On 2/1/21 10:37 PM, Andrii Nakryiko wrote:

On Sun, Jan 31, 2021 at 5:09 PM KP Singh [off-list ref] wrote:

quoted

On Thu, Jan 28, 2021 at 2:46 AM Andrii Nakryiko
[off-list ref] wrote:

quoted

On Mon, Jan 11, 2021 at 11:55 PM KP Singh [off-list ref] wrote:

quoted

It was found in [1] that bpf_inode_storage_get helper did not check
the nullness of the passed owner ptr which caused an oops when
dereferenced. This change incorporates the example suggested in [1] into
the local storage selftest.

The test is updated to create a temporary directory instead of just
using a tempfile. In order to replicate the issue this copied rm binary
is renamed tiggering the inode_rename with a null pointer for the
new_inode. The logic to verify the setting and deletion of the inode
local storage of the old inode is also moved to this LSM hook.

The change also removes the copy_rm function and simply shells out
to copy files and recursively delete directories and consolidates the
logic of setting the initial inode storage to the bprm_committed_creds
hook and removes the file_open hook.

[1]: https://lore.kernel.org/bpf/CANaYP3HWkH91SN=wTNO9FL_2ztHfqcXKX38SSE-JJ2voh+vssw@mail.gmail.com (local)

Suggested-by: Gilad Reti <redacted>
Acked-by: Yonghong Song <redacted>
Signed-off-by: KP Singh <kpsingh@kernel.org>
---

Hi KP,

I'm getting a compilation warning when building selftests. Can you
please take a look and send a fix? Thanks!

/data/users/andriin/linux/tools/testing/selftests/bpf/prog_tests/test_local_storage.c:
In function ‘test_test_local_storage’:
/data/users/andriin/linux/tools/testing/selftests/bpf/prog_tests/test_local_storage.c:143:52:
warning: ‘/copy_of_rm’ directive output may be truncated writing 11
bytes into a region of size between 1 and 64 [-Wformat-truncation=]
   143 |  snprintf(tmp_exec_path, sizeof(tmp_exec_path), "%s/copy_of_rm",
       |                                                    ^~~~~~~~~~~
/data/users/andriin/linux/tools/testing/selftests/bpf/prog_tests/test_local_storage.c:143:2:
note: ‘snprintf’ output between 12 and 75 bytes into a destination of
size 64
   143 |  snprintf(tmp_exec_path, sizeof(tmp_exec_path), "%s/copy_of_rm",
       |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   144 |    tmp_dir_path);
       |    ~~~~~~~~~~~~~

I don't seem to get this warning, so maybe we are using different compilers.

Mine is gcc 10.2.1 20201224 (from debian)

Funny enough, but I can't repro it locally anymore. I have gcc 10.2.0.
But your suggested fix below does look like a correct one, so feel
free to send it over, thanks!

quoted

That said, I understand why it's complaining, it's for something that
cannot really happen:

tmp_dir_path cannot be 64 because we actually know its length so the
tmp_exec_path cannot really overflow 64 bytes.

Can you check if the following patch makes it go away?

diff --git a/tools/testing/selftests/bpf/prog_tests/test_local_storage.c

b/tools/testing/selftests/bpf/prog_tests/test_local_storage.c
index 3bfcf00c0a67..d2c16eaae367 100644

--- a/tools/testing/selftests/bpf/prog_tests/test_local_storage.c
+++ b/tools/testing/selftests/bpf/prog_tests/test_local_storage.c

@@ -113,7 +113,7 @@ static bool check_syscall_operations(int map_fd, int obj_fd)

  void test_test_local_storage(void)
  {
-       char tmp_dir_path[64] = "/tmp/local_storageXXXXXX";
+       char tmp_dir_path[] = "/tmp/local_storageXXXXXX";
         int err, serv_sk = -1, task_fd = -1, rm_fd = -1;
         struct local_storage *skel = NULL;
         char tmp_exec_path[64];

If so, I can send you a fix.

I have gcc 8.2.1 which can reproduce the issue.
With the above fix, the warning is gone. So yes, please send
a fix. Thanks!

quoted

- KP

quoted

quoted

  .../bpf/prog_tests/test_local_storage.c       | 96 +++++--------------
  .../selftests/bpf/progs/local_storage.c       | 62 ++++++------
  2 files changed, 61 insertions(+), 97 deletions(-)

[...]