[LTP] [RFC PATCH] landlock: fix minimal required size for landlock_ruleset_attr copying
Andrea Cervesato
andrea.cervesato@suse.com
Tue Jul 2 15:45:44 CEST 2024
On 7/2/24 15:34, Li Wang wrote:
>
>
> On Tue, Jul 2, 2024 at 9:00 PM Mickaël Salaün <mic@digikod.net> wrote:
>
> On Tue, Jul 02, 2024 at 05:47:45PM +0800, Li Wang wrote:
> > As kernel commit fff69fb03dde ("landlock: Support network rules
> with TCP bind and connect")
> > introducing a new field 'handled_access_net' in the structure
> landlock_ruleset_attr,
> > but in the landlock_create_ruleset() it still uses the first
> field 'handled_access_fs'
> > to calculate minimal size, so that made decrease 1 is useless in
> LTP landlock01.c to
> > test the too-small-size.
> >
> > Test code:
> > rule_small_size = sizeof(struct landlock_ruleset_attr) - 1;
> > tst_syscall(__NR_landlock_create_ruleset, ...,
> rule_small_size, 0)
> >
> > Result:
> > landlock01.c:49: TFAIL: Size is too small expected EINVAL:
> ENOMSG (42)
>
> Interesting, this looks like a bug in these LTP tests.
>
>
> Yes, Andrea drafted a series of landlock tests for LTP.
>
> FYI -
> https://patchwork.ozlabs.org/project/ltp/list/?series=&submitter=&state=&q=landlock&archive=&delegate=
> <https://patchwork.ozlabs.org/project/ltp/list/?series=&submitter=&state=&q=landlock&archive=&delegate=>
>
>
> >
> > Signed-off-by: Li Wang <liwang@redhat.com>
> > Cc: Mickaël Salaün <mic@digikod.net>
> > Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
> > Cc: Paul Moore <paul@paul-moore.com>
> > ---
> >
> > Notes:
> > Hi Mickael,
> > I'm not quite sure if that is on purpose to use the first
> field or kernel
> > bug, can you take a look?
>
> Hi Li,
>
> Yes this is on purpose. The handled_access_fs minimal size check
> should
> never change for backward compatibility reason. User space built with
> old headers must still work with new kernels. This is tested with the
> "inconsistent_attr" test in
> tools/testing/selftests/landlock/base_test.c
>
>
> Thanks for the confirmation, very helpful.
>
> @Andrea Cervesato <mailto:acervesato@suse.de>, seems we have to adjust
> the test to use a real small
> rule size which is at least small than sizeof(__u64).
>
Sure, thanks for checking.
>
> --
> Regards,
> Li Wang
Andrea
More information about the ltp
mailing list