H
> + tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +
> SAFE_FILE_SCANF(PATH_KEY_COUNT_QUOTA, "%d", &orig_maxkeys);
> SAFE_FILE_PRINTF(PATH_KEY_COUNT_QUOTA, "%d", orig_maxkeys + LOOPS);
> }
> @@ -119,7 +119,3 @@ static struct tst_test test = {
> .cleanup = cleanup,
> .test_all = do_test,
> };
> -
> -#else
> - TST_TEST_TCONF("keyutils.h does not exist");
> -#endif /* HAVE_KEYUTILS_H */
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
> index 41d062e..aa560f0 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl03.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
> @@ -28,15 +28,11 @@
> * an uninstantiated keyring
> */
>
> -#include "config.h"
> #include <errno.h>
> #include <sys/types.h>
> -#ifdef HAVE_KEYUTILS_H
> -# include <keyutils.h>
> -#endif
> -#include "tst_test.h"
>
> -#ifdef HAVE_KEYUTILS_H
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
>
> static void do_test(void)
> {
> @@ -55,10 +51,14 @@ static void do_test(void)
> tst_res(TPASS, "Bug not reproduced");
> }
>
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> + tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
> static struct tst_test test = {
> + .setup = setup,
> .test_all = do_test,
> };
> -
> -#else
> - TST_TEST_TCONF("keyutils.h does not exist");
> -#endif /* HAVE_KEYUTILS_H */
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl04.c b/testcases/kernel/syscalls/keyctl/keyctl04.c
> index 3fef1ea..9a57dcf 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl04.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl04.c
> @@ -27,28 +27,22 @@
> */
>
> #include "tst_test.h"
> -#include "lapi/syscalls.h"
> #include "lapi/keyctl.h"
>
> -typedef int32_t key_serial_t;
> -
> static void do_test(void)
> {
> key_serial_t tid_keyring;
>
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> - KEY_SPEC_THREAD_KEYRING, 1));
> + TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 1));
> if (TEST_RETURN < 0)
> tst_brk(TBROK | TTERRNO, "failed to create thread keyring");
> tid_keyring = TEST_RETURN;
>
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_SET_REQKEY_KEYRING,
> - KEY_REQKEY_DEFL_THREAD_KEYRING));
> + TEST(keyctl(KEYCTL_SET_REQKEY_KEYRING, KEY_REQKEY_DEFL_THREAD_KEYRING));
> if (TEST_RETURN < 0)
> tst_brk(TBROK | TTERRNO, "failed to set reqkey keyring");
>
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> - KEY_SPEC_THREAD_KEYRING, 0));
> + TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 0));
> if (TEST_RETURN < 0)
> tst_brk(TBROK | TTERRNO, "failed to get thread keyring ID");
> if (TEST_RETURN == tid_keyring)
> @@ -57,6 +51,14 @@ static void do_test(void)
> tst_res(TFAIL, "thread keyring was leaked!");
> }
>
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> + tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
> static struct tst_test test = {
> + .setup = setup,
> .test_all = do_test,
> };
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c
> index 922d2b4..1ec73a8 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl05.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl05.c
> @@ -39,11 +39,8 @@
>
> #include <stdlib.h>
> #include "tst_test.h"
> -#include "lapi/syscalls.h"
> #include "lapi/keyctl.h"
>
> -typedef int32_t key_serial_t;
> -
> #define KEY_POS_WRITE 0x04000000
> #define KEY_POS_ALL 0x3f000000
>
> @@ -89,7 +86,7 @@ static const char x509_cert[] =
>
> static void new_session_keyring(void)
> {
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, NULL));
> + TEST(keyctl(KEYCTL_JOIN_SESSION_KEYRING, NULL));
> if (TEST_RETURN < 0)
> tst_brk(TBROK | TTERRNO, "failed to join new session keyring");
> }
> @@ -101,8 +98,7 @@ static void test_update_nonupdatable(const char *type,
>
> new_session_keyring();
>
> - TEST(tst_syscall(__NR_add_key, type, "desc", payload, plen,
> - KEY_SPEC_SESSION_KEYRING));
> + TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING));
> if (TEST_RETURN < 0) {
> if (TEST_ERRNO == ENODEV) {
> tst_res(TCONF, "kernel doesn't support key type '%s'",
> @@ -130,7 +126,7 @@ static void test_update_nonupdatable(const char *type,
> * Non-updatable keys don't start with write permission, so we must
> * explicitly grant it.
> */
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, KEY_POS_ALL));
> + TEST(keyctl(KEYCTL_SETPERM, keyid, KEY_POS_ALL));
> if (TEST_RETURN != 0) {
> tst_res(TBROK | TTERRNO,
> "failed to grant write permission to '%s' key", type);
> @@ -138,7 +134,7 @@ static void test_update_nonupdatable(const char *type,
> }
>
> tst_res(TINFO, "Try to update the '%s' key...", type);
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid, payload, plen));
> + TEST(keyctl(KEYCTL_UPDATE, keyid, payload, plen));
> if (TEST_RETURN == 0) {
> tst_res(TBROK,
> "updating '%s' key unexpectedly succeeded", type);
> @@ -165,8 +161,8 @@ static void test_update_setperm_race(void)
>
> new_session_keyring();
>
> - TEST(tst_syscall(__NR_add_key, "user", "desc", payload, sizeof(payload),
> - KEY_SPEC_SESSION_KEYRING));
> + TEST(add_key("user", "desc", payload, sizeof(payload),
> + KEY_SPEC_SESSION_KEYRING));
> if (TEST_RETURN < 0) {
> tst_res(TBROK | TTERRNO, "failed to add 'user' key");
> return;
> @@ -178,7 +174,7 @@ static void test_update_setperm_race(void)
>
> for (i = 0; i < 10000; i++) {
> perm ^= KEY_POS_WRITE;
> - TEST(syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, perm));
> + TEST(keyctl(KEYCTL_SETPERM, keyid, perm));
> if (TEST_RETURN != 0)
> tst_brk(TBROK | TTERRNO, "setperm failed");
> }
> @@ -187,8 +183,7 @@ static void test_update_setperm_race(void)
>
> tst_res(TINFO, "Try to update the 'user' key...");
> for (i = 0; i < 10000; i++) {
> - TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid,
> - payload, sizeof(payload)));
> + TEST(keyctl(KEYCTL_UPDATE, keyid, payload, sizeof(payload)));
> if (TEST_RETURN != 0 && TEST_ERRNO != EACCES) {
> tst_res(TBROK | TTERRNO, "failed to update 'user' key");
> return;
> @@ -218,8 +213,16 @@ static void do_test(unsigned int i)
> }
> }
>
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> + tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
> static struct tst_test test = {
> .tcnt = 3,
> + .setup = setup,
> .test = do_test,
> .forks_child = 1,
> };
>
More information about the ltp
mailing list