Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Jan 2017 16:09:18 -0800
From:      Conrad Meyer <cem@freebsd.org>
To:        Ngie Cooper <ngie@freebsd.org>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,  svn-src-head@freebsd.org
Subject:   Re: svn commit: r310994 - head/tests/sys/vfs
Message-ID:  <CAG6CVpXcB%2BQHOPkAF4Wj%2BB-Jypz3U5sd61nnwKReR1Uy4w5uXQ@mail.gmail.com>
In-Reply-To: <201701010401.v0141RpZ072608@repo.freebsd.org>
References:  <201701010401.v0141RpZ072608@repo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Um, this is garbage and ruins the entire point of using a standardized
framework like ATF.  Please revert it.

Instead, just have the Kyua framework preopen its output files before
running tests.  The diff will be an order of magnitude smaller than
this one is and it will fix the problem generally instead of adding
fork/wait cruft and undetailed assert()s to every test.

Conrad

On Sat, Dec 31, 2016 at 8:01 PM, Ngie Cooper <ngie@freebsd.org> wrote:
> Author: ngie
> Date: Sun Jan  1 04:01:27 2017
> New Revision: 310994
> URL: https://svnweb.freebsd.org/changeset/base/310994
>
> Log:
>   Make sys/vfs/lookup_cap_dotdot actually work with "kyua test"
>
>   The tests don't work when reading/writing to file descriptors in the
>   sandbox after entering capability mode (and wouldn't have, regardless
>   of the framework), so adjust the tests so they function within the
>   framework.
>
>   For tests that enter capability mode over the course of the test, the
>   following is now done:
>
>     1. Fork child process for capability mode test.
>     2. In child...
>        i.   Enter capability mode.
>        ii.  Test invariants.
>        iii. Exit after calling test function.
>     3. Collect status for child and determine whether or not it completed
>        successfully.
>
>   In order to test the invariants in the child process, they now use assert(3)
>   instead of ATF_REQUIRE*, as the atf-c-api functions right to results files
>   in the directories in order to determine where and how tests fail.
>
>   While in the area, fix several -Wshadow and -Wunused warnings found when I
>   bumped WARNS up to 6, and fix some minor style(9) issues with indentation
>   and type alignment.
>
>   PR:   215690
>
> Modified:
>   head/tests/sys/vfs/lookup_cap_dotdot.c
>
> Modified: head/tests/sys/vfs/lookup_cap_dotdot.c
> ==============================================================================
> --- head/tests/sys/vfs/lookup_cap_dotdot.c      Sun Jan  1 00:43:20 2017        (r310993)
> +++ head/tests/sys/vfs/lookup_cap_dotdot.c      Sun Jan  1 04:01:27 2017        (r310994)
> @@ -31,23 +31,27 @@ __FBSDID("$FreeBSD$");
>  #include <sys/capsicum.h>
>  #include <sys/sysctl.h>
>  #include <sys/stat.h>
> +#include <sys/wait.h>
>
>  #include <atf-c.h>
> +#include <assert.h>
>  #include <errno.h>
>  #include <stdlib.h>
>  #include <string.h>
>
>  #include "freebsd_test_suite/macros.h"
>
> -static int dirfd = -1;
> -static char *abspath;
> +static char    *abspath;
> +static int     dirfd = -1;
> +
> +typedef        void (*child_test_fn_t)(void);
>
>  static void
> -touchat(int dirfd, const char *name)
> +touchat(int _dirfd, const char *name)
>  {
>         int fd;
>
> -       ATF_REQUIRE((fd = openat(dirfd, name, O_CREAT | O_TRUNC | O_WRONLY,
> +       ATF_REQUIRE((fd = openat(_dirfd, name, O_CREAT | O_TRUNC | O_WRONLY,
>             0777)) >= 0);
>         ATF_REQUIRE(close(fd) == 0);
>  }
> @@ -78,10 +82,43 @@ prepare_dotdot_tests(void)
>  static void
>  check_capsicum(void)
>  {
> +
>         ATF_REQUIRE_FEATURE("security_capabilities");
>         ATF_REQUIRE_FEATURE("security_capability_mode");
>  }
>
> +static void
> +run_capsicum_test(child_test_fn_t test_func)
> +{
> +       int child_exit_code, child_status;
> +       pid_t child_pid;
> +
> +       check_capsicum();
> +       prepare_dotdot_tests();
> +
> +       ATF_REQUIRE_MSG((child_pid = fork()) != -1,
> +           "fork failed: %s", strerror(errno));
> +
> +       if (child_pid == 0) {
> +               test_func();
> +               _exit(0);
> +       }
> +
> +       ATF_REQUIRE_MSG(waitpid(child_pid, &child_status, 0) != -1,
> +           "waitpid failed: %s", strerror(errno));
> +       if (WIFEXITED(child_status)) {
> +               child_exit_code = WEXITSTATUS(child_status);
> +               ATF_REQUIRE_MSG(child_exit_code == 0,
> +                   "child exited with non-zero exit code: %d",
> +                   child_exit_code);
> +       } else if (WIFSIGNALED(child_status))
> +               atf_tc_fail("child exited with signal: %d",
> +                   WTERMSIG(child_status));
> +       else
> +               atf_tc_fail("child exited with unexpected status: %d",
> +                   child_status);
> +}
> +
>  /*
>   * Positive tests
>   */
> @@ -93,6 +130,7 @@ ATF_TC_HEAD(openat__basic_positive, tc)
>
>  ATF_TC_BODY(openat__basic_positive, tc)
>  {
> +
>         prepare_dotdot_tests();
>
>         ATF_REQUIRE(openat(dirfd, "d1/d2/d3/f3", O_RDONLY) >= 0);
> @@ -114,21 +152,22 @@ ATF_TC_HEAD(lookup_cap_dotdot__basic, tc
>             "Validate cap-mode (testdir)/d1/.. lookup");
>  }
>
> -ATF_TC_BODY(lookup_cap_dotdot__basic, tc)
> +static void
> +lookup_cap_dotdot__basic_child(void)
>  {
>         cap_rights_t rights;
> -       int fd;
> -
> -       check_capsicum();
> -       prepare_dotdot_tests();
>
>         cap_rights_init(&rights, CAP_LOOKUP, CAP_READ);
> -       ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0);
>
> -       ATF_REQUIRE(cap_enter() >= 0);
> +       assert(cap_rights_limit(dirfd, &rights) >= 0);
> +       assert(cap_enter() >= 0);
> +       assert(openat(dirfd, "d1/..", O_RDONLY) >= 0);
> +}
> +
> +ATF_TC_BODY(lookup_cap_dotdot__basic, tc)
> +{
>
> -       ATF_REQUIRE_MSG(openat(dirfd, "d1/..", O_RDONLY) >= 0, "%s",
> -           strerror(errno));
> +       run_capsicum_test(lookup_cap_dotdot__basic_child);
>  }
>
>  ATF_TC(lookup_cap_dotdot__advanced);
> @@ -138,23 +177,26 @@ ATF_TC_HEAD(lookup_cap_dotdot__advanced,
>             "Validate cap-mode (testdir)/d1/.. lookup");
>  }
>
> -ATF_TC_BODY(lookup_cap_dotdot__advanced, tc)
> +static void
> +lookup_cap_dotdot__advanced_child(void)
>  {
>         cap_rights_t rights;
> -       int fd;
> -
> -       check_capsicum();
> -       prepare_dotdot_tests();
>
>         cap_rights_init(&rights, CAP_LOOKUP, CAP_READ);
> -       ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0);
> +       assert(cap_rights_limit(dirfd, &rights) >= 0);
>
> -       ATF_REQUIRE(cap_enter() >= 0);
> +       assert(cap_enter() >= 0);
>
> -       ATF_REQUIRE(openat(dirfd, "d1/d2/d3/../../f1", O_RDONLY) >= 0);
> -       ATF_REQUIRE(openat(dirfd, "l3/../../f1", O_RDONLY) >= 0);
> -       ATF_REQUIRE(openat(dirfd, "l3/ld1", O_RDONLY) >= 0);
> -       ATF_REQUIRE(openat(dirfd, "l3/lf1", O_RDONLY) >= 0);
> +       assert(openat(dirfd, "d1/d2/d3/../../f1", O_RDONLY) >= 0);
> +       assert(openat(dirfd, "l3/../../f1", O_RDONLY) >= 0);
> +       assert(openat(dirfd, "l3/ld1", O_RDONLY) >= 0);
> +       assert(openat(dirfd, "l3/lf1", O_RDONLY) >= 0);
> +}
> +
> +ATF_TC_BODY(lookup_cap_dotdot__advanced, tc)
> +{
> +
> +       run_capsicum_test(lookup_cap_dotdot__advanced_child);
>  }
>
>  /*
> @@ -168,6 +210,7 @@ ATF_TC_HEAD(openat__basic_negative, tc)
>
>  ATF_TC_BODY(openat__basic_negative, tc)
>  {
> +
>         prepare_dotdot_tests();
>
>         ATF_REQUIRE_ERRNO(ENOENT,
> @@ -182,32 +225,43 @@ ATF_TC_HEAD(capmode__negative, tc)
>         atf_tc_set_md_var(tc, "descr", "Negative Capability mode testcases");
>  }
>
> -ATF_TC_BODY(capmode__negative, tc)
> +static void
> +capmode__negative_child(void)
>  {
>         int subdirfd;
>
> -       check_capsicum();
> -       prepare_dotdot_tests();
> -
> -       ATF_REQUIRE(cap_enter() == 0);
> +       assert(cap_enter() == 0);
>
>         /* open() not permitted in capability mode */
> -       ATF_REQUIRE_ERRNO(ECAPMODE, open("testdir", O_RDONLY) < 0);
> +       assert(open("testdir", O_RDONLY) < 0);
> +       assert(errno == ECAPMODE);
>
>         /* AT_FDCWD not permitted in capability mode */
> -       ATF_REQUIRE_ERRNO(ECAPMODE, openat(AT_FDCWD, "d1/f1", O_RDONLY) < 0);
> +       assert(openat(AT_FDCWD, "d1/f1", O_RDONLY) < 0);
> +       assert(errno == ECAPMODE);
>
>         /* Relative path above dirfd not capable */
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, "..", O_RDONLY) < 0);
> -       ATF_REQUIRE((subdirfd = openat(dirfd, "l3", O_RDONLY)) >= 0);
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE,
> -           openat(subdirfd, "../../f1", O_RDONLY) < 0);
> +       assert(openat(dirfd, "..", O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
> +
> +       assert((subdirfd = openat(dirfd, "l3", O_RDONLY)) >= 0);
> +       assert(openat(subdirfd, "../../f1", O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
> +       (void)close(subdirfd);
>
>         /* Absolute paths not capable */
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, abspath, O_RDONLY) < 0);
> +       assert(openat(dirfd, abspath, O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
>
>         /* Symlink above dirfd */
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, "lup/f1", O_RDONLY) < 0);
> +       assert(openat(dirfd, "lup/f1", O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
> +}
> +
> +ATF_TC_BODY(capmode__negative, tc)
> +{
> +
> +       run_capsicum_test(capmode__negative_child);
>  }
>
>  ATF_TC(lookup_cap_dotdot__negative);
> @@ -217,22 +271,30 @@ ATF_TC_HEAD(lookup_cap_dotdot__negative,
>             "Validate cap-mode (testdir)/.. lookup fails");
>  }
>
> -ATF_TC_BODY(lookup_cap_dotdot__negative, tc)
> +static void
> +lookup_cap_dotdot__negative_child(void)
>  {
>         cap_rights_t rights;
> -       int fd;
> -
> -       check_capsicum();
> -       prepare_dotdot_tests();
>
>         cap_rights_init(&rights, CAP_LOOKUP, CAP_READ);
> -       ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0);
> +       assert(cap_rights_limit(dirfd, &rights) >= 0);
>
> -       ATF_REQUIRE(cap_enter() >= 0);
> +       assert(cap_enter() >= 0);
> +
> +       assert(openat(dirfd, "..", O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
> +
> +       assert(openat(dirfd, "d1/../..", O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
> +
> +       assert(openat(dirfd, "../testdir/d1/f1", O_RDONLY) < 0);
> +       assert(errno == ENOTCAPABLE);
> +}
> +
> +ATF_TC_BODY(lookup_cap_dotdot__negative, tc)
> +{
>
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, "..", O_RDONLY) < 0);
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, "d1/../..", O_RDONLY) < 0);
> -       ATF_REQUIRE_ERRNO(ENOTCAPABLE, openat(dirfd, "../testdir/d1/f1", O_RDONLY) < 0);
> +       run_capsicum_test(lookup_cap_dotdot__negative_child);
>  }
>
>  ATF_TP_ADD_TCS(tp)
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpXcB%2BQHOPkAF4Wj%2BB-Jypz3U5sd61nnwKReR1Uy4w5uXQ>