bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd
@ 2021-01-28 16:17 Seth Forshee
  2021-02-09  0:13 ` Shuah Khan
  2021-02-10  0:33 ` Kees Cook
  0 siblings, 2 replies; 4+ messages in thread
From: Seth Forshee @ 2021-01-28 16:17 UTC (permalink / raw)
  To: Kees Cook; +Cc: Andy Lutomirski, Will Drewry, Shuah Khan, bpf, linux-kselftest

This test expects fds to have specific values, which works fine
when the test is run standalone. However, the kselftest runner
consumes a couple of extra fds for redirection when running
tests, so the test fails when run via kselftest.

Change the test to pass on any valid fd number.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 26c72f2b61b1..9338df6f4ca8 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -4019,18 +4019,14 @@ TEST(user_notification_addfd)
 
 	/* Verify we can set an arbitrary remote fd */
 	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);
-	/*
-	 * The child has fds 0(stdin), 1(stdout), 2(stderr), 3(memfd),
-	 * 4(listener), so the newly allocated fd should be 5.
-	 */
-	EXPECT_EQ(fd, 5);
+	EXPECT_GE(fd, 0);
 	EXPECT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
 
 	/* Verify we can set an arbitrary remote fd with large size */
 	memset(&big, 0x0, sizeof(big));
 	big.addfd = addfd;
 	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD_BIG, &big);
-	EXPECT_EQ(fd, 6);
+	EXPECT_GE(fd, 0);
 
 	/* Verify we can set a specific remote fd */
 	addfd.newfd = 42;
-- 
2.29.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd
  2021-01-28 16:17 [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd Seth Forshee
@ 2021-02-09  0:13 ` Shuah Khan
  2021-02-10  0:33 ` Kees Cook
  1 sibling, 0 replies; 4+ messages in thread
From: Shuah Khan @ 2021-02-09  0:13 UTC (permalink / raw)
  To: Seth Forshee, Kees Cook
  Cc: Andy Lutomirski, Will Drewry, Shuah Khan, bpf, linux-kselftest,
	Shuah Khan

On 1/28/21 9:17 AM, Seth Forshee wrote:
> This test expects fds to have specific values, which works fine
> when the test is run standalone. However, the kselftest runner
> consumes a couple of extra fds for redirection when running
> tests, so the test fails when run via kselftest.
> 
> Change the test to pass on any valid fd number.
> 
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> ---
>   tools/testing/selftests/seccomp/seccomp_bpf.c | 8 ++------
>   1 file changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
> index 26c72f2b61b1..9338df6f4ca8 100644
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -4019,18 +4019,14 @@ TEST(user_notification_addfd)
>   
>   	/* Verify we can set an arbitrary remote fd */
>   	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);
> -	/*
> -	 * The child has fds 0(stdin), 1(stdout), 2(stderr), 3(memfd),
> -	 * 4(listener), so the newly allocated fd should be 5.
> -	 */
> -	EXPECT_EQ(fd, 5);
> +	EXPECT_GE(fd, 0);
>   	EXPECT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
>   
>   	/* Verify we can set an arbitrary remote fd with large size */
>   	memset(&big, 0x0, sizeof(big));
>   	big.addfd = addfd;
>   	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD_BIG, &big);
> -	EXPECT_EQ(fd, 6);
> +	EXPECT_GE(fd, 0);
>   
>   	/* Verify we can set a specific remote fd */
>   	addfd.newfd = 42;
> 

Here is my Ack if Kees wants to take it through seccomp.

Acked-by: Shuah Khan <skhan@linuxfoundation.org>

thanks,
-- Shuah


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd
  2021-01-28 16:17 [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd Seth Forshee
  2021-02-09  0:13 ` Shuah Khan
@ 2021-02-10  0:33 ` Kees Cook
  2021-02-10  0:35   ` Shuah Khan
  1 sibling, 1 reply; 4+ messages in thread
From: Kees Cook @ 2021-02-10  0:33 UTC (permalink / raw)
  To: Seth Forshee
  Cc: Andy Lutomirski, Will Drewry, Shuah Khan, bpf, linux-kselftest

On Thu, Jan 28, 2021 at 10:17:21AM -0600, Seth Forshee wrote:
> This test expects fds to have specific values, which works fine
> when the test is run standalone. However, the kselftest runner
> consumes a couple of extra fds for redirection when running
> tests, so the test fails when run via kselftest.
> 
> Change the test to pass on any valid fd number.
> 
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Thanks!

Acked-by: Kees Cook <keescook@chromium.org>

I'll snag this if Shuah doesn't first. :)

-Kees

> ---
>  tools/testing/selftests/seccomp/seccomp_bpf.c | 8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
> index 26c72f2b61b1..9338df6f4ca8 100644
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -4019,18 +4019,14 @@ TEST(user_notification_addfd)
>  
>  	/* Verify we can set an arbitrary remote fd */
>  	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd);
> -	/*
> -	 * The child has fds 0(stdin), 1(stdout), 2(stderr), 3(memfd),
> -	 * 4(listener), so the newly allocated fd should be 5.
> -	 */
> -	EXPECT_EQ(fd, 5);
> +	EXPECT_GE(fd, 0);
>  	EXPECT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
>  
>  	/* Verify we can set an arbitrary remote fd with large size */
>  	memset(&big, 0x0, sizeof(big));
>  	big.addfd = addfd;
>  	fd = ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD_BIG, &big);
> -	EXPECT_EQ(fd, 6);
> +	EXPECT_GE(fd, 0);
>  
>  	/* Verify we can set a specific remote fd */
>  	addfd.newfd = 42;
> -- 
> 2.29.2
> 

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd
  2021-02-10  0:33 ` Kees Cook
@ 2021-02-10  0:35   ` Shuah Khan
  0 siblings, 0 replies; 4+ messages in thread
From: Shuah Khan @ 2021-02-10  0:35 UTC (permalink / raw)
  To: Kees Cook, Seth Forshee
  Cc: Andy Lutomirski, Will Drewry, Shuah Khan, bpf, linux-kselftest,
	Shuah Khan

On 2/9/21 5:33 PM, Kees Cook wrote:
> On Thu, Jan 28, 2021 at 10:17:21AM -0600, Seth Forshee wrote:
>> This test expects fds to have specific values, which works fine
>> when the test is run standalone. However, the kselftest runner
>> consumes a couple of extra fds for redirection when running
>> tests, so the test fails when run via kselftest.
>>
>> Change the test to pass on any valid fd number.
>>
>> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> 
> Thanks!
> 
> Acked-by: Kees Cook <keescook@chromium.org>
> 
> I'll snag this if Shuah doesn't first. :)
> 

I will apply this. I have several queued for 5.12-rc1 anyway.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-10  0:38 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-28 16:17 [PATCH] selftests/seccomp: Accept any valid fd in user_notification_addfd Seth Forshee
2021-02-09  0:13 ` Shuah Khan
2021-02-10  0:33 ` Kees Cook
2021-02-10  0:35   ` Shuah Khan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).