[v3,4/6] selftest/Landlock: pthread_kill(3) tests

Message ID	f9ddc707873b30f440779feb1f284fc2a4aae40b.1723680305.git.fahimitahera@gmail.com (mailing list archive)
State	Handled Elsewhere
Headers	show Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF57E153837; Thu, 15 Aug 2024 18:29:46 +0000 (UTC) From: Tahera Fahimi <fahimitahera@gmail.com> To: outreachy@lists.linux.dev Cc: mic@digikod.net, gnoack@google.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, bjorn3_gh@protonmail.com, jannh@google.com, netdev@vger.kernel.org, Tahera Fahimi <fahimitahera@gmail.com> Subject: [PATCH v3 4/6] selftest/Landlock: pthread_kill(3) tests Date: Thu, 15 Aug 2024 12:29:23 -0600 Message-Id: <f9ddc707873b30f440779feb1f284fc2a4aae40b.1723680305.git.fahimitahera@gmail.com> In-Reply-To: <cover.1723680305.git.fahimitahera@gmail.com> References: <cover.1723680305.git.fahimitahera@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Landlock: Signal Scoping Support \| expand [v3,0/6] Landlock: Signal Scoping Support [v3,1/6] Landlock: Add signal control [v3,2/6] Landlock: Adding file_send_sigiotask signal scoping support [v3,3/6] selftest/Landlock: Signal restriction tests [v3,4/6] selftest/Landlock: pthread_kill(3) tests [v3,5/6] sample/Landlock: Support signal scoping restriction [v3,6/6] Landlock: Document LANDLOCK_SCOPED_SIGNAL

Message ID

f9ddc707873b30f440779feb1f284fc2a4aae40b.1723680305.git.fahimitahera@gmail.com (mailing list archive)

State

Handled Elsewhere

Headers

From: Tahera Fahimi <fahimitahera@gmail.com>
To: outreachy@lists.linux.dev
Cc: mic@digikod.net,
	gnoack@google.com,
	paul@paul-moore.com,
	jmorris@namei.org,
	serge@hallyn.com,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	bjorn3_gh@protonmail.com,
	jannh@google.com,
	netdev@vger.kernel.org,
	Tahera Fahimi <fahimitahera@gmail.com>
Subject: [PATCH v3 4/6] selftest/Landlock: pthread_kill(3) tests
Date: Thu, 15 Aug 2024 12:29:23 -0600
Message-Id: 
 <f9ddc707873b30f440779feb1f284fc2a4aae40b.1723680305.git.fahimitahera@gmail.com>
In-Reply-To: <cover.1723680305.git.fahimitahera@gmail.com>
References: <cover.1723680305.git.fahimitahera@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Landlock: Signal Scoping Support | expand

Commit Message

Tahera Fahimi Aug. 15, 2024, 6:29 p.m. UTC

This patch expands the signal scoping tests with pthread_kill(3)
It tests if an scoped thread can send signal to a process in
the same scoped domain, or a non-sandboxed thread.

Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
---
 .../selftests/landlock/scoped_signal_test.c   | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

Comments

Mickaël Salaün Aug. 20, 2024, 3:57 p.m. UTC | #1

Please make sure all subject's prefixes are correct, there is two errors
in the prefix and the description can be made more consistent with other
patches, something like this: "selftests/landlock: Add
signal_scoping_threads test"

On Thu, Aug 15, 2024 at 12:29:23PM -0600, Tahera Fahimi wrote:
> This patch expands the signal scoping tests with pthread_kill(3)
> It tests if an scoped thread can send signal to a process in
> the same scoped domain, or a non-sandboxed thread.
> 
> Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
> ---
>  .../selftests/landlock/scoped_signal_test.c   | 29 +++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/tools/testing/selftests/landlock/scoped_signal_test.c b/tools/testing/selftests/landlock/scoped_signal_test.c
> index 92958c6266ca..2edba1e6cd82 100644
> --- a/tools/testing/selftests/landlock/scoped_signal_test.c
> +++ b/tools/testing/selftests/landlock/scoped_signal_test.c
> @@ -10,6 +10,7 @@
>  #include <errno.h>
>  #include <fcntl.h>
>  #include <linux/landlock.h>
> +#include <pthread.h>
>  #include <signal.h>
>  #include <sys/prctl.h>
>  #include <sys/types.h>
> @@ -18,6 +19,7 @@
>  
>  #include "common.h"
>  
> +#define DEFAULT_THREAD_RUNTIME 0.001
>  static sig_atomic_t signaled;
>  
>  static void create_signal_domain(struct __test_metadata *const _metadata)
> @@ -299,4 +301,31 @@ TEST_F(signal_scoping, test_signal)
>  		_metadata->exit_code = KSFT_FAIL;
>  }
>  
> +static void *thread_func(void *arg)
> +{
> +	sleep(DEFAULT_THREAD_RUNTIME);

Using sleep() may make this test flaky.  It needs to be removed and the
test should work the same.

> +	return NULL;
> +}
> +
> +TEST(signal_scoping_threads)
> +{
> +	pthread_t no_sandbox_thread, scoped_thread;
> +	int err;
> +
> +	ASSERT_EQ(0,
> +		  pthread_create(&no_sandbox_thread, NULL, thread_func, NULL));
> +	create_signal_domain(_metadata);
> +	ASSERT_EQ(0, pthread_create(&scoped_thread, NULL, thread_func, NULL));
> +
> +	/* Send signal to threads */
> +	err = pthread_kill(no_sandbox_thread, 0);
> +	ASSERT_EQ(EPERM, err);
> +
> +	err = pthread_kill(scoped_thread, 0);
> +	ASSERT_EQ(0, err);
> +
> +	ASSERT_EQ(0, pthread_join(scoped_thread, NULL));
> +	ASSERT_EQ(0, pthread_join(no_sandbox_thread, NULL));
> +}
> +
>  TEST_HARNESS_MAIN
> -- 
> 2.34.1
> 
>

Mickaël Salaün Aug. 26, 2024, 12:40 p.m. UTC | #2

On Tue, Aug 20, 2024 at 05:57:08PM +0200, Mickaël Salaün wrote:
> Please make sure all subject's prefixes are correct, there is two errors
> in the prefix and the description can be made more consistent with other
> patches, something like this: "selftests/landlock: Add
> signal_scoping_threads test"
> 
> On Thu, Aug 15, 2024 at 12:29:23PM -0600, Tahera Fahimi wrote:
> > This patch expands the signal scoping tests with pthread_kill(3)
> > It tests if an scoped thread can send signal to a process in
> > the same scoped domain, or a non-sandboxed thread.
> > 
> > Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
> > ---
> >  .../selftests/landlock/scoped_signal_test.c   | 29 +++++++++++++++++++
> >  1 file changed, 29 insertions(+)
> > 
> > diff --git a/tools/testing/selftests/landlock/scoped_signal_test.c b/tools/testing/selftests/landlock/scoped_signal_test.c
> > index 92958c6266ca..2edba1e6cd82 100644
> > --- a/tools/testing/selftests/landlock/scoped_signal_test.c
> > +++ b/tools/testing/selftests/landlock/scoped_signal_test.c
> > @@ -10,6 +10,7 @@
> >  #include <errno.h>
> >  #include <fcntl.h>
> >  #include <linux/landlock.h>
> > +#include <pthread.h>
> >  #include <signal.h>
> >  #include <sys/prctl.h>
> >  #include <sys/types.h>
> > @@ -18,6 +19,7 @@
> >  
> >  #include "common.h"
> >  
> > +#define DEFAULT_THREAD_RUNTIME 0.001
> >  static sig_atomic_t signaled;
> >  
> >  static void create_signal_domain(struct __test_metadata *const _metadata)
> > @@ -299,4 +301,31 @@ TEST_F(signal_scoping, test_signal)
> >  		_metadata->exit_code = KSFT_FAIL;
> >  }
> >  
> > +static void *thread_func(void *arg)
> > +{
> > +	sleep(DEFAULT_THREAD_RUNTIME);
> 
> Using sleep() may make this test flaky.  It needs to be removed and the
> test should work the same.
> 
> > +	return NULL;
> > +}
> > +
> > +TEST(signal_scoping_threads)
> > +{
> > +	pthread_t no_sandbox_thread, scoped_thread;
> > +	int err;
> > +
> > +	ASSERT_EQ(0,
> > +		  pthread_create(&no_sandbox_thread, NULL, thread_func, NULL));
> > +	create_signal_domain(_metadata);
> > +	ASSERT_EQ(0, pthread_create(&scoped_thread, NULL, thread_func, NULL));
> > +
> > +	/* Send signal to threads */
> > +	err = pthread_kill(no_sandbox_thread, 0);
> > +	ASSERT_EQ(EPERM, err);

Sometime the test failed because err == 0, I guess it's because I
removed the call to sleep(), but this just highlight a race condition in
the code anyway.  We would need a synchronization primitive to make sure
the thread is still alive, something like the pipe read/write.

> > +
> > +	err = pthread_kill(scoped_thread, 0);
> > +	ASSERT_EQ(0, err);
> > +
> > +	ASSERT_EQ(0, pthread_join(scoped_thread, NULL));
> > +	ASSERT_EQ(0, pthread_join(no_sandbox_thread, NULL));
> > +}
> > +
> >  TEST_HARNESS_MAIN
> > -- 
> > 2.34.1
> > 
> >

diff --git a/tools/testing/selftests/landlock/scoped_signal_test.c b/tools/testing/selftests/landlock/scoped_signal_test.c
index 92958c6266ca..2edba1e6cd82 100644
--- a/tools/testing/selftests/landlock/scoped_signal_test.c
+++ b/tools/testing/selftests/landlock/scoped_signal_test.c
@@ -10,6 +10,7 @@ 
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/landlock.h>
+#include <pthread.h>
 #include <signal.h>
 #include <sys/prctl.h>
 #include <sys/types.h>
@@ -18,6 +19,7 @@ 
 
 #include "common.h"
 
+#define DEFAULT_THREAD_RUNTIME 0.001
 static sig_atomic_t signaled;
 
 static void create_signal_domain(struct __test_metadata *const _metadata)
@@ -299,4 +301,31 @@  TEST_F(signal_scoping, test_signal)
 		_metadata->exit_code = KSFT_FAIL;
 }
 
+static void *thread_func(void *arg)
+{
+	sleep(DEFAULT_THREAD_RUNTIME);
+	return NULL;
+}
+
+TEST(signal_scoping_threads)
+{
+	pthread_t no_sandbox_thread, scoped_thread;
+	int err;
+
+	ASSERT_EQ(0,
+		  pthread_create(&no_sandbox_thread, NULL, thread_func, NULL));
+	create_signal_domain(_metadata);
+	ASSERT_EQ(0, pthread_create(&scoped_thread, NULL, thread_func, NULL));
+
+	/* Send signal to threads */
+	err = pthread_kill(no_sandbox_thread, 0);
+	ASSERT_EQ(EPERM, err);
+
+	err = pthread_kill(scoped_thread, 0);
+	ASSERT_EQ(0, err);
+
+	ASSERT_EQ(0, pthread_join(scoped_thread, NULL));
+	ASSERT_EQ(0, pthread_join(no_sandbox_thread, NULL));
+}
+
 TEST_HARNESS_MAIN

[v3,4/6] selftest/Landlock: pthread_kill(3) tests

Commit Message

Comments

Patch