Re: [PATCH v2 7/9] test_sysctl: add simple proc_dointvec() case

From: Kees Cook
Date: Mon Feb 13 2017 - 17:00:20 EST


On Fri, Feb 10, 2017 at 4:36 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
> Test against a simple proc_dointvec() case. While at it, add
> a test against INT_MAX. Make sure INT_MAX works, and INT_MAX+1
> will fail. Also test negative values work.
>
> Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxxxx>
> ---
> lib/test_sysctl.c | 11 ++++++
> tools/testing/selftests/sysctl/sysctl.sh | 62 ++++++++++++++++++++++++++++++++
> 2 files changed, 73 insertions(+)
>
> diff --git a/lib/test_sysctl.c b/lib/test_sysctl.c
> index 9b9ae1a95ab3..c36a024d7351 100644
> --- a/lib/test_sysctl.c
> +++ b/lib/test_sysctl.c
> @@ -34,11 +34,15 @@ static int i_one_hundred = 100;
>
> struct test_sysctl_data {
> int int_0001;
> + int int_0002;
> +
> char string_0001[65];
> };
>
> static struct test_sysctl_data test_data = {
> .int_0001 = 60,
> + .int_0002 = 1,
> +
> .string_0001 = "(none)",
> };
>
> @@ -54,6 +58,13 @@ static struct ctl_table test_table[] = {
> .extra2 = &i_one_hundred,
> },
> {
> + .procname = "int_0002",
> + .data = &test_data.int_0002,
> + .maxlen = sizeof(int),
> + .mode = 0644,
> + .proc_handler = proc_dointvec,
> + },
> + {
> .procname = "string_0001",
> .data = &test_data.string_0001,
> .maxlen = sizeof(test_data.string_0001),
> diff --git a/tools/testing/selftests/sysctl/sysctl.sh b/tools/testing/selftests/sysctl/sysctl.sh
> index 14b9d875db42..45fd2ee5739c 100755
> --- a/tools/testing/selftests/sysctl/sysctl.sh
> +++ b/tools/testing/selftests/sysctl/sysctl.sh
> @@ -24,6 +24,7 @@ TEST_FILE=$(mktemp)
> # we have tons of space.
> ALL_TESTS="0001:1:1"
> ALL_TESTS="$ALL_TESTS 0002:1:1"
> +ALL_TESTS="$ALL_TESTS 0003:1:1"
>
> test_modprobe()
> {
> @@ -52,6 +53,9 @@ function allow_user_defaults()
> if [ -z $MAX_DIGITS ]; then
> MAX_DIGITS=$(($PAGE_SIZE/8))
> fi
> + if [ -z $INT_MAX ]; then
> + INT_MAX=$(getconf INT_MAX)
> + fi
> }
>
> test_reqs()
> @@ -92,6 +96,9 @@ reset_vals()
> int_0001)
> VAL="60"
> ;;
> + int_0002)
> + VAL="1"
> + ;;
> string_0001)
> VAL="(none)"
> ;;
> @@ -261,6 +268,48 @@ run_limit_digit()
> test_rc
> }
>
> +# You are using an int
> +run_limit_digit_int()
> +{
> + echo -n "Testing INT_MAX works ..."
> + reset_vals
> + TEST_STR="$INT_MAX"
> + echo -n $TEST_STR > $TARGET
> +
> + if ! verify "${TARGET}"; then
> + echo "FAIL" >&2
> + rc=1
> + else
> + echo "ok"
> + fi
> + test_rc
> +
> + echo -n "Testing INT_MAX + 1 will fail as expected..."
> + reset_vals
> + TEST_STR=$(($INT_MAX+1))

Is the shell always going to do the right thing here? Maybe these test
values should be explicitly hard-coded? I'm on the fence...

-Kees

--
Kees Cook
Pixel Security