From: "Günther Noack" <gnoack@google.com>
To: linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@digikod.net>
Cc: "Jeff Xu" <jeffxu@google.com>, "Arnd Bergmann" <arnd@arndb.de>,
"Jorge Lucangeli Obes" <jorgelo@chromium.org>,
"Allen Webb" <allenwebb@google.com>,
"Dmitry Torokhov" <dtor@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Matt Bobrowski" <repnop@google.com>,
linux-fsdevel@vger.kernel.org,
"Günther Noack" <gnoack@google.com>
Subject: [PATCH v14 08/12] selftests/landlock: Exhaustive test for the IOCTL allow-list
Date: Fri, 5 Apr 2024 21:40:36 +0000 [thread overview]
Message-ID: <20240405214040.101396-9-gnoack@google.com> (raw)
In-Reply-To: <20240405214040.101396-1-gnoack@google.com>
This test checks all IOCTL commands implemented in do_vfs_ioctl().
Suggested-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Günther Noack <gnoack@google.com>
---
tools/testing/selftests/landlock/fs_test.c | 95 ++++++++++++++++++++++
1 file changed, 95 insertions(+)
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index 10b29a288e9c..e4ba149cf6fd 100644
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -10,6 +10,7 @@
#define _GNU_SOURCE
#include <asm/termbits.h>
#include <fcntl.h>
+#include <linux/fiemap.h>
#include <linux/landlock.h>
#include <linux/magic.h>
#include <sched.h>
@@ -3937,6 +3938,100 @@ TEST_F_FORK(layout1, o_path_ftruncate_and_ioctl)
ASSERT_EQ(0, close(fd));
}
+/*
+ * ioctl_error - generically call the given ioctl with a pointer to a
+ * sufficiently large memory region
+ *
+ * Returns the IOCTLs error, or 0.
+ */
+static int ioctl_error(int fd, unsigned int cmd)
+{
+ char buf[1024]; /* sufficiently large */
+ int res = ioctl(fd, cmd, &buf);
+
+ if (res < 0)
+ return errno;
+
+ return 0;
+}
+
+/* Define some linux/falloc.h IOCTL commands which are not available in uapi headers. */
+struct space_resv {
+ __s16 l_type;
+ __s16 l_whence;
+ __s64 l_start;
+ __s64 l_len; /* len == 0 means until end of file */
+ __s32 l_sysid;
+ __u32 l_pid;
+ __s32 l_pad[4]; /* reserved area */
+};
+
+#define FS_IOC_RESVSP _IOW('X', 40, struct space_resv)
+#define FS_IOC_UNRESVSP _IOW('X', 41, struct space_resv)
+#define FS_IOC_RESVSP64 _IOW('X', 42, struct space_resv)
+#define FS_IOC_UNRESVSP64 _IOW('X', 43, struct space_resv)
+#define FS_IOC_ZERO_RANGE _IOW('X', 57, struct space_resv)
+
+/*
+ * Tests a series of blanket-permitted and denied IOCTLs.
+ */
+TEST_F_FORK(layout1, blanket_permitted_ioctls)
+{
+ const struct landlock_ruleset_attr attr = {
+ .handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL_DEV,
+ };
+ int ruleset_fd, fd;
+
+ /* Enables Landlock. */
+ ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
+ ASSERT_LE(0, ruleset_fd);
+ enforce_ruleset(_metadata, ruleset_fd);
+ ASSERT_EQ(0, close(ruleset_fd));
+
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
+ ASSERT_LE(0, fd);
+
+ /*
+ * Checks permitted commands.
+ * These ones may return errors, but should not be blocked by Landlock.
+ */
+ EXPECT_NE(EACCES, ioctl_error(fd, FIOCLEX));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIONCLEX));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIONBIO));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIOASYNC));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIOQSIZE));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIFREEZE));
+ EXPECT_NE(EACCES, ioctl_error(fd, FITHAW));
+ EXPECT_NE(EACCES, ioctl_error(fd, FS_IOC_FIEMAP));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIGETBSZ));
+ EXPECT_NE(EACCES, ioctl_error(fd, FICLONE));
+ EXPECT_NE(EACCES, ioctl_error(fd, FICLONERANGE));
+ EXPECT_NE(EACCES, ioctl_error(fd, FIDEDUPERANGE));
+ EXPECT_NE(EACCES, ioctl_error(fd, FS_IOC_GETFSUUID));
+ EXPECT_NE(EACCES, ioctl_error(fd, FS_IOC_GETFSSYSFSPATH));
+
+ /*
+ * Checks blocked commands.
+ * A call to a blocked IOCTL command always returns EACCES.
+ */
+ EXPECT_EQ(EACCES, ioctl_error(fd, FIONREAD));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_GETFLAGS));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_SETFLAGS));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_FSGETXATTR));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_FSSETXATTR));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FIBMAP));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_RESVSP));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_RESVSP64));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_UNRESVSP));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_UNRESVSP64));
+ EXPECT_EQ(EACCES, ioctl_error(fd, FS_IOC_ZERO_RANGE));
+
+ /* Default case is also blocked. */
+ EXPECT_EQ(EACCES, ioctl_error(fd, 0xc00ffeee));
+
+ ASSERT_EQ(0, close(fd));
+}
+
/*
* Named pipes are not governed by the LANDLOCK_ACCESS_FS_IOCTL_DEV right,
* because they are not character or block devices.
--
2.44.0.478.gd926399ef9-goog
next prev parent reply other threads:[~2024-04-05 21:41 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-05 21:40 [PATCH v14 00/12] Landlock: IOCTL support Günther Noack
2024-04-05 21:40 ` [PATCH v14 01/12] fs: Return ENOTTY directly if FS_IOC_GETUUID or FS_IOC_GETFSSYSFSPATH fail Günther Noack
2024-04-05 21:54 ` Kent Overstreet
2024-04-09 10:08 ` (subset) " Christian Brauner
2024-04-09 12:11 ` Mickaël Salaün
2024-04-12 15:17 ` Mickaël Salaün
2024-04-05 21:40 ` [PATCH v14 02/12] landlock: Add IOCTL access right for character and block devices Günther Noack
2024-04-12 15:16 ` Mickaël Salaün
2024-04-18 9:28 ` Günther Noack
2024-04-19 5:43 ` Mickaël Salaün
2024-04-05 21:40 ` [PATCH v14 03/12] selftests/landlock: Test IOCTL support Günther Noack
2024-04-12 15:17 ` Mickaël Salaün
2024-04-18 11:10 ` Günther Noack
2024-04-19 5:44 ` Mickaël Salaün
2024-04-19 14:06 ` Günther Noack
2024-04-05 21:40 ` [PATCH v14 04/12] selftests/landlock: Test IOCTL with memfds Günther Noack
2024-04-05 21:40 ` [PATCH v14 05/12] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH) Günther Noack
2024-04-05 21:40 ` [PATCH v14 06/12] selftests/landlock: Test IOCTLs on named pipes Günther Noack
2024-04-05 21:40 ` [PATCH v14 07/12] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets Günther Noack
2024-04-12 15:17 ` Mickaël Salaün
2024-04-18 11:24 ` Günther Noack
2024-04-05 21:40 ` Günther Noack [this message]
2024-04-12 15:18 ` [PATCH v14 08/12] selftests/landlock: Exhaustive test for the IOCTL allow-list Mickaël Salaün
2024-04-18 12:21 ` Günther Noack
2024-04-19 5:44 ` Mickaël Salaün
2024-04-19 14:49 ` Günther Noack
2024-04-05 21:40 ` [PATCH v14 09/12] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL_DEV Günther Noack
2024-04-05 21:40 ` [PATCH v14 10/12] landlock: Document IOCTL support Günther Noack
2024-04-05 21:40 ` [PATCH v14 11/12] MAINTAINERS: Notify Landlock maintainers about changes to fs/ioctl.c Günther Noack
2024-04-05 21:40 ` [PATCH v14 12/12] fs/ioctl: Add a comment to keep the logic in sync with LSM policies Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240405214040.101396-9-gnoack@google.com \
--to=gnoack@google.com \
--cc=allenwebb@google.com \
--cc=arnd@arndb.de \
--cc=dtor@google.com \
--cc=jeffxu@google.com \
--cc=jorgelo@chromium.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=repnop@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.