syscalls/{f,l,}chown: Don't pass undocumented flags to open and chmod #671
Conversation
|
If we are going to remove these flags we also have to add a new tests that call the *chown() syscalls with additional the bits enabled, because otherwise we will loose coverage. That is because if Linux fails to mask the mode somewhere in the future it likely cause a serious regression. |
|
@mkow Well, tests should test the reality, not what man page claims. And if man page is wrong, it should be fixed (http://vger.kernel.org/vger-lists.html#linux-man, https://marc.info/?l=linux-man, https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git). |
I can add this to the tests if you think that this is something which should be tested. In this particular case, the original test intention is clearly wrong - those syscalls doesn't work the way it uses them and those tests weren't intended to test unknown bits.
This was kind of an "accidental coverage" and tested just one specific bit ;)
I think this depends on the case, i.e. whether there may exist real applications that does the same. E.g., if you'd notice that mmap always allocates addresses divisible by
Why do you think it's wrong? It just lists supported flags, but doesn't define the behavior if you pass some garbage there. |
|
@metan-ucw @pevik friendly ping ;) |
|
Well LTP has quite a few testcases that test behavior like that, if they start to fail we talk to the kernel maintaners if the change was intentional or not and either decide to fix the kernel or the test. So far we caught a few unintentional interface changes before they managed to slip into a released kernel hence I think that having a test like this makes sense. |
|
Ok, I'm assuming then that it's fine to over-assume things on the LTP side. What about the other issue? (that the current version of those tests is not trying to test if the kernel ignores the other bits, they seem to work by an accident and are misleading to the reader) Wouldn't it be better to remove these unintended flags and create a separate test which sets ~07777 and checks if everything still works? |
|
Yes the fucntional test should be separated like that. |
man says that `mode` argument supports only standard mode flags. On Linux, those LTP tests seem to work by an accident, despite passing S_IFREG there - Linux masks mode with 07777 and ignores any other bits, including S_IFREG.
mkow
force-pushed
the
mkow/fix-invalid-open-mode
branch
from
005983d
to
66987ed
Compare
|
Sorry for the delay, I was busy with other stuff, but finally found a moment to finish this PR. |
|
@metan-ucw Any chance to get this merged? Are there any more fixes needed from my side? |
|
Not a complete review, just a note: please don't use empty setup and cleanup functions. |
| TEST(open(tc->filename, tc->flags, tc->mode)); | ||
| fd = TST_RET; | ||
| if (fd == -1) { | ||
| tst_res(TFAIL, "Cannot open the file"); |
There was a problem hiding this comment.
Two minor things: we use TTERRNO to print errno on failure. And we usually prefer to use return than have else block (readability).
if (fd == -1) {
tst_res(TFAIL | TTERRNO, "Cannot open the file");
return;
}
tst_res(TPASS, "Unknown mode bits were ignored as expected");
SAFE_CLOSE(fd);
| if (stat(TESTFILE, &stat_buf) == -1) { | ||
| tst_brk(TFAIL | TTERRNO, "stat failed"); | ||
| } | ||
|
|
There was a problem hiding this comment.
We do have a safe macros to simplify error handling. So this if () could be replaced and is equivalent to just:
SAFE_STAT(TESTFILE, &stat_buf);
There was a problem hiding this comment.
Done.
Should I also use SAFE_CHMOD above? From what I see these macros are used only for things which shouldn't fail / are unrelated to the test itself, because they use TBROK instead of TFAIL. So, I guess the answer is "no"?
| #define CHMOD_MODE (0777 | ~07777) | ||
| #define TESTFILE "testfile" | ||
|
|
||
| void test_chmod(void) |
There was a problem hiding this comment.
Local functions like these should be declared static, but that is very minor.
There was a problem hiding this comment.
I copied this from some other chmod test and didn't notice the problem, sorry. Should be fixed now.
There was a problem hiding this comment.
Not a complete review, just a note: please don't use empty setup and cleanup functions.
Fixed.
If you want to get more audience than just overloaded metan-ucw, send it to our mailing list:
I didn't know this when I started this PR, I'll submit my future PRs to the list. For this one I think it would be better to finish reviewing it here to keep the whole discussion at one place.
btw. There's an issue with openat204 test: none of my OSes support openat2 syscall and I thought your CI takes care of this, but now I'm not that sure - I just fixed a bug in it which should have made it failing before, but I remember Travis passing. So, is openat2 actually tested in your CI?
| #define CHMOD_MODE (0777 | ~07777) | ||
| #define TESTFILE "testfile" | ||
|
|
||
| void test_chmod(void) |
There was a problem hiding this comment.
I copied this from some other chmod test and didn't notice the problem, sorry. Should be fixed now.
| TEST(open(tc->filename, tc->flags, tc->mode)); | ||
| fd = TST_RET; | ||
| if (fd == -1) { | ||
| tst_res(TFAIL, "Cannot open the file"); |
| if (stat(TESTFILE, &stat_buf) == -1) { | ||
| tst_brk(TFAIL | TTERRNO, "stat failed"); | ||
| } | ||
|
|
There was a problem hiding this comment.
Done.
Should I also use SAFE_CHMOD above? From what I see these macros are used only for things which shouldn't fail / are unrelated to the test itself, because they use TBROK instead of TFAIL. So, I guess the answer is "no"?
|
The CI just checks if the code could be compiled on different distributions, as writing portable code even for Linux is not easy if you need to cover popular distributions that have been released for last ten years... Running these tests is not really possible on travis for various reasons, one of them is that the CVE tests would crash the machine unless it has latest patches in kernel, the testsuite would run for too long, etc. I would love to have a CI that actually runs the testcases as well, but we would need a dedicated hardware lab for that. |
Hmm. One idea would be to run only a subset of the tests (exclude ones requiring root, CVE tests, long-running stress tests etc) and only run them on the most recent kernel, or something like this. It would be far from ideal, but I guess most of the tests aren't too intrusive an would work in this model? It would still require you to control the exact kernel version, which AFAIK is not possible in Travis. Going back to the PR itself, Travis failed with the following message: but I didn't touch this test and I wasn't able to reproduce this locally. Does Travis run on |
Some chown-related tests were using undocumented flags, e.g. here:
ltp/testcases/kernel/syscalls/fchown/fchown02.c
Lines 42 to 45 in bcf3733
ltp/testcases/kernel/syscalls/fchown/fchown02.c
Lines 143 to 146 in bcf3733
mansays thatmodeargument supports only standard mode flags. On Linux, those LTP tests seem to work by an accident, despite passingS_IFREGthere - Linux masks mode with 07777 and ignores any other bits, includingS_IFREG.