[LTP] [PATCH v2 1/3] syscalls/capset02: Cleanup & convert to new library

Yang Xu xuyang2018.jy@cn.fujitsu.com
Fri Jan 10 11:21:40 CET 2020


It adds a preferred linux capabilities version check like
capget02. Also, it adds various cases about EPERM error.

--------
v1-v2:
1. use guarded buffer
2. add needs_root flag
3. remove wrong EINVAL error test about unused pid
--------

Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
---
 testcases/kernel/syscalls/capset/capset02.c | 332 ++++++--------------
 1 file changed, 93 insertions(+), 239 deletions(-)

diff --git a/testcases/kernel/syscalls/capset/capset02.c b/testcases/kernel/syscalls/capset/capset02.c
index aece29511..15589d462 100644
--- a/testcases/kernel/syscalls/capset/capset02.c
+++ b/testcases/kernel/syscalls/capset/capset02.c
@@ -1,261 +1,115 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
 /*
  * Copyright (c) Wipro Technologies Ltd, 2002.  All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it would be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
+ * Author: Saji Kumar.V.R <saji.kumar@wipro.com>
+ *
+ * Tests basic error handling of the capset syscall.
+ * 1) capset() fails with errno set to EFAULT if an invalid address
+ * is given for header.
+ * 2) capset() fails with errno set to EFAULT if an invalid address
+ * is given for data.
+ * 3) capset() fails with errno set to EINVAL if an invalid value
+ * is given for header->version.
+ * 4) capset() fails with errno set to EPERM if the new_Effective is
+ * not a subset of the new_Permitted.
+ * 5) capset() fails with errno set to EPERM if the new_Permitted is
+ * not a subset of the old_Permitted.
+ * 6) capset() fails with errno set ot EPERM if the new_Inheritable is
+ * not a subset of  the old_Inheritable and bounding set.
  */
-/**********************************************************
- *
- *    TEST IDENTIFIER	: capset02
- *
- *    EXECUTED BY	: anyone
- *
- *    TEST TITLE	: Tests for error conditions.
- *
- *    TEST CASE TOTAL	: 4
- *
- *    AUTHOR		: Saji Kumar.V.R <saji.kumar@wipro.com>
- *
- *    SIGNALS
- * 	Uses SIGUSR1 to pause before test if option set.
- * 	(See the parse_opts(3) man page).
- *
- *    DESCRIPTION
- *	Verify that
- *	1) capset() fails with errno set to EFAULT if an invalid address
- *	   is given for header
- *	2) capset() fails with errno set to EFAULT if an invalid address
- *	   is given for data
- *	3) capset() fails with errno set to EINVAL if an invalid value
- *	   is given for header->version
- *	4) capset() fails with errno set to EPERM the process does not
- *	   have enough privilege to set capabilities
- *
- *
- * 	Setup:
- * 	  Setup signal handling.
- *	  Pause for SIGUSR1 if option specified.
- *	  Call capget() to save current capability data
- *
- * 	Test:
- *	 Loop if the proper options are given.
- *	  do test specific setup.
- * 	  call capset with proper arguments
- *	  if capset() fails with expected errno
- *		Test passed
- *	  Otherwise
- *		Test failed
- *	  do test specific cleanup
- *
- * 	Cleanup:
- * 	  Print errno log and/or timing stats if options given
- *
- * USAGE:  <for command-line>
- * capset02 [-c n] [-e] [-i n] [-I x] [-P x] [-t] [-h] [-f] [-p]
- *			where,  -c n : Run n copies concurrently.
- *				-e   : Turn on errno logging.
- *				-h   : Show help screen
- *				-f   : Turn off functional testing
- *				-i n : Execute test n times.
- *				-I x : Execute test for x seconds.
- *				-p   : Pause for SIGUSR1 before starting
- *				-P x : Pause for x seconds between iterations.
- *				-t   : Turn on syscall timing.
- *
- ****************************************************************/
+#include <stdlib.h>
 #include <sys/types.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <pwd.h>
-#include <signal.h>
-#include <string.h>
 #include <unistd.h>
-#include "test.h"
-#include "safe_macros.h"
+#include <sys/prctl.h>
+#include "tst_test.h"
 #include "lapi/syscalls.h"
-
-/**************************************************************************/
-/*                                                                        */
-/*   Some archs do not have the manpage documented sys/capability.h file, */
-/*   and require the use of the line below                                */
-
 #include <linux/capability.h>
 
-/*   If you are having issues with including this file and have the sys/  */
-/*   version, then you may want to try switching to it. -Robbie W.        */
-/**************************************************************************/
-
-#define INVALID_VERSION 0
-
-static void setup(void);
-static void cleanup(void);
-static void test_setup(int, char *);
-static void child_func(void);
-
-static pid_t child_pid = -1;
-
-char *TCID = "capset02";
-
-static struct __user_cap_header_struct header;
-static struct __user_cap_data_struct data;
-
-struct test_case_t {
-	cap_user_header_t headerp;
-	cap_user_data_t datap;
-	int exp_errno;
-	char *errdesc;
-} test_cases[] = {
-#ifndef UCLINUX
-	/* Skip since uClinux does not implement memory protection */
-	{
-	(cap_user_header_t) - 1, &data, EFAULT, "EFAULT"}, {
-	&header, (cap_user_data_t) - 1, EFAULT, "EFAULT"},
-#endif
-	{
-	&header, &data, EINVAL, "EINVAL"}, {
-&header, &data, EPERM, "EPERM"},};
-
-int TST_TOTAL = sizeof(test_cases) / sizeof(test_cases[0]);
-
-int main(int ac, char **av)
+#define CAP1 (1 << CAP_NET_RAW | 1 << CAP_CHOWN  | 1 << CAP_SETPCAP)
+#define CAP2 (CAP1 | 1 << CAP_KILL)
+
+static int drop_flag;
+static struct __user_cap_header_struct *header;
+static struct __user_cap_data_struct *data;
+
+static struct tcase {
+	int version;
+	int pid;
+	int effective;
+	int permitted;
+	int inheritable;
+	int exp_err;
+	int flag;
+	char *message;
+} tcases[] = {
+	{0x20080522, 0, CAP1, CAP1, CAP1, EFAULT, 1, "Test bad address header"},
+	{0x20080522, 0, CAP1, CAP1, CAP1, EFAULT, 2, "Test bad address data"},
+	{0, 0, CAP1, CAP1, CAP1, EINVAL, 0, "Test bad version"},
+	{0x20080522, 0, CAP2, CAP1, CAP1, EPERM, 0, "Test bad value data(when pE is not in pP)"},
+	{0x20080522, 0, CAP1, CAP2, CAP1, EPERM, 0, "Test bad value data(when pP is not in old pP)"},
+	{0x20080522, 0, CAP1, CAP1, CAP2, EPERM, 0, "Test bad value data(when pI is not in bounding set or old pI)"},
+};
+
+static void verify_capset(unsigned int n)
 {
+	struct tcase *tc = &tcases[n];
 
-	int lc, i;
+	header->version = tc->version;
+	header->pid = tc->pid;
 
-	tst_parse_opts(ac, av, NULL, NULL);
-#ifdef UCLINUX
-	maybe_run_child(&child_func, "");
-#endif
+	data->effective = tc->effective;
+	data->permitted = tc->permitted;
+	data->inheritable = tc->inheritable;
 
-	setup();
+	tst_res(TINFO, "%s", tc->message);
 
-	for (lc = 0; TEST_LOOPING(lc); lc++) {
-
-		tst_count = 0;
-
-#ifdef UCLINUX
-		i = 2;
-#else
-		i = 0;
-#endif
-
-		for (; i < TST_TOTAL; i++) {
-
-			test_setup(i, av[0]);
-			TEST(ltp_syscall(__NR_capset, test_cases[i].headerp,
-				     test_cases[i].datap));
-
-			if (TEST_RETURN == -1 &&
-			    TEST_ERRNO == test_cases[i].exp_errno) {
-				tst_resm(TPASS, "capset() returned -1,"
-					 " errno: %s", test_cases[i].errdesc);
-			} else {
-				tst_resm(TFAIL | TTERRNO,
-					 "Test Failed, capset() returned %ld",
-					 TEST_RETURN);
-			}
-		}
+	TEST(tst_syscall(__NR_capset, tc->flag - 1 ? header : NULL,
+				tc->flag - 2 ? data : NULL));
+	if (TST_RET == 0) {
+		tst_res(TFAIL, "capset() succeed unexpectedly");
+		return;
 	}
-
-	cleanup();
-
-	tst_exit();
-
-}
-
-void setup(void)
-{
-	tst_require_root();
-
-	TEST_PAUSE;
-
+	if (TST_ERR == tc->exp_err)
+		tst_res(TPASS | TTERRNO, "capset() failed as expected");
+	else
+		tst_res(TFAIL | TTERRNO, "capset() expected %s got ",
+			tst_strerrno(tc->exp_err));
 	/*
-	 * Save current capability data.
-	 * header.version must be _LINUX_CAPABILITY_VERSION
+	 * When an unsupported version value is specified, it will
+	 * return the kernel preferred value of _LINUX_CAPABILITY_VERSION_?.
+	 * Since linux 2.6.26, version 3 is default. We use it.
 	 */
-	header.version = _LINUX_CAPABILITY_VERSION;
-	if (ltp_syscall(__NR_capget, &header, &data) == -1)
-		tst_brkm(TBROK | TERRNO, NULL, "capget failed");
+	if (header->version != 0x20080522)
+		tst_res(TFAIL, "kernel doesn't return preferred linux"
+			" capability version when using bad version");
 }
 
-void cleanup(void)
+static void setup(void)
 {
-	if (0 < child_pid) {
-		kill(child_pid, SIGTERM);
-		wait(NULL);
-	}
+	header->version = 0x20080522;
+	data->effective = CAP1;
+	data->permitted = CAP1;
+	data->inheritable = CAP1;
+
+	TEST(tst_syscall(__NR_capset, header, data));
+	if (TST_RET == -1)
+		tst_brk(TBROK | TTERRNO, "capset data failed");
+
+	TEST(prctl(PR_CAPBSET_DROP, CAP_KILL));
+	if (TST_RET == -1)
+		tst_res(TFAIL | TTERRNO, "drop CAP_KILL failed");
+	else
+		drop_flag = 1;
 }
 
-void child_func(void)
-{
-	for (;;) {
-		sleep(10);
+static struct tst_test test = {
+	.setup = setup,
+	.tcnt = ARRAY_SIZE(tcases),
+	.test = verify_capset,
+	.needs_root = 1,
+	.bufs = (struct tst_buffers []) {
+		{&header, .size = sizeof(*header)},
+		{&data, .size = 2 * sizeof(*data)},
+		{},
 	}
-}
-
-void test_setup(int i, char *argv0)
-{
-	char nobody_uid[] = "nobody";
-	struct passwd *ltpuser;
-
-	switch (i) {
-	case 0:
-		break;
-
-	case 1:
-		header.version = _LINUX_CAPABILITY_VERSION;
-		header.pid = 0;
-		break;
-
-	case 2:
-		header.version = INVALID_VERSION;
-		header.pid = 0;
-		break;
-
-	case 3:
-		header.version = _LINUX_CAPABILITY_VERSION;
-		/*
-		 * when a non-zero pid is specified, process should have
-		 * CAP_SETPCAP capability to change capabilities.
-		 * by default, CAP_SETPCAP is not enabled. So giving
-		 * a non-zero pid results in capset() failing with
-		 * errno EPERM
-		 *
-		 * Note: this seems to have changed with recent kernels
-		 * => create a child and try to set its capabilities
-		 */
-		child_pid = FORK_OR_VFORK();
-		if (child_pid == -1)
-			tst_brkm(TBROK | TERRNO, cleanup, "fork failed");
-		else if (child_pid == 0) {
-#ifdef UCLINUX
-			if (self_exec(argv0, "") < 0) {
-				perror("self_exec failed");
-				exit(1);
-			}
-#else
-			child_func();
-#endif
-		} else {
-			header.pid = child_pid;
-			ltpuser = getpwnam(nobody_uid);
-			if (ltpuser == NULL)
-				tst_brkm(TBROK | TERRNO, cleanup,
-					 "getpwnam failed");
-			SAFE_SETEUID(cleanup, ltpuser->pw_uid);
-
-		}
-		break;
-
-	}
-}
+};
-- 
2.18.0





More information about the ltp mailing list