From patchwork Wed Aug  9 17:04:34 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andre Przywara <andre.przywara@arm.com>
X-Patchwork-Id: 133417
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2994761vqr;
        Wed, 9 Aug 2023 11:29:39 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEMOwZ+e1oeMqyTdpTV+rv35paHc9Kg9wft3jvAK79gzB3zZxreWp7nsCDDvxM5473vw1Ci
X-Received: by 2002:adf:f009:0:b0:317:51ff:c24c with SMTP id
 j9-20020adff009000000b0031751ffc24cmr153355wro.14.1691605779253;
        Wed, 09 Aug 2023 11:29:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691605779; cv=none;
        d=google.com; s=arc-20160816;
        b=sFoQ4zd8QLNMzl2SD9nXp8fnEPSzPozFwTvV69/xNWxtK9PQP4ndvk3+9kFTia0k/F
         pzl1ywTQVZ9c2qOjC0FScFRIMKrCKeMnGKJ4TRC4/vHTdmtPa6t/lUuhYhxH0y6aKey4
         hEPHRIeo/82Kwv1dxJfYyeBGgVC5mMyLx9OJ9+C7kZz9hlhlOruNCm1BaIdV/YPp5nXd
         UbTtn+DAPCS0ETENH4gw8n2PBoe8sFzmyRsjFA0r3QL9ulyEPYwYldxExfkxpnezZQta
         dHUH93i9oY6Sti03+KemdbSJgF78FaKUOEAUfcRfQyQP3ExJqus7wQoKX2n3+EL/+3G2
         Chxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=hnmANJdRCsM71bgRy6P8+oUuaWA/o9muj8vPzSTetCw=;
        fh=nE/UqZX6qzpWLzz9CgtzS7bs+n+xzJ8NCqsu+2HYlgM=;
        b=T97yk1Kh536zqhVHYZpYX7cqQcWPHzkzEgSVmNehTMuYuaUAYOISRxYD1s3LA/4wCp
         +JLYZwBHW8rOL4oRZNyN9xJ7spDlRLNbZld/cX113mX2HnYNpov8IxZuIKd5NuT1czpN
         fSo+arUCb4ev8tftnXGUcOuoiPcWVK3u0zT7KJKr6gkOtgau9H0PYuXMbxeefwe1amVQ
         ahXH6ru0GvE5i2eiX9oipI30jwkuNVdg/2cmbCFE+SZ+VYzCr4zJUjiBtdvHPRbmVtOC
         T+38mr/tIzuCPHLOkyYRZFc4HV0cPovEZudc6x2/U+hdoUhr8SAlo5a3DTv4cFQ43Qq7
         hVeg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 m12-20020a170906580c00b00991f3517cbdsi8702121ejq.1.2023.08.09.11.29.15;
        Wed, 09 Aug 2023 11:29:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232686AbjHIREs (ORCPT <rfc822;craechal@gmail.com> + 99 others);
        Wed, 9 Aug 2023 13:04:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46234 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232424AbjHIREn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Aug 2023 13:04:43 -0400
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 316DC2100;
        Wed,  9 Aug 2023 10:04:43 -0700 (PDT)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 42BE811FB;
        Wed,  9 Aug 2023 10:05:25 -0700 (PDT)
Received: from donnerap.arm.com (donnerap.manchester.arm.com [10.32.100.58])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 144543F59C;
        Wed,  9 Aug 2023 10:04:41 -0700 (PDT)
From: Andre Przywara <andre.przywara@arm.com>
To: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
 Shuah Khan <shuah@kernel.org>
Cc: linux-security-module@vger.kernel.org,
        linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 1/2] selftests: landlock: allow other ABI versions
Date: Wed,  9 Aug 2023 18:04:34 +0100
Message-Id: <20230809170435.1312162-2-andre.przywara@arm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230809170435.1312162-1-andre.przywara@arm.com>
References: <20230809170435.1312162-1-andre.przywara@arm.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1773777221743695257
X-GMAIL-MSGID: 1773777221743695257

At the moment the abi_version subtest of the landlock selftest expects
exactly version 3 of the landlock syscall ABI. However older kernels
returned a smaller number (or even -1, for the initial code), and the
kselftest documentation states that older kernels should still be
supported.

Relax the test for the return value, to just not accept 0, which was
never a value returned by this syscall (the initial ABI version was 1).

This fixes kselftests runs on older kernels like on my Ubuntu 20.04
system.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
 tools/testing/selftests/landlock/base_test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/testing/selftests/landlock/base_test.c b/tools/testing/selftests/landlock/base_test.c
index 792c3f0a59b4f..1e3b6de57e80e 100644
--- a/tools/testing/selftests/landlock/base_test.c
+++ b/tools/testing/selftests/landlock/base_test.c
@@ -75,7 +75,7 @@ TEST(abi_version)
 	const struct landlock_ruleset_attr ruleset_attr = {
 		.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
 	};
-	ASSERT_EQ(3, landlock_create_ruleset(NULL, 0,
+	ASSERT_NE(0, landlock_create_ruleset(NULL, 0,
 					     LANDLOCK_CREATE_RULESET_VERSION));
 
 	ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0,

From patchwork Wed Aug  9 17:04:35 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andre Przywara <andre.przywara@arm.com>
X-Patchwork-Id: 133376
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2961120vqr;
        Wed, 9 Aug 2023 10:29:15 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF5ywYLH4+8RPxpDcL9JQFtiF/6lNCMqvuIOmKyj3GTJEQxcd8pHGhmzZfKzHunufcecrNB
X-Received: by 2002:a9d:6445:0:b0:6b5:8a98:f593 with SMTP id
 m5-20020a9d6445000000b006b58a98f593mr3368613otl.8.1691602155081;
        Wed, 09 Aug 2023 10:29:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691602155; cv=none;
        d=google.com; s=arc-20160816;
        b=vrzki12HF8uiWBRZSTKwuB53uHFKKP+vbpxZU37wf/gT0ZYAOlf9sXynYcOWnOP1Jh
         QJQ93PpAzlwdSpigQeFnmGeOoixzwvVEE9n6YjC4q8f8I3O/qyYZkWDgf9iQekj+tDds
         6414Dimsa9kx5iBb6GoP/JO/fvnNbOMiy/ajMRHUtqacocIOFSGb7+6KwjOLlQqbNfKO
         rDJgdHOXlOg023gDEMv0hrRpkr+iKwmwVYBpWnMfPZ4oNB3IxJtv/Ggdef5QHuthFrL3
         McRwZ3I/+BBH3d0T261Ct91y4XD7w+SN5MCXPHg97TPToK5NIE/AmbyDmysWgtSPXAiV
         4btQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=r+vqNHxA1FhnNEYjItzn12SRHUd3Tf4TNfxKvTMxuTg=;
        fh=nE/UqZX6qzpWLzz9CgtzS7bs+n+xzJ8NCqsu+2HYlgM=;
        b=1K/T4m13WIZs9GE48Q/9Npquq+p16pvd62cEMJFiO9c9oDycec5fgQXNXqYujApffz
         9C++QJdlnxYw3WW4wy+ZHX54r9geUdb547tzCXG9YsUvy3rVEUhycR7iPEAQEf0fS051
         L0Z5KH4mWmYdRHNgoinUlCqc0wbBqnTX/HfUXKEgPaOtyt2R38NZQ9wx72nDFoEvM5Oq
         cgwoji40sRz/Sw53zDiGSkGeUnf2VNzRI5DAWlPFLcG+DnGsaGKBsz3+RoSfXbrv3vC8
         rfO4QPvOiSkJjC+OgrX/mfPcSppHFEUg0y0oA2AjHSceTZULv3iUV7uB1QVumZvTcEte
         5uHw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 m16-20020a63fd50000000b00564738b0a58si1649910pgj.442.2023.08.09.10.28.57;
        Wed, 09 Aug 2023 10:29:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232712AbjHIREt (ORCPT <rfc822;craechal@gmail.com> + 99 others);
        Wed, 9 Aug 2023 13:04:49 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46234 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232461AbjHIREo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Aug 2023 13:04:44 -0400
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4CE0E2107;
        Wed,  9 Aug 2023 10:04:44 -0700 (PDT)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5F5F6139F;
        Wed,  9 Aug 2023 10:05:26 -0700 (PDT)
Received: from donnerap.arm.com (donnerap.manchester.arm.com [10.32.100.58])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 310843F59C;
        Wed,  9 Aug 2023 10:04:43 -0700 (PDT)
From: Andre Przywara <andre.przywara@arm.com>
To: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
 Shuah Khan <shuah@kernel.org>
Cc: linux-security-module@vger.kernel.org,
        linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 2/2] selftests: landlock: skip all tests without landlock
 syscall
Date: Wed,  9 Aug 2023 18:04:35 +0100
Message-Id: <20230809170435.1312162-3-andre.przywara@arm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230809170435.1312162-1-andre.przywara@arm.com>
References: <20230809170435.1312162-1-andre.przywara@arm.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1773773421532074278
X-GMAIL-MSGID: 1773773421532074278

"landlock" is a relatively new syscall, and most defconfigs do not enable
it (yet). On systems without this syscall available, the selftests fail
at the moment, instead of being skipped.

Check the availability of the landlock system call before executing each
test, and skip the rest of the tests if we get an ENOSYS back.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
 tools/testing/selftests/landlock/base_test.c | 27 ++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/tools/testing/selftests/landlock/base_test.c b/tools/testing/selftests/landlock/base_test.c
index 1e3b6de57e80e..c539cec775fba 100644
--- a/tools/testing/selftests/landlock/base_test.c
+++ b/tools/testing/selftests/landlock/base_test.c
@@ -21,12 +21,20 @@
 #define O_PATH 010000000
 #endif
 
+static bool has_syscall(void)
+{
+	return landlock_create_ruleset(NULL, 0, 0) == -1 && errno != ENOSYS;
+}
+
 TEST(inconsistent_attr)
 {
 	const long page_size = sysconf(_SC_PAGESIZE);
 	char *const buf = malloc(page_size + 1);
 	struct landlock_ruleset_attr *const ruleset_attr = (void *)buf;
 
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	ASSERT_NE(NULL, buf);
 
 	/* Checks copy_from_user(). */
@@ -75,6 +83,10 @@ TEST(abi_version)
 	const struct landlock_ruleset_attr ruleset_attr = {
 		.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
 	};
+
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	ASSERT_NE(0, landlock_create_ruleset(NULL, 0,
 					     LANDLOCK_CREATE_RULESET_VERSION));
 
@@ -107,6 +119,9 @@ TEST(create_ruleset_checks_ordering)
 		.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
 	};
 
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	/* Checks priority for invalid flags. */
 	ASSERT_EQ(-1, landlock_create_ruleset(NULL, 0, invalid_flag));
 	ASSERT_EQ(EINVAL, errno);
@@ -153,6 +168,9 @@ TEST(add_rule_checks_ordering)
 	const int ruleset_fd =
 		landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
 
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	ASSERT_LE(0, ruleset_fd);
 
 	/* Checks invalid flags. */
@@ -200,6 +218,9 @@ TEST(restrict_self_checks_ordering)
 	const int ruleset_fd =
 		landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
 
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	ASSERT_LE(0, ruleset_fd);
 	path_beneath_attr.parent_fd =
 		open("/tmp", O_PATH | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
@@ -240,6 +261,9 @@ TEST(ruleset_fd_io)
 	int ruleset_fd;
 	char buf;
 
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	drop_caps(_metadata);
 	ruleset_fd =
 		landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
@@ -267,6 +291,9 @@ TEST(ruleset_fd_transfer)
 	pid_t child;
 	int status;
 
+	if (!has_syscall())
+		SKIP(return, "landlock syscall not available");
+
 	drop_caps(_metadata);
 
 	/* Creates a test ruleset with a simple rule. */