Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2266600iof; Wed, 8 Jun 2022 00:55:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzyBGAw1woL/Zfap7JH3osMSlAcF4LQ7b7dQDKFJm9d4k/Xq3YDPba2KHBrUYOsDoVq10Ie X-Received: by 2002:a17:90a:550d:b0:1e2:eb94:588e with SMTP id b13-20020a17090a550d00b001e2eb94588emr37272959pji.15.1654674907888; Wed, 08 Jun 2022 00:55:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654674907; cv=none; d=google.com; s=arc-20160816; b=qoNAKIdNDFpVg1iOu/5AZob7l+rgvnNlmmq+fJU+I9JRyMPoLj5bzhy/wJ9t0DVjrX dnnNu4ng0HRPdBV+fXVehYXHMKpENUk6l8Ov8sBqwoIkdwwMfWUveDPa9m3mSO6DuSKk R0TFXH1+ZkW1CgbBIjwXNBr8fvz6DLHNuaymffBE9AlImRyfntl8+VQ+lxLMXmH0C+L0 rU3dRrhmqCHOfFhxG35CPTQrE57ft43MdYpgkLMrNim3kR8K7jg5d8kvQK/77RVEtorY lOpqI0LQaxzaw2ADPEr/xxqalSHiLMqKPAQZuSx6Ph3+sPhSuUx0RC2LTFdP/SWShExz v3dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=k//y4pHv4JLYNYBlIBBbmAeiVpDmQZTGgQUzL2sFR9M=; b=OwjbU8RPOYiAA9oC8YUXur+8gZFm72G/r+j/CHCFNLXzq4EjgP9knTLviKGw8Z9Ru/ UUHvgYB2xBOZNjwa+jEu8+6dU/6rKkTL2VcC5XnbNtGkSlubhSfQnSEjo/PYAiFrmqU0 FKQy5VGLfwapI7FGQgJL7VWoPAM8V1V7jYkcrnnsMmA3YkNBbpTm8XFF8MO+6drqvjSB NqMYWF6Ten+Luq/2hFKUrs1twEje4rY48h3lB9zJNzmqgrxWyK16gWpQqEO1S8uLe7TV 1yUl507esywCmCivflOyohJqAVGr6g1jOh0TtF7DC+CaZBqBadsspa/RQ0xsXEwDOoiv 8/dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FnixDBPe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 7-20020a621707000000b005184f87b172si23320019pfx.268.2022.06.08.00.54.56; Wed, 08 Jun 2022 00:55:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FnixDBPe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237386AbiFHCsG (ORCPT + 99 others); Tue, 7 Jun 2022 22:48:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1447787AbiFHCoF (ORCPT ); Tue, 7 Jun 2022 22:44:05 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB23D26855B; Tue, 7 Jun 2022 12:21:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4359B60A54; Tue, 7 Jun 2022 19:21:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C633C385A2; Tue, 7 Jun 2022 19:21:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654629702; bh=5eZbs3RUyx8krHHab6EXWvD9mRyJfw/nCvHv1W7UiA4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FnixDBPe+KhUQBj054s3qDlfByDfVFkS8nBjri+a5tY70AgOV7Zv6lGjYKBXMq04u PV+PS+3iytTHvxXYC0Xxo786zU/CNem8Re7Y7gDa4ObRhJ4FDb7MV8N/zeb5fzoR6R HpbhXFUAMbL0r8VRrD4THUhyFHJTsa6dIrqZsPKU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH 5.18 786/879] selftests/landlock: Test landlock_create_ruleset(2) argument check ordering Date: Tue, 7 Jun 2022 19:05:04 +0200 Message-Id: <20220607165025.682786588@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220607165002.659942637@linuxfoundation.org> References: <20220607165002.659942637@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mickaël Salaün commit 6533d0c3a86ee1cc74ff37ac92ca597deb87015c upstream. Add inval_create_ruleset_arguments, extension of inval_create_ruleset_flags, to also check error ordering for landlock_create_ruleset(2). This is similar to the previous commit checking landlock_add_rule(2). Test coverage for security/landlock is 94.4% of 504 lines accorging to gcc/gcov-11. Link: https://lore.kernel.org/r/20220506160820.524344-11-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/landlock/base_test.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/landlock/base_test.c +++ b/tools/testing/selftests/landlock/base_test.c @@ -97,14 +97,17 @@ TEST(abi_version) ASSERT_EQ(EINVAL, errno); } -TEST(inval_create_ruleset_flags) +/* Tests ordering of syscall argument checks. */ +TEST(create_ruleset_checks_ordering) { const int last_flag = LANDLOCK_CREATE_RULESET_VERSION; const int invalid_flag = last_flag << 1; + int ruleset_fd; const struct landlock_ruleset_attr ruleset_attr = { .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE, }; + /* Checks priority for invalid flags. */ ASSERT_EQ(-1, landlock_create_ruleset(NULL, 0, invalid_flag)); ASSERT_EQ(EINVAL, errno); @@ -119,6 +122,22 @@ TEST(inval_create_ruleset_flags) landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), invalid_flag)); ASSERT_EQ(EINVAL, errno); + + /* Checks too big ruleset_attr size. */ + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, -1, 0)); + ASSERT_EQ(E2BIG, errno); + + /* Checks too small ruleset_attr size. */ + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0, 0)); + ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 1, 0)); + ASSERT_EQ(EINVAL, errno); + + /* Checks valid call. */ + ruleset_fd = + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); + ASSERT_LE(0, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); } /* Tests ordering of syscall argument checks. */