Proxmox-Port/linux-loongson
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson synced 2025-08-26 21:52:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
loongarch-next
linux-loongson/security/landlock/id.c
Tingmao Wang e0a69cf2c0
landlock: Fix warning from KUnit tests 
get_id_range() expects a positive value as first argument but
get_random_u8() can return 0.  Fix this by clamping it.

Validated by running the test in a for loop for 1000 times.

Note that MAX() is wrong as it is only supposed to be used for
constants, but max() is good here.

  [..]     ok 9 test_range2_rand1
  [..]     ok 10 test_range2_rand2
  [..]     ok 11 test_range2_rand15
  [..] ------------[ cut here ]------------
  [..] WARNING: CPU: 6 PID: 104 at security/landlock/id.c:99 test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1))
  [..] Modules linked in:
  [..] CPU: 6 UID: 0 PID: 104 Comm: kunit_try_catch Tainted: G                 N  6.16.0-rc1-dev-00001-g314a2f98b65f #1 PREEMPT(undef)
  [..] Tainted: [N]=TEST
  [..] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
  [..] RIP: 0010:test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1))
  [..] Code: 49 c7 c0 10 70 30 82 4c 89 ff 48 c7 c6 a0 63 1e 83 49 c7 45 a0 e0 63 1e 83 e8 3f 95 17 00 e9 1f ff ff ff 0f 0b e9 df fd ff ff <0f> 0b ba 01 00 00 00 e9 68 fe ff ff 49 89 45 a8 49 8d 4d a0 45 31

  [..] RSP: 0000:ffff888104eb7c78 EFLAGS: 00010246
  [..] RAX: 0000000000000000 RBX: 000000000870822c RCX: 0000000000000000
            ^^^^^^^^^^^^^^^^
  [..]
  [..] Call Trace:
  [..]
  [..] ---[ end trace 0000000000000000 ]---
  [..]     ok 12 test_range2_rand16
  [..] # landlock_id: pass:12 fail:0 skip:0 total:12
  [..] # Totals: pass:12 fail:0 skip:0 total:12
  [..] ok 1 landlock_id

Fixes: d9d2a68ed4 ("landlock: Add unique ID generator")
Signed-off-by: Tingmao Wang <m@maowtm.org>
Link: https://lore.kernel.org/r/73e28efc5b8cc394608b99d5bc2596ca917d7c4a.1750003733.git.m@maowtm.org
[mic: Minor cosmetic improvements]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2025-06-27 10:10:37 +02:00

296 lines
7.4 KiB
C
Raw Permalink Blame History

// SPDX-License-Identifier: GPL-2.0-only
/*
* Landlock - Unique identification number generator
*
* Copyright © 2024-2025 Microsoft Corporation
*/
#include <kunit/test.h>
#include <linux/atomic.h>
#include <linux/bitops.h>
#include <linux/random.h>
#include <linux/spinlock.h>
#include "common.h"
#include "id.h"
#define COUNTER_PRE_INIT 0
static atomic64_t next_id = ATOMIC64_INIT(COUNTER_PRE_INIT);
static void __init init_id(atomic64_t *const counter, const u32 random_32bits)
{
u64 init;
/*
* Ensures sure 64-bit values are always used by user space (or may
* fail with -EOVERFLOW), and makes this testable.
*/
init = BIT_ULL(32);
/*
* Makes a large (2^32) boot-time value to limit ID collision in logs
* from different boots, and to limit info leak about the number of
* initially (relative to the reader) created elements (e.g. domains).
*/
init += random_32bits;
/* Sets first or ignores. This will be the first ID. */
atomic64_cmpxchg(counter, COUNTER_PRE_INIT, init);
}
#ifdef CONFIG_SECURITY_LANDLOCK_KUNIT_TEST
static void __init test_init_min(struct kunit *const test)
{
atomic64_t counter = ATOMIC64_INIT(COUNTER_PRE_INIT);
init_id(&counter, 0);
KUNIT_EXPECT_EQ(test, atomic64_read(&counter), 1ULL + U32_MAX);
}
static void __init test_init_max(struct kunit *const test)
{
atomic64_t counter = ATOMIC64_INIT(COUNTER_PRE_INIT);
init_id(&counter, ~0);
KUNIT_EXPECT_EQ(test, atomic64_read(&counter), 1 + (2ULL * U32_MAX));
}
static void __init test_init_once(struct kunit *const test)
{
const u64 first_init = 1ULL + U32_MAX;
atomic64_t counter = ATOMIC64_INIT(COUNTER_PRE_INIT);
init_id(&counter, 0);
KUNIT_EXPECT_EQ(test, atomic64_read(&counter), first_init);
init_id(&counter, ~0);
KUNIT_EXPECT_EQ_MSG(
test, atomic64_read(&counter), first_init,
"Should still have the same value after the subsequent init_id()");
}
#endif /* CONFIG_SECURITY_LANDLOCK_KUNIT_TEST */
void __init landlock_init_id(void)
{
return init_id(&next_id, get_random_u32());
}
/*
* It's not worth it to try to hide the monotonic counter because it can still
* be inferred (with N counter ranges), and if we are allowed to read the inode
* number we should also be allowed to read the time creation anyway, and it
* can be handy to store and sort domain IDs for user space.
*
* Returns the value of next_id and increment it to let some space for the next
* one.
*/
static u64 get_id_range(size_t number_of_ids, atomic64_t *const counter,
u8 random_4bits)
{
u64 id, step;
/*
* We should return at least 1 ID, and we may need a set of consecutive
* ones (e.g. to generate a set of inodes).
*/
if (WARN_ON_ONCE(number_of_ids <= 0))
number_of_ids = 1;
/*
* Blurs the next ID guess with 1/16 ratio. We get 2^(64 - 4) -
* (2 * 2^32), so a bit less than 2^60 available IDs, which should be
* much more than enough considering the number of CPU cycles required
* to get a new ID (e.g. a full landlock_restrict_self() call), and the
* cost of draining all available IDs during the system's uptime.
*/
random_4bits &= 0b1111;
step = number_of_ids + random_4bits;
/* It is safe to cast a signed atomic to an unsigned value. */
id = atomic64_fetch_add(step, counter);
/* Warns if landlock_init_id() was not called. */
WARN_ON_ONCE(id == COUNTER_PRE_INIT);
return id;
}
#ifdef CONFIG_SECURITY_LANDLOCK_KUNIT_TEST
static u8 get_random_u8_positive(void)
{
/* max() evaluates its arguments once. */
return max(1, get_random_u8());
}
static void test_range1_rand0(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(1, &counter, 0), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 1);
}
static void test_range1_rand1(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(1, &counter, 1), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 2);
}
static void test_range1_rand15(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(1, &counter, 15), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 16);
}
static void test_range1_rand16(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(1, &counter, 16), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 1);
}
static void test_range2_rand0(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(2, &counter, 0), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 2);
}
static void test_range2_rand1(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(2, &counter, 1), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 3);
}
static void test_range2_rand2(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(2, &counter, 2), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 4);
}
static void test_range2_rand15(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(2, &counter, 15), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 17);
}
static void test_range2_rand16(struct kunit *const test)
{
atomic64_t counter;
u64 init;
init = get_random_u32();
atomic64_set(&counter, init);
KUNIT_EXPECT_EQ(test, get_id_range(2, &counter, 16), init);
KUNIT_EXPECT_EQ(test,
get_id_range(get_random_u8_positive(), &counter,
get_random_u8()),
init + 2);
}
#endif /* CONFIG_SECURITY_LANDLOCK_KUNIT_TEST */
/**
* landlock_get_id_range - Get a range of unique IDs
*
* @number_of_ids: Number of IDs to hold. Must be greater than one.
*
* Returns: The first ID in the range.
*/
u64 landlock_get_id_range(size_t number_of_ids)
{
return get_id_range(number_of_ids, &next_id, get_random_u8());
}
#ifdef CONFIG_SECURITY_LANDLOCK_KUNIT_TEST
static struct kunit_case __refdata test_cases[] = {
/* clang-format off */
KUNIT_CASE(test_init_min),
KUNIT_CASE(test_init_max),
KUNIT_CASE(test_init_once),
KUNIT_CASE(test_range1_rand0),
KUNIT_CASE(test_range1_rand1),
KUNIT_CASE(test_range1_rand15),
KUNIT_CASE(test_range1_rand16),
KUNIT_CASE(test_range2_rand0),
KUNIT_CASE(test_range2_rand1),
KUNIT_CASE(test_range2_rand2),
KUNIT_CASE(test_range2_rand15),
KUNIT_CASE(test_range2_rand16),
{}
/* clang-format on */
};
static struct kunit_suite test_suite = {
.name = "landlock_id",
.test_cases = test_cases,
};
kunit_test_init_section_suite(test_suite);
#endif /* CONFIG_SECURITY_LANDLOCK_KUNIT_TEST */
Reference in New Issue View Git Blame Copy Permalink