From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAF95C433EF for ; Thu, 24 Feb 2022 09:55:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232829AbiBXJzo (ORCPT ); Thu, 24 Feb 2022 04:55:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232082AbiBXJzm (ORCPT ); Thu, 24 Feb 2022 04:55:42 -0500 Received: from smtp-8faa.mail.infomaniak.ch (smtp-8faa.mail.infomaniak.ch [IPv6:2001:1600:4:17::8faa]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D29EB285715 for ; Thu, 24 Feb 2022 01:55:11 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K47Yn3hh5zMpylM; Thu, 24 Feb 2022 10:55:09 +0100 (CET) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K47Yn0VmvzlhMCG; Thu, 24 Feb 2022 10:55:08 +0100 (CET) Message-ID: Date: Thu, 24 Feb 2022 10:55:09 +0100 MIME-Version: 1.0 User-Agent: Content-Language: en-US To: Konstantin Meskhidze Cc: linux-security-module@vger.kernel.org, netdev@vger.kernel.org, netfilter@vger.kernel.org, yusongping@huawei.com, artem.kuzin@huawei.com References: <20220124080215.265538-1-konstantin.meskhidze@huawei.com> <20220124080215.265538-3-konstantin.meskhidze@huawei.com> <4d54e3a9-8a26-d393-3c81-b01389f76f09@digikod.net> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Subject: Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 24/02/2022 04:18, Konstantin Meskhidze wrote: > > > 2/1/2022 9:31 PM, Mickaël Salaün пишет: >> >> On 24/01/2022 09:02, Konstantin Meskhidze wrote: >>> Support 4 tests for bind and connect networks actions: >> >> Good to see such tests! >> >> >>> 1. bind() a socket with no landlock restrictions. >>> 2. bind() sockets with landllock restrictions. >> >> You can leverage the FIXTURE_VARIANT helpers to factor out this kind >> of tests (see ptrace_test.c). >> >> >>> 3. connect() a socket to listening one with no landlock restricitons. >>> 4. connect() sockets with landlock restrictions. >> >> Same here, you can factor out code. I guess you could create helpers >> for client and server parts. >> >> We also need to test with IPv4, IPv6 and the AF_UNSPEC tricks. >> >> Please provide the kernel test coverage and explain why the uncovered >> code cannot be covered: >> https://www.kernel.org/doc/html/latest/dev-tools/gcov.html > >  Hi Mickaёl! >  Could you please provide the example of your test coverage build >  process? Cause as I undersatand there is no need to get coverage data >  for the entire kernel, just for landlock files. You just need to follow the documentation: - start the VM with the kernel appropriately configured for coverage; - run all the Landlock tests; - gather the coverage and shutdown the VM; - use lcov and genhtml to create the web pages; - look at the coverage for security/landlock/ >> >> You'll probably see that there are a multiple parts of the kernel that >> are not covered. For instance, it is important to test different >> combinations of layered network rules (see layout1/ruleset_overlap, >> layer_rule_unions, non_overlapping_accesses, >> interleaved_masked_accesses… in fs_test.c). Tests in fs_test.c are >> more complex because handling file system rules is more complex, but >> you can get some inspiration in it, especially the edge cases. >> >> We also need to test invalid user space supplied data (see >> layout1/inval test in fs_test.c).