diff mbox series

fs/proc01.c:add known issues

Message ID 1610672031-5044-1-git-send-email-liuxp11@chinatelecom.cn
State Superseded
Headers show
Series fs/proc01.c:add known issues | expand

Commit Message

liuxp11@chinatelecom.cn Jan. 15, 2021, 12:53 a.m. UTC 
Test in ubuntu20.10,there are several failure tests.

proc01      1  TFAIL  :  proc01.c:396: read failed:
/proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument
proc01      2  TFAIL  :  proc01.c:396: read failed:
/proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
proc01      3  TFAIL  :  proc01.c:396: read failed:
/proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
proc01      4  TFAIL  :  proc01.c:396: read failed:
/proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument
proc01      5  TFAIL  :  proc01.c:396: read failed:
/proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
proc01      6  TFAIL  :  proc01.c:396: read failed:
/proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument

Signed-off-by: Xinpeng Liu <liuxp11@chinatelecom.cn>
---
 testcases/kernel/fs/proc/proc01.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Joerg Vehlow Jan. 15, 2021, 10:49 a.m. UTC | #1 
Hi,

On 1/15/2021 1:53 AM, Xinpeng Liu wrote:
> Test in ubuntu20.10,there are several failure tests.
>
> proc01      1  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      2  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      3  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
> proc01      4  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      5  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      6  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
>
> Signed-off-by: Xinpeng Liu <liuxp11@chinatelecom.cn>

Reviewed-by: Joerg Vehlow <joerg.vehlow@aox-tech.de>

Tested on ubuntu 20.04.
I guess it is ok to completely exclude smack and apparmor folders from 
the test. Maybe there are some files in there, that can be read without 
error, but I think that should be up to testcases for these features.

Jörg
Jan Stancek Jan. 15, 2021, 2:54 p.m. UTC | #2 
----- Original Message -----
> Test in ubuntu20.10,there are several failure tests.
> 
> proc01      1  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      2  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      3  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
> proc01      4  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      5  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      6  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument

I'm OK with ignoring it, but commit log could explain more why we get EINVAL
on read here.
liuxp11@chinatelecom.cn Jan. 18, 2021, 3:34 a.m. UTC | #3 
thanks for good question.

i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c:smack_getprocattr
directly return -EINVAL.

static int smack_getprocattr(struct task_struct *p, char *name, char **value)
{
        struct smack_known *skp = smk_of_task_struct(p);
        char *cp;
        int slen;

        if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0)
                return -EINVAL;

        cp = kstrdup(skp->smk_known, GFP_KERNEL);
        if (cp == NULL)
                return -ENOMEM;

        slen = strlen(cp);
        *value = cp;
        return slen;
}


 
From: Jan Stancek
Date: 2021-01-15 22:54
To: Xinpeng Liu
CC: ltp
Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues
 
----- Original Message -----
> Test in ubuntu20.10,there are several failure tests.
> 
> proc01      1  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      2  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      3  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
> proc01      4  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      5  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      6  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
 
I'm OK with ignoring it, but commit log could explain more why we get EINVAL
on read here.
Jan Stancek Jan. 18, 2021, 11:04 a.m. UTC | #4 
----- Original Message -----

> thanks for good question.

> i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c:
> smack_getprocattr
> directly return -EINVAL.

> static int smack_getprocattr(struct task_struct *p, char *name, char **value)
> {
> struct smack_known *skp = smk_of_task_struct(p);
> char *cp;
> int slen;

> if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0)
> return -EINVAL;

That doesn't look correct, strcmp when reading "current" returns 0, so you condition above 
shouldn't be hit. 

I'm guessing you don't have smack enabled, and EINVAL is the default LSM ret value 
in such case: 

LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, char *name, 
char **value) 

int security_getprocattr(struct task_struct *p, const char *lsm, char *name, 
char **value) 
{ 
struct security_hook_list *hp; 

hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) { 
if (lsm != NULL && strcmp(lsm, hp->lsm)) 
continue; 
return hp->hook.getprocattr(p, name, value); 
} 
return LSM_RET_DEFAULT(getprocattr); 
} 

> cp = kstrdup(skp->smk_known, GFP_KERNEL);
> if (cp == NULL)
> return -ENOMEM;

> slen = strlen(cp);
> *value = cp;
> return slen;
> }

> > From: Jan Stancek
> 
> > Date: 2021-01-15 22:54
> 
> > To: Xinpeng Liu
> 
> > CC: ltp
> 
> > Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues
> 
> > ----- Original Message -----
> 
> > > Test in ubuntu20.10,there are several failure tests.
> 
> > >
> 
> > > proc01 1 TFAIL : proc01.c:396: read failed:
> 
> > > /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid
> > > argument
> 
> > > proc01 2 TFAIL : proc01.c:396: read failed:
> 
> > > /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid
> > > argument
> 
> > > proc01 3 TFAIL : proc01.c:396: read failed:
> 
> > > /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid
> > > argument
> 
> > > proc01 4 TFAIL : proc01.c:396: read failed:
> 
> > > /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument
> 
> > > proc01 5 TFAIL : proc01.c:396: read failed:
> 
> > > /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> 
> > > proc01 6 TFAIL : proc01.c:396: read failed:
> 
> > > /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
> 
> > I'm OK with ignoring it, but commit log could explain more why we get
> > EINVAL
> 
> > on read here.
>
liuxp11@chinatelecom.cn Jan. 18, 2021, 11:35 a.m. UTC | #5 
Right, smack is disabled in my system, and enabled appamor.

static int apparmor_getprocattr(struct task_struct *task, char *name,
                                char **value)
{
        int error = -ENOENT;
        /* released below */
        const struct cred *cred = get_task_cred(task);
        struct aa_task_ctx *ctx = task_ctx(current);
        struct aa_label *label = NULL;
        bool newline = true;

        if (strcmp(name, "current") == 0)
                label = aa_get_newest_label(cred_label(cred));
        else if (strcmp(name, "prev") == 0  && ctx->previous)   //HERE ctx->previous == NULL then return -EINVAL;
                label = aa_get_newest_label(ctx->previous);
        else if (strcmp(name, "exec") == 0 && ctx->onexec)    //HERE ctx->onexec == NULL then return -EINVAL;
                label = aa_get_newest_label(ctx->onexec);
        else if (strcmp(name, "context") == 0) {
                label = aa_get_newest_label(cred_label(cred));
                newline = false;
        } else
                error = -EINVAL;

        if (label)
                error = aa_getprocattr(label, value, newline);

        aa_put_label(label);
        put_cred(cred);

        return error;
}

thanks for your direction.

 
From: Jan Stancek
Date: 2021-01-18 19:04
To: liuxp11
CC: ltp; lkml
Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues



thanks for good question.

i check the source linux-source-5.8.0,in filesecurity/smack/smack_lsm.c:smack_getprocattr
directly return -EINVAL.

static int smack_getprocattr(struct task_struct *p, char *name, char **value)
{
        struct smack_known *skp = smk_of_task_struct(p);
        char *cp;
        int slen;

        if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0)
                return -EINVAL;

That doesn't look correct, strcmp when reading "current" returns 0, so you condition above
shouldn't be hit.

I'm guessing you don't have smack enabled, and EINVAL is the default LSM ret value
in such case:

LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, char *name,
         char **value)

int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
                                char **value)
{
        struct security_hook_list *hp;

        hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
                if (lsm != NULL && strcmp(lsm, hp->lsm))
                        continue;
                return hp->hook.getprocattr(p, name, value);
        }
        return LSM_RET_DEFAULT(getprocattr);
}


        cp = kstrdup(skp->smk_known, GFP_KERNEL);
        if (cp == NULL)
                return -ENOMEM;

        slen = strlen(cp);
        *value = cp;
        return slen;
}


From:Jan Stancek
Date: 2021-01-15 22:54
To:Xinpeng Liu
CC:ltp
Subject: Re: [LTP] [PATCH] fs/proc01.c:add known issues
----- Original Message -----
> Test in ubuntu20.10,there are several failure tests.
> 
> proc01      1  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      2  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      3  TFAIL  :  proc01.c:396: read failed:
> /proc/self/task/61595/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
> proc01      4  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/smack/current: errno=EINVAL(22): Invalid argument
> proc01      5  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/prev: errno=EINVAL(22): Invalid argument
> proc01      6  TFAIL  :  proc01.c:396: read failed:
> /proc/self/attr/apparmor/exec: errno=EINVAL(22): Invalid argument
I'm OK with ignoring it, but commit log could explain more why we get EINVAL
on read here.
diff mbox series

Patch

diff --git a/testcases/kernel/fs/proc/proc01.c b/testcases/kernel/fs/proc/proc01.c
index 9684369..96441d1 100644
--- a/testcases/kernel/fs/proc/proc01.c
+++ b/testcases/kernel/fs/proc/proc01.c
@@ -63,7 +63,7 @@  static char *opt_maxmbytesstr;
 static char *procpath = "/proc";
 static const char selfpath[] = "/proc/self";
 size_t buffsize = 1024;
-static long long maxbytes;
+static unsigned long long maxbytes;
 
 unsigned long long total_read;
 unsigned int total_obj;
@@ -97,7 +97,11 @@  static const struct mapping known_issues[] = {
 	{"read", "/proc/self/mem", EIO},
 	{"read", "/proc/self/task/[0-9]*/mem", EIO},
 	{"read", "/proc/self/attr/*", EINVAL},
+	{"read", "/proc/self/attr/smack/*", EINVAL},
+	{"read", "/proc/self/attr/apparmor/*", EINVAL},
 	{"read", "/proc/self/task/[0-9]*/attr/*", EINVAL},
+	{"read", "/proc/self/task/[0-9]*/attr/smack/*", EINVAL},
+	{"read", "/proc/self/task/[0-9]*/attr/apparmor/*", EINVAL},
 	{"read", "/proc/self/ns/*", EINVAL},
 	{"read", "/proc/self/task/[0-9]*/ns/*", EINVAL},
 	{"read", "/proc/ppc64/rtas/error_log", EINVAL},