July 2022 - Linux-kselftest-mirror

[PATCH v2 0/4] Introduce security_create_user_ns()

by Frederick Lawler

While creating a LSM BPF MAC policy to block user namespace creation, we used the LSM cred_prepare hook because that is the closest hook to prevent a call to create_user_ns(). The calls look something like this: cred = prepare_creds() security_prepare_creds() call_int_hook(cred_prepare, ... if (cred) create_user_ns(cred) We noticed that error codes were not propagated from this hook and introduced a patch [1] to propagate those errors. The discussion notes that security_prepare_creds() is not appropriate for MAC policies, and instead the hook is meant for LSM authors to prepare credentials for mutation. [2] Ultimately, we concluded that a better course of action is to introduce a new security hook for LSM authors. [3] This patch set first introduces a new security_create_user_ns() function and create_user_ns LSM hook, then marks the hook as sleepable in BPF. Links: 1. https://lore.kernel.org/all/20220608150942.776446-1-fred@cloudflare.com/ 2. https://lore.kernel.org/all/87y1xzyhub.fsf@email.froward.int.ebiederm.org/ 3. https://lore.kernel.org/all/9fe9cd9f-1ded-a179-8ded-5fde8960a586@cloudflare… Changes since v1: - Add selftests/bpf: Add tests verifying bpf lsm create_user_ns hook patch - Add selinux: Implement create_user_ns hook patch - Change function signature of security_create_user_ns() to only take struct cred - Move security_create_user_ns() call after id mapping check in create_user_ns() - Update documentation to reflect changes Frederick Lawler (4): security, lsm: Introduce security_create_user_ns() bpf-lsm: Make bpf_lsm_create_user_ns() sleepable selftests/bpf: Add tests verifying bpf lsm create_user_ns hook selinux: Implement create_user_ns hook include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 4 + include/linux/security.h | 6 ++ kernel/bpf/bpf_lsm.c | 1 + kernel/user_namespace.c | 5 ++ security/security.c | 5 ++ security/selinux/hooks.c | 9 ++ security/selinux/include/classmap.h | 2 + .../selftests/bpf/prog_tests/deny_namespace.c | 88 +++++++++++++++++++ .../selftests/bpf/progs/test_deny_namespace.c | 39 ++++++++ 10 files changed, 160 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/deny_namespace.c create mode 100644 tools/testing/selftests/bpf/progs/test_deny_namespace.c -- 2.30.2

2 years, 5 months

6
15
0 0

[PATCH v3] apparmor: test: Remove some casts which are no-longer required

by David Gow

With some of the stricter type checking in KUnit's EXPECT macros removed, several casts in policy_unpack_test are no longer required. Remove the unnecessary casts, making the conditions clearer. Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Acked-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: David Gow <davidgow(a)google.com> --- This is a rebase and resend of [1], which had been accepted into the AppArmor tree, but eventually conflicted with [2]. Let's push it via the KUnit tree to avoid any further conflicts, as discussed in [3]. Cheers, -- David [1]: https://lore.kernel.org/linux-kselftest/20210513193204.816681-9-davidgow@go… [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [3]: https://lore.kernel.org/all/20220405125540.2135d81d@canb.auug.org.au/ --- security/apparmor/policy_unpack_test.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/apparmor/policy_unpack_test.c b/security/apparmor/policy_unpack_test.c index 5c18d2f19862..7954cb23d5f2 100644 --- a/security/apparmor/policy_unpack_test.c +++ b/security/apparmor/policy_unpack_test.c @@ -177,7 +177,7 @@ static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test) array_size = unpack_array(puf->e, name); - KUNIT_EXPECT_EQ(test, array_size, (u16)0); + KUNIT_EXPECT_EQ(test, array_size, 0); KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET); } @@ -391,10 +391,10 @@ static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test) size = unpack_u16_chunk(puf->e, &chunk); - KUNIT_EXPECT_PTR_EQ(test, (void *)chunk, + KUNIT_EXPECT_PTR_EQ(test, chunk, puf->e->start + TEST_U16_OFFSET + 2); - KUNIT_EXPECT_EQ(test, size, (size_t)TEST_U16_DATA); - KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (void *)(chunk + TEST_U16_DATA)); + KUNIT_EXPECT_EQ(test, size, TEST_U16_DATA); + KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (chunk + TEST_U16_DATA)); } static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1( @@ -408,7 +408,7 @@ static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1( size = unpack_u16_chunk(puf->e, &chunk); - KUNIT_EXPECT_EQ(test, size, (size_t)0); + KUNIT_EXPECT_EQ(test, size, 0); KUNIT_EXPECT_NULL(test, chunk); KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1); } @@ -430,7 +430,7 @@ static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2( size = unpack_u16_chunk(puf->e, &chunk); - KUNIT_EXPECT_EQ(test, size, (size_t)0); + KUNIT_EXPECT_EQ(test, size, 0); KUNIT_EXPECT_NULL(test, chunk); KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET); } -- 2.37.0.rc0.161.g10f37bed90-goog

2 years, 5 months

2
1
0 0

[PATCH] kselftest/arm64: Correct buffer allocation for SVE Z registers

by Mark Brown

The buffer used for verifying SVE Z registers allocated enough space for 16 maximally sized registers rather than 32 due to using the macro for the number of P registers. In practice this didn't matter since for historical reasons the maximum VQ defined in the ABI is greater the architectural maximum so we will always allocate more space than is needed even with emulated platforms implementing the architectural maximum. Still, we should use the right define. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/abi/syscall-abi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/arm64/abi/syscall-abi.c b/tools/testing/selftests/arm64/abi/syscall-abi.c index b632bfe9e022..95229fa73232 100644 --- a/tools/testing/selftests/arm64/abi/syscall-abi.c +++ b/tools/testing/selftests/arm64/abi/syscall-abi.c @@ -113,8 +113,8 @@ static int check_fpr(struct syscall_cfg *cfg, int sve_vl, int sme_vl, } static uint8_t z_zero[__SVE_ZREG_SIZE(SVE_VQ_MAX)]; -uint8_t z_in[SVE_NUM_PREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; -uint8_t z_out[SVE_NUM_PREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; +uint8_t z_in[SVE_NUM_ZREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; +uint8_t z_out[SVE_NUM_ZREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; static void setup_z(struct syscall_cfg *cfg, int sve_vl, int sme_vl, uint64_t svcr) -- 2.30.2

2 years, 5 months

1
0
0 0

[PATCH] selftests: memcg: uninitialized variable in test_memcg_reclaim()

by Dan Carpenter

The "fd" is used on the clean up path without ever being initialized. Fixes: eae3cb2e87ff ("selftests: cgroup: add a selftest for memory.reclaim") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> --- I kind of went over kill on fixing this as if it were real code which matters. :P .../selftests/cgroup/test_memcontrol.c | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/cgroup/test_memcontrol.c b/tools/testing/selftests/cgroup/test_memcontrol.c index 8833359556f3..08681699c2f9 100644 --- a/tools/testing/selftests/cgroup/test_memcontrol.c +++ b/tools/testing/selftests/cgroup/test_memcontrol.c @@ -658,18 +658,18 @@ static int test_memcg_reclaim(const char *root) memcg = cg_name(root, "memcg_test"); if (!memcg) - goto cleanup; + return KSFT_FAIL; if (cg_create(memcg)) - goto cleanup; + goto free_memcg; current = cg_read_long(memcg, "memory.current"); if (current != 0) - goto cleanup; + goto destroy_memcg; fd = get_temp_fd(); if (fd < 0) - goto cleanup; + goto destroy_memcg; cg_run_nowait(memcg, alloc_pagecache_50M_noexit, (void *)(long)fd); @@ -697,7 +697,7 @@ static int test_memcg_reclaim(const char *root) fprintf(stderr, "failed to allocate %ld for memcg reclaim test\n", expected_usage); - goto cleanup; + goto close; } } @@ -717,7 +717,7 @@ static int test_memcg_reclaim(const char *root) * not reclaim the full amount. */ if (to_reclaim <= 0) - goto cleanup; + goto close; snprintf(buf, sizeof(buf), "%ld", to_reclaim); @@ -729,7 +729,7 @@ static int test_memcg_reclaim(const char *root) */ current = cg_read_long(memcg, "memory.current"); if (!values_close(current, MB(30), 3) && current > MB(30)) - goto cleanup; + goto close; break; } @@ -738,14 +738,17 @@ static int test_memcg_reclaim(const char *root) continue; /* We got an unexpected error or ran out of retries. */ - goto cleanup; + goto close; } ret = KSFT_PASS; -cleanup: + +close: + close(fd); +destroy_memcg: cg_destroy(memcg); +free_memcg: free(memcg); - close(fd); return ret; } -- 2.35.1

2 years, 5 months

2
3
0 0

[PATCH 00/17] nolibc: add preliminary self tests

by Willy Tarreau

Hi Paul, as previously promised, here comes the nolibc update which introduces the minimal self-test infrastructure that aims at being reasonably easy to expand further. It's based on your branch "dev.2022.06.30b" that contains the previous minor fixes that aimed at addressing Linus' concerns about the build process inconsistencies. The way it works tries to mimmick as much as possible the regular build process, so that it reuses the same ARCH, CC, CROSS_COMPILE to build the test program, that will be embedded into an initramfs and the kernel is (re)built with that initramfs. Then you can decide to run that kernel under QEMU for the supported archs, and the output of the tests appears in an output text file in a format that's easily greppable and diffable. A single target "run" does everything. By default it will reuse your existing .config (so that developers continue to use their regular config handling), though it can also create a known-to-work defconfig for each arch. The reason behind this is that it took me a moment to figure certain defconfig + machine name combinations and I found it better to put them there once for all. I've successfully tested it on arm, arm64, i386, x86_64. riscv64 works except two syscalls which return unexpected errors, and mips segfaults in sbrk(). I don't know why yet, but this proves that it's worth having such a test. There are not that many tests yet (71), those that have to run can be filtered either from the program's command line or from a NOLIBC_TEST environment variable so that it's possible to skip broken ones or to focus on a few ranges only. Tests are numerically numbered, and are conveniently handled in a switch/case statement so that a relative line number assigns the number to the test. That's convenient because the vast majority of syscall tests are one-liners. This sometimes slightly upsets check-patch when lines get moderately long but that significantly improves legibility. There are expectation for both successes and failures (e.g. -1 ENOTDIR). I'm sure this can be improved later (and that's the goal). Right now it covers two test families: - syscalls - stdlib (str* functions mostly) I suspect that over time we might want to split syscalls into different parts (e.g. core, fs, etc maybe) but I could be wrong. The program can automatically modulate QEMU's return value on x86 when QEMU is run with the appropriate options, but for now I'm not using it as I felt like it didn't bring much value, and the output is more useful. That's debatable, and maybe some might want to use it in bisect scripts for example. It's too early to say IMHO. Oh, I also arranged the code so that the test also builds with glibc. I noticed that when adding a new test that fails, sometimes it's convenient to see if it's the nolibc part that's broken or the test. I don't find this critical but the required includes and ifdefs are there so that it should be easy to maintain over time as well. I'm obviously interested in comments, but really, I don't want to overdesign something for a first step, it remains a very modest test program and I'd like that it remains easy to hack on it and to contribute new tests that are deemed useful. I'm CCing the few who already contributed some patches and/or expressed interest, as well as Linus who had a first bad experience when trying to test it, hoping this one will be better. I'm pasting below [1] a copy of a test on x86_64 below, that's summed up as "71 test(s) passed" at the end of the "run" target. If there's no objection, it would be nice to have this with your current series, as it definitely helps spot and fix the bugs. In parallel I'll see if I can figure the problems with the two tests that fail each on a specific arch and I might possibly have a few extra fixes for the current nolibc. Thank you! Willy [1] example output ----8<---- Running test 'syscall' 0 getpid = 1 [OK] 1 getppid = 0 [OK] 5 getpgid_self = 0 [OK] 6 getpgid_bad = -1 ESRCH [OK] 7 kill_0 = 0 [OK] 8 kill_CONT = 0 [OK] 9 kill_BADPID = -1 ESRCH [OK] 10 sbrk = 0 [OK] 11 brk = 0 [OK] 12 chdir_root = 0 [OK] 13 chdir_dot = 0 [OK] 14 chdir_blah = -1 ENOENT [OK] 15 chmod_net = 0 [OK] 16 chmod_self = -1 EPERM [OK] 17 chown_self = -1 EPERM [OK] 18 chroot_root = 0 [OK] 19 chroot_blah = -1 ENOENT [OK] 20 chroot_exe = -1 ENOTDIR [OK] 21 close_m1 = -1 EBADF [OK] 22 close_dup = 0 [OK] 23 dup_0 = 3 [OK] 24 dup_m1 = -1 EBADF [OK] 25 dup2_0 = 100 [OK] 26 dup2_m1 = -1 EBADF [OK] 27 dup3_0 = 100 [OK] 28 dup3_m1 = -1 EBADF [OK] 29 execve_root = -1 EACCES [OK] 30 getdents64_root = 120 [OK] 31 getdents64_null = -1 ENOTDIR [OK] 32 gettimeofday_null = 0 [OK] 38 ioctl_tiocinq = 0 [OK] 39 ioctl_tiocinq = 0 [OK] 40 link_root1 = -1 EEXIST [OK] 41 link_blah = -1 ENOENT [OK] 42 link_dir = -1 EPERM [OK] 43 link_cross = -1 EXDEV [OK] 44 lseek_m1 = -1 EBADF [OK] 45 lseek_0 = -1 ESPIPE [OK] 46 mkdir_root = -1 EEXIST [OK] 47 open_tty = 3 [OK] 48 open_blah = -1 ENOENT [OK] 49 poll_null = 0 [OK] 50 poll_stdout = 1 [OK] 51 poll_fault = -1 EFAULT [OK] 52 read_badf = -1 EBADF [OK] 53 sched_yield = 0 [OK] 54 select_null = 0 [OK] 55 select_stdout = 1 [OK] 56 select_fault = -1 EFAULT [OK] 57 stat_blah = -1 ENOENT [OK] 58 stat_fault = -1 EFAULT [OK] 59 symlink_root = -1 EEXIST [OK] 60 unlink_root = -1 EISDIR [OK] 61 unlink_blah = -1 ENOENT [OK] 62 wait_child = -1 ECHILD [OK] 63 waitpid_min = -1 ESRCH [OK] 64 waitpid_child = -1 ECHILD [OK] 65 write_badf = -1 EBADF [OK] 66 write_zero = 0 [OK] Errors during this test: 0 Running test 'stdlib' 0 getenv_TERM = <linux> [OK] 1 getenv_blah = <(null)> [OK] 2 setcmp_blah_blah = 0 [OK] 3 setcmp_blah_blah2 = -50 [OK] 4 setncmp_blah_blah = 0 [OK] 5 setncmp_blah_blah4 = 0 [OK] 6 setncmp_blah_blah5 = -53 [OK] 7 setncmp_blah_blah6 = -54 [OK] 8 strchr_foobar_o = <oobar> [OK] 9 strchr_foobar_z = <(null)> [OK] 10 strrchr_foobar_o = <obar> [OK] 11 strrchr_foobar_z = <(null)> [OK] Errors during this test: 0 Total number of errors: 0 ---->8---- -- Willy Tarreau (17): tools/nolibc: make argc 32-bit in riscv startup code tools/nolibc: fix build warning in sys_mmap() when my_syscall6 is not defined tools/nolibc: make sys_mmap() automatically use the right __NR_mmap definition selftests/nolibc: add basic infrastructure to ease creation of nolibc tests selftests/nolibc: support a test definition format selftests/nolibc: implement a few tests for various syscalls selftests/nolibc: add a few tests for some stdlib functions selftests/nolibc: exit with poweroff on success when getpid() == 1 selftests/nolibc: on x86, support exiting with isa-debug-exit selftests/nolibc: recreate and populate /dev and /proc if missing selftests/nolibc: condition some tests on /proc existence selftests/nolibc: support glibc as well selftests/nolibc: add a "kernel" target to build the kernel with the initramfs selftests/nolibc: add a "defconfig" target selftests/nolibc: add a "run" target to start the kernel in QEMU selftests/nolibc: "sysroot" target installs a local copy of the sysroot selftests/nolibc: add a "help" target MAINTAINERS | 1 + tools/include/nolibc/arch-riscv.h | 2 +- tools/include/nolibc/sys.h | 4 +- tools/testing/selftests/nolibc/Makefile | 135 ++++ tools/testing/selftests/nolibc/nolibc-test.c | 757 +++++++++++++++++++ 5 files changed, 896 insertions(+), 3 deletions(-) create mode 100644 tools/testing/selftests/nolibc/Makefile create mode 100644 tools/testing/selftests/nolibc/nolibc-test.c -- 2.17.5

2 years, 5 months

3
24
0 0

Re: [PATCH v2 4/4] selinux: Implement create_user_ns hook

by Paul Moore

On Tue, Jul 19, 2022 at 10:42 PM Karl MacMillan <karl(a)bigbadwolfsecurity.com> wrote: > On Thu, Jul 7, 2022 at 6:34 PM Frederick Lawler <fred(a)cloudflare.com> wrote: >> >> Unprivileged user namespace creation is an intended feature to enable >> sandboxing, however this feature is often used to as an initial step to >> perform a privilege escalation attack. >> >> This patch implements a new namespace { userns_create } access control >> permission to restrict which domains allow or deny user namespace >> creation. This is necessary for system administrators to quickly protect >> their systems while waiting for vulnerability patches to be applied. >> >> This permission can be used in the following way: >> >> allow domA_t domB_t : namespace { userns_create }; > > > Isn’t this actually domA_t domA_t : namespace . . . > > I got confused reading this initially trying to figure out what the second domain type would be, but looking at the code cleared that up. Ah, good catch, thanks Karl! -- paul-moore.com

2 years, 5 months

1
0
0 0

[PATCH] Documentation: kunit: Add CLI args for kunit_tool

by Sadiya Kazi

Run_wrapper.rst was missing some command line arguments. Added additional args in the file. Included all initial review comments. Signed-off-by: Sadiya Kazi <sadiyakazi(a)google.com> --- Documentation/dev-tools/kunit/run_wrapper.rst | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/Documentation/dev-tools/kunit/run_wrapper.rst b/Documentation/dev-tools/kunit/run_wrapper.rst index 5e560f2c5fca..91f5dda36e83 100644 --- a/Documentation/dev-tools/kunit/run_wrapper.rst +++ b/Documentation/dev-tools/kunit/run_wrapper.rst @@ -257,3 +257,51 @@ command line arguments: added or modified. Instead, enable all tests which have satisfied dependencies by adding ``CONFIG_KUNIT_ALL_TESTS=y`` to your ``.kunitconfig``. +- ``--kunitconfig``: Specifies the path to the ``.kunitconfig`` file. + This Kconfig fragment enables KUnit tests. The "/.kunitconfig" gets + appended to the path specified. For example, If a directory path "lib/kunit" + is given, the complete path will be "lib/kunit/.kunitconfig". + +- ``--kconfig_add``: Specifies additional configuration options to be + appended to the ``.kunitconfig`` file. For example, ``CONFIG_KASAN=y``. + +- ``--arch``: Runs tests with the specified architecture. The architecture + specified must match the string passed to the ARCH make parameter. + For example, i386, x86_64, arm, um, etc. Non-UML architectures run on QEMU. + Default to 'um'. + +- ``--cross_compile``: Specifies the Kbuild toolchain. It passes the + same argument as passed to the ``CROSS_COMPILE`` variable used by + Kbuild. This will be the prefix for the toolchain + binaries such as GCC. For example: + + - ``sparc64-linux-gnu`` if we have the sparc toolchain installed on + our system. + + - ``$HOME/toolchains/microblaze/gcc-9.2.0-nolibc/microblaze-linux/bin/microblaze-linux`` + if we have downloaded the microblaze toolchain from the 0-day + website to a specified path in our home directory called toolchains. + +- ``--qemu_config``: Specifies the path to the file containing a + custom qemu architecture definition. This should be a python file + containing a QemuArchParams object. + +- ``--qemu_args``: Specifies additional QEMU arguments, for example, "-smp 8". + +- ``--jobs``: Specifies the number of jobs (commands) to run simultaneously. + By default, this is set to the number of cores on your system. + +- ``--timeout``: Specifies the maximum number of seconds allowed for all tests to run. + This does not include the time taken to build the tests. + +- ``--kernel_args``: Specifies the kernel command-line arguments. Might be repeated. + +- ``--run_isolated``: If set, boots the kernel for each individual suite/test. + This is useful for debugging a non-hermetic test, one that + might pass/fail based on what ran before it. + +- ``--raw_output``: If set, generates unformatted output from kernel. + If set to ``--raw_output=kunit``, filters to just KUnit output. + +- ``--json``: If set, it stores the test results in a JSON format and prints to stdout or + saves to a file if a filename is specified. -- 2.37.0.170.g444d1eabd0-goog

2 years, 5 months

3
2
0 0

[PATCH] selftest/vm: uninitialized variable in main()

by Dan Carpenter

Initialize "length" to zero by default. Fixes: ff712a627f72 ("selftests/vm: cleanup hugetlb file after mremap test") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> --- tools/testing/selftests/vm/hugepage-mremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/vm/hugepage-mremap.c b/tools/testing/selftests/vm/hugepage-mremap.c index 585978f181ed..e63a0214f639 100644 --- a/tools/testing/selftests/vm/hugepage-mremap.c +++ b/tools/testing/selftests/vm/hugepage-mremap.c @@ -107,7 +107,7 @@ static void register_region_with_uffd(char *addr, size_t len) int main(int argc, char *argv[]) { - size_t length; + size_t length = 0; if (argc != 2 && argc != 3) { printf("Usage: %s [length_in_MB] <hugetlb_file>\n", argv[0]); -- 2.35.1

2 years, 5 months

3
2
0 0

[bug report] selftest/net/xfrm: Add test for ipsec tunnel

by Dan Carpenter

Hello Dmitry Safonov, The patch bc2652b7ae1e: "selftest/net/xfrm: Add test for ipsec tunnel" from Sep 21, 2020, leads to the following Smatch static checker warning: tools/testing/selftests/net/ipsec.c:2294 main() warn: impossible condition '(nr_process == 9223372036854775807) => (0-4294967295 == s64max)' tools/testing/selftests/net/ipsec.c 2278 int main(int argc, char **argv) 2279 { 2280 unsigned int nr_process = 1; 2281 int route_sock = -1, ret = KSFT_SKIP; 2282 int test_desc_fd[2]; 2283 uint32_t route_seq; 2284 unsigned int i; 2285 2286 if (argc > 2) 2287 exit_usage(argv); 2288 2289 if (argc > 1) { 2290 char *endptr; 2291 2292 errno = 0; 2293 nr_process = strtol(argv[1], &endptr, 10); --> 2294 if ((errno == ERANGE && (nr_process == LONG_MAX || nr_process == LONG_MIN)) nr_process is a u32 so it can't be LONG_MIN/MAX. Do we even need to test this or could we just fall through to the the > MAX_PROCESSES warning? 2295 || (errno != 0 && nr_process == 0) 2296 || (endptr == argv[1]) || (*endptr != '\0')) { 2297 printk("Failed to parse [nr_process]"); 2298 exit_usage(argv); 2299 } 2300 2301 if (nr_process > MAX_PROCESSES || !nr_process) { 2302 printk("nr_process should be between [1; %u]", 2303 MAX_PROCESSES); 2304 exit_usage(argv); 2305 } 2306 } 2307 regards, dan carpenter

2 years, 5 months

2
1
0 0

[PATCH] selftests/bpf: fix a test for snprintf() overflow

by Dan Carpenter

The snprintf() function returns the number of bytes which *would* have been copied if there were space. In other words, it can be > sizeof(pin_path). Fixes: c0fa1b6c3efc ("bpf: btf: Add BTF tests") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> --- tools/testing/selftests/bpf/prog_tests/btf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/btf.c b/tools/testing/selftests/bpf/prog_tests/btf.c index 941b0100bafa..ef6528b8084c 100644 --- a/tools/testing/selftests/bpf/prog_tests/btf.c +++ b/tools/testing/selftests/bpf/prog_tests/btf.c @@ -5338,7 +5338,7 @@ static void do_test_pprint(int test_num) ret = snprintf(pin_path, sizeof(pin_path), "%s/%s", "/sys/fs/bpf", test->map_name); - if (CHECK(ret == sizeof(pin_path), "pin_path %s/%s is too long", + if (CHECK(ret >= sizeof(pin_path), "pin_path %s/%s is too long", "/sys/fs/bpf", test->map_name)) { err = -1; goto done; -- 2.35.1

2 years, 5 months

3
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror July 2022