[LTP] [PATCH 1/2] syscalls/keyctl01: Convert to the new library && Cleanup

[LTP] [PATCH 1/2] syscalls/keyctl01: Convert to the new library && Cleanup

[Guangwen Feng]

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 testcases/kernel/syscalls/keyctl/keyctl01.c | 150 ++++++++++------------------
 1 file changed, 50 insertions(+), 100 deletions(-)

diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
index 6af8001..30d51bd 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl01.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
@@ -1,121 +1,71 @@
-/******************************************************************************
- * Copyright (c) Crackerjack Project., 2007				      *
- *									      *
- * This program is free software;  you can redistribute it and/or modify      *
- * it under the terms of the GNU General Public License as published by       *
- * the Free Software Foundation; either version 2 of the License, or	      *
- * (at your option) any later version.					      *
- *									      *
- * This program is distributed in the hope that it will be useful,	      *
- * but WITHOUT ANY WARRANTY;  without even the implied warranty of	      *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See		      *
- * the GNU General Public License for more details.			      *
- *									      *
- * You should have received a copy of the GNU General Public License	      *
- * along with this program;  if not, write to the Free Software Foundation,   *
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA           *
- *                                                                            *
- ******************************************************************************/
+/*
+ * Copyright (c) Crackerjack Project., 2007
+ * Copyright (c) 2017 Fujitsu Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program, if not, see <http://www.gnu.org/licenses/>.
+ */
+
 /*
  * Description: This tests the keyctl() syscall
  *		Manipulate the kernel's key management facility
  *
- * History:     Porting from Crackerjack to LTP is done by
- *	      Manas Kumar Nayak maknayak@in.ibm.com>
+ * Ported by Manas Kumar Nayak maknayak@in.ibm.com>
+ * Modified by Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
  */
 
-#include "config.h"
-#include <sys/types.h>
 #include <errno.h>
-#include <limits.h>
-#include <stdio.h>
 #include <stdint.h>
-#ifdef HAVE_LINUX_KEYCTL_H
-# include <linux/keyctl.h>
-#endif
 
-#include "test.h"
+#include "tst_test.h"
 #include "lapi/syscalls.h"
+#include "lapi/keyctl.h"
 
-char *TCID = "keyctl01";
-int testno;
-int TST_TOTAL = 2;
-
-#ifdef HAVE_LINUX_KEYCTL_H
-
-static void cleanup(void)
-{
-	tst_rmdir();
-}
-
-static void setup(void)
-{
-	TEST_PAUSE;
-	tst_tmpdir();
-}
+typedef int32_t key_serial_t;
 
-int main(int ac, char **av)
+static void do_test(void)
 {
-	int ret;
-	int lc;
-	int32_t ne_key;
-
-	tst_parse_opts(ac, av, NULL, NULL);
-
-	setup();
-
-	for (lc = 0; TEST_LOOPING(lc); lc++) {
-
-		tst_count = 0;
-
-		for (testno = 1; testno < TST_TOTAL; ++testno) {
+	key_serial_t key;
 
-			/* Call keyctl() and ask for a keyring's ID. */
-			ret = ltp_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-				      KEY_SPEC_USER_SESSION_KEYRING);
-			if (ret != -1) {
-				tst_resm(TPASS,
-					 "KEYCTL_GET_KEYRING_ID succeeded");
-			} else {
-				tst_resm(TFAIL | TERRNO,
-					 "KEYCTL_GET_KEYRING_ID");
-			}
+	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
+		KEY_SPEC_USER_SESSION_KEYRING));
 
-			for (ne_key = INT32_MAX; ne_key > INT32_MIN; ne_key--) {
-				ret = ltp_syscall(__NR_keyctl, KEYCTL_READ,
-					ne_key);
-				if (ret == -1 && errno == ENOKEY)
-					break;
-			}
+	if (TEST_RETURN != -1)
+		tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
+	else
+		tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
 
-			/* Call keyctl. */
-			ret = ltp_syscall(__NR_keyctl, KEYCTL_REVOKE, ne_key);
-			if (ret != -1) {
-				tst_resm(TFAIL | TERRNO,
-					 "KEYCTL_REVOKE succeeded unexpectedly");
-			} else {
-				/* Check for the correct error num. */
-				if (errno == ENOKEY) {
-					tst_resm(TPASS | TERRNO,
-						 "KEYCTL_REVOKE got expected "
-						 "errno");
-				} else {
-					tst_resm(TFAIL | TERRNO,
-						 "KEYCTL_REVOKE got unexpected "
-						 "errno");
-				}
+	for (key = INT32_MAX; key > INT32_MIN; key--) {
+		TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
+		if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
+			break;
+	}
 
-			}
+	TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
 
-		}
+	if (TEST_RETURN != -1) {
+		tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
+		return;
+	}
 
+	if (TEST_ERRNO != ENOKEY) {
+		tst_res(TFAIL | TTERRNO, "KEYCTL_REVOKE failed unexpectedly");
+		return;
 	}
-	cleanup();
-	tst_exit();
-}
-#else
-int main(void)
-{
-	tst_brkm(TCONF, NULL, "keyctl syscall support not available on system");
+
+	tst_res(TPASS | TTERRNO, "KEYCTL_REVOKE failed as expected");
 }
-#endif /* HAVE_LINUX_KEYCTL_H */
+
+static struct tst_test test = {
+	.test_all = do_test,
+};
-- 
2.9.4

[LTP] [PATCH 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Guangwen Feng]

* keyctl02 and keyctl03 make use of lapi/keyctl.h
* Add keyctl02 to the CVE runtest file as cve-2015-7550

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 runtest/cve                                 |  1 +
 testcases/kernel/syscalls/keyctl/Makefile   |  3 +--
 testcases/kernel/syscalls/keyctl/keyctl02.c | 21 ++++++++-------------
 testcases/kernel/syscalls/keyctl/keyctl03.c | 22 ++++++++++------------
 4 files changed, 20 insertions(+), 27 deletions(-)

diff --git a/runtest/cve b/runtest/cve
index 468f0b2..602f858 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -5,6 +5,7 @@ cve-2011-2496 vma03
 cve-2012-0957 cve-2012-0957
 cve-2014-0196 cve-2014-0196
 cve-2015-0235 gethostbyname_r01
+cve-2015-7550 keyctl02
 cve-2016-4997 cve-2016-4997
 cve-2016-5195 dirtyc0w
 cve-2016-7042 cve-2016-7042
diff --git a/testcases/kernel/syscalls/keyctl/Makefile b/testcases/kernel/syscalls/keyctl/Makefile
index bb3d3a4..b3f4f9a 100644
--- a/testcases/kernel/syscalls/keyctl/Makefile
+++ b/testcases/kernel/syscalls/keyctl/Makefile
@@ -18,8 +18,7 @@
 
 top_srcdir		?= ../../../..
 
-keyctl02: LDLIBS	+=-lpthread $(KEYUTILS_LIBS)
-keyctl03: LDLIBS	+=$(KEYUTILS_LIBS)
+keyctl02: LDLIBS	+=-lpthread
 
 include $(top_srcdir)/include/mk/testcases.mk
 
diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
index b783bf7..73ba25a 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl02.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
@@ -35,17 +35,16 @@
  *  KEYS: Fix race between read and revoke
  */
 
-#include "config.h"
 #include <errno.h>
 #include <pthread.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
+
 #include "tst_safe_pthread.h"
 #include "tst_test.h"
+#include "lapi/syscalls.h"
+#include "lapi/keyctl.h"
 
-#ifdef HAVE_KEYUTILS_H
+typedef int32_t key_serial_t;
 
 #define LOOPS	20000
 #define PATH_KEY_COUNT_QUOTA	"/proc/sys/kernel/keys/root_maxkeys"
@@ -57,7 +56,7 @@ static void *do_read(void *arg)
 	key_serial_t key = (unsigned long)arg;
 	char buffer[4] = { 0 };
 
-	keyctl(KEYCTL_READ, key, buffer, 4);
+	tst_syscall(__NR_keyctl, KEYCTL_READ, key, buffer, 4);
 
 	return NULL;
 }
@@ -66,7 +65,7 @@ static void *do_revoke(void *arg)
 {
 	key_serial_t key = (unsigned long)arg;
 
-	keyctl(KEYCTL_REVOKE, key);
+	tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key);
 
 	return NULL;
 }
@@ -78,8 +77,8 @@ static void do_test(void)
 	pthread_t pth[4];
 
 	for (i = 0; i < LOOPS; i++) {
-		key = add_key("user", "ltptestkey", "foo", 3,
-			KEY_SPEC_PROCESS_KEYRING);
+		key = tst_syscall(__NR_add_key, "user", "ltptestkey",
+			"foo", 3, KEY_SPEC_PROCESS_KEYRING);
 		if (key == -1)
 			tst_brk(TBROK | TERRNO, "Failed to add key");
 
@@ -119,7 +118,3 @@ static struct tst_test test = {
 	.cleanup = cleanup,
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
index 41d062e..bdc4b29 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl03.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
@@ -28,27 +28,29 @@
  *        an uninstantiated keyring
  */
 
-#include "config.h"
 #include <errno.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
+
 #include "tst_test.h"
+#include "lapi/syscalls.h"
+#include "lapi/keyctl.h"
 
-#ifdef HAVE_KEYUTILS_H
+typedef int32_t key_serial_t;
 
 static void do_test(void)
 {
 	key_serial_t key;
 
-	key = add_key("user", "ltptestkey", "a", 1, KEY_SPEC_SESSION_KEYRING);
+	key = tst_syscall(__NR_add_key,
+		"user", "ltptestkey", "a", 1, KEY_SPEC_SESSION_KEYRING);
 	if (key == -1)
 		tst_brk(TBROK, "Failed to add key");
 
-	request_key("keyring", "foo", "bar", KEY_SPEC_THREAD_KEYRING);
+	tst_syscall(__NR_request_key,
+		"keyring", "foo", "bar", KEY_SPEC_THREAD_KEYRING);
 
-	TEST(keyctl(KEYCTL_UNLINK, key, KEY_SPEC_SESSION_KEYRING));
+	TEST(tst_syscall(__NR_keyctl,
+		KEYCTL_UNLINK, key, KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN)
 		tst_res(TFAIL | TTERRNO, "keyctl unlink failed");
 	else
@@ -58,7 +60,3 @@ static void do_test(void)
 static struct tst_test test = {
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
-- 
2.9.4

[LTP] [PATCH 1/2] syscalls/keyctl01: Convert to the new library && Cleanup

[Cyril Hrubis]

Hi!
Pushed, thanks.

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Cyril Hrubis]

Hi!
> -	keyctl(KEYCTL_READ, key, buffer, 4);
> +	tst_syscall(__NR_keyctl, KEYCTL_READ, key, buffer, 4);

What about we, instead of using raw syscall, defined fallback keyctl()
and add_key() in the lapi/keyctl.h that would call the syscall? That way
we would test the keyutils library if present but these tests will not
be disabled otherwise.

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Guangwen Feng]

Hi!

Thanks for your review!

在 08/23/2017 10:18 PM, Cyril Hrubis 写道:
> Hi!
>> -	keyctl(KEYCTL_READ, key, buffer, 4);
>> +	tst_syscall(__NR_keyctl, KEYCTL_READ, key, buffer, 4);
> 
> What about we, instead of using raw syscall, defined fallback keyctl()
> and add_key() in the lapi/keyctl.h that would call the syscall? That way
> we would test the keyutils library if present but these tests will not
> be disabled otherwise.
> 

Yes, that sounds good, thanks!

Best Regards,
Guangwen Feng

[LTP] [PATCH v2 1/2] lapi/keyctl.h: Add fallback definition of keyutil.h

[Guangwen Feng]

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 include/lapi/keyctl.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/include/lapi/keyctl.h b/include/lapi/keyctl.h
index ed3b7bd..e761be8 100644
--- a/include/lapi/keyctl.h
+++ b/include/lapi/keyctl.h
@@ -23,6 +23,55 @@
 # include <linux/keyctl.h>
 #endif /* HAVE_LINUX_KEYCTL_H */
 
+#ifdef HAVE_KEYUTILS_H
+# include <keyutils.h>
+#else
+# include <stdarg.h>
+# include <stdint.h>
+# include "lapi/syscalls.h"
+# ifdef __TEST_H__
+#  define TST_SYSCALL_WRAPPER ltp_syscall
+# else
+#  define TST_SYSCALL_WRAPPER tst_syscall
+# endif /* __TEST_H__ */
+typedef int32_t key_serial_t;
+
+static inline key_serial_t add_key(const char *type,
+				   const char *description,
+				   const void *payload,
+				   size_t plen,
+				   key_serial_t ringid)
+{
+	return TST_SYSCALL_WRAPPER(__NR_add_key,
+		type, description, payload, plen, ringid);
+}
+
+static inline key_serial_t request_key(const char *type,
+				       const char *description,
+				       const char *callout_info,
+				       key_serial_t destringid)
+{
+	return TST_SYSCALL_WRAPPER(__NR_request_key,
+		type, description, callout_info, destringid);
+}
+
+static inline long keyctl(int cmd, ...)
+{
+	va_list va;
+	unsigned long arg2, arg3, arg4, arg5;
+
+	va_start(va, cmd);
+	arg2 = va_arg(va, unsigned long);
+	arg3 = va_arg(va, unsigned long);
+	arg4 = va_arg(va, unsigned long);
+	arg5 = va_arg(va, unsigned long);
+	va_end(va);
+
+	return TST_SYSCALL_WRAPPER(__NR_keyctl,
+		cmd, arg2, arg3, arg4, arg5);
+}
+#endif /* HAVE_KEYUTILS_H */
+
 #ifndef KEYCTL_GET_KEYRING_ID
 # define KEYCTL_GET_KEYRING_ID 0
 #endif
-- 
2.9.4

[LTP] [PATCH v2 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Guangwen Feng]

1.syscalls/keyctl02 and syscalls/keyctl03 make use of lapi/keyctl.h

2.syscalls/keyctl0* use keyutils.h fallback definition in lapi/keyctl.h
  instead of raw syscall, thus we would test the keyutils library if the
  header is present and these tests will not be disabled otherwise.

3.Add syscalls/keyctl02 and commands/keyctl01 to the CVE runtest file as
  cve-2015-7550 and cve-2016-4470 respectively.

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 runtest/cve                                 |  2 ++
 testcases/kernel/syscalls/keyctl/Makefile   |  4 ++--
 testcases/kernel/syscalls/keyctl/keyctl01.c | 20 +++++++++++---------
 testcases/kernel/syscalls/keyctl/keyctl02.c | 16 ++++++----------
 testcases/kernel/syscalls/keyctl/keyctl03.c | 20 ++++++++++----------
 testcases/kernel/syscalls/keyctl/keyctl04.c | 20 +++++++++++---------
 testcases/kernel/syscalls/keyctl/keyctl05.c | 29 ++++++++++++++++-------------
 7 files changed, 58 insertions(+), 53 deletions(-)

diff --git a/runtest/cve b/runtest/cve
index 468f0b2..5b16e9e 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -5,6 +5,8 @@ cve-2011-2496 vma03
 cve-2012-0957 cve-2012-0957
 cve-2014-0196 cve-2014-0196
 cve-2015-0235 gethostbyname_r01
+cve-2015-7550 keyctl02
+cve-2016-4470 keyctl01.sh
 cve-2016-4997 cve-2016-4997
 cve-2016-5195 dirtyc0w
 cve-2016-7042 cve-2016-7042
diff --git a/testcases/kernel/syscalls/keyctl/Makefile b/testcases/kernel/syscalls/keyctl/Makefile
index bb3d3a4..dd1f6b4 100644
--- a/testcases/kernel/syscalls/keyctl/Makefile
+++ b/testcases/kernel/syscalls/keyctl/Makefile
@@ -18,8 +18,8 @@
 
 top_srcdir		?= ../../../..
 
-keyctl02: LDLIBS	+=-lpthread $(KEYUTILS_LIBS)
-keyctl03: LDLIBS	+=$(KEYUTILS_LIBS)
+LDLIBS	+= $(KEYUTILS_LIBS)
+keyctl02: LDLIBS	+= -lpthread
 
 include $(top_srcdir)/include/mk/testcases.mk
 
diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
index 30d51bd..345fa8c 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl01.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
@@ -28,31 +28,25 @@
 #include <stdint.h>
 
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 static void do_test(void)
 {
 	key_serial_t key;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-		KEY_SPEC_USER_SESSION_KEYRING));
-
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING));
 	if (TEST_RETURN != -1)
 		tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
 	else
 		tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
 
 	for (key = INT32_MAX; key > INT32_MIN; key--) {
-		TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
+		TEST(keyctl(KEYCTL_READ, key));
 		if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
 			break;
 	}
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
-
+	TEST(keyctl(KEYCTL_REVOKE, key));
 	if (TEST_RETURN != -1) {
 		tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
 		return;
@@ -66,6 +60,14 @@ static void do_test(void)
 	tst_res(TPASS | TTERRNO, "KEYCTL_REVOKE failed as expected");
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
+	.setup = setup,
 	.test_all = do_test,
 };
diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
index b783bf7..f285212 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl02.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
@@ -35,17 +35,13 @@
  *  KEYS: Fix race between read and revoke
  */
 
-#include "config.h"
 #include <errno.h>
 #include <pthread.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
+
 #include "tst_safe_pthread.h"
 #include "tst_test.h"
-
-#ifdef HAVE_KEYUTILS_H
+#include "lapi/keyctl.h"
 
 #define LOOPS	20000
 #define PATH_KEY_COUNT_QUOTA	"/proc/sys/kernel/keys/root_maxkeys"
@@ -103,6 +99,10 @@ static void do_test(void)
 
 static void setup(void)
 {
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+
 	SAFE_FILE_SCANF(PATH_KEY_COUNT_QUOTA, "%d", &orig_maxkeys);
 	SAFE_FILE_PRINTF(PATH_KEY_COUNT_QUOTA, "%d", orig_maxkeys + LOOPS);
 }
@@ -119,7 +119,3 @@ static struct tst_test test = {
 	.cleanup = cleanup,
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
index 41d062e..aa560f0 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl03.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
@@ -28,15 +28,11 @@
  *        an uninstantiated keyring
  */
 
-#include "config.h"
 #include <errno.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
-#include "tst_test.h"
 
-#ifdef HAVE_KEYUTILS_H
+#include "tst_test.h"
+#include "lapi/keyctl.h"
 
 static void do_test(void)
 {
@@ -55,10 +51,14 @@ static void do_test(void)
 		tst_res(TPASS, "Bug not reproduced");
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
+	.setup = setup,
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl04.c b/testcases/kernel/syscalls/keyctl/keyctl04.c
index 3fef1ea..9a57dcf 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl04.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl04.c
@@ -27,28 +27,22 @@
  */
 
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 static void do_test(void)
 {
 	key_serial_t tid_keyring;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-			 KEY_SPEC_THREAD_KEYRING, 1));
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 1));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to create thread keyring");
 	tid_keyring = TEST_RETURN;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_SET_REQKEY_KEYRING,
-			 KEY_REQKEY_DEFL_THREAD_KEYRING));
+	TEST(keyctl(KEYCTL_SET_REQKEY_KEYRING, KEY_REQKEY_DEFL_THREAD_KEYRING));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to set reqkey keyring");
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-			 KEY_SPEC_THREAD_KEYRING, 0));
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 0));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to get thread keyring ID");
 	if (TEST_RETURN == tid_keyring)
@@ -57,6 +51,14 @@ static void do_test(void)
 		tst_res(TFAIL, "thread keyring was leaked!");
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
+	.setup = setup,
 	.test_all = do_test,
 };
diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c
index 922d2b4..1ec73a8 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl05.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl05.c
@@ -39,11 +39,8 @@
 
 #include <stdlib.h>
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 #define KEY_POS_WRITE	0x04000000
 #define KEY_POS_ALL	0x3f000000
 
@@ -89,7 +86,7 @@ static const char x509_cert[] =
 
 static void new_session_keyring(void)
 {
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, NULL));
+	TEST(keyctl(KEYCTL_JOIN_SESSION_KEYRING, NULL));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to join new session keyring");
 }
@@ -101,8 +98,7 @@ static void test_update_nonupdatable(const char *type,
 
 	new_session_keyring();
 
-	TEST(tst_syscall(__NR_add_key, type, "desc", payload, plen,
-			 KEY_SPEC_SESSION_KEYRING));
+	TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN < 0) {
 		if (TEST_ERRNO == ENODEV) {
 			tst_res(TCONF, "kernel doesn't support key type '%s'",
@@ -130,7 +126,7 @@ static void test_update_nonupdatable(const char *type,
 	 * Non-updatable keys don't start with write permission, so we must
 	 * explicitly grant it.
 	 */
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, KEY_POS_ALL));
+	TEST(keyctl(KEYCTL_SETPERM, keyid, KEY_POS_ALL));
 	if (TEST_RETURN != 0) {
 		tst_res(TBROK | TTERRNO,
 			"failed to grant write permission to '%s' key", type);
@@ -138,7 +134,7 @@ static void test_update_nonupdatable(const char *type,
 	}
 
 	tst_res(TINFO, "Try to update the '%s' key...", type);
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid, payload, plen));
+	TEST(keyctl(KEYCTL_UPDATE, keyid, payload, plen));
 	if (TEST_RETURN == 0) {
 		tst_res(TBROK,
 			"updating '%s' key unexpectedly succeeded", type);
@@ -165,8 +161,8 @@ static void test_update_setperm_race(void)
 
 	new_session_keyring();
 
-	TEST(tst_syscall(__NR_add_key, "user", "desc", payload, sizeof(payload),
-			 KEY_SPEC_SESSION_KEYRING));
+	TEST(add_key("user", "desc", payload, sizeof(payload),
+		KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN < 0) {
 		tst_res(TBROK | TTERRNO, "failed to add 'user' key");
 		return;
@@ -178,7 +174,7 @@ static void test_update_setperm_race(void)
 
 		for (i = 0; i < 10000; i++) {
 			perm ^= KEY_POS_WRITE;
-			TEST(syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, perm));
+			TEST(keyctl(KEYCTL_SETPERM, keyid, perm));
 			if (TEST_RETURN != 0)
 				tst_brk(TBROK | TTERRNO, "setperm failed");
 		}
@@ -187,8 +183,7 @@ static void test_update_setperm_race(void)
 
 	tst_res(TINFO, "Try to update the 'user' key...");
 	for (i = 0; i < 10000; i++) {
-		TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid,
-				 payload, sizeof(payload)));
+		TEST(keyctl(KEYCTL_UPDATE, keyid, payload, sizeof(payload)));
 		if (TEST_RETURN != 0 && TEST_ERRNO != EACCES) {
 			tst_res(TBROK | TTERRNO, "failed to update 'user' key");
 			return;
@@ -218,8 +213,16 @@ static void do_test(unsigned int i)
 	}
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
 	.tcnt = 3,
+	.setup = setup,
 	.test = do_test,
 	.forks_child = 1,
 };
-- 
2.9.4

[LTP] [PATCH v2 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Guangwen Feng]

Hi!

Please ignore the v2, I found there are some problem, sorry.
I will send a v3 soon.

Best Regards,
Guangwen Feng

在 08/24/2017 09:28 PM, Guangwen Feng 写道:
> 1.syscalls/keyctl02 and syscalls/keyctl03 make use of lapi/keyctl.h
> 
> 2.syscalls/keyctl0* use keyutils.h fallback definition in lapi/keyctl.h
>   instead of raw syscall, thus we would test the keyutils library if the
>   header is present and these tests will not be disabled otherwise.
> 
> 3.Add syscalls/keyctl02 and commands/keyctl01 to the CVE runtest file as
>   cve-2015-7550 and cve-2016-4470 respectively.
> 
> Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
> ---
>  runtest/cve                                 |  2 ++
>  testcases/kernel/syscalls/keyctl/Makefile   |  4 ++--
>  testcases/kernel/syscalls/keyctl/keyctl01.c | 20 +++++++++++---------
>  testcases/kernel/syscalls/keyctl/keyctl02.c | 16 ++++++----------
>  testcases/kernel/syscalls/keyctl/keyctl03.c | 20 ++++++++++----------
>  testcases/kernel/syscalls/keyctl/keyctl04.c | 20 +++++++++++---------
>  testcases/kernel/syscalls/keyctl/keyctl05.c | 29 ++++++++++++++++-------------
>  7 files changed, 58 insertions(+), 53 deletions(-)
> 
> diff --git a/runtest/cve b/runtest/cve
> index 468f0b2..5b16e9e 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -5,6 +5,8 @@ cve-2011-2496 vma03
>  cve-2012-0957 cve-2012-0957
>  cve-2014-0196 cve-2014-0196
>  cve-2015-0235 gethostbyname_r01
> +cve-2015-7550 keyctl02
> +cve-2016-4470 keyctl01.sh
>  cve-2016-4997 cve-2016-4997
>  cve-2016-5195 dirtyc0w
>  cve-2016-7042 cve-2016-7042
> diff --git a/testcases/kernel/syscalls/keyctl/Makefile b/testcases/kernel/syscalls/keyctl/Makefile
> index bb3d3a4..dd1f6b4 100644
> --- a/testcases/kernel/syscalls/keyctl/Makefile
> +++ b/testcases/kernel/syscalls/keyctl/Makefile
> @@ -18,8 +18,8 @@
>  
>  top_srcdir		?= ../../../..
>  
> -keyctl02: LDLIBS	+=-lpthread $(KEYUTILS_LIBS)
> -keyctl03: LDLIBS	+=$(KEYUTILS_LIBS)
> +LDLIBS	+= $(KEYUTILS_LIBS)
> +keyctl02: LDLIBS	+= -lpthread
>  
>  include $(top_srcdir)/include/mk/testcases.mk
>  
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
> index 30d51bd..345fa8c 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl01.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
> @@ -28,31 +28,25 @@
>  #include <stdint.h>
>  
>  #include "tst_test.h"
> -#include "lapi/syscalls.h"
>  #include "lapi/keyctl.h"
>  
> -typedef int32_t key_serial_t;
> -
>  static void do_test(void)
>  {
>  	key_serial_t key;
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> -		KEY_SPEC_USER_SESSION_KEYRING));
> -
> +	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING));
>  	if (TEST_RETURN != -1)
>  		tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
>  	else
>  		tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
>  
>  	for (key = INT32_MAX; key > INT32_MIN; key--) {
> -		TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
> +		TEST(keyctl(KEYCTL_READ, key));
>  		if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
>  			break;
>  	}
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
> -
> +	TEST(keyctl(KEYCTL_REVOKE, key));
>  	if (TEST_RETURN != -1) {
>  		tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
>  		return;
> @@ -66,6 +60,14 @@ static void do_test(void)
>  	tst_res(TPASS | TTERRNO, "KEYCTL_REVOKE failed as expected");
>  }
>  
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> +	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
>  static struct tst_test test = {
> +	.setup = setup,
>  	.test_all = do_test,
>  };
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
> index b783bf7..f285212 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl02.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
> @@ -35,17 +35,13 @@
>   *  KEYS: Fix race between read and revoke
>   */
>  
> -#include "config.h"
>  #include <errno.h>
>  #include <pthread.h>
>  #include <sys/types.h>
> -#ifdef HAVE_KEYUTILS_H
> -# include <keyutils.h>
> -#endif
> +
>  #include "tst_safe_pthread.h"
>  #include "tst_test.h"
> -
> -#ifdef HAVE_KEYUTILS_H
> +#include "lapi/keyctl.h"
>  
>  #define LOOPS	20000
>  #define PATH_KEY_COUNT_QUOTA	"/proc/sys/kernel/keys/root_maxkeys"
> @@ -103,6 +99,10 @@ static void do_test(void)
>  
>  static void setup(void)
>  {
> +#ifndef HAVE_KEYUTILS_H
> +	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +
>  	SAFE_FILE_SCANF(PATH_KEY_COUNT_QUOTA, "%d", &orig_maxkeys);
>  	SAFE_FILE_PRINTF(PATH_KEY_COUNT_QUOTA, "%d", orig_maxkeys + LOOPS);
>  }
> @@ -119,7 +119,3 @@ static struct tst_test test = {
>  	.cleanup = cleanup,
>  	.test_all = do_test,
>  };
> -
> -#else
> -	TST_TEST_TCONF("keyutils.h does not exist");
> -#endif /* HAVE_KEYUTILS_H */
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
> index 41d062e..aa560f0 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl03.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
> @@ -28,15 +28,11 @@
>   *        an uninstantiated keyring
>   */
>  
> -#include "config.h"
>  #include <errno.h>
>  #include <sys/types.h>
> -#ifdef HAVE_KEYUTILS_H
> -# include <keyutils.h>
> -#endif
> -#include "tst_test.h"
>  
> -#ifdef HAVE_KEYUTILS_H
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
>  
>  static void do_test(void)
>  {
> @@ -55,10 +51,14 @@ static void do_test(void)
>  		tst_res(TPASS, "Bug not reproduced");
>  }
>  
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> +	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
>  static struct tst_test test = {
> +	.setup = setup,
>  	.test_all = do_test,
>  };
> -
> -#else
> -	TST_TEST_TCONF("keyutils.h does not exist");
> -#endif /* HAVE_KEYUTILS_H */
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl04.c b/testcases/kernel/syscalls/keyctl/keyctl04.c
> index 3fef1ea..9a57dcf 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl04.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl04.c
> @@ -27,28 +27,22 @@
>   */
>  
>  #include "tst_test.h"
> -#include "lapi/syscalls.h"
>  #include "lapi/keyctl.h"
>  
> -typedef int32_t key_serial_t;
> -
>  static void do_test(void)
>  {
>  	key_serial_t tid_keyring;
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> -			 KEY_SPEC_THREAD_KEYRING, 1));
> +	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 1));
>  	if (TEST_RETURN < 0)
>  		tst_brk(TBROK | TTERRNO, "failed to create thread keyring");
>  	tid_keyring = TEST_RETURN;
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_SET_REQKEY_KEYRING,
> -			 KEY_REQKEY_DEFL_THREAD_KEYRING));
> +	TEST(keyctl(KEYCTL_SET_REQKEY_KEYRING, KEY_REQKEY_DEFL_THREAD_KEYRING));
>  	if (TEST_RETURN < 0)
>  		tst_brk(TBROK | TTERRNO, "failed to set reqkey keyring");
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> -			 KEY_SPEC_THREAD_KEYRING, 0));
> +	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 0));
>  	if (TEST_RETURN < 0)
>  		tst_brk(TBROK | TTERRNO, "failed to get thread keyring ID");
>  	if (TEST_RETURN == tid_keyring)
> @@ -57,6 +51,14 @@ static void do_test(void)
>  		tst_res(TFAIL, "thread keyring was leaked!");
>  }
>  
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> +	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
>  static struct tst_test test = {
> +	.setup = setup,
>  	.test_all = do_test,
>  };
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c
> index 922d2b4..1ec73a8 100644
> --- a/testcases/kernel/syscalls/keyctl/keyctl05.c
> +++ b/testcases/kernel/syscalls/keyctl/keyctl05.c
> @@ -39,11 +39,8 @@
>  
>  #include <stdlib.h>
>  #include "tst_test.h"
> -#include "lapi/syscalls.h"
>  #include "lapi/keyctl.h"
>  
> -typedef int32_t key_serial_t;
> -
>  #define KEY_POS_WRITE	0x04000000
>  #define KEY_POS_ALL	0x3f000000
>  
> @@ -89,7 +86,7 @@ static const char x509_cert[] =
>  
>  static void new_session_keyring(void)
>  {
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, NULL));
> +	TEST(keyctl(KEYCTL_JOIN_SESSION_KEYRING, NULL));
>  	if (TEST_RETURN < 0)
>  		tst_brk(TBROK | TTERRNO, "failed to join new session keyring");
>  }
> @@ -101,8 +98,7 @@ static void test_update_nonupdatable(const char *type,
>  
>  	new_session_keyring();
>  
> -	TEST(tst_syscall(__NR_add_key, type, "desc", payload, plen,
> -			 KEY_SPEC_SESSION_KEYRING));
> +	TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING));
>  	if (TEST_RETURN < 0) {
>  		if (TEST_ERRNO == ENODEV) {
>  			tst_res(TCONF, "kernel doesn't support key type '%s'",
> @@ -130,7 +126,7 @@ static void test_update_nonupdatable(const char *type,
>  	 * Non-updatable keys don't start with write permission, so we must
>  	 * explicitly grant it.
>  	 */
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, KEY_POS_ALL));
> +	TEST(keyctl(KEYCTL_SETPERM, keyid, KEY_POS_ALL));
>  	if (TEST_RETURN != 0) {
>  		tst_res(TBROK | TTERRNO,
>  			"failed to grant write permission to '%s' key", type);
> @@ -138,7 +134,7 @@ static void test_update_nonupdatable(const char *type,
>  	}
>  
>  	tst_res(TINFO, "Try to update the '%s' key...", type);
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid, payload, plen));
> +	TEST(keyctl(KEYCTL_UPDATE, keyid, payload, plen));
>  	if (TEST_RETURN == 0) {
>  		tst_res(TBROK,
>  			"updating '%s' key unexpectedly succeeded", type);
> @@ -165,8 +161,8 @@ static void test_update_setperm_race(void)
>  
>  	new_session_keyring();
>  
> -	TEST(tst_syscall(__NR_add_key, "user", "desc", payload, sizeof(payload),
> -			 KEY_SPEC_SESSION_KEYRING));
> +	TEST(add_key("user", "desc", payload, sizeof(payload),
> +		KEY_SPEC_SESSION_KEYRING));
>  	if (TEST_RETURN < 0) {
>  		tst_res(TBROK | TTERRNO, "failed to add 'user' key");
>  		return;
> @@ -178,7 +174,7 @@ static void test_update_setperm_race(void)
>  
>  		for (i = 0; i < 10000; i++) {
>  			perm ^= KEY_POS_WRITE;
> -			TEST(syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, perm));
> +			TEST(keyctl(KEYCTL_SETPERM, keyid, perm));
>  			if (TEST_RETURN != 0)
>  				tst_brk(TBROK | TTERRNO, "setperm failed");
>  		}
> @@ -187,8 +183,7 @@ static void test_update_setperm_race(void)
>  
>  	tst_res(TINFO, "Try to update the 'user' key...");
>  	for (i = 0; i < 10000; i++) {
> -		TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid,
> -				 payload, sizeof(payload)));
> +		TEST(keyctl(KEYCTL_UPDATE, keyid, payload, sizeof(payload)));
>  		if (TEST_RETURN != 0 && TEST_ERRNO != EACCES) {
>  			tst_res(TBROK | TTERRNO, "failed to update 'user' key");
>  			return;
> @@ -218,8 +213,16 @@ static void do_test(unsigned int i)
>  	}
>  }
>  
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> +	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}
> +
>  static struct tst_test test = {
>  	.tcnt = 3,
> +	.setup = setup,
>  	.test = do_test,
>  	.forks_child = 1,
>  };
> 

[LTP] [PATCH v3 1/2] lapi/keyctl.h: Add fallback definition of keyutil.h

[Guangwen Feng]

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 include/lapi/keyctl.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/include/lapi/keyctl.h b/include/lapi/keyctl.h
index ed3b7bd..e761be8 100644
--- a/include/lapi/keyctl.h
+++ b/include/lapi/keyctl.h
@@ -23,6 +23,55 @@
 # include <linux/keyctl.h>
 #endif /* HAVE_LINUX_KEYCTL_H */
 
+#ifdef HAVE_KEYUTILS_H
+# include <keyutils.h>
+#else
+# include <stdarg.h>
+# include <stdint.h>
+# include "lapi/syscalls.h"
+# ifdef __TEST_H__
+#  define TST_SYSCALL_WRAPPER ltp_syscall
+# else
+#  define TST_SYSCALL_WRAPPER tst_syscall
+# endif /* __TEST_H__ */
+typedef int32_t key_serial_t;
+
+static inline key_serial_t add_key(const char *type,
+				   const char *description,
+				   const void *payload,
+				   size_t plen,
+				   key_serial_t ringid)
+{
+	return TST_SYSCALL_WRAPPER(__NR_add_key,
+		type, description, payload, plen, ringid);
+}
+
+static inline key_serial_t request_key(const char *type,
+				       const char *description,
+				       const char *callout_info,
+				       key_serial_t destringid)
+{
+	return TST_SYSCALL_WRAPPER(__NR_request_key,
+		type, description, callout_info, destringid);
+}
+
+static inline long keyctl(int cmd, ...)
+{
+	va_list va;
+	unsigned long arg2, arg3, arg4, arg5;
+
+	va_start(va, cmd);
+	arg2 = va_arg(va, unsigned long);
+	arg3 = va_arg(va, unsigned long);
+	arg4 = va_arg(va, unsigned long);
+	arg5 = va_arg(va, unsigned long);
+	va_end(va);
+
+	return TST_SYSCALL_WRAPPER(__NR_keyctl,
+		cmd, arg2, arg3, arg4, arg5);
+}
+#endif /* HAVE_KEYUTILS_H */
+
 #ifndef KEYCTL_GET_KEYRING_ID
 # define KEYCTL_GET_KEYRING_ID 0
 #endif
-- 
2.9.4

[LTP] [PATCH v3 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Guangwen Feng]

1.syscalls/keyctl02 and syscalls/keyctl03 make use of lapi/keyctl.h

2.syscalls/keyctl0* use keyutils.h fallback definition in lapi/keyctl.h
  instead of raw syscall, thus we would test the keyutils library if the
  header is present and these tests will not be disabled otherwise.

3.Add syscalls/keyctl02 and commands/keyctl01 to the CVE runtest file as
  cve-2015-7550 and cve-2016-4470 respectively.

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 runtest/cve                                 |  2 ++
 testcases/kernel/syscalls/keyctl/Makefile   |  6 +++---
 testcases/kernel/syscalls/keyctl/keyctl01.c | 20 ++++++++++---------
 testcases/kernel/syscalls/keyctl/keyctl02.c | 16 ++++++---------
 testcases/kernel/syscalls/keyctl/keyctl03.c | 20 +++++++++----------
 testcases/kernel/syscalls/keyctl/keyctl04.c | 22 +++++++++++---------
 testcases/kernel/syscalls/keyctl/keyctl05.c | 31 +++++++++++++++++------------
 7 files changed, 63 insertions(+), 54 deletions(-)

diff --git a/runtest/cve b/runtest/cve
index 468f0b2..5b16e9e 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -5,6 +5,8 @@ cve-2011-2496 vma03
 cve-2012-0957 cve-2012-0957
 cve-2014-0196 cve-2014-0196
 cve-2015-0235 gethostbyname_r01
+cve-2015-7550 keyctl02
+cve-2016-4470 keyctl01.sh
 cve-2016-4997 cve-2016-4997
 cve-2016-5195 dirtyc0w
 cve-2016-7042 cve-2016-7042
diff --git a/testcases/kernel/syscalls/keyctl/Makefile b/testcases/kernel/syscalls/keyctl/Makefile
index bb3d3a4..9ccb357 100644
--- a/testcases/kernel/syscalls/keyctl/Makefile
+++ b/testcases/kernel/syscalls/keyctl/Makefile
@@ -18,9 +18,9 @@
 
 top_srcdir		?= ../../../..
 
-keyctl02: LDLIBS	+=-lpthread $(KEYUTILS_LIBS)
-keyctl03: LDLIBS	+=$(KEYUTILS_LIBS)
-
 include $(top_srcdir)/include/mk/testcases.mk
 
+LDLIBS	+= $(KEYUTILS_LIBS)
+keyctl02: LDLIBS	+= -lpthread
+
 include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
index 30d51bd..345fa8c 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl01.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
@@ -28,31 +28,25 @@
 #include <stdint.h>
 
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 static void do_test(void)
 {
 	key_serial_t key;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-		KEY_SPEC_USER_SESSION_KEYRING));
-
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING));
 	if (TEST_RETURN != -1)
 		tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
 	else
 		tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
 
 	for (key = INT32_MAX; key > INT32_MIN; key--) {
-		TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
+		TEST(keyctl(KEYCTL_READ, key));
 		if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
 			break;
 	}
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
-
+	TEST(keyctl(KEYCTL_REVOKE, key));
 	if (TEST_RETURN != -1) {
 		tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
 		return;
@@ -66,6 +60,14 @@ static void do_test(void)
 	tst_res(TPASS | TTERRNO, "KEYCTL_REVOKE failed as expected");
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
+	.setup = setup,
 	.test_all = do_test,
 };
diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
index b783bf7..f285212 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl02.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
@@ -35,17 +35,13 @@
  *  KEYS: Fix race between read and revoke
  */
 
-#include "config.h"
 #include <errno.h>
 #include <pthread.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
+
 #include "tst_safe_pthread.h"
 #include "tst_test.h"
-
-#ifdef HAVE_KEYUTILS_H
+#include "lapi/keyctl.h"
 
 #define LOOPS	20000
 #define PATH_KEY_COUNT_QUOTA	"/proc/sys/kernel/keys/root_maxkeys"
@@ -103,6 +99,10 @@ static void do_test(void)
 
 static void setup(void)
 {
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+
 	SAFE_FILE_SCANF(PATH_KEY_COUNT_QUOTA, "%d", &orig_maxkeys);
 	SAFE_FILE_PRINTF(PATH_KEY_COUNT_QUOTA, "%d", orig_maxkeys + LOOPS);
 }
@@ -119,7 +119,3 @@ static struct tst_test test = {
 	.cleanup = cleanup,
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
index 41d062e..aa560f0 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl03.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
@@ -28,15 +28,11 @@
  *        an uninstantiated keyring
  */
 
-#include "config.h"
 #include <errno.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
-#include "tst_test.h"
 
-#ifdef HAVE_KEYUTILS_H
+#include "tst_test.h"
+#include "lapi/keyctl.h"
 
 static void do_test(void)
 {
@@ -55,10 +51,14 @@ static void do_test(void)
 		tst_res(TPASS, "Bug not reproduced");
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
+	.setup = setup,
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl04.c b/testcases/kernel/syscalls/keyctl/keyctl04.c
index 3fef1ea..59476fa 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl04.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl04.c
@@ -26,29 +26,25 @@
  * keyring was leaked).
  */
 
+#include <errno.h>
+
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 static void do_test(void)
 {
 	key_serial_t tid_keyring;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-			 KEY_SPEC_THREAD_KEYRING, 1));
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 1));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to create thread keyring");
 	tid_keyring = TEST_RETURN;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_SET_REQKEY_KEYRING,
-			 KEY_REQKEY_DEFL_THREAD_KEYRING));
+	TEST(keyctl(KEYCTL_SET_REQKEY_KEYRING, KEY_REQKEY_DEFL_THREAD_KEYRING));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to set reqkey keyring");
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-			 KEY_SPEC_THREAD_KEYRING, 0));
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 0));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to get thread keyring ID");
 	if (TEST_RETURN == tid_keyring)
@@ -57,6 +53,14 @@ static void do_test(void)
 		tst_res(TFAIL, "thread keyring was leaked!");
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
+	.setup = setup,
 	.test_all = do_test,
 };
diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c
index 922d2b4..70d3ba9 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl05.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl05.c
@@ -37,13 +37,12 @@
  *    laid out the crash may not actually occur.
  */
 
+#include <errno.h>
 #include <stdlib.h>
+
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 #define KEY_POS_WRITE	0x04000000
 #define KEY_POS_ALL	0x3f000000
 
@@ -89,7 +88,7 @@ static const char x509_cert[] =
 
 static void new_session_keyring(void)
 {
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, NULL));
+	TEST(keyctl(KEYCTL_JOIN_SESSION_KEYRING, NULL));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to join new session keyring");
 }
@@ -101,8 +100,7 @@ static void test_update_nonupdatable(const char *type,
 
 	new_session_keyring();
 
-	TEST(tst_syscall(__NR_add_key, type, "desc", payload, plen,
-			 KEY_SPEC_SESSION_KEYRING));
+	TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN < 0) {
 		if (TEST_ERRNO == ENODEV) {
 			tst_res(TCONF, "kernel doesn't support key type '%s'",
@@ -130,7 +128,7 @@ static void test_update_nonupdatable(const char *type,
 	 * Non-updatable keys don't start with write permission, so we must
 	 * explicitly grant it.
 	 */
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, KEY_POS_ALL));
+	TEST(keyctl(KEYCTL_SETPERM, keyid, KEY_POS_ALL));
 	if (TEST_RETURN != 0) {
 		tst_res(TBROK | TTERRNO,
 			"failed to grant write permission to '%s' key", type);
@@ -138,7 +136,7 @@ static void test_update_nonupdatable(const char *type,
 	}
 
 	tst_res(TINFO, "Try to update the '%s' key...", type);
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid, payload, plen));
+	TEST(keyctl(KEYCTL_UPDATE, keyid, payload, plen));
 	if (TEST_RETURN == 0) {
 		tst_res(TBROK,
 			"updating '%s' key unexpectedly succeeded", type);
@@ -165,8 +163,8 @@ static void test_update_setperm_race(void)
 
 	new_session_keyring();
 
-	TEST(tst_syscall(__NR_add_key, "user", "desc", payload, sizeof(payload),
-			 KEY_SPEC_SESSION_KEYRING));
+	TEST(add_key("user", "desc", payload, sizeof(payload),
+		KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN < 0) {
 		tst_res(TBROK | TTERRNO, "failed to add 'user' key");
 		return;
@@ -178,7 +176,7 @@ static void test_update_setperm_race(void)
 
 		for (i = 0; i < 10000; i++) {
 			perm ^= KEY_POS_WRITE;
-			TEST(syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, perm));
+			TEST(keyctl(KEYCTL_SETPERM, keyid, perm));
 			if (TEST_RETURN != 0)
 				tst_brk(TBROK | TTERRNO, "setperm failed");
 		}
@@ -187,8 +185,7 @@ static void test_update_setperm_race(void)
 
 	tst_res(TINFO, "Try to update the 'user' key...");
 	for (i = 0; i < 10000; i++) {
-		TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid,
-				 payload, sizeof(payload)));
+		TEST(keyctl(KEYCTL_UPDATE, keyid, payload, sizeof(payload)));
 		if (TEST_RETURN != 0 && TEST_ERRNO != EACCES) {
 			tst_res(TBROK | TTERRNO, "failed to update 'user' key");
 			return;
@@ -218,8 +215,16 @@ static void do_test(unsigned int i)
 	}
 }
 
+static void setup(void)
+{
+#ifndef HAVE_KEYUTILS_H
+	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
+#endif /* HAVE_KEYUTILS_H */
+}
+
 static struct tst_test test = {
 	.tcnt = 3,
+	.setup = setup,
 	.test = do_test,
 	.forks_child = 1,
 };
-- 
2.9.4

[LTP] [PATCH v3 1/2] lapi/keyctl.h: Add fallback definition of keyutil.h

[Cyril Hrubis]

Hi!
> +#ifdef HAVE_KEYUTILS_H
> +# include <keyutils.h>

We should also make sure we do not include both linux/keyctl.h and
keyutils.h they both define KEY_* and KEYCTL_* constants.

So the <linux/keyctl.h> include should be in the else branch of the
HAVE_KEYUTILS_H.

> +#else
> +# include <stdarg.h>
> +# include <stdint.h>
> +# include "lapi/syscalls.h"
> +# ifdef __TEST_H__
> +#  define TST_SYSCALL_WRAPPER ltp_syscall
> +# else
> +#  define TST_SYSCALL_WRAPPER tst_syscall
> +# endif /* __TEST_H__ */

What do we need these ifdefs for?

I've checked all the keyctl tests and they are all converted to new
library and so we can call tst_syscall() directly.

> +typedef int32_t key_serial_t;
> +
> +static inline key_serial_t add_key(const char *type,
> +				   const char *description,
> +				   const void *payload,
> +				   size_t plen,
> +				   key_serial_t ringid)
> +{
> +	return TST_SYSCALL_WRAPPER(__NR_add_key,
> +		type, description, payload, plen, ringid);
> +}
> +
> +static inline key_serial_t request_key(const char *type,
> +				       const char *description,
> +				       const char *callout_info,
> +				       key_serial_t destringid)
> +{
> +	return TST_SYSCALL_WRAPPER(__NR_request_key,
> +		type, description, callout_info, destringid);
> +}
> +
> +static inline long keyctl(int cmd, ...)
> +{
> +	va_list va;
> +	unsigned long arg2, arg3, arg4, arg5;
> +
> +	va_start(va, cmd);
> +	arg2 = va_arg(va, unsigned long);
> +	arg3 = va_arg(va, unsigned long);
> +	arg4 = va_arg(va, unsigned long);
> +	arg5 = va_arg(va, unsigned long);
> +	va_end(va);
> +
> +	return TST_SYSCALL_WRAPPER(__NR_keyctl,
> +		cmd, arg2, arg3, arg4, arg5);
> +}
> +#endif /* HAVE_KEYUTILS_H */
> +
>  #ifndef KEYCTL_GET_KEYRING_ID
>  # define KEYCTL_GET_KEYRING_ID 0
>  #endif
> -- 
> 2.9.4
> 
> 
> 

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH v3 2/2] syscalls/keyctl: Make use of lapi/keyctl.h && Add existing test to runtest/cve

[Cyril Hrubis]

Hi!
> 1.syscalls/keyctl02 and syscalls/keyctl03 make use of lapi/keyctl.h
> 
> 2.syscalls/keyctl0* use keyutils.h fallback definition in lapi/keyctl.h
>   instead of raw syscall, thus we would test the keyutils library if the
>   header is present and these tests will not be disabled otherwise.
> 
> 3.Add syscalls/keyctl02 and commands/keyctl01 to the CVE runtest file as
>   cve-2015-7550 and cve-2016-4470 respectively.

It would be a bit cleaner if the part 3. was send in a separate part.

>  static void do_test(void)
>  {
>  	key_serial_t key;
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
> -		KEY_SPEC_USER_SESSION_KEYRING));
> -
> +	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING));
>  	if (TEST_RETURN != -1)
>  		tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
>  	else
>  		tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
>  
>  	for (key = INT32_MAX; key > INT32_MIN; key--) {
> -		TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
> +		TEST(keyctl(KEYCTL_READ, key));
>  		if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
>  			break;
>  	}
>  
> -	TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
> -
> +	TEST(keyctl(KEYCTL_REVOKE, key));
>  	if (TEST_RETURN != -1) {
>  		tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
>  		return;
> @@ -66,6 +60,14 @@ static void do_test(void)
>  	tst_res(TPASS | TTERRNO, "KEYCTL_REVOKE failed as expected");
>  }
>  
> +static void setup(void)
> +{
> +#ifndef HAVE_KEYUTILS_H
> +	tst_res(TINFO, "keyutils.h does not exist, using fallback definition");
> +#endif /* HAVE_KEYUTILS_H */
> +}

And I do not think that this message is necessary and if it is we should
probably print it from the lapi call rather than adding it into each of
the testcases.


Otherwise it looks fine.

-- 
Cyril Hrubis
chrubis@suse.cz

[LTP] [PATCH v4 1/3] lapi/keyctl.h: Add fallback definition of keyutil.h

[Guangwen Feng]

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 include/lapi/keyctl.h | 48 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 45 insertions(+), 3 deletions(-)

diff --git a/include/lapi/keyctl.h b/include/lapi/keyctl.h
index ed3b7bd..3e7ce47 100644
--- a/include/lapi/keyctl.h
+++ b/include/lapi/keyctl.h
@@ -19,9 +19,51 @@
 #define KEYCTL_H__
 
 #include "config.h"
-#ifdef HAVE_LINUX_KEYCTL_H
-# include <linux/keyctl.h>
-#endif /* HAVE_LINUX_KEYCTL_H */
+#ifdef HAVE_KEYUTILS_H
+# include <keyutils.h>
+#else
+# ifdef HAVE_LINUX_KEYCTL_H
+#  include <linux/keyctl.h>
+# endif /* HAVE_LINUX_KEYCTL_H */
+# include <stdarg.h>
+# include <stdint.h>
+# include "lapi/syscalls.h"
+typedef int32_t key_serial_t;
+
+static inline key_serial_t add_key(const char *type,
+				   const char *description,
+				   const void *payload,
+				   size_t plen,
+				   key_serial_t ringid)
+{
+	return tst_syscall(__NR_add_key,
+		type, description, payload, plen, ringid);
+}
+
+static inline key_serial_t request_key(const char *type,
+				       const char *description,
+				       const char *callout_info,
+				       key_serial_t destringid)
+{
+	return tst_syscall(__NR_request_key,
+		type, description, callout_info, destringid);
+}
+
+static inline long keyctl(int cmd, ...)
+{
+	va_list va;
+	unsigned long arg2, arg3, arg4, arg5;
+
+	va_start(va, cmd);
+	arg2 = va_arg(va, unsigned long);
+	arg3 = va_arg(va, unsigned long);
+	arg4 = va_arg(va, unsigned long);
+	arg5 = va_arg(va, unsigned long);
+	va_end(va);
+
+	return tst_syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
+}
+#endif /* HAVE_KEYUTILS_H */
 
 #ifndef KEYCTL_GET_KEYRING_ID
 # define KEYCTL_GET_KEYRING_ID 0
-- 
2.9.4

[LTP] [PATCH v4 2/3] syscalls/keyctl: Make use of lapi/keyctl.h

[Guangwen Feng]

1.syscalls/keyctl02 and syscalls/keyctl03 make use of lapi/keyctl.h

2.syscalls/keyctl0* use keyutils.h fallback definition in lapi/keyctl.h
  instead of raw syscall, thus we would test the keyutils library if the
  header is present and these tests will not be disabled otherwise.

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 testcases/kernel/syscalls/keyctl/Makefile   |  6 +++---
 testcases/kernel/syscalls/keyctl/keyctl01.c | 12 +++---------
 testcases/kernel/syscalls/keyctl/keyctl02.c | 12 ++----------
 testcases/kernel/syscalls/keyctl/keyctl03.c | 12 ++----------
 testcases/kernel/syscalls/keyctl/keyctl04.c | 14 +++++---------
 testcases/kernel/syscalls/keyctl/keyctl05.c | 23 ++++++++++-------------
 6 files changed, 25 insertions(+), 54 deletions(-)

diff --git a/testcases/kernel/syscalls/keyctl/Makefile b/testcases/kernel/syscalls/keyctl/Makefile
index bb3d3a4..9ccb357 100644
--- a/testcases/kernel/syscalls/keyctl/Makefile
+++ b/testcases/kernel/syscalls/keyctl/Makefile
@@ -18,9 +18,9 @@
 
 top_srcdir		?= ../../../..
 
-keyctl02: LDLIBS	+=-lpthread $(KEYUTILS_LIBS)
-keyctl03: LDLIBS	+=$(KEYUTILS_LIBS)
-
 include $(top_srcdir)/include/mk/testcases.mk
 
+LDLIBS	+= $(KEYUTILS_LIBS)
+keyctl02: LDLIBS	+= -lpthread
+
 include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/syscalls/keyctl/keyctl01.c b/testcases/kernel/syscalls/keyctl/keyctl01.c
index 30d51bd..5719d55 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl01.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl01.c
@@ -28,31 +28,25 @@
 #include <stdint.h>
 
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 static void do_test(void)
 {
 	key_serial_t key;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-		KEY_SPEC_USER_SESSION_KEYRING));
-
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING));
 	if (TEST_RETURN != -1)
 		tst_res(TPASS, "KEYCTL_GET_KEYRING_ID succeeded");
 	else
 		tst_res(TFAIL | TTERRNO, "KEYCTL_GET_KEYRING_ID failed");
 
 	for (key = INT32_MAX; key > INT32_MIN; key--) {
-		TEST(tst_syscall(__NR_keyctl, KEYCTL_READ, key));
+		TEST(keyctl(KEYCTL_READ, key));
 		if (TEST_RETURN == -1 && TEST_ERRNO == ENOKEY)
 			break;
 	}
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_REVOKE, key));
-
+	TEST(keyctl(KEYCTL_REVOKE, key));
 	if (TEST_RETURN != -1) {
 		tst_res(TFAIL, "KEYCTL_REVOKE succeeded unexpectedly");
 		return;
diff --git a/testcases/kernel/syscalls/keyctl/keyctl02.c b/testcases/kernel/syscalls/keyctl/keyctl02.c
index b783bf7..515da96 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl02.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl02.c
@@ -35,17 +35,13 @@
  *  KEYS: Fix race between read and revoke
  */
 
-#include "config.h"
 #include <errno.h>
 #include <pthread.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
+
 #include "tst_safe_pthread.h"
 #include "tst_test.h"
-
-#ifdef HAVE_KEYUTILS_H
+#include "lapi/keyctl.h"
 
 #define LOOPS	20000
 #define PATH_KEY_COUNT_QUOTA	"/proc/sys/kernel/keys/root_maxkeys"
@@ -119,7 +115,3 @@ static struct tst_test test = {
 	.cleanup = cleanup,
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl03.c b/testcases/kernel/syscalls/keyctl/keyctl03.c
index 41d062e..5c066f7 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl03.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl03.c
@@ -28,15 +28,11 @@
  *        an uninstantiated keyring
  */
 
-#include "config.h"
 #include <errno.h>
 #include <sys/types.h>
-#ifdef HAVE_KEYUTILS_H
-# include <keyutils.h>
-#endif
-#include "tst_test.h"
 
-#ifdef HAVE_KEYUTILS_H
+#include "tst_test.h"
+#include "lapi/keyctl.h"
 
 static void do_test(void)
 {
@@ -58,7 +54,3 @@ static void do_test(void)
 static struct tst_test test = {
 	.test_all = do_test,
 };
-
-#else
-	TST_TEST_TCONF("keyutils.h does not exist");
-#endif /* HAVE_KEYUTILS_H */
diff --git a/testcases/kernel/syscalls/keyctl/keyctl04.c b/testcases/kernel/syscalls/keyctl/keyctl04.c
index 3fef1ea..be9ceeb 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl04.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl04.c
@@ -26,29 +26,25 @@
  * keyring was leaked).
  */
 
+#include <errno.h>
+
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 static void do_test(void)
 {
 	key_serial_t tid_keyring;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-			 KEY_SPEC_THREAD_KEYRING, 1));
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 1));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to create thread keyring");
 	tid_keyring = TEST_RETURN;
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_SET_REQKEY_KEYRING,
-			 KEY_REQKEY_DEFL_THREAD_KEYRING));
+	TEST(keyctl(KEYCTL_SET_REQKEY_KEYRING, KEY_REQKEY_DEFL_THREAD_KEYRING));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to set reqkey keyring");
 
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID,
-			 KEY_SPEC_THREAD_KEYRING, 0));
+	TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 0));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to get thread keyring ID");
 	if (TEST_RETURN == tid_keyring)
diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c
index 922d2b4..9ba6120 100644
--- a/testcases/kernel/syscalls/keyctl/keyctl05.c
+++ b/testcases/kernel/syscalls/keyctl/keyctl05.c
@@ -37,13 +37,12 @@
  *    laid out the crash may not actually occur.
  */
 
+#include <errno.h>
 #include <stdlib.h>
+
 #include "tst_test.h"
-#include "lapi/syscalls.h"
 #include "lapi/keyctl.h"
 
-typedef int32_t key_serial_t;
-
 #define KEY_POS_WRITE	0x04000000
 #define KEY_POS_ALL	0x3f000000
 
@@ -89,7 +88,7 @@ static const char x509_cert[] =
 
 static void new_session_keyring(void)
 {
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, NULL));
+	TEST(keyctl(KEYCTL_JOIN_SESSION_KEYRING, NULL));
 	if (TEST_RETURN < 0)
 		tst_brk(TBROK | TTERRNO, "failed to join new session keyring");
 }
@@ -101,8 +100,7 @@ static void test_update_nonupdatable(const char *type,
 
 	new_session_keyring();
 
-	TEST(tst_syscall(__NR_add_key, type, "desc", payload, plen,
-			 KEY_SPEC_SESSION_KEYRING));
+	TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN < 0) {
 		if (TEST_ERRNO == ENODEV) {
 			tst_res(TCONF, "kernel doesn't support key type '%s'",
@@ -130,7 +128,7 @@ static void test_update_nonupdatable(const char *type,
 	 * Non-updatable keys don't start with write permission, so we must
 	 * explicitly grant it.
 	 */
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, KEY_POS_ALL));
+	TEST(keyctl(KEYCTL_SETPERM, keyid, KEY_POS_ALL));
 	if (TEST_RETURN != 0) {
 		tst_res(TBROK | TTERRNO,
 			"failed to grant write permission to '%s' key", type);
@@ -138,7 +136,7 @@ static void test_update_nonupdatable(const char *type,
 	}
 
 	tst_res(TINFO, "Try to update the '%s' key...", type);
-	TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid, payload, plen));
+	TEST(keyctl(KEYCTL_UPDATE, keyid, payload, plen));
 	if (TEST_RETURN == 0) {
 		tst_res(TBROK,
 			"updating '%s' key unexpectedly succeeded", type);
@@ -165,8 +163,8 @@ static void test_update_setperm_race(void)
 
 	new_session_keyring();
 
-	TEST(tst_syscall(__NR_add_key, "user", "desc", payload, sizeof(payload),
-			 KEY_SPEC_SESSION_KEYRING));
+	TEST(add_key("user", "desc", payload, sizeof(payload),
+		KEY_SPEC_SESSION_KEYRING));
 	if (TEST_RETURN < 0) {
 		tst_res(TBROK | TTERRNO, "failed to add 'user' key");
 		return;
@@ -178,7 +176,7 @@ static void test_update_setperm_race(void)
 
 		for (i = 0; i < 10000; i++) {
 			perm ^= KEY_POS_WRITE;
-			TEST(syscall(__NR_keyctl, KEYCTL_SETPERM, keyid, perm));
+			TEST(keyctl(KEYCTL_SETPERM, keyid, perm));
 			if (TEST_RETURN != 0)
 				tst_brk(TBROK | TTERRNO, "setperm failed");
 		}
@@ -187,8 +185,7 @@ static void test_update_setperm_race(void)
 
 	tst_res(TINFO, "Try to update the 'user' key...");
 	for (i = 0; i < 10000; i++) {
-		TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid,
-				 payload, sizeof(payload)));
+		TEST(keyctl(KEYCTL_UPDATE, keyid, payload, sizeof(payload)));
 		if (TEST_RETURN != 0 && TEST_ERRNO != EACCES) {
 			tst_res(TBROK | TTERRNO, "failed to update 'user' key");
 			return;
-- 
2.9.4

[LTP] [PATCH v4 3/3] CVE: Add some existing tests to runtest/cve

[Guangwen Feng]

Add syscalls/keyctl02 and commands/keyctl01 to the CVE runtest file as
cve-2015-7550 and cve-2016-4470 respectively.

Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
 runtest/cve | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/runtest/cve b/runtest/cve
index 468f0b2..5b16e9e 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -5,6 +5,8 @@ cve-2011-2496 vma03
 cve-2012-0957 cve-2012-0957
 cve-2014-0196 cve-2014-0196
 cve-2015-0235 gethostbyname_r01
+cve-2015-7550 keyctl02
+cve-2016-4470 keyctl01.sh
 cve-2016-4997 cve-2016-4997
 cve-2016-5195 dirtyc0w
 cve-2016-7042 cve-2016-7042
-- 
2.9.4

[LTP] [PATCH v4 1/3] lapi/keyctl.h: Add fallback definition of keyutil.h

[Cyril Hrubis]

Hi!
Patchset pushed, thanks.

-- 
Cyril Hrubis
chrubis@suse.cz