Message ID | 1610672031-5044-1-git-send-email-liuxp11@chinatelecom.cn |
---|---|
State | Superseded |
Headers | show |
Series | fs/proc01.c:add known issues | expand |
Hi, On 1/15/2021 1:53 AM, Xinpeng Liu wrote: > Test in ubuntu20.10,there are several failure tests. > > proc01 1 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 2 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 3 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument > proc01 4 TFAIL : proc01.c:396: read failed: > /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 5 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 6 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument > > Signed-off-by: Xinpeng Liu <liuxp11@chinatelecom.cn> Reviewed-by: Joerg Vehlow <joerg.vehlow@aox-tech.de> Tested on ubuntu 20.04. I guess it is ok to completely exclude smack and apparmor folders from the test. Maybe there are some files in there, that can be read without error, but I think that should be up to testcases for these features. Jörg
----- Original Message ----- > Test in ubuntu20.10,there are several failure tests. > > proc01 1 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 2 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 3 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument > proc01 4 TFAIL : proc01.c:396: read failed: > /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 5 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 6 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument I'm OK with ignoring it, but commit log could explain more why we get EINVAL on read here.
thanks for good question. i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c:smack_getprocattr directly return -EINVAL. static int smack_getprocattr(struct task_struct *p, char *name, char **value) { struct smack_known *skp = smk_of_task_struct(p); char *cp; int slen; if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; cp = kstrdup(skp->smk_known, GFP_KERNEL); if (cp == NULL) return -ENOMEM; slen = strlen(cp); *value = cp; return slen; } From: Jan Stancek Date: 2021-01-15 22:54 To: Xinpeng Liu CC: ltp Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues ----- Original Message ----- > Test in ubuntu20.10,there are several failure tests. > > proc01 1 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 2 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 3 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument > proc01 4 TFAIL : proc01.c:396: read failed: > /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 5 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 6 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument I'm OK with ignoring it, but commit log could explain more why we get EINVAL on read here.
----- Original Message ----- > thanks for good question. > i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c: > smack_getprocattr > directly return -EINVAL. > static int smack_getprocattr(struct task_struct *p, char *name, char **value) > { > struct smack_known *skp = smk_of_task_struct(p); > char *cp; > int slen; > if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) > return -EINVAL; That doesn't look correct, strcmp when reading "current" returns 0, so you condition above shouldn't be hit. I'm guessing you don't have smack enabled, and EINVAL is the default LSM ret value in such case: LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, char *name, char **value) int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsm)) continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } > cp = kstrdup(skp->smk_known, GFP_KERNEL); > if (cp == NULL) > return -ENOMEM; > slen = strlen(cp); > *value = cp; > return slen; > } > > From: Jan Stancek > > > Date: 2021-01-15 22:54 > > > To: Xinpeng Liu > > > CC: ltp > > > Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues > > > ----- Original Message ----- > > > > Test in ubuntu20.10,there are several failure tests. > > > > > > > > proc01 1 TFAIL : proc01.c:396: read failed: > > > > /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid > > > argument > > > > proc01 2 TFAIL : proc01.c:396: read failed: > > > > /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid > > > argument > > > > proc01 3 TFAIL : proc01.c:396: read failed: > > > > /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid > > > argument > > > > proc01 4 TFAIL : proc01.c:396: read failed: > > > > /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument > > > > proc01 5 TFAIL : proc01.c:396: read failed: > > > > /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > > > > proc01 6 TFAIL : proc01.c:396: read failed: > > > > /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument > > > I'm OK with ignoring it, but commit log could explain more why we get > > EINVAL > > > on read here. >
Right, smack is disabled in my system, and enabled appamor. static int apparmor_getprocattr(struct task_struct *task, char *name, char **value) { int error = -ENOENT; /* released below */ const struct cred *cred = get_task_cred(task); struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; bool newline = true; if (strcmp(name, "current") == 0) label = aa_get_newest_label(cred_label(cred)); else if (strcmp(name, "prev") == 0 && ctx->previous) //HERE ctx->previous == NULL then return -EINVAL; label = aa_get_newest_label(ctx->previous); else if (strcmp(name, "exec") == 0 && ctx->onexec) //HERE ctx->onexec == NULL then return -EINVAL; label = aa_get_newest_label(ctx->onexec); else if (strcmp(name, "context") == 0) { label = aa_get_newest_label(cred_label(cred)); newline = false; } else error = -EINVAL; if (label) error = aa_getprocattr(label, value, newline); aa_put_label(label); put_cred(cred); return error; } thanks for your direction. From: Jan Stancek Date: 2021-01-18 19:04 To: liuxp11 CC: ltp; lkml Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues thanks for good question. i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c:smack_getprocattr directly return -EINVAL. static int smack_getprocattr(struct task_struct *p, char *name, char **value) { struct smack_known *skp = smk_of_task_struct(p); char *cp; int slen; if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0) return -EINVAL; That doesn't look correct, strcmp when reading "current" returns 0, so you condition above shouldn't be hit. I'm guessing you don't have smack enabled, and EINVAL is the default LSM ret value in such case: LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, char *name, char **value) int security_getprocattr(struct task_struct *p, const char *lsm, char *name, char **value) { struct security_hook_list *hp; hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsm)) continue; return hp->hook.getprocattr(p, name, value); } return LSM_RET_DEFAULT(getprocattr); } cp = kstrdup(skp->smk_known, GFP_KERNEL); if (cp == NULL) return -ENOMEM; slen = strlen(cp); *value = cp; return slen; } From:Jan Stancek Date: 2021-01-15 22:54 To:Xinpeng Liu CC:ltp Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues ----- Original Message ----- > Test in ubuntu20.10,there are several failure tests. > > proc01 1 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 2 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 3 TFAIL : proc01.c:396: read failed: > /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument > proc01 4 TFAIL : proc01.c:396: read failed: > /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument > proc01 5 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument > proc01 6 TFAIL : proc01.c:396: read failed: > /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument I'm OK with ignoring it, but commit log could explain more why we get EINVAL on read here.
diff --git a/testcases/kernel/fs/proc/proc01.c b/testcases/kernel/fs/proc/proc01.c index 9684369..96441d1 100644 --- a/testcases/kernel/fs/proc/proc01.c +++ b/testcases/kernel/fs/proc/proc01.c @@ -63,7 +63,7 @@ static char *opt_maxmbytesstr; static char *procpath = "/proc"; static const char selfpath[] = "/proc/self"; size_t buffsize = 1024; -static long long maxbytes; +static unsigned long long maxbytes; unsigned long long total_read; unsigned int total_obj; @@ -97,7 +97,11 @@ static const struct mapping known_issues[] = { {"read", "/proc/self/mem", EIO}, {"read", "/proc/self/task/[0-9]*/mem", EIO}, {"read", "/proc/self/attr/*", EINVAL}, + {"read", "/proc/self/attr/smack/*", EINVAL}, + {"read", "/proc/self/attr/apparmor/*", EINVAL}, {"read", "/proc/self/task/[0-9]*/attr/*", EINVAL}, + {"read", "/proc/self/task/[0-9]*/attr/smack/*", EINVAL}, + {"read", "/proc/self/task/[0-9]*/attr/apparmor/*", EINVAL}, {"read", "/proc/self/ns/*", EINVAL}, {"read", "/proc/self/task/[0-9]*/ns/*", EINVAL}, {"read", "/proc/ppc64/rtas/error_log", EINVAL},
Test in ubuntu20.10,there are several failure tests. proc01 1 TFAIL : proc01.c:396: read failed: /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument proc01 2 TFAIL : proc01.c:396: read failed: /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument proc01 3 TFAIL : proc01.c:396: read failed: /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument proc01 4 TFAIL : proc01.c:396: read failed: /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument proc01 5 TFAIL : proc01.c:396: read failed: /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument proc01 6 TFAIL : proc01.c:396: read failed: /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument Signed-off-by: Xinpeng Liu <liuxp11@chinatelecom.cn> --- testcases/kernel/fs/proc/proc01.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)