linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Mickaël Salaün" <mic@digikod.net>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	David Drysdale <drysdale@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	"Eric W . Biederman" <ebiederm@xmission.com>,
	James Morris <james.l.morris@oracle.com>,
	Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	Paul Moore <paul@paul-moore.com>,
	Sargun Dhillon <sargun@sargun.me>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
	Thomas Graf <tgraf@suug.ch>, Will Drewry <wad@chromium.org>,
	"kernel-hardening@lists.openwall.com" 
	<kernel-hardening@lists.openwall.com>,
	Linux API <linux-api@vger.kernel.org>,
	linux-security-module <linux-security-module@vger.kernel.org>,
	Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism
Date: Wed, 19 Apr 2017 23:51:35 +0200	[thread overview]
Message-ID: <94ac6ddc-eaac-8548-f83f-826ddf05ac69@digikod.net> (raw)
In-Reply-To: <CAGXu5j+D-FP8Kt9unNOqKrQJP4DYTpmgkJxWykZyrYiVPz3Y3Q@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 3006 bytes --]


On 19/04/2017 02:02, Kees Cook wrote:
> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <mic@digikod.net> wrote:
>> This is useful to return an information about the error without being
>> able to write to TH_LOG_STREAM.
>>
>> Helpers from test_harness.h may be useful outside of the seccomp
>> directory.
>>
>> Signed-off-by: Mickaël Salaün <mic@digikod.net>
>> Cc: Andy Lutomirski <luto@amacapital.net>
>> Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Shuah Khan <shuah@kernel.org>
>> Cc: Will Drewry <wad@chromium.org>
>> ---
>>  tools/testing/selftests/seccomp/test_harness.h | 8 +++++++-
>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/tools/testing/selftests/seccomp/test_harness.h b/tools/testing/selftests/seccomp/test_harness.h
>> index a786c69c7584..77e407663e06 100644
>> --- a/tools/testing/selftests/seccomp/test_harness.h
>> +++ b/tools/testing/selftests/seccomp/test_harness.h
>> @@ -397,7 +397,7 @@ struct __test_metadata {
>>         const char *name;
>>         void (*fn)(struct __test_metadata *);
>>         int termsig;
>> -       int passed;
>> +       __s8 passed;
> 
> Why the reduction here? int is signed too?

Because the return code of a process is capped to 8 bits and I use a
negative value to not mess with the current interpretation of 0 (error)
and 1 (OK) for the "passed" variable.

> 
>>         int trigger; /* extra handler after the evaluation */
>>         struct __test_metadata *prev, *next;
>>  };
>> @@ -476,6 +476,12 @@ void __run_test(struct __test_metadata *t)
>>                                         "instead of by signal (code: %d)\n",
>>                                         t->name,
>>                                         WEXITSTATUS(status));
>> +                       } else if (t->passed < 0) {
>> +                               fprintf(TH_LOG_STREAM,
>> +                                       "%s: Failed at step #%d\n",
>> +                                       t->name,
>> +                                       t->passed * -1);
>> +                               t->passed = 0;
>>                         }
> 
> Instead of creating an overloaded mechanism here, perhaps have an
> option reporting mechanism that can be enabled. Like adding to
> __test_metadata "bool no_stream; int test_number;" and adding
> test_number++ to each ASSERT/EXCEPT call, and doing something like:
> 
> if (t->no_stream) {
>                               fprintf(TH_LOG_STREAM,
>                                       "%s: Failed at step #%d\n",
>                                       t->name,
>                                        t->test_number);
> }
> 
> It'd be a cleaner approach, maybe?

Good idea, we will then be able to use 255 steps!

Do you want me to send this as a separate patch?

Can we move test_harness.h outside of the seccomp directory to be
available to other subsystems as well?


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

  reply	other threads:[~2017-04-19 21:53 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-28 23:46 [PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing Mickaël Salaün
2017-03-28 23:46 ` [PATCH net-next v6 01/11] bpf: Add eBPF program subtype and is_valid_subtype() verifier Mickaël Salaün
2017-03-29 13:48   ` kbuild test robot
2017-04-18 21:48   ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 02/11] bpf,landlock: Define an eBPF program type for Landlock Mickaël Salaün
2017-04-16 21:57   ` Mickaël Salaün
2017-04-18 21:58   ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 03/11] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode() Mickaël Salaün
2017-03-28 23:46 ` [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem Mickaël Salaün
2017-03-29 15:18   ` kbuild test robot
2017-04-18 22:17   ` Kees Cook
2017-04-18 22:44     ` Mickaël Salaün
2017-04-18 23:16       ` Casey Schaufler
2017-04-18 23:40         ` Kees Cook
2017-04-19 22:03           ` Mickaël Salaün
2017-04-19 23:58             ` [kernel-hardening] " Casey Schaufler
2017-04-20  1:48             ` Kees Cook
2017-04-18 23:39       ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp() Mickaël Salaün
2017-04-18 22:23   ` Kees Cook
2017-04-18 22:47     ` Mickaël Salaün
2017-04-19 22:18       ` Mickaël Salaün
2017-04-20  1:54         ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy Mickaël Salaün
2017-03-29 10:35   ` [kernel-hardening] " Djalal Harouni
2017-03-31 21:15     ` Mickaël Salaün
2017-04-18 22:54       ` Kees Cook
2017-04-18 22:53   ` Kees Cook
2017-04-18 23:24     ` Mickaël Salaün
2017-04-18 23:48       ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 07/11] landlock: Add ptrace restrictions Mickaël Salaün
2017-04-10  6:48   ` [kernel-hardening] " Djalal Harouni
2017-04-11  7:19     ` Mickaël Salaün
2017-03-28 23:46 ` [PATCH net-next v6 08/11] bpf: Add a Landlock sandbox example Mickaël Salaün
2017-04-18 23:06   ` Kees Cook
2017-04-18 23:35     ` Mickaël Salaün
2017-03-28 23:46 ` [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism Mickaël Salaün
2017-04-19  0:02   ` Kees Cook
2017-04-19 21:51     ` Mickaël Salaün [this message]
2017-04-19 22:02       ` Kees Cook
2017-04-19 22:05         ` Mickaël Salaün
2017-04-20  1:50           ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 10/11] bpf,landlock: Add tests for Landlock Mickaël Salaün
2017-04-18 23:16   ` Kees Cook
2017-04-18 23:53     ` Mickaël Salaün
2017-04-18 23:59       ` Kees Cook
2017-03-28 23:46 ` [PATCH net-next v6 11/11] landlock: Add user and kernel documentation " Mickaël Salaün
2017-03-29 15:58   ` kbuild test robot
2017-04-18 23:26 ` [PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing Kees Cook
2017-04-19  0:12   ` Mickaël Salaün

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=94ac6ddc-eaac-8548-f83f-826ddf05ac69@digikod.net \
    --to=mic@digikod.net \
    --cc=acme@kernel.org \
    --cc=ast@kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=corbet@lwn.net \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=drysdale@google.com \
    --cc=ebiederm@xmission.com \
    --cc=james.l.morris@oracle.com \
    --cc=jann@thejh.net \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mjg59@srcf.ucam.org \
    --cc=mtk.manpages@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=sargun@sargun.me \
    --cc=serge@hallyn.com \
    --cc=shuah@kernel.org \
    --cc=tgraf@suug.ch \
    --cc=tj@kernel.org \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).