selftests/landlock: Test landlock_create_ruleset(2) argument check ordering

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add inval_create_ruleset_arguments, extension of
inval_create_ruleset_flags, to also check error ordering for
landlock_create_ruleset(2).

This is similar to the previous commit checking landlock_add_rule(2).

Test coverage for security/landlock is 94.4% of 504 lines accorging to
gcc/gcov-11.

Link: https://lore.kernel.org/r/20220506160820.524344-11-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>

Mickaël Salaün 3 years ago 6533d0c3 eba39ca4

+20 -1

1 changed file

expand all

tools

testing

selftests

landlock

base_test.c

+20 -1

tools/testing/selftests/landlock/base_test.c

··· 97 97 ASSERT_EQ(EINVAL, errno); 98 98 } 99 99 100 - TEST(inval_create_ruleset_flags) 100 + /* Tests ordering of syscall argument checks. */ 101 + TEST(create_ruleset_checks_ordering) 101 102 { 102 103 const int last_flag = LANDLOCK_CREATE_RULESET_VERSION; 103 104 const int invalid_flag = last_flag << 1; 105 + int ruleset_fd; 104 106 const struct landlock_ruleset_attr ruleset_attr = { 105 107 .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE, 106 108 }; 107 109 110 + /* Checks priority for invalid flags. */ 108 111 ASSERT_EQ(-1, landlock_create_ruleset(NULL, 0, invalid_flag)); 109 112 ASSERT_EQ(EINVAL, errno); 110 113 ··· 122 119 landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 123 120 invalid_flag)); 124 121 ASSERT_EQ(EINVAL, errno); 122 + 123 + /* Checks too big ruleset_attr size. */ 124 + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, -1, 0)); 125 + ASSERT_EQ(E2BIG, errno); 126 + 127 + /* Checks too small ruleset_attr size. */ 128 + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0, 0)); 129 + ASSERT_EQ(EINVAL, errno); 130 + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 1, 0)); 131 + ASSERT_EQ(EINVAL, errno); 132 + 133 + /* Checks valid call. */ 134 + ruleset_fd = 135 + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); 136 + ASSERT_LE(0, ruleset_fd); 137 + ASSERT_EQ(0, close(ruleset_fd)); 125 138 } 126 139 127 140 /* Tests ordering of syscall argument checks. */