| Message ID | 20240808155931.1290349-1-linux@roeck-us.net (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | apparmor: fix policy_unpack_test on big endian systems | expand |
On Thu, Aug 08, 2024 at 08:59:31AM -0700, Guenter Roeck wrote: > policy_unpack_test fails on big endian systems because data byte order > is expected to be little endian but is generated in host byte order. > This results in test failures such as: > > # policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150 > Expected array_size == (u16)16, but > array_size == 4096 (0x1000) > (u16)16 == 16 (0x10) > # policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1 > not ok 3 policy_unpack_test_unpack_array_with_null_name > # policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164 > Expected array_size == (u16)16, but > array_size == 4096 (0x1000) > (u16)16 == 16 (0x10) > # policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1 > > Add the missing endianness conversions when generating test data. > > Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack") > Cc: Brendan Higgins <brendanhiggins@google.com> > Cc: Kees Cook <keescook@chromium.org> > Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Kees Cook <kees@kernel.org>
On 8/8/24 08:59, Guenter Roeck wrote: > policy_unpack_test fails on big endian systems because data byte order > is expected to be little endian but is generated in host byte order. > This results in test failures such as: > > # policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150 > Expected array_size == (u16)16, but > array_size == 4096 (0x1000) > (u16)16 == 16 (0x10) > # policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1 > not ok 3 policy_unpack_test_unpack_array_with_null_name > # policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164 > Expected array_size == (u16)16, but > array_size == 4096 (0x1000) > (u16)16 == 16 (0x10) > # policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1 > > Add the missing endianness conversions when generating test data. > > Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack") > Cc: Brendan Higgins <brendanhiggins@google.com> > Cc: Kees Cook <keescook@chromium.org> > Signed-off-by: Guenter Roeck <linux@roeck-us.net> Looks good Acked-by: John Johansen <john.johansen@canonical.com> I will pull this into my tree > --- > security/apparmor/policy_unpack_test.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/security/apparmor/policy_unpack_test.c b/security/apparmor/policy_unpack_test.c > index 874fcf97794e..c64733d6c98f 100644 > --- a/security/apparmor/policy_unpack_test.c > +++ b/security/apparmor/policy_unpack_test.c > @@ -80,14 +80,14 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf, > *(buf + 1) = strlen(TEST_U32_NAME) + 1; > strscpy(buf + 3, TEST_U32_NAME, e->end - (void *)(buf + 3)); > *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32; > - *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA; > + *((__le32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = cpu_to_le32(TEST_U32_DATA); > > buf = e->start + TEST_NAMED_U64_BUF_OFFSET; > *buf = AA_NAME; > *(buf + 1) = strlen(TEST_U64_NAME) + 1; > strscpy(buf + 3, TEST_U64_NAME, e->end - (void *)(buf + 3)); > *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64; > - *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA; > + *((__le64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = cpu_to_le64(TEST_U64_DATA); > > buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET; > *buf = AA_NAME; > @@ -103,7 +103,7 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf, > *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1; > strscpy(buf + 3, TEST_ARRAY_NAME, e->end - (void *)(buf + 3)); > *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY; > - *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE; > + *((__le16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = cpu_to_le16(TEST_ARRAY_SIZE); > > return e; > }
On 8/12/24 09:55, John Johansen wrote: > On 8/8/24 08:59, Guenter Roeck wrote: >> policy_unpack_test fails on big endian systems because data byte order >> is expected to be little endian but is generated in host byte order. >> This results in test failures such as: >> >> # policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150 >> Expected array_size == (u16)16, but >> array_size == 4096 (0x1000) >> (u16)16 == 16 (0x10) >> # policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1 >> not ok 3 policy_unpack_test_unpack_array_with_null_name >> # policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164 >> Expected array_size == (u16)16, but >> array_size == 4096 (0x1000) >> (u16)16 == 16 (0x10) >> # policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1 >> >> Add the missing endianness conversions when generating test data. >> >> Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack") >> Cc: Brendan Higgins <brendanhiggins@google.com> >> Cc: Kees Cook <keescook@chromium.org> >> Signed-off-by: Guenter Roeck <linux@roeck-us.net> > > Looks good > > Acked-by: John Johansen <john.johansen@canonical.com> > > I will pull this into my tree > Thanks! Guenter
diff --git a/security/apparmor/policy_unpack_test.c b/security/apparmor/policy_unpack_test.c index 874fcf97794e..c64733d6c98f 100644 --- a/security/apparmor/policy_unpack_test.c +++ b/security/apparmor/policy_unpack_test.c @@ -80,14 +80,14 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf, *(buf + 1) = strlen(TEST_U32_NAME) + 1; strscpy(buf + 3, TEST_U32_NAME, e->end - (void *)(buf + 3)); *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32; - *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA; + *((__le32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = cpu_to_le32(TEST_U32_DATA); buf = e->start + TEST_NAMED_U64_BUF_OFFSET; *buf = AA_NAME; *(buf + 1) = strlen(TEST_U64_NAME) + 1; strscpy(buf + 3, TEST_U64_NAME, e->end - (void *)(buf + 3)); *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64; - *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA; + *((__le64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = cpu_to_le64(TEST_U64_DATA); buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET; *buf = AA_NAME; @@ -103,7 +103,7 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf, *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1; strscpy(buf + 3, TEST_ARRAY_NAME, e->end - (void *)(buf + 3)); *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY; - *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE; + *((__le16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = cpu_to_le16(TEST_ARRAY_SIZE); return e; }
policy_unpack_test fails on big endian systems because data byte order is expected to be little endian but is generated in host byte order. This results in test failures such as: # policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150 Expected array_size == (u16)16, but array_size == 4096 (0x1000) (u16)16 == 16 (0x10) # policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1 not ok 3 policy_unpack_test_unpack_array_with_null_name # policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164 Expected array_size == (u16)16, but array_size == 4096 (0x1000) (u16)16 == 16 (0x10) # policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1 Add the missing endianness conversions when generating test data. Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack") Cc: Brendan Higgins <brendanhiggins@google.com> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Guenter Roeck <linux@roeck-us.net> --- security/apparmor/policy_unpack_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)