Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp1203052rwp; Thu, 13 Jul 2023 07:36:24 -0700 (PDT) X-Google-Smtp-Source: APBJJlEqyoRpY0nj8qwpogVW/hgIE3kctg3HSu2Y6Bw9PKqfm/3GJE0tsKcMDQ+7KRbdvfEvxy6I X-Received: by 2002:a17:90b:1298:b0:265:bbd7:fbca with SMTP id fw24-20020a17090b129800b00265bbd7fbcamr951310pjb.9.1689258984433; Thu, 13 Jul 2023 07:36:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689258984; cv=none; d=google.com; s=arc-20160816; b=swi7x6IZ7HLJTpGT742G0Yjyx6X53b27VJixiNwCdtZS6R1YTny2Bagd1JIzJUZ4hh 3xB3h6LICxjA7Bz7/GxAgLVDjRfuQ7NwXJ/+96n8G0ozbge+zFQ1uyw8NQTkr8z72A5/ nAXNWxkjFsIBoJcZL9ioRvPEhog91ZDty1g1wOtvlg00a5oCqfneDIzttL2GhIT7kItH j54qX/KdEIBey68u1hmb7PE51qgHEujlkpagkgHdvd93SJblZQrnlDJ2ifzTPR1UozZn CFcLjuhBv9l7jRoP8acCtrNgcVZR7eU7rZlqmYDp0V08W0KTdROv0wvWR7vhyTh5w71U XCaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=szdilRCqY9U8XaaZk9wofRNi95wFiGtPqlxDs/ZyKrM=; fh=wxJBowgiqEV4mJMGX70TVw3kiznzVRGFtasrh3xdrP8=; b=QHvlo2KeYTSo0CAZ1CvhqWXCJ/HJ+Ft5yGEGAKVFLUs6LfIO0VRQMEYwgcJXyw/AFs pFqYfEDb/yRDwUoAvxeP/yk7TMdj7hjKRfLEpRPgxfnlP6wiwdhICMFzyDEbqipT5hSA TTF2ZIkTlcCzhQwBqpgaz80U76y4/U5DWtp7SKi0JlQpX6Fm07p01O2KYajS4z/oh3GZ yoObiXUdjoWHhWj4nmsKDOd5/zLRPJx/OJ3an6HScirgwOHRJ8o9eSX+iRp9UEREOou/ FDW1UhD4ECyXT2UHy5nAeNs3hLpKxTjiEHyiY4IbKcCWNW4xrVbm5PbSLYXnirK/hx47 lGQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g8-20020a17090a714800b00265e48c115csi3176722pjs.114.2023.07.13.07.36.12; Thu, 13 Jul 2023 07:36:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235172AbjGMOOw (ORCPT + 99 others); Thu, 13 Jul 2023 10:14:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60602 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235070AbjGMOOb (ORCPT ); Thu, 13 Jul 2023 10:14:31 -0400 Received: from 1wt.eu (ded1.1wt.eu [163.172.96.212]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BCD902722; Thu, 13 Jul 2023 07:14:27 -0700 (PDT) Received: (from willy@localhost) by mail.home.local (8.17.1/8.17.1/Submit) id 36DEDqmj028510; Thu, 13 Jul 2023 16:13:52 +0200 Date: Thu, 13 Jul 2023 16:13:52 +0200 From: Willy Tarreau To: Aleksa Sarai Cc: Christian Brauner , Thomas =?iso-8859-1?Q?Wei=DFschuh?= , Shuah Khan , Andrew Morton , Dave Chinner , xu xin , Al Viro , Stefan Roesch , Zhihao Cheng , "Liam R. Howlett" , Janis Danisevskis , Kees Cook , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH] procfs: block chmod on /proc/thread-self/comm Message-ID: References: <20230713-unerschrocken-kutschieren-9be3c8958b5d@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 14, 2023 at 12:00:51AM +1000, Aleksa Sarai wrote: > On 2023-07-13, Christian Brauner wrote: > > > > diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c > > > > index 486334981e60..08f0969208eb 100644 > > > > --- a/tools/testing/selftests/nolibc/nolibc-test.c > > > > +++ b/tools/testing/selftests/nolibc/nolibc-test.c > > > > @@ -580,6 +580,10 @@ int run_syscall(int min, int max) > > > > CASE_TEST(chmod_net); EXPECT_SYSZR(proc, chmod("/proc/self/net", 0555)); break; > > > > CASE_TEST(chmod_self); EXPECT_SYSER(proc, chmod("/proc/self", 0555), -1, EPERM); break; > > > > CASE_TEST(chown_self); EXPECT_SYSER(proc, chown("/proc/self", 0, 0), -1, EPERM); break; > > > > + CASE_TEST(chmod_self_comm); EXPECT_SYSER(proc, chmod("/proc/self/comm", 0777), -1, EPERM); break; > > > > + CASE_TEST(chmod_tid_comm); EXPECT_SYSER(proc, chmod("/proc/thread-self/comm", 0777), -1, EPERM); break; > > > > + CASE_TEST(chmod_self_environ);EXPECT_SYSER(proc, chmod("/proc/self/environ", 0777), -1, EPERM); break; > > > > + CASE_TEST(chmod_tid_environ); EXPECT_SYSER(proc, chmod("/proc/thread-self/environ", 0777), -1, EPERM); break; > > > > > > > > I'm not a big fan of this, it abuses the nolibc testsuite to test core > > > kernel functionality. > > > > Yes, this should be dropped. > > We need a minimal patch to fix this. This just makes backporting harder > > and any test doesn't need to be backported. > > Alright, I'll drop it in v2 (though I'm not sure why there are tests for > /proc/self and /proc/self/net then). In fact the goal was to rely on existing entries that were certain to return certain errors, as we are testing nolibc syscalls in limited environments, such as not being able to create a new file due to another syscall not being available yet. /proc is convenient to make a number of syscalls fail. That's how the problem was detected by the way :-) I personally don't mind that much that tests would be added, provided they really test a new syscall+error combination each. As Thomas said, here we already have other tests for chmod+EPERM so these ones do not bring value here for the purpose of this specific test. With that in mind, if there is some perceived value in adding such tests, that's something we could discuss, either in this file as another category or (preferably) in a separate one, because the framework makes this easy. We could for example have a "proc-test" sub-project forked from this one to run various tests on /proc file permissions. This would respect a clean split, with nolibc-test assuming a valid kernel to test a libc, and proc-test assuming a valid libc to test the kernel. Just an idea. Regards, willy