[LTP] [PATCH v2] Add test for CVE-2017-7308 on a raw socket's ring buffer
Cyril Hrubis
chrubis@suse.cz
Mon Oct 2 15:25:16 CEST 2017
Hi!
> +#include <errno.h>
> +#include "tst_test.h"
> +#include "tst_safe_net.h"
> +#include "config.h"
> +
> +#ifdef HAVE_LINUX_IF_PACKET_H
> +# include <linux/if_packet.h>
> +#endif
> +
> +#ifdef HAVE_LINUX_IF_ETHER_H
> +# include <linux/if_ether.h>
> +#endif
> +
> +#ifndef ETH_P_ALL
> +# define ETH_P_ALL 0x0003
> +#endif
> +
> +#ifndef PACKET_RX_RING
> +# define PACKET_RX_RING 5
> +#endif
> +
> +#ifndef PACKET_VERSION
> +# define PACKET_VERSION 10
> +#endif
> +
> +#ifndef HAVE_STRUCT_TPACKET_REQ3
> +# define TPACKET_V3 2
> +
> +struct tpacket_req3 {
> + unsigned int tp_block_size;
> + unsigned int tp_block_nr;
> + unsigned int tp_frame_size;
> + unsigned int tp_frame_nr;
> + unsigned int tp_retire_blk_tov;
> + unsigned int tp_sizeof_priv;
> + unsigned int tp_feature_req_word;
> +};
> +#endif
> +
> +static int sk;
> +
> +static void cleanup(void)
> +{
> + if (sk > 0)
> + SAFE_CLOSE(sk);
> +}
> +
> +static void run(unsigned int i)
> +{
> + int ver = TPACKET_V3;
> + struct tpacket_req3 req = {};
> +
> + req.tp_block_size = 4096;
> + req.tp_block_nr = 2;
> + req.tp_frame_size = req.tp_block_size;
> + req.tp_frame_nr = req.tp_block_nr;
> + req.tp_retire_blk_tov = 100;
> +
> + if (i == 0)
> + req.tp_sizeof_priv = 1024;
> + else
> + req.tp_sizeof_priv += (3U << 30);
> +
> + sk = SAFE_SOCKET(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
> + SAFE_SETSOCKOPT(sk, SOL_PACKET, PACKET_VERSION, &ver, sizeof(ver));
> +
> + TEST(setsockopt(sk, SOL_PACKET, PACKET_RX_RING, &req, sizeof(req)));
> + if (i == 0 && TEST_RETURN) {
> + tst_brk(TBROK | TTERRNO,
> + "Can't create ring buffer with good settings");
> + } else if (i == 0) {
> + tst_res(TPASS, "Can create ring buffer with good settinegs");
> + } else if (TEST_RETURN && TEST_ERRNO == EINVAL) {
> + tst_res(TPASS | TTERRNO, "Refused bad tp_sizeof_priv value");
> + } else if (TEST_RETURN) {
> + tst_brk(TBROK | TTERRNO, "Unexpected setsockopt() error");
> + } else {
> + tst_res(TFAIL, "Allowed bad tp_sizeof_priv value");
> + }
I guess I would be happier if we split the test function into two in
order to avoid this maze with i == 0 here. If we put the code that
initializes the request and socket into a separate function we would
have avoided 99% of the code duplication anyway.
> + SAFE_CLOSE(sk);
> + sk = 0;
The SAFE_CLOSE() resets the fd to -1, there is no need to clear it
yourself here.
> +}
> +
> +static struct tst_test test = {
> + .test = run,
> + .tcnt = 2,
> + .needs_root = 1,
> + .cleanup = cleanup,
> +};
> --
> 2.13.3
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list