import strace-5.18-2.el9

This commit is contained in:
CentOS Sources 2022-09-27 10:06:08 -04:00 committed by Stepan Oksanichenko
parent f4c4a32909
commit b11ca3663b
25 changed files with 1846 additions and 9075 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/strace-5.13.tar.xz SOURCES/strace-5.18.tar.xz

View File

@ -1 +1 @@
0f48c474de7d34009d3455f589efe790d24050b5 SOURCES/strace-5.13.tar.xz e038ea9fc29366ce6119cde27d8cf16ac554a353 SOURCES/strace-5.18.tar.xz

View File

@ -1,378 +0,0 @@
From 9aada05f4c7f95220a5b16416f530419db6b4dff Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 23 Jul 2021 08:00:00 +0000
Subject: [PATCH] tests: change sockopt-timestamp test to use
syscall(__NR_recvmsg)
Since the glibc recvmsg wrapper became unsuitable for our needs,
invoke __NR_recvmsg syscall directly.
* tests/sockopt-timestamp.c: Include "scno.h" and <errno.h>,
conditionalize on __NR_recvmsg.
(TEST_OLD_SCM_TIMESTAMPS): Remove.
(k_recvmsg): New function.
(test_sockopt): Use it instead of recvmsg.
---
tests/sockopt-timestamp.c | 72 ++++++++++++++++++++++-------------------------
1 file changed, 34 insertions(+), 38 deletions(-)
diff --git a/tests/sockopt-timestamp.c b/tests/sockopt-timestamp.c
index 56627bb..ed73ca1 100644
--- a/tests/sockopt-timestamp.c
+++ b/tests/sockopt-timestamp.c
@@ -9,44 +9,45 @@
*/
#include "tests.h"
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/socket.h>
-
-#if defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL \
- || defined HAVE_STRUCT___KERNEL_TIMESPEC
-# include <linux/time_types.h>
-#endif
+#include "scno.h"
-#include "kernel_timeval.h"
-#include "kernel_old_timespec.h"
+#ifdef __NR_recvmsg
-#define XLAT_MACROS_ONLY
-# include "xlat/sock_options.h"
-#undef XLAT_MACROS_ONLY
+# include <errno.h>
+# include <stdio.h>
+# include <string.h>
+# include <unistd.h>
+# include <sys/socket.h>
-#undef TEST_OLD_SCM_TIMESTAMPS
+# if defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL \
+ || defined HAVE_STRUCT___KERNEL_TIMESPEC
+# include <linux/time_types.h>
+# endif
-/*
- * Sadly, starting with commit
- * glibc-2.33.9000-707-g13c51549e2077f2f3bf84e8fd0b46d8b0c615912, on every
- * 32-bit architecture where 32-bit time_t support is enabled,
- * glibc mangles old scm timestamps.
- */
-#if GLIBC_PREREQ_GE(2, 33) && defined __TIMESIZE && __TIMESIZE != 64
-# define TEST_OLD_SCM_TIMESTAMPS 0
-#endif
+# include "kernel_timeval.h"
+# include "kernel_old_timespec.h"
-#ifndef TEST_OLD_SCM_TIMESTAMPS
-# define TEST_OLD_SCM_TIMESTAMPS 1
-#endif
+# define XLAT_MACROS_ONLY
+# include "xlat/sock_options.h"
+# undef XLAT_MACROS_ONLY
-#if TEST_OLD_SCM_TIMESTAMPS \
- || defined HAVE_STRUCT___KERNEL_TIMESPEC \
- || defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
+static const char *errstr;
+
+static long
+k_recvmsg(const unsigned int fd, const void *const ptr, const unsigned int flags)
+{
+ const kernel_ulong_t fill = (kernel_ulong_t) 0xdefaced00000000ULL;
+ const kernel_ulong_t bad = (kernel_ulong_t) 0xbadc0dedbadc0dedULL;
+ const kernel_ulong_t arg1 = fill | fd;
+ const kernel_ulong_t arg2 = (uintptr_t) ptr;
+ const kernel_ulong_t arg3 = fill | flags;
+ const long rc = syscall(__NR_recvmsg, arg1, arg2, arg3, bad, bad, bad);
+ if (rc && errno == ENOSYS)
+ perror_msg_and_skip("recvmsg");
+ errstr = sprintrc(rc);
+ return rc;
+}
-# if TEST_OLD_SCM_TIMESTAMPS
static void
print_timestamp_old(const struct cmsghdr *c)
{
@@ -84,7 +85,6 @@ print_timestampns_old(const struct cmsghdr *c)
printf("{tv_sec=%lld, tv_nsec=%lld}",
(long long) ts.tv_sec, (long long) ts.tv_nsec);
}
-# endif /* TEST_OLD_SCM_TIMESTAMPS */
# ifdef HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
static void
@@ -162,7 +162,7 @@ test_sockopt(int so_val, const char *str, void (*fun)(const struct cmsghdr *))
.msg_controllen = sizeof(control)
};
- if (recvmsg(sv[0], &mh, 0) != (int) size)
+ if (k_recvmsg(sv[0], &mh, 0) != (int) size)
perror_msg_and_fail("recvmsg");
if (close(sv[0]))
perror_msg_and_fail("close recv");
@@ -210,10 +210,8 @@ main(void)
const char *str;
void (*fun)(const struct cmsghdr *);
} tests[] = {
-# if TEST_OLD_SCM_TIMESTAMPS
{ SO_TIMESTAMP_OLD, "SO_TIMESTAMP_OLD", print_timestamp_old },
{ SO_TIMESTAMPNS_OLD, "SO_TIMESTAMPNS_OLD", print_timestampns_old },
-# endif
# ifdef HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
{ SO_TIMESTAMP_NEW, "SO_TIMESTAMP_NEW", print_timestamp_new },
# endif
@@ -235,8 +233,6 @@ main(void)
#else
-SKIP_MAIN_UNDEFINED("TEST_OLD_SCM_TIMESTAMPS"
- " || HAVE_STRUCT___KERNEL_TIMESPEC"
- " || HAVE_STRUCT___KERNEL_SOCK_TIMEVAL")
+SKIP_MAIN_UNDEFINED("__NR_recvmsg")
#endif
diff --git a/tests-m32/sockopt-timestamp.c b/tests-m32/sockopt-timestamp.c
index 56627bb..ed73ca1 100644
--- a/tests-m32/sockopt-timestamp.c
+++ b/tests-m32/sockopt-timestamp.c
@@ -9,44 +9,45 @@
*/
#include "tests.h"
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/socket.h>
-
-#if defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL \
- || defined HAVE_STRUCT___KERNEL_TIMESPEC
-# include <linux/time_types.h>
-#endif
+#include "scno.h"
-#include "kernel_timeval.h"
-#include "kernel_old_timespec.h"
+#ifdef __NR_recvmsg
-#define XLAT_MACROS_ONLY
-# include "xlat/sock_options.h"
-#undef XLAT_MACROS_ONLY
+# include <errno.h>
+# include <stdio.h>
+# include <string.h>
+# include <unistd.h>
+# include <sys/socket.h>
-#undef TEST_OLD_SCM_TIMESTAMPS
+# if defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL \
+ || defined HAVE_STRUCT___KERNEL_TIMESPEC
+# include <linux/time_types.h>
+# endif
-/*
- * Sadly, starting with commit
- * glibc-2.33.9000-707-g13c51549e2077f2f3bf84e8fd0b46d8b0c615912, on every
- * 32-bit architecture where 32-bit time_t support is enabled,
- * glibc mangles old scm timestamps.
- */
-#if GLIBC_PREREQ_GE(2, 33) && defined __TIMESIZE && __TIMESIZE != 64
-# define TEST_OLD_SCM_TIMESTAMPS 0
-#endif
+# include "kernel_timeval.h"
+# include "kernel_old_timespec.h"
-#ifndef TEST_OLD_SCM_TIMESTAMPS
-# define TEST_OLD_SCM_TIMESTAMPS 1
-#endif
+# define XLAT_MACROS_ONLY
+# include "xlat/sock_options.h"
+# undef XLAT_MACROS_ONLY
-#if TEST_OLD_SCM_TIMESTAMPS \
- || defined HAVE_STRUCT___KERNEL_TIMESPEC \
- || defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
+static const char *errstr;
+
+static long
+k_recvmsg(const unsigned int fd, const void *const ptr, const unsigned int flags)
+{
+ const kernel_ulong_t fill = (kernel_ulong_t) 0xdefaced00000000ULL;
+ const kernel_ulong_t bad = (kernel_ulong_t) 0xbadc0dedbadc0dedULL;
+ const kernel_ulong_t arg1 = fill | fd;
+ const kernel_ulong_t arg2 = (uintptr_t) ptr;
+ const kernel_ulong_t arg3 = fill | flags;
+ const long rc = syscall(__NR_recvmsg, arg1, arg2, arg3, bad, bad, bad);
+ if (rc && errno == ENOSYS)
+ perror_msg_and_skip("recvmsg");
+ errstr = sprintrc(rc);
+ return rc;
+}
-# if TEST_OLD_SCM_TIMESTAMPS
static void
print_timestamp_old(const struct cmsghdr *c)
{
@@ -84,7 +85,6 @@ print_timestampns_old(const struct cmsghdr *c)
printf("{tv_sec=%lld, tv_nsec=%lld}",
(long long) ts.tv_sec, (long long) ts.tv_nsec);
}
-# endif /* TEST_OLD_SCM_TIMESTAMPS */
# ifdef HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
static void
@@ -162,7 +162,7 @@ test_sockopt(int so_val, const char *str, void (*fun)(const struct cmsghdr *))
.msg_controllen = sizeof(control)
};
- if (recvmsg(sv[0], &mh, 0) != (int) size)
+ if (k_recvmsg(sv[0], &mh, 0) != (int) size)
perror_msg_and_fail("recvmsg");
if (close(sv[0]))
perror_msg_and_fail("close recv");
@@ -210,10 +210,8 @@ main(void)
const char *str;
void (*fun)(const struct cmsghdr *);
} tests[] = {
-# if TEST_OLD_SCM_TIMESTAMPS
{ SO_TIMESTAMP_OLD, "SO_TIMESTAMP_OLD", print_timestamp_old },
{ SO_TIMESTAMPNS_OLD, "SO_TIMESTAMPNS_OLD", print_timestampns_old },
-# endif
# ifdef HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
{ SO_TIMESTAMP_NEW, "SO_TIMESTAMP_NEW", print_timestamp_new },
# endif
@@ -235,8 +233,6 @@ main(void)
#else
-SKIP_MAIN_UNDEFINED("TEST_OLD_SCM_TIMESTAMPS"
- " || HAVE_STRUCT___KERNEL_TIMESPEC"
- " || HAVE_STRUCT___KERNEL_SOCK_TIMEVAL")
+SKIP_MAIN_UNDEFINED("__NR_recvmsg")
#endif
diff --git a/tests-mx32/sockopt-timestamp.c b/tests-mx32/sockopt-timestamp.c
index 56627bb..ed73ca1 100644
--- a/tests-mx32/sockopt-timestamp.c
+++ b/tests-mx32/sockopt-timestamp.c
@@ -9,44 +9,45 @@
*/
#include "tests.h"
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/socket.h>
-
-#if defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL \
- || defined HAVE_STRUCT___KERNEL_TIMESPEC
-# include <linux/time_types.h>
-#endif
+#include "scno.h"
-#include "kernel_timeval.h"
-#include "kernel_old_timespec.h"
+#ifdef __NR_recvmsg
-#define XLAT_MACROS_ONLY
-# include "xlat/sock_options.h"
-#undef XLAT_MACROS_ONLY
+# include <errno.h>
+# include <stdio.h>
+# include <string.h>
+# include <unistd.h>
+# include <sys/socket.h>
-#undef TEST_OLD_SCM_TIMESTAMPS
+# if defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL \
+ || defined HAVE_STRUCT___KERNEL_TIMESPEC
+# include <linux/time_types.h>
+# endif
-/*
- * Sadly, starting with commit
- * glibc-2.33.9000-707-g13c51549e2077f2f3bf84e8fd0b46d8b0c615912, on every
- * 32-bit architecture where 32-bit time_t support is enabled,
- * glibc mangles old scm timestamps.
- */
-#if GLIBC_PREREQ_GE(2, 33) && defined __TIMESIZE && __TIMESIZE != 64
-# define TEST_OLD_SCM_TIMESTAMPS 0
-#endif
+# include "kernel_timeval.h"
+# include "kernel_old_timespec.h"
-#ifndef TEST_OLD_SCM_TIMESTAMPS
-# define TEST_OLD_SCM_TIMESTAMPS 1
-#endif
+# define XLAT_MACROS_ONLY
+# include "xlat/sock_options.h"
+# undef XLAT_MACROS_ONLY
-#if TEST_OLD_SCM_TIMESTAMPS \
- || defined HAVE_STRUCT___KERNEL_TIMESPEC \
- || defined HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
+static const char *errstr;
+
+static long
+k_recvmsg(const unsigned int fd, const void *const ptr, const unsigned int flags)
+{
+ const kernel_ulong_t fill = (kernel_ulong_t) 0xdefaced00000000ULL;
+ const kernel_ulong_t bad = (kernel_ulong_t) 0xbadc0dedbadc0dedULL;
+ const kernel_ulong_t arg1 = fill | fd;
+ const kernel_ulong_t arg2 = (uintptr_t) ptr;
+ const kernel_ulong_t arg3 = fill | flags;
+ const long rc = syscall(__NR_recvmsg, arg1, arg2, arg3, bad, bad, bad);
+ if (rc && errno == ENOSYS)
+ perror_msg_and_skip("recvmsg");
+ errstr = sprintrc(rc);
+ return rc;
+}
-# if TEST_OLD_SCM_TIMESTAMPS
static void
print_timestamp_old(const struct cmsghdr *c)
{
@@ -84,7 +85,6 @@ print_timestampns_old(const struct cmsghdr *c)
printf("{tv_sec=%lld, tv_nsec=%lld}",
(long long) ts.tv_sec, (long long) ts.tv_nsec);
}
-# endif /* TEST_OLD_SCM_TIMESTAMPS */
# ifdef HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
static void
@@ -162,7 +162,7 @@ test_sockopt(int so_val, const char *str, void (*fun)(const struct cmsghdr *))
.msg_controllen = sizeof(control)
};
- if (recvmsg(sv[0], &mh, 0) != (int) size)
+ if (k_recvmsg(sv[0], &mh, 0) != (int) size)
perror_msg_and_fail("recvmsg");
if (close(sv[0]))
perror_msg_and_fail("close recv");
@@ -210,10 +210,8 @@ main(void)
const char *str;
void (*fun)(const struct cmsghdr *);
} tests[] = {
-# if TEST_OLD_SCM_TIMESTAMPS
{ SO_TIMESTAMP_OLD, "SO_TIMESTAMP_OLD", print_timestamp_old },
{ SO_TIMESTAMPNS_OLD, "SO_TIMESTAMPNS_OLD", print_timestampns_old },
-# endif
# ifdef HAVE_STRUCT___KERNEL_SOCK_TIMEVAL
{ SO_TIMESTAMP_NEW, "SO_TIMESTAMP_NEW", print_timestamp_new },
# endif
@@ -235,8 +233,6 @@ main(void)
#else
-SKIP_MAIN_UNDEFINED("TEST_OLD_SCM_TIMESTAMPS"
- " || HAVE_STRUCT___KERNEL_TIMESPEC"
- " || HAVE_STRUCT___KERNEL_SOCK_TIMEVAL")
+SKIP_MAIN_UNDEFINED("__NR_recvmsg")
#endif
--
2.1.4

View File

@ -1,77 +0,0 @@
From a034f8a50cbe15d250457ed2eefbf9db059f724f Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 18 Aug 2021 21:48:38 +0200
Subject: [PATCH 147/150] filter_qualify: free allocated data on the error path
exit of parse_poke_token
While not terribly required due to the fact that issues with option
parsing lead to program termination, these changes avoid leaking data
allocated in the function's scope and not stored elsewhere, which might
come handy if it ever be used dynamically during the runtime.
This also has been reported as resource leaks by covscan, and these
changes should calm it.
* src/filter_qualify.c (parse_poke_token): Go to err label instead of
returning right away; free poke->data, poke, and str_tokenized before
returning false.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1995509
---
src/filter_qualify.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/filter_qualify.c b/src/filter_qualify.c
index df05496..a1a6471 100644
--- a/src/filter_qualify.c
+++ b/src/filter_qualify.c
@@ -169,34 +169,40 @@ parse_poke_token(const char *input, struct inject_opts *fopts, bool isenter)
poke->is_enter = isenter;
if ((val = STR_STRIP_PREFIX(token, "@arg")) == token)
- return false;
+ goto err;
if ((val[0] >= '1') && (val[0] <= '7')) {
poke->arg_no = val[0] - '0';
} else {
- return false;
+ goto err;
}
if (val[1] != '=')
- return false;
+ goto err;
val += 2;
data_len = strlen(val);
if ((data_len == 0) || (data_len % 2) || (data_len > 2048))
- return false;
+ goto err;
data_len /= 2;
poke->data_len = data_len;
poke->data = xmalloc(data_len);
for (size_t i = 0; i < data_len; i++)
if (sscanf(&val[2 * i], "%2hhx", &poke->data[i]) != 1)
- return false;
+ goto err;
if (poke_add(fopts->data.poke_idx, poke))
- return false;
+ goto err;
}
free(str_tokenized);
fopts->data.flags |= flag;
return true;
+
+err:
+ free(poke->data);
+ free(poke);
+ free(str_tokenized);
+ return false;
}
static bool
--
2.1.4

View File

@ -1,70 +0,0 @@
From 3f3dd44f1964c54b55e8c84343579bd7c1924df5 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 18 Aug 2021 21:49:12 +0200
Subject: [PATCH 148/150] macros: expand BIT macros, add MASK macros; add
*_SAFE macros
These macros might make reading a code that often converts between powers
of 2 and values/masks a bit easier; moreover, the *_SAFE versions should
help in cases where the shift values are expected to be equal to the type
bit width (which lead to UB otherwise).
Switching from BIT to BIT32 should also clarify bitness, which may be somewhat
murky at times (cf. printxval, printflags, and printxvals).
* src/macros.h [!BIT] (BIT): Rename to...
[!BIT32] (BIT32): ...this.
[!BIT64] (BIT64): New macro.
[!MASK32] (MASK32): Likewise.
[!MASK64] (MASK64): Likewise.
(BIT32_SAFE, BIT64_SAFE, MASK32_SAFE, MASK64_SAFE): New macros.
(FLAG): Use BIT32.
---
src/macros.h | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/macros.h b/src/macros.h
index 467f5d0..2d7a83d 100644
--- a/src/macros.h
+++ b/src/macros.h
@@ -78,10 +78,34 @@ is_filled(const char *ptr, char fill, size_t size)
# define IS_ARRAY_ZERO(arr_) \
is_filled((const char *) (arr_), 0, sizeof(arr_) + MUST_BE_ARRAY(arr_))
-# ifndef BIT
-# define BIT(x_) (1U << (x_))
+# ifndef BIT32
+# define BIT32(x_) (1U << (x_))
# endif
-# define FLAG(name_) name_ = BIT(name_##_BIT)
+# ifndef BIT64
+# define BIT64(x_) (1ULL << (x_))
+# endif
+
+# ifndef MASK32
+# define MASK32(x_) (BIT32(x_) - 1U)
+# endif
+
+# ifndef MASK64
+# define MASK64(x_) (BIT64(x_) - 1ULL)
+# endif
+
+/*
+ * "Safe" versions that avoid UB for values that are >= type bit size
+ * (the usually expected behaviour of the bit shift in that case is zero,
+ * but at least powerpc is notorious for returning the input value when shift
+ * by 64 bits is performed).
+ */
+
+# define BIT32_SAFE(x_) ((x_) < 32 ? BIT32(x_) : 0)
+# define BIT64_SAFE(x_) ((x_) < 64 ? BIT64(x_) : 0)
+# define MASK32_SAFE(x_) (BIT32_SAFE(x_) - 1U)
+# define MASK64_SAFE(x_) (BIT64_SAFE(x_) - 1ULL)
+
+# define FLAG(name_) name_ = BIT32(name_##_BIT)
#endif /* !STRACE_MACROS_H */
--
2.1.4

View File

@ -1,151 +0,0 @@
From 8ef5456338a947944cc03b95c22c837af5884ddc Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 18 Aug 2021 21:51:22 +0200
Subject: [PATCH 149/150] trie: use BIT* and MASK* macros
This makes reading the code a bit easier. It also solves some issues
where there is a hypothertical possibility of having bit shifts of size
64, by virtue of using the *_SAFE macros (that should silence some
reported "left shifting by more than 63 bits has undefined behavior"
covscan issues).
* src/trie.c (trie_create): Use BIT32, MASK64.
(trie_create_data_block): Use BIT32, change iterator variable type
to size_t.
(trie_get_node): Use BIT64, MASK64.
(trie_data_block_calc_pos): Use BIT32, MASK64, MASK64_SAFE.
(trie_iterate_keys_node): Use BIT64, MASK64, MASK64_SAFE.
(trie_free_node): Use BIT64.
---
src/trie.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/trie.c b/src/trie.c
index 586ff25..0a231e4 100644
--- a/src/trie.c
+++ b/src/trie.c
@@ -15,6 +15,7 @@
#include <stdio.h>
#include "trie.h"
+#include "macros.h"
#include "xmalloc.h"
static const uint8_t ptr_sz_lg = (sizeof(void *) == 8 ? 6 : 5);
@@ -87,7 +88,7 @@ trie_create(uint8_t key_size, uint8_t item_size_lg, uint8_t node_key_bits,
/ t->node_key_bits;
if (item_size_lg != 6)
- t->empty_value &= (((uint64_t) 1 << (1 << t->item_size_lg)) - 1);
+ t->empty_value &= MASK64(BIT32(t->item_size_lg));
return t;
}
@@ -96,8 +97,8 @@ static void *
trie_create_data_block(struct trie *t)
{
uint64_t fill_value = t->empty_value;
- for (int i = 1; i < 1 << (6 - t->item_size_lg); i++) {
- fill_value <<= (1 << t->item_size_lg);
+ for (size_t i = 1; i < BIT32(6 - t->item_size_lg); i++) {
+ fill_value <<= BIT32(t->item_size_lg);
fill_value |= t->empty_value;
}
@@ -105,7 +106,7 @@ trie_create_data_block(struct trie *t)
if (sz < 6)
sz = 6;
- size_t count = 1 << (sz - 6);
+ size_t count = BIT32(sz - 6);
uint64_t *data_block = xcalloc(count, 8);
for (size_t i = 0; i < count; i++)
@@ -119,7 +120,7 @@ trie_get_node(struct trie *t, uint64_t key, bool auto_create)
{
void **cur_node = &(t->data);
- if (t->key_size < 64 && key > (uint64_t) 1 << t->key_size)
+ if (t->key_size < 64 && key > MASK64(t->key_size))
return NULL;
for (uint8_t cur_depth = 0; cur_depth <= t->max_depth; cur_depth++) {
@@ -133,13 +134,13 @@ trie_get_node(struct trie *t, uint64_t key, bool auto_create)
if (cur_depth == t->max_depth)
*cur_node = trie_create_data_block(t);
else
- *cur_node = xcalloc(1 << sz, 1);
+ *cur_node = xcalloc(BIT64(sz), 1);
}
if (cur_depth == t->max_depth)
break;
- size_t pos = (key >> offs) & ((1 << (sz - ptr_sz_lg)) - 1);
+ size_t pos = (key >> offs) & MASK64(sz - ptr_sz_lg);
cur_node = (((void **) (*cur_node)) + pos);
}
@@ -152,7 +153,7 @@ trie_data_block_calc_pos(struct trie *t, uint64_t key,
{
uint64_t key_mask;
- key_mask = (1 << t->data_block_key_bits) - 1;
+ key_mask = MASK64(t->data_block_key_bits);
*pos = (key & key_mask) >> (6 - t->item_size_lg);
if (t->item_size_lg == 6) {
@@ -161,10 +162,10 @@ trie_data_block_calc_pos(struct trie *t, uint64_t key,
return;
}
- key_mask = (1 << (6 - t->item_size_lg)) - 1;
- *offs = (key & key_mask) * (1 << t->item_size_lg);
+ key_mask = MASK64(6 - t->item_size_lg);
+ *offs = (key & key_mask) << t->item_size_lg;
- *mask = (((uint64_t) 1 << (1 << t->item_size_lg)) - 1) << *offs;
+ *mask = MASK64_SAFE(BIT32(t->item_size_lg)) << *offs;
}
bool
@@ -211,7 +212,7 @@ trie_iterate_keys_node(struct trie *t,
return 0;
if (t->key_size < 64) {
- uint64_t key_max = ((uint64_t) 1 << t->key_size) - 1;
+ uint64_t key_max = MASK64(t->key_size);
if (end > key_max)
end = key_max;
}
@@ -228,15 +229,14 @@ trie_iterate_keys_node(struct trie *t,
t->key_size :
trie_get_node_bit_offs(t, depth - 1);
- uint64_t first_key_in_node = start &
- (uint64_t) -1 << parent_node_bit_off;
+ uint64_t first_key_in_node = start & ~MASK64_SAFE(parent_node_bit_off);
uint8_t node_bit_off = trie_get_node_bit_offs(t, depth);
uint8_t node_key_bits = parent_node_bit_off - node_bit_off;
- uint64_t mask = ((uint64_t) 1 << (node_key_bits)) - 1;
+ uint64_t mask = MASK64_SAFE(node_key_bits);
uint64_t start_index = (start >> node_bit_off) & mask;
uint64_t end_index = (end >> node_bit_off) & mask;
- uint64_t child_key_count = (uint64_t) 1 << node_bit_off;
+ uint64_t child_key_count = BIT64(node_bit_off);
uint64_t count = 0;
@@ -274,7 +274,7 @@ trie_free_node(struct trie *t, void *node, uint8_t depth)
if (depth >= t->max_depth)
goto free_node;
- size_t sz = 1 << (trie_get_node_size(t, depth) - ptr_sz_lg);
+ size_t sz = BIT64(trie_get_node_size(t, depth) - ptr_sz_lg);
for (size_t i = 0; i < sz; i++)
trie_free_node(t, ((void **) node)[i], depth + 1);
--
2.1.4

View File

@ -1,52 +0,0 @@
From 3a68f90c2a5a208b475cc2014f85ae04541ec5b6 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 20 Aug 2021 21:31:01 +0200
Subject: [PATCH 150/150] tee: rewrite num_params access in tee_fetch_buf_data
Pointer to num_params field of the fetched structure is passed in a
separate function argument which provokes covscan complaints about
uninitialised accesses and also tingles my aliasing rules senses.
Rewrite to access it via the arg_struct argument which is fetched
earlier in the function flow.
* src/tee.c (TEE_FETCH_BUF_DATA): Change &arg_.num_params
to offsetof(typeof(arg_), num_params).
(tee_fetch_buf_data): Accept offset of the num_params field instead
of pointer to it; reconstruct the num_params pointer using it.
---
src/tee.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/tee.c b/src/tee.c
index f9eda52..d7e9b15 100644
--- a/src/tee.c
+++ b/src/tee.c
@@ -33,7 +33,7 @@ struct tee_ioctl_shm_register_fd_data {
#define TEE_FETCH_BUF_DATA(buf_, arg_, params_) \
tee_fetch_buf_data(tcp, arg, &buf_, sizeof(arg_), \
- &arg_, &arg_.num_params, \
+ &arg_, offsetof(typeof(arg_), num_params), \
params_)
/* session id is printed as 0x%x in libteec */
@@ -56,7 +56,7 @@ tee_fetch_buf_data(struct tcb *const tcp,
struct tee_ioctl_buf_data *buf,
size_t arg_size,
void *arg_struct,
- unsigned *num_params,
+ size_t num_params_offs,
uint64_t *params)
{
if (umove_or_printaddr(tcp, arg, buf))
@@ -69,6 +69,7 @@ tee_fetch_buf_data(struct tcb *const tcp,
tee_print_buf(buf);
return RVAL_IOCTL_DECODED;
}
+ uint32_t *num_params = (uint32_t *) (arg_struct + num_params_offs);
if (entering(tcp) &&
(arg_size + TEE_IOCTL_PARAM_SIZE(*num_params) != buf->buf_len)) {
/*
--
2.1.4

View File

@ -1,171 +0,0 @@
From 719ccf8f4bf4263b02c686f16f579fd6119bb52c Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 23 Aug 2021 18:24:39 +0200
Subject: [PATCH] tests: call setsockopt directly in sockopt-timestamp
While commit v5.13-10-g0211fdc "tests: change sockopt-timestamp test to
use syscall(__NR_recvmsg)" has fixed issues with glibc-induced mangling
on newer kernels, the combination of an older kernel and new glibc still
causes issues, as glibc silently falls back to SO_TIMESTAMP{,NS}_OLD, as
implemented in glibc-2.34~294 "linux: Add fallback for 64-bit time_t
SO_TIMESTAMP{NS}". Avoid that by calling setsockopt directly as well.
* tests/sockopt-timestamp.c (SC_setsockopt): New macro constant.
(k_setsockopt): New function.
(test_sockopt): Call k_setsockopt instead of setsockopt.
Complements: v5.13-10-g0211fdc "tests: change sockopt-timestamp test to use syscall(__NR_recvmsg)"
---
tests/sockopt-timestamp.c | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/tests/sockopt-timestamp.c b/tests/sockopt-timestamp.c
index 34c4d89..4bd96fd 100644
--- a/tests/sockopt-timestamp.c
+++ b/tests/sockopt-timestamp.c
@@ -48,6 +48,30 @@ k_recvmsg(const unsigned int fd, const void *const ptr, const unsigned int flags
return rc;
}
+#define SC_setsockopt 14
+static long
+k_setsockopt(const unsigned int fd, const unsigned int level,
+ const unsigned int optname, const void *const optval,
+ const unsigned int len)
+{
+ const kernel_ulong_t fill = (kernel_ulong_t) 0xdefaced00000000ULL;
+#ifdef __NR_setsockopt
+ const kernel_ulong_t bad = (kernel_ulong_t) 0xbadc0dedbadc0dedULL;
+#endif
+
+ return syscall(
+#ifdef __NR_setsockopt
+ __NR_setsockopt,
+#else /* socketcall */
+ __NR_socketcall, SC_setsockopt,
+#endif
+ fill | fd , fill | level, fill | optname, optval, fill | len
+#ifdef __NR_setsockopt
+ , bad
+#endif
+ );
+}
+
static void
print_timestamp_old(const struct cmsghdr *c)
{
@@ -139,7 +163,12 @@ test_sockopt(int so_val, const char *str, void (*fun)(const struct cmsghdr *))
perror_msg_and_skip(data);
const int opt_1 = 1;
- if (setsockopt(sv[0], SOL_SOCKET, so_val, &opt_1, sizeof(opt_1))) {
+ /*
+ * glibc-2.34~294 adds fallsback for SO_TIMESTAMP{,NS}_NEW that calls
+ * SO_TIMESTAMP{,NS}_OLD, so we have to call the setsockopt directly
+ * in order to avoid unexpected recvmsg msg types.
+ */
+ if (k_setsockopt(sv[0], SOL_SOCKET, so_val, &opt_1, sizeof(opt_1))) {
perror(str);
return 0;
}
diff --git a/tests-m32/sockopt-timestamp.c b/tests-m32/sockopt-timestamp.c
index 34c4d89..4bd96fd 100644
--- a/tests-m32/sockopt-timestamp.c
+++ b/tests-m32/sockopt-timestamp.c
@@ -48,6 +48,30 @@ k_recvmsg(const unsigned int fd, const void *const ptr, const unsigned int flags
return rc;
}
+#define SC_setsockopt 14
+static long
+k_setsockopt(const unsigned int fd, const unsigned int level,
+ const unsigned int optname, const void *const optval,
+ const unsigned int len)
+{
+ const kernel_ulong_t fill = (kernel_ulong_t) 0xdefaced00000000ULL;
+#ifdef __NR_setsockopt
+ const kernel_ulong_t bad = (kernel_ulong_t) 0xbadc0dedbadc0dedULL;
+#endif
+
+ return syscall(
+#ifdef __NR_setsockopt
+ __NR_setsockopt,
+#else /* socketcall */
+ __NR_socketcall, SC_setsockopt,
+#endif
+ fill | fd , fill | level, fill | optname, optval, fill | len
+#ifdef __NR_setsockopt
+ , bad
+#endif
+ );
+}
+
static void
print_timestamp_old(const struct cmsghdr *c)
{
@@ -139,7 +163,12 @@ test_sockopt(int so_val, const char *str, void (*fun)(const struct cmsghdr *))
perror_msg_and_skip(data);
const int opt_1 = 1;
- if (setsockopt(sv[0], SOL_SOCKET, so_val, &opt_1, sizeof(opt_1))) {
+ /*
+ * glibc-2.34~294 adds fallsback for SO_TIMESTAMP{,NS}_NEW that calls
+ * SO_TIMESTAMP{,NS}_OLD, so we have to call the setsockopt directly
+ * in order to avoid unexpected recvmsg msg types.
+ */
+ if (k_setsockopt(sv[0], SOL_SOCKET, so_val, &opt_1, sizeof(opt_1))) {
perror(str);
return 0;
}
diff --git a/tests-mx32/sockopt-timestamp.c b/tests-mx32/sockopt-timestamp.c
index 34c4d89..4bd96fd 100644
--- a/tests-mx32/sockopt-timestamp.c
+++ b/tests-mx32/sockopt-timestamp.c
@@ -48,6 +48,30 @@ k_recvmsg(const unsigned int fd, const void *const ptr, const unsigned int flags
return rc;
}
+#define SC_setsockopt 14
+static long
+k_setsockopt(const unsigned int fd, const unsigned int level,
+ const unsigned int optname, const void *const optval,
+ const unsigned int len)
+{
+ const kernel_ulong_t fill = (kernel_ulong_t) 0xdefaced00000000ULL;
+#ifdef __NR_setsockopt
+ const kernel_ulong_t bad = (kernel_ulong_t) 0xbadc0dedbadc0dedULL;
+#endif
+
+ return syscall(
+#ifdef __NR_setsockopt
+ __NR_setsockopt,
+#else /* socketcall */
+ __NR_socketcall, SC_setsockopt,
+#endif
+ fill | fd , fill | level, fill | optname, optval, fill | len
+#ifdef __NR_setsockopt
+ , bad
+#endif
+ );
+}
+
static void
print_timestamp_old(const struct cmsghdr *c)
{
@@ -139,7 +163,12 @@ test_sockopt(int so_val, const char *str, void (*fun)(const struct cmsghdr *))
perror_msg_and_skip(data);
const int opt_1 = 1;
- if (setsockopt(sv[0], SOL_SOCKET, so_val, &opt_1, sizeof(opt_1))) {
+ /*
+ * glibc-2.34~294 adds fallsback for SO_TIMESTAMP{,NS}_NEW that calls
+ * SO_TIMESTAMP{,NS}_OLD, so we have to call the setsockopt directly
+ * in order to avoid unexpected recvmsg msg types.
+ */
+ if (k_setsockopt(sv[0], SOL_SOCKET, so_val, &opt_1, sizeof(opt_1))) {
perror(str);
return 0;
}
--
2.1.4

View File

@ -1,55 +0,0 @@
From e27b06773eaf5c0307bcc5637d7457be9be1e6ea Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Wed, 1 Dec 2021 17:11:02 +0100
Subject: [PATCH] print_ifindex: fix IFNAME_QUOTED_SZ definition
sizeof(IFNAMSIZ) instead of IFNAMSIZ was mistakenly used
for IFNAME_QUOTED_SZ initial definition in commit v4.23~87
"print_ifindex: respect xlat style settings".
* src/print_ifindex.c (IFNAME_QUOTED_SZ): Use IFNAMSIZ
instead of sizeof(IFNAMSIZ).
* NEWS: Mention it.
Reported-by: Paulo Andrade <pandrade@redhat.com>
Suggested-by: Paulo Andrade <pandrade@redhat.com>
Fixes: v4.23~87 "print_ifindex: respect xlat style settings"
References: https://bugzilla.redhat.com/show_bug.cgi?id=2028146
---
NEWS | 4 ++++
src/print_ifindex.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 9bab673..a3036b8 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,12 @@ Noteworthy changes in release ?.?? (????-??-??)
PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.13.
+ * Bug fixes
+ * Fixed insufficient buffer size used for network interface name printing,
+ that previously led to assertions on attempts of printing interface names
+ that require quoting, for example, names longer than 4 characters in -xx
+ mode (addresses RHBZ bug #2028146).
+
* Portability
* On powerpc and powerpc64, linux kernel >= 2.6.23 is required.
Older versions without a decent PTRACE_GETREGS support will not work.
diff --git a/src/print_ifindex.c b/src/print_ifindex.c
index ec48093..dc9d592 100644
--- a/src/print_ifindex.c
+++ b/src/print_ifindex.c
@@ -13,7 +13,7 @@
# define INI_PFX "if_nametoindex(\""
# define INI_SFX "\")"
-# define IFNAME_QUOTED_SZ (sizeof(IFNAMSIZ) * 4 + 3)
+# define IFNAME_QUOTED_SZ (IFNAMSIZ * 4 + 3)
const char *
get_ifname(const unsigned int ifindex)
--
2.1.4

View File

@ -1,208 +0,0 @@
From b8f375c2c8140e759122bca3e3469386d3ba5184 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Mon, 29 Nov 2021 08:00:00 +0000
Subject: [PATCH 168/174] m4: fix st_SELINUX check
* m4/st_selinux.m4: Make sure selinux support is enabled only if
all expected functions are provided by libselinux.
Fixes: v5.12~49 "Implement --secontext[=full] option to display SELinux contexts"
---
m4/st_selinux.m4 | 36 ++++++++++++++++--------------------
1 file changed, 16 insertions(+), 20 deletions(-)
diff --git a/m4/st_selinux.m4 b/m4/st_selinux.m4
index da72a48..7b24eba 100644
--- a/m4/st_selinux.m4
+++ b/m4/st_selinux.m4
@@ -34,29 +34,25 @@ AS_IF([test "x$with_libselinux" != xno],
AS_IF([test "x$found_selinux_h" = xyes],
[saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
- AC_CHECK_LIB([selinux],[getpidcon],
- [libselinux_LIBS="-lselinux"
- enable_secontext=yes
- ],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find getpidcon in libselinux])
- fi
- ]
- )
- AC_CHECK_LIB([selinux],[getfilecon],
- [libselinux_LIBS="-lselinux"
- enable_secontext=yes
- ],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find getfilecon in libselinux])
- fi
- ]
+ missing=
+ for func in getpidcon getfilecon; do
+ AC_CHECK_LIB([selinux], [$func], [:],
+ [missing="$missing $func"])
+ done
+ AS_IF([test "x$missing" = x],
+ [libselinux_LIBS="-lselinux"
+ enable_secontext=yes
+ ],
+ [AS_IF([test "x$with_libselinux" != xcheck],
+ [AC_MSG_FAILURE([failed to find in libselinux:$missing])]
+ )
+ ]
)
LDFLAGS="$saved_LDFLAGS"
],
- [if test "x$with_libselinux" != xcheck; then
- AC_MSG_FAILURE([failed to find selinux.h])
- fi
+ [AS_IF([test "x$with_libselinux" != xcheck],
+ [AC_MSG_FAILURE([failed to find selinux.h])]
+ )
]
)
]
--- old/configure 2022-02-07 20:17:58.364068436 +0100
+++ new/configure 2022-02-07 20:19:17.092067347 +0100
@@ -18437,9 +18437,12 @@
if test "x$found_selinux_h" = xyes; then :
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $libselinux_LDFLAGS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpidcon in -lselinux" >&5
-$as_echo_n "checking for getpidcon in -lselinux... " >&6; }
-if ${ac_cv_lib_selinux_getpidcon+:} false; then :
+ missing=
+ for func in getpidcon getfilecon; do
+ as_ac_Lib=`$as_echo "ac_cv_lib_selinux_$func" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $func in -lselinux" >&5
+$as_echo_n "checking for $func in -lselinux... " >&6; }
+if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -18453,101 +18456,59 @@
#ifdef __cplusplus
extern "C"
#endif
-char getpidcon ();
+char $func ();
int
main ()
{
-return getpidcon ();
+return $func ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_selinux_getpidcon=yes
+ eval "$as_ac_Lib=yes"
else
- ac_cv_lib_selinux_getpidcon=no
+ eval "$as_ac_Lib=no"
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getpidcon" >&5
-$as_echo "$ac_cv_lib_selinux_getpidcon" >&6; }
-if test "x$ac_cv_lib_selinux_getpidcon" = xyes; then :
- libselinux_LIBS="-lselinux"
- enable_secontext=yes
-
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
+ :
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to find getpidcon in libselinux
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-
-
+ missing="$missing $func"
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getfilecon in -lselinux" >&5
-$as_echo_n "checking for getfilecon in -lselinux... " >&6; }
-if ${ac_cv_lib_selinux_getfilecon+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lselinux $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getfilecon ();
-int
-main ()
-{
-return getfilecon ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_selinux_getfilecon=yes
-else
- ac_cv_lib_selinux_getfilecon=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getfilecon" >&5
-$as_echo "$ac_cv_lib_selinux_getfilecon" >&6; }
-if test "x$ac_cv_lib_selinux_getfilecon" = xyes; then :
+ done
+ if test "x$missing" = x; then :
libselinux_LIBS="-lselinux"
- enable_secontext=yes
+ enable_secontext=yes
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ if test "x$with_libselinux" != xcheck; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to find getfilecon in libselinux
+as_fn_error $? "failed to find in libselinux:$missing
See \`config.log' for more details" "$LINENO" 5; }
- fi
-
fi
+
+fi
LDFLAGS="$saved_LDFLAGS"
else
- if test "x$with_libselinux" != xcheck; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ if test "x$with_libselinux" != xcheck; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to find selinux.h
See \`config.log' for more details" "$LINENO" 5; }
- fi
+
+fi
fi
--
2.1.4

View File

@ -1,122 +0,0 @@
From f5fd689e40322a7b08a97eb2d26f192610728230 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 16:10:28 +0100
Subject: [PATCH 170/174] tests/linkat: reset errno before SELinux context
manipulation
To avoid printing a stale error information in case of mismatch check
failure.
* tests/linkat.c: Include <errno.h>.
(main): Add "errno = 0" before update_secontext_field calls.
---
tests/linkat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/linkat.c b/tests/linkat.c
index 1a869e3..c3e2ee4 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -10,6 +10,7 @@
#include "tests.h"
#include "scno.h"
+#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,6 +92,7 @@ main(void)
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
@@ -112,6 +114,7 @@ main(void)
free(sample_1_secontext);
#endif
+ errno = 0;
update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -142,6 +145,7 @@ main(void)
int dfd_old = get_dir_fd(".");
char *cwd = get_fd_path(dfd_old);
+ errno = 0;
update_secontext_field(".", SECONTEXT_TYPE, "default_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
--
2.1.4

View File

@ -1,356 +0,0 @@
From 4951286eb634c00c11883b851c91f3a21975eabd Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:03:57 +0100
Subject: [PATCH 171/174] tests/secontext: add secontext field getters
* tests/secontext.h (get_secontext_field, get_secontext_field_file): New
declarations.
* tests/secontext.c (get_type_from_context): Rename to...
(get_secontext_field): ...this; remove "static" qualifier; add "field"
argument, use it.
(raw_expected_secontext_short_file, raw_secontext_short_pid): Replace
get_type_from_context call with get_secontext_field.
(get_secontext_field_file): New function.
(raw_secontext_short_file): Replace body with get_secontext_field_file
call.
---
tests/secontext.c | 27 +++++++++++++++------------
tests/secontext.h | 20 ++++++++++++++++++++
2 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/tests/secontext.c b/tests/secontext.c
index 848eea9..52211ed 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests/secontext.h b/tests/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests/secontext.h
+++ b/tests/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index 848eea9..52211ed 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests-m32/secontext.h
+++ b/tests-m32/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index 848eea9..52211ed 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -56,8 +56,8 @@ strip_trailing_newlines(char *context)
return context;
}
-static char *
-get_type_from_context(const char *full_context)
+char *
+get_secontext_field(const char *full_context, enum secontext_field field)
{
int saved_errno = errno;
@@ -72,7 +72,7 @@ get_type_from_context(const char *full_context)
char *context = NULL;
for (token = strtok_r(ctx_copy, ":", &saveptr), i = 0;
token; token = strtok_r(NULL, ":", &saveptr), i++) {
- if (i == 2) {
+ if (i == field) {
context = xstrdup(token);
break;
}
@@ -122,7 +122,7 @@ raw_expected_secontext_short_file(const char *filename)
int saved_errno = errno;
char *ctx = raw_expected_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
@@ -144,20 +144,23 @@ raw_secontext_full_file(const char *filename)
return full_secontext;
}
-static char *
-raw_secontext_short_file(const char *filename)
+char *
+get_secontext_field_file(const char *file, enum secontext_field field)
{
- int saved_errno = errno;
-
- char *ctx = raw_secontext_full_file(filename);
- char *type = get_type_from_context(ctx);
+ char *ctx = raw_secontext_full_file(file);
+ char *type = get_secontext_field(ctx, field);
free(ctx);
- errno = saved_errno;
return type;
}
static char *
+raw_secontext_short_file(const char *filename)
+{
+ return get_secontext_field_file(filename, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -178,7 +181,7 @@ raw_secontext_short_pid(pid_t pid)
int saved_errno = errno;
char *ctx = raw_secontext_full_pid(pid);
- char *type = get_type_from_context(ctx);
+ char *type = get_secontext_field(ctx, SECONTEXT_TYPE);
free(ctx);
errno = saved_errno;
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
index 1d0251a..e5571d5 100644
--- a/tests-mx32/secontext.h
+++ b/tests-mx32/secontext.h
@@ -23,6 +23,15 @@ enum secontext_field {
#if defined TEST_SECONTEXT && defined HAVE_SELINUX_RUNTIME
+/**
+ * Parse a SELinux context string and return a specified field, duplicated
+ * in a separate string. The caller is responsible for freeing the memory
+ * pointed by the returned value.
+ */
+char *get_secontext_field(const char *full_context, enum secontext_field field);
+
+char *get_secontext_field_file(const char *file, enum secontext_field field);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -48,6 +57,17 @@ void update_secontext_field(const char *file, enum secontext_field field,
#else
+static inline char *
+get_secontext_field(const char *ctx, enum secontext_field field)
+{
+ return NULL;
+}
+static inline char *
+get_secontext_field_file(const char *file, enum secontext_field field)
+{
+ return NULL;
+}
+
static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
--
2.1.4

View File

@ -1,181 +0,0 @@
From 97e2742a7f1e6e113354911d04505ada3bfb5d70 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:04:42 +0100
Subject: [PATCH 172/174] tests/linkat: provide fallback values for secontext
fields changes
* tests/linkat.c (mangle_secontext_field): New function.
(main): Replace calls to update_secontext_field
with mangle_secontext_field calls.
---
tests/linkat.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/tests/linkat.c b/tests/linkat.c
index c3e2ee4..decb736 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
index c3e2ee4..decb736 100644
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
index c3e2ee4..decb736 100644
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -21,6 +21,20 @@
#include "secontext.h"
#include "xmalloc.h"
+static void
+mangle_secontext_field(const char *path, enum secontext_field field,
+ const char *new_val, const char *fallback_val)
+{
+ char *orig = get_secontext_field_file(path, field);
+ if (!orig)
+ return;
+
+ update_secontext_field(path, field,
+ strcmp(new_val, orig) ? new_val : fallback_val);
+
+ free(orig);
+}
+
int
main(void)
{
@@ -93,7 +107,8 @@ main(void)
#ifdef PRINT_SECONTEXT_MISMATCH
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_USER, "system_u");
+ mangle_secontext_field(sample_1, SECONTEXT_USER, "system_u",
+ "unconfined_u");
sample_1_secontext = SECONTEXT_FILE(sample_1);
# ifdef PRINT_SECONTEXT_FULL
@@ -115,7 +130,8 @@ main(void)
#endif
errno = 0;
- update_secontext_field(sample_1, SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(sample_1, SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
sample_1_secontext = SECONTEXT_FILE(sample_1);
sample_2_secontext = sample_1_secontext;
@@ -146,7 +162,8 @@ main(void)
char *cwd = get_fd_path(dfd_old);
errno = 0;
- update_secontext_field(".", SECONTEXT_TYPE, "default_t");
+ mangle_secontext_field(".", SECONTEXT_TYPE, "default_t",
+ "unconfined_t");
char *dfd_old_secontext = SECONTEXT_FILE(".");
#ifdef PRINT_SECONTEXT_MISMATCH
--
2.1.4

View File

@ -1,63 +0,0 @@
From 6e8aa3749cb7e11e9a59db996f79f036bf7ef263 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:05:19 +0100
Subject: [PATCH 173/174] tests/secontext: eliminate separate secontext_format
declaration
* tests/secontext.c (secontext_format): Remove declaration, supply
the attributes to the definition.
---
tests/secontext.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/tests/secontext.c b/tests/secontext.c
index 52211ed..ba271c8 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index 52211ed..ba271c8 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index 52211ed..ba271c8 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -23,10 +23,7 @@
# define TEST_SECONTEXT
# include "secontext.h"
-static char *
-secontext_format(char *context, const char *fmt)
- ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC;
-
+ATTRIBUTE_FORMAT((printf, 2, 0)) ATTRIBUTE_MALLOC
static char *
secontext_format(char *context, const char *fmt)
{
--
2.1.4

View File

@ -1,190 +0,0 @@
From 78a81bcfb71ef3d9f6e8b1a32e123fbbc6112a60 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 18 Jan 2022 18:24:34 +0100
Subject: [PATCH 174/174] tests/linkat: reset context to the expected one if a
mismatch has been detected
* tests/secontext.h (reset_secontext_file): New declaration.
* tests/secontext.c (reset_secontext_file): New function.
* tests/linkat.c (main): Check that there is no initial mismatch
in the sample_1 context, reset it otherwise.
---
tests/linkat.c | 3 +++
tests/secontext.c | 7 +++++++
tests/secontext.h | 7 +++++++
3 files changed, 17 insertions(+)
diff --git a/tests/linkat.c b/tests/linkat.c
index decb736..781b85a 100644
--- a/tests/linkat.c
+++ b/tests/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests/secontext.c b/tests/secontext.c
index ba271c8..94fadd4 100644
--- a/tests/secontext.c
+++ b/tests/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests/secontext.h b/tests/secontext.h
index e5571d5..387263e 100644
--- a/tests/secontext.h
+++ b/tests/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
diff --git a/tests-m32/linkat.c b/tests-m32/linkat.c
index decb736..781b85a 100644
--- a/tests-m32/linkat.c
+++ b/tests-m32/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-m32/secontext.c b/tests-m32/secontext.c
index ba271c8..94fadd4 100644
--- a/tests-m32/secontext.c
+++ b/tests-m32/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-m32/secontext.h b/tests-m32/secontext.h
index e5571d5..387263e 100644
--- a/tests-m32/secontext.h
+++ b/tests-m32/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
diff --git a/tests-mx32/linkat.c b/tests-mx32/linkat.c
index decb736..781b85a 100644
--- a/tests-mx32/linkat.c
+++ b/tests-mx32/linkat.c
@@ -103,6 +103,9 @@ main(void)
if (close(fd_sample_2))
perror_msg_and_fail("close");
+ if (*sample_1_secontext && strstr(sample_1_secontext, "!!"))
+ reset_secontext_file(sample_1);
+
free(sample_1_secontext);
#ifdef PRINT_SECONTEXT_MISMATCH
diff --git a/tests-mx32/secontext.c b/tests-mx32/secontext.c
index ba271c8..94fadd4 100644
--- a/tests-mx32/secontext.c
+++ b/tests-mx32/secontext.c
@@ -235,6 +235,13 @@ secontext_short_pid(pid_t pid)
return FORMAT_SPACE_AFTER(raw_secontext_short_pid(pid));
}
+void reset_secontext_file(const char *file)
+{
+ char *proper_ctx = raw_expected_secontext_full_file(file);
+ (void) setfilecon(file, proper_ctx);
+ free(proper_ctx);
+}
+
void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
diff --git a/tests-mx32/secontext.h b/tests-mx32/secontext.h
index e5571d5..387263e 100644
--- a/tests-mx32/secontext.h
+++ b/tests-mx32/secontext.h
@@ -32,6 +32,8 @@ char *get_secontext_field(const char *full_context, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
+void reset_secontext_file(const char *file);
+
void update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue);
@@ -69,6 +71,11 @@ get_secontext_field_file(const char *file, enum secontext_field field)
}
static inline void
+reset_secontext_file(const char *file)
+{
+}
+
+static inline void
update_secontext_field(const char *file, enum secontext_field field,
const char *newvalue)
{
--
2.1.4

View File

@ -0,0 +1,58 @@
From 2bf069698a384ff2bc62d2a10544d49d766b4d7f Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 27 Jun 2022 18:00:17 +0200
Subject: [PATCH] src/xlat: remove remnants of unnecessary idx usage in xlookup
As there is no idx saving between calls anymore, there's no need to use
(and update) idx in the XT_SORTED case. Reported by clang as a dead store:
Error: CLANG_WARNING:
strace-5.18/src/xlat.c:84:4: warning[deadcode.DeadStores]: Value stored to 'idx' is never read
* src/xlat.c (xlookup): Remove idx declaration; declare idx inside
of the for loop in the XT_NORMAL case; do not offset x->data and x->size
by offs in the XT_SORTED case and do not update idx upon successful
lookup.
Complements: v5.15~164 "xlat: no longer interpret NULL xlat as continuation"
---
src/xlat.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
Index: strace-5.18/src/xlat.c
===================================================================
--- strace-5.18.orig/src/xlat.c 2022-07-12 17:11:52.660927011 +0200
+++ strace-5.18/src/xlat.c 2022-07-12 17:16:18.116794139 +0200
@@ -61,7 +61,6 @@
const char *
xlookup(const struct xlat *x, const uint64_t val)
{
- size_t idx = 0;
const struct xlat_data *e;
if (!x || !x->data)
@@ -69,21 +68,18 @@
switch (x->type) {
case XT_NORMAL:
- for (; idx < x->size; idx++)
+ for (size_t idx = 0; idx < x->size; idx++)
if (x->data[idx].val == val)
return x->data[idx].str;
break;
case XT_SORTED:
e = bsearch((const void *) &val,
- x->data + idx,
- x->size - idx,
+ x->data, x->size,
sizeof(x->data[0]),
xlat_bsearch_compare);
- if (e) {
- idx = e - x->data;
+ if (e)
return e->str;
- }
break;
case XT_INDEXED:

View File

@ -0,0 +1,56 @@
From e604d7bfd18cf5f29e6723091cc1db2945c918c9 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:46:53 +0200
Subject: [PATCH] strauss: tips whitespace and phrasing cleanups
* src/strauss.c (tips_tricks_tweaks): Fix some whitespace and phrasing
issues.
---
src/strauss.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
Index: strace-5.18/src/strauss.c
===================================================================
--- strace-5.18.orig/src/strauss.c 2022-07-12 17:17:08.712197019 +0200
+++ strace-5.18/src/strauss.c 2022-07-12 17:17:20.685055717 +0200
@@ -128,8 +128,8 @@
{ "strace is about as old as the Linux kernel.",
"It has been originally written for SunOS",
"by Paul Kranenburg in 1991. The support",
- "for all OSes except Linux has been dropped",
- "since 2012, though, in strace 4.7." },
+ "for all OSes except Linux was dropped"
+ "in 2012, though, in strace 4.7." },
{ "strace is able to decode netlink messages.",
"It does so automatically for I/O performed",
"on netlink sockets. Try it yourself:", "",
@@ -187,7 +187,7 @@
"want to try --seccomp-bpf option, maybe you",
"will feel better." },
{ "-v is a shorthand for -e abbrev=none and not",
- " for -e verbose=all. It is idiosyncratic,",
+ "for -e verbose=all. It is idiosyncratic,",
"but it is the historic behaviour." },
{ "strace uses netlink for printing",
"protocol-specific information about socket",
@@ -254,7 +254,7 @@
"by invoking it with the following options:", "",
" strace -DDDqqq -enone --signal=none" },
{ "Historically, supplying -o option to strace",
- "led to silencing of messages about tracee",
+ "leads to silencing of messages about tracee",
"attach/detach and personality changes.",
"It can be now overridden with --quiet=none",
"option." },
@@ -285,8 +285,9 @@
"will trace all syscalls related to accessing",
"and modifying process's user/group IDs",
"and capability sets. Other pre-defined",
- "syscall classes include %clock, %desc,%file,",
- "%ipc,%memory, %net,%process, and %signal." },
+ "syscall classes include %clock, %desc,"
+ "%file, %ipc, %memory, %net, %process,"
+ "and %signal." },
{ "Trying to figure out communication between",
"tracees inside a different PID namespace",
"(in so-called \"containers\", for example)?",

View File

@ -0,0 +1,48 @@
From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:47:56 +0200
Subject: [PATCH] strauss: fix off-by-one error in strauss array access
It has to be limited with strauss_lines - 1, not strauss_lines.
Reported by covscan:
Error: OVERRUN (CWE-119):
strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"
implies that "i" is at least 33 on the false branch.
strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"
of 37 8-byte elements at element index 37 (byte offset 303) using index
"(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).
* src/strauss.c (print_totd): Limit strauss array accesses to
strauss_lines - 1 instead of strauss_lines.
---
src/strauss.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/strauss.c b/src/strauss.c
index 98af183..b22ab6a 100644
--- a/src/strauss.c
+++ b/src/strauss.c
@@ -373,16 +373,16 @@ print_totd(void)
tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],
w, w, tips_tricks_tweaks[id][i] ?: "",
tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],
- strauss[MIN(3 + i, strauss_lines)]);
+ strauss[MIN(3 + i, strauss_lines - 1)]);
}
fprintf(stderr, "%s%s\n",
- tip_bottom, strauss[MIN(3 + i, strauss_lines)]);
+ tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);
do {
fprintf(stderr, "%*s%*s%*s%s\n",
(int) strlen(tip_left[0]), "",
w, "",
(int) strlen(tip_right[0]), "",
- strauss[MIN(4 + i, strauss_lines)]);
+ strauss[MIN(4 + i, strauss_lines - 1)]);
} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));
printed = true;
--
2.1.4

View File

@ -0,0 +1,62 @@
From 6d3e97e83a7d61cbb2f5109efb4b519383a55712 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Tue, 28 Jun 2022 16:55:49 +0200
Subject: [PATCH] util: add offs sanity check to print_clock_t
While it is not strictly needed right now, the code that uses
the calculated offs value lacks any checks for possible buf overruns,
which is not defensive enough, so let's add them. Reported by covscan:
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:249: overrun-local: Overrunning array of 30 bytes
at byte offset 31 by dereferencing pointer "buf + offs". [Note: The source
code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:253: overrun-buffer-arg: Overrunning array "buf"
of 30 bytes by passing it to a function which accesses it at byte offset
32 using argument "offs + 2UL" (which evaluates to 33). [Note: The source
code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
strace-5.18/src/util.c:248: assignment: Assigning:
"offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
16 and 31 (inclusive).
strace-5.18/src/util.c:254: overrun-local: Overrunning array "buf"
of 30 bytes at byte offset 32 using index "offs + 1UL" (which evaluates
to 32).
* src/util.c (print_clock_t): Add check that offs is small enough
for it and "offs + 2" not to overrun buf.
---
src/util.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/util.c b/src/util.c
index 5f87acb..93aa7b3 100644
--- a/src/util.c
+++ b/src/util.c
@@ -246,6 +246,14 @@ print_clock_t(uint64_t val)
*/
char buf[sizeof(uint64_t) * 3 + sizeof("0.0 s")];
size_t offs = ilog10(val / clk_tck);
+ /*
+ * This check is mostly to appease covscan, which thinks
+ * that offs can go as high as 31 (it cannot), but since
+ * there is no proper sanity checks against offs overrunning
+ * buf down the code, it may as well be here.
+ */
+ if (offs > (sizeof(buf) - sizeof("0.0 s")))
+ return;
int ret = snprintf(buf + offs, sizeof(buf) - offs, "%.*f s",
frac_width,
(double) (val % clk_tck) / clk_tck);
--
2.1.4

View File

@ -0,0 +1,882 @@
From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Tue, 21 Jun 2022 08:43:00 +0200
Subject: [PATCH] secontext: print context of Unix socket's sun_path field
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
* src/sockaddr.c: Include "secontext.h".
(print_sockaddr_data_un): Print the SELinux context of sun_path field
using selinux_printfilecon.
* NEWS: Mention this change.
* tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd,
raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New
functions.
* tests/secontext.h (secontext_full_fd, secontext_short_fd,
get_secontext_field_fd): New prototypes.
(SECONTEXT_FD): New macro.
* tests/sockname.c: Include "secontext.h".
(test_sockname_syscall): Update expected output.
* tests/gen_tests.in (getsockname--secontext,
getsockname--secontext_full, getsockname--secontext_full_mismatch,
getsockname--secontext_mismatch): New tests.
Resolves: https://github.com/strace/strace/pull/214
---
NEWS | 1 +
src/sockaddr.c | 3 +++
tests/gen_tests.in | 4 ++++
tests/secontext.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
tests/secontext.h | 12 ++++++++++++
tests/sockname.c | 54 +++++++++++++++++++++++++++++++++++-------------------
6 files changed, 104 insertions(+), 19 deletions(-)
Index: strace-5.18/NEWS
===================================================================
--- strace-5.18.orig/NEWS 2022-07-12 18:20:18.495470531 +0200
+++ strace-5.18/NEWS 2022-07-12 18:20:44.531163262 +0200
@@ -5,6 +5,7 @@
* Added an interface of raising des Strausses awareness.
* Added --tips option to print strace tips, tricks, and tweaks
at the end of the tracing session.
+ * Implemented printing of Unix socket sun_path field's SELinux context.
* Enhanced decoding of bpf and io_uring_register syscalls.
* Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl
commands.
Index: strace-5.18/src/sockaddr.c
===================================================================
--- strace-5.18.orig/src/sockaddr.c 2022-07-12 18:17:36.745379483 +0200
+++ strace-5.18/src/sockaddr.c 2022-07-12 18:20:18.495470531 +0200
@@ -63,6 +63,8 @@
#include "xlat/mctp_addrs.h"
#include "xlat/mctp_nets.h"
+#include "secontext.h"
+
#define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family)
struct sockaddr_rxrpc {
@@ -115,6 +117,7 @@
if (sa_un->sun_path[0]) {
print_quoted_string(sa_un->sun_path, path_len + 1,
QUOTE_0_TERMINATED);
+ selinux_printfilecon(tcp, sa_un->sun_path);
} else {
tprints("@");
print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0);
Index: strace-5.18/tests/gen_tests.in
===================================================================
--- strace-5.18.orig/tests/gen_tests.in 2022-07-12 18:17:36.746379471 +0200
+++ strace-5.18/tests/gen_tests.in 2022-07-12 18:20:18.496470519 +0200
@@ -225,6 +225,10 @@
getsid -a10
getsid--pidns-translation test_pidns -e trace=getsid -a10
getsockname -a27
+getsockname--secontext -a27 --secontext -e trace=getsockname
+getsockname--secontext_full -a27 --secontext=full -e trace=getsockname
+getsockname--secontext_full_mismatch -a27 --secontext=full,mismatch -e trace=getsockname
+getsockname--secontext_mismatch -a27 --secontext=mismatch -e trace=getsockname
gettid -a9
getuid-creds +getuid.test
getuid32 +getuid.test
Index: strace-5.18/tests/secontext.c
===================================================================
--- strace-5.18.orig/tests/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests/secontext.h
===================================================================
--- strace-5.18.orig/tests/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests/sockname.c
===================================================================
--- strace-5.18.orig/tests/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}
Index: strace-5.18/tests-m32/secontext.c
===================================================================
--- strace-5.18.orig/tests-m32/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-m32/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests-m32/secontext.h
===================================================================
--- strace-5.18.orig/tests-m32/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-m32/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests-m32/sockname.c
===================================================================
--- strace-5.18.orig/tests-m32/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests-m32/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}
Index: strace-5.18/tests-mx32/secontext.c
===================================================================
--- strace-5.18.orig/tests-mx32/secontext.c 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-mx32/secontext.c 2022-07-12 18:20:18.496470519 +0200
@@ -141,6 +141,21 @@
return full_secontext;
}
+static char *
+raw_secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *full_secontext = NULL;
+ char *secontext;
+
+ if (fgetfilecon(fd, &secontext) >= 0) {
+ full_secontext = strip_trailing_newlines(xstrdup(secontext));
+ freecon(secontext);
+ }
+ errno = saved_errno;
+ return full_secontext;
+}
+
char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
@@ -151,6 +166,16 @@
return type;
}
+char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ char *ctx = raw_secontext_full_fd(fd);
+ char *type = get_secontext_field(ctx, field);
+ free(ctx);
+
+ return type;
+}
+
static char *
raw_secontext_short_file(const char *filename)
{
@@ -158,6 +183,12 @@
}
static char *
+raw_secontext_short_fd(int fd)
+{
+ return get_secontext_field_fd(fd, SECONTEXT_TYPE);
+}
+
+static char *
raw_secontext_full_pid(pid_t pid)
{
int saved_errno = errno;
@@ -205,6 +236,15 @@
}
char *
+secontext_full_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_full_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
+
+char *
secontext_full_pid(pid_t pid)
{
return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
@@ -228,6 +268,15 @@
errno = saved_errno;
return FORMAT_SPACE_BEFORE(context);
}
+
+char *
+secontext_short_fd(int fd)
+{
+ int saved_errno = errno;
+ char *context = raw_secontext_short_fd(fd);
+ errno = saved_errno;
+ return FORMAT_SPACE_BEFORE(context);
+}
char *
secontext_short_pid(pid_t pid)
Index: strace-5.18/tests-mx32/secontext.h
===================================================================
--- strace-5.18.orig/tests-mx32/secontext.h 2022-07-12 18:17:36.747379459 +0200
+++ strace-5.18/tests-mx32/secontext.h 2022-07-12 18:20:18.496470519 +0200
@@ -9,9 +9,11 @@
#include "xmalloc.h"
#include <unistd.h>
+char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
@@ -30,6 +32,7 @@
*/
char *get_secontext_field(const char *full_context, enum secontext_field field);
+char *get_secontext_field_fd(int fd, enum secontext_field field);
char *get_secontext_field_file(const char *file, enum secontext_field field);
void reset_secontext_file(const char *file);
@@ -44,6 +47,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_full_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_full_fd(fd)
# define SECONTEXT_PID(pid) secontext_full_pid(pid)
# else
@@ -53,6 +57,7 @@
# else
# define SECONTEXT_FILE(filename) secontext_short_file(filename, false)
# endif
+# define SECONTEXT_FD(fd) secontext_short_fd(fd)
# define SECONTEXT_PID(pid) secontext_short_pid(pid)
# endif
@@ -65,6 +70,12 @@
return NULL;
}
static inline char *
+get_secontext_field_fd(int fd, enum secontext_field field)
+{
+ return NULL;
+}
+
+static inline char *
get_secontext_field_file(const char *file, enum secontext_field field)
{
return NULL;
@@ -81,6 +92,7 @@
{
}
+# define SECONTEXT_FD(fd) xstrdup("")
# define SECONTEXT_FILE(filename) xstrdup("")
# define SECONTEXT_PID(pid) xstrdup("")
Index: strace-5.18/tests-mx32/sockname.c
===================================================================
--- strace-5.18.orig/tests-mx32/sockname.c 2022-07-12 18:17:36.748379448 +0200
+++ strace-5.18/tests-mx32/sockname.c 2022-07-12 18:20:18.496470519 +0200
@@ -18,6 +18,8 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include "secontext.h"
+
#ifndef TEST_SYSCALL_NAME
# error TEST_SYSCALL_NAME must be defined
#endif
@@ -59,14 +61,19 @@
*plen = sizeof(struct sockaddr_un);
struct sockaddr_un *addr = tail_alloc(*plen);
+ char *my_secontext = SECONTEXT_PID_MY();
+ char *fd_secontext = SECONTEXT_FD(fd);
+
PREPARE_TEST_SYSCALL_INVOCATION;
int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
memset(addr, 0, sizeof(*addr));
@@ -75,28 +82,34 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
", [%d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
(int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
- printf("%s(%d%s, %p, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
- sprintrc(rc));
+ printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
+ addr, SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
- printf("%s(%d%s, NULL, NULL%s) = %s\n",
- TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext,
+ rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
SUFFIX_STR, sprintrc(rc));
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen + 1 SUFFIX_ARGS);
- printf("%s(%d%s, %p, %p%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
plen + 1, SUFFIX_STR, sprintrc(rc));
const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
@@ -108,8 +121,9 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
++addr;
@@ -121,17 +135,19 @@
plen SUFFIX_ARGS);
if (rc < 0)
perror_msg_and_skip(TEST_SYSCALL_STR);
- printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
+ printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
", [%d => %d]%s) = %d\n",
- TEST_SYSCALL_STR, fd, PREFIX_S_STR,
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
(int) (sizeof(struct sockaddr) - offsetof_sun_path),
- addr->sun_path, (int) sizeof(struct sockaddr),
- (int) *plen, SUFFIX_STR, rc);
+ addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
PREPARE_TEST_SYSCALL_INVOCATION;
rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
plen SUFFIX_ARGS);
- printf("%s(%d%s, %p, [%d]%s) = %s\n",
- TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
+ printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
+ my_secontext,
+ TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
*plen, SUFFIX_STR, sprintrc(rc));
}

View File

@ -0,0 +1,374 @@
From 676979fa9cc7920e5e4d547814f9c0edb597fa0d Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Thu, 30 Jun 2022 16:01:05 +0200
Subject: [PATCH] pathtrace, util: do not print " (deleted)" as part of the
path
In order to allow to discern the unlinked paths from the paths that
do indeed end with " (deleted)".
* src/defs.h (getfdpath_pid): Add deleted parameter.
(getfdpath): Pass NULL as deleted parameter to getfdpath_pid.
* src/largefile_wrappers.h (lstat_file): New macro.
* src/pathtrace.c: Include <sys/stat.h>, <sys/types.h>, <unistd.h>,
and "largefile_wrappers.h".
(getfdpath_pid): Add deleted parameter, check if path ends with
" (deleted)", and if it is, try to figure out if it is a part
of the path by comparing device/inode numbers of the file procfs
link resolves into and the file pointed by the path read; strip
" (deleted)"; set deleted (if it is non-NULL) to true if the fd
is turned out to be deleted and to false otherwise.
* src/util.c (print_quoted_string_in_angle_brackets): Add deleted
parameter, print "(deleted)" after the closing angle bracket if it is
non-NULL.
(printfd_pid): Add deleted local variable, pass it to getfdpath_pid
and print_quoted_string_in_angle_brackets calls.
* tests/fchmod.c: Add checks for a file with " (deleted)" in the path,
update expected output.
* NEWS: Mention the change.
---
NEWS | 5 +++++
src/defs.h | 5 +++--
src/largefile_wrappers.h | 2 ++
src/pathtrace.c | 48 +++++++++++++++++++++++++++++++++++++++++++++---
src/util.c | 10 +++++++---
tests/fchmod.c | 47 +++++++++++++++++++++++++++++++++++++++++++----
6 files changed, 105 insertions(+), 12 deletions(-)
Index: strace-5.18/NEWS
===================================================================
--- strace-5.18.orig/NEWS 2022-07-13 12:52:48.219784860 +0200
+++ strace-5.18/NEWS 2022-07-13 12:52:48.451782122 +0200
@@ -1,6 +1,11 @@
Noteworthy changes in release 5.18 (2022-06-18)
===============================================
+* Changes in behaviour
+ * The "(deleted)" marker for unlinked paths of file descriptors is now printed
+ outside angle brackets; the matching of unlinked paths of file descriptors
+ no longer includes the " (deleted)" part into consideration.
+
* Improvements
* Added an interface of raising des Strausses awareness.
* Added --tips option to print strace tips, tricks, and tweaks
Index: strace-5.18/src/defs.h
===================================================================
--- strace-5.18.orig/src/defs.h 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/defs.h 2022-07-13 12:52:54.532710356 +0200
@@ -785,12 +785,13 @@
return pathtrace_match_set(tcp, &global_path_set);
}
-extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize);
+extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
+ bool *deleted);
static inline int
getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize)
{
- return getfdpath_pid(tcp->pid, fd, buf, bufsize);
+ return getfdpath_pid(tcp->pid, fd, buf, bufsize, NULL);
}
extern unsigned long getfdinode(struct tcb *, int);
Index: strace-5.18/src/largefile_wrappers.h
===================================================================
--- strace-5.18.orig/src/largefile_wrappers.h 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/largefile_wrappers.h 2022-07-13 12:52:48.451782122 +0200
@@ -31,6 +31,7 @@
# endif
# define fstat_fd fstat64
# define strace_stat_t struct stat64
+# define lstat_file lstat64
# define stat_file stat64
# define struct_dirent struct dirent64
# define read_dir readdir64
@@ -42,6 +43,7 @@
# define fcntl_fd fcntl
# define fstat_fd fstat
# define strace_stat_t struct stat
+# define lstat_file lstat
# define stat_file stat
# define struct_dirent struct dirent
# define read_dir readdir
Index: strace-5.18/src/pathtrace.c
===================================================================
--- strace-5.18.orig/src/pathtrace.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/src/pathtrace.c 2022-07-13 12:52:54.532710356 +0200
@@ -10,7 +10,11 @@
#include "defs.h"
#include <limits.h>
#include <poll.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include "largefile_wrappers.h"
#include "number_set.h"
#include "sen.h"
#include "xstring.h"
@@ -77,7 +81,7 @@
* Get path associated with fd of a process with pid.
*/
int
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize)
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
@@ -91,12 +95,50 @@
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
+ if (n < 0)
+ goto end;
+
/*
* NB: if buf is too small, readlink doesn't fail,
* it returns truncated result (IOW: n == bufsize - 1).
*/
- if (n >= 0)
- buf[n] = '\0';
+ buf[n] = '\0';
+ if (deleted)
+ *deleted = false;
+
+ /*
+ * Try to figure out if the kernel has appended " (deleted)"
+ * to the end of a potentially unlinked path and set deleted
+ * if it is the case.
+ */
+ static const char del_sfx[] = " (deleted)";
+ if ((size_t) n <= sizeof(del_sfx))
+ goto end;
+
+ char *del = buf + n + 1 - sizeof(del_sfx);
+
+ if (memcmp(del, del_sfx, sizeof(del_sfx)))
+ goto end;
+
+ strace_stat_t st_link;
+ strace_stat_t st_path;
+ int rc = stat_file(linkpath, &st_link);
+
+ if (rc)
+ goto end;
+
+ rc = lstat_file(buf, &st_path);
+
+ if (rc ||
+ (st_link.st_ino != st_path.st_ino) ||
+ (st_link.st_dev != st_path.st_dev)) {
+ *del = '\0';
+ n = del - buf + 1;
+ if (deleted)
+ *deleted = true;
+ }
+
+end:
return n;
}
Index: strace-5.18/src/util.c
===================================================================
--- strace-5.18.orig/src/util.c 2022-07-13 12:52:47.989787575 +0200
+++ strace-5.18/src/util.c 2022-07-13 12:52:48.452782111 +0200
@@ -735,12 +735,15 @@
}
static void
-print_quoted_string_in_angle_brackets(const char *str)
+print_quoted_string_in_angle_brackets(const char *str, const bool deleted)
{
tprints("<");
print_quoted_string_ex(str, strlen(str),
QUOTE_OMIT_LEADING_TRAILING_QUOTES, "<>");
tprints(">");
+
+ if (deleted)
+ tprints("(deleted)");
}
void
@@ -749,8 +752,9 @@
PRINT_VAL_D(fd);
char path[PATH_MAX + 1];
+ bool deleted;
if (pid > 0 && !number_set_array_is_empty(decode_fd_set, 0)
- && getfdpath_pid(pid, fd, path, sizeof(path)) >= 0) {
+ && getfdpath_pid(pid, fd, path, sizeof(path), &deleted) >= 0) {
if (is_number_in_set(DECODE_FD_SOCKET, decode_fd_set) &&
printsocket(tcp, fd, path))
goto printed;
@@ -761,7 +765,7 @@
printpidfd(pid, fd, path))
goto printed;
if (is_number_in_set(DECODE_FD_PATH, decode_fd_set))
- print_quoted_string_in_angle_brackets(path);
+ print_quoted_string_in_angle_brackets(path, deleted);
printed: ;
}
Index: strace-5.18/tests/fchmod.c
===================================================================
--- strace-5.18.orig/tests/fchmod.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/tests/fchmod.c 2022-07-13 12:52:48.452782111 +0200
@@ -35,10 +35,17 @@
(void) unlink(sample);
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
if (fd == -1)
- perror_msg_and_fail("open");
+ perror_msg_and_fail("open(\"%s\")", sample);
+
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
+ (void) unlink(sample_del);
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
+ if (fd_del == -1)
+ perror_msg_and_fail("open(\"%s\")", sample);
# ifdef YFLAG
char *sample_realpath = get_fd_path(fd);
+ char *sample_del_realpath = get_fd_path(fd_del);
# endif
const char *sample_secontext = SECONTEXT_FILE(sample);
@@ -56,12 +63,27 @@
sample_secontext,
sprintrc(rc));
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
+ rc = syscall(__NR_fchmod, fd_del, 0600);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
+# else
+ printf("%s%s(%d%s, 0600) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
if (unlink(sample))
- perror_msg_and_fail("unlink");
+ perror_msg_and_fail("unlink(\"%s\")", sample);
rc = syscall(__NR_fchmod, fd, 051);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
# else
printf("%s%s(%d%s, 051) = %s\n",
# endif
@@ -73,9 +95,26 @@
sample_secontext,
sprintrc(rc));
+ if (unlink(sample_del))
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
+
+ rc = syscall(__NR_fchmod, fd_del, 051);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+# else
+ printf("%s%s(%d%s, 051) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
rc = syscall(__NR_fchmod, fd, 004);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
# else
printf("%s%s(%d%s, 004) = %s\n",
# endif
Index: strace-5.18/tests-m32/fchmod.c
===================================================================
--- strace-5.18.orig/tests-m32/fchmod.c 2022-07-13 12:52:29.405006910 +0200
+++ strace-5.18/tests-m32/fchmod.c 2022-07-13 12:52:48.452782111 +0200
@@ -35,10 +35,17 @@
(void) unlink(sample);
int fd = open(sample, O_CREAT|O_RDONLY, 0400);
if (fd == -1)
- perror_msg_and_fail("open");
+ perror_msg_and_fail("open(\"%s\")", sample);
+
+ static const char sample_del[] = "fchmod_sample_file (deleted)";
+ (void) unlink(sample_del);
+ int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
+ if (fd_del == -1)
+ perror_msg_and_fail("open(\"%s\")", sample);
# ifdef YFLAG
char *sample_realpath = get_fd_path(fd);
+ char *sample_del_realpath = get_fd_path(fd_del);
# endif
const char *sample_secontext = SECONTEXT_FILE(sample);
@@ -56,12 +63,27 @@
sample_secontext,
sprintrc(rc));
+ const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
+ rc = syscall(__NR_fchmod, fd_del, 0600);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>%s, 0600) = %s\n",
+# else
+ printf("%s%s(%d%s, 0600) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
if (unlink(sample))
- perror_msg_and_fail("unlink");
+ perror_msg_and_fail("unlink(\"%s\")", sample);
rc = syscall(__NR_fchmod, fd, 051);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
# else
printf("%s%s(%d%s, 051) = %s\n",
# endif
@@ -73,9 +95,26 @@
sample_secontext,
sprintrc(rc));
+ if (unlink(sample_del))
+ perror_msg_and_fail("unlink(\"%s\")", sample_del);
+
+ rc = syscall(__NR_fchmod, fd_del, 051);
+# ifdef YFLAG
+ printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+# else
+ printf("%s%s(%d%s, 051) = %s\n",
+# endif
+ my_secontext, "fchmod",
+ fd_del,
+# ifdef YFLAG
+ sample_del_realpath,
+# endif
+ sample_del_secontext,
+ sprintrc(rc));
+
rc = syscall(__NR_fchmod, fd, 004);
# ifdef YFLAG
- printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
+ printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
# else
printf("%s%s(%d%s, 004) = %s\n",
# endif

View File

@ -0,0 +1,209 @@
From 3f0e5340b651da98251a58cc7923525d69f96032 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Fri, 1 Jul 2022 10:45:48 +0200
Subject: [PATCH] secontext: fix expected SELinux context check for unlinked
FDs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
selinux_getfdcon open-coded a part of getfdpath_pid since it tries
to do the same job, figure out a path associated with an FD, for slightly
different purpose: to get the expected SELinux context for it. As the previous
commit shows, it's a bit more complicated in cases when the path ends
with the " (deleted)" string, which is also used for designated unlinked paths
in procfs. Otherwise, it may manifest in test failures such as this:
[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0
-[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 051) = 0
+[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 004) = 0
+++ exited with 0 +++
+ fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+ printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch
+ exit 1
FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1)
that happens due to the fact that the get_expected_filecontext() call
is made against the path with the " (deleted)" part, which is wrong (it
is more wrong than shown above when a file with the path that ends with
" (deleted)" exists). Moreover, it would be incorrect to call stat()
on that path.
Let's factor out the common part of the code and simply call it
from selinux_getfdcon, then use the st_mode from the procfs link.
* src/defs.h (get_proc_pid_fd_path): New declaration.
* src/pathtrace.c (get)proc_pid_fd_path): New function, part
of getfdpath_pid that performs link resolution and processing
of the result.
(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution.
* src/secontext.c (get_expected_filecontext): Add mode parameter, use
it in selabel_lookup call instead of retrieveing file mode using stat()
if it is not -1.
(selinux_getfdcon): Call get_proc_pid_fd_path instead
of open-coding path resolution code, call stat() on the procfs link
and pass the retrieved st_mode to the get_expected_filecontext call.
(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext
call.
Reported-by: Václav Kadlčík <vkadlcik@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693
---
src/defs.h | 15 +++++++++++++++
src/pathtrace.c | 26 ++++++++++++++++++--------
src/secontext.c | 35 +++++++++++++++++++++--------------
3 files changed, 54 insertions(+), 22 deletions(-)
Index: strace-5.18/src/defs.h
===================================================================
--- strace-5.18.orig/src/defs.h 2022-07-12 18:22:01.563254140 +0200
+++ strace-5.18/src/defs.h 2022-07-12 18:22:06.202199392 +0200
@@ -785,6 +785,21 @@
return pathtrace_match_set(tcp, &global_path_set);
}
+/**
+ * Resolves a path for a fd procfs PID proc_pid (the one got from
+ * get_proc_pid()).
+ *
+ * @param proc_pid PID number in /proc, obtained with get_proc_pid().
+ * @param fd FD to resolve path for.
+ * @param buf Buffer to store the resolved path in.
+ * @param bufsize The size of buf.
+ * @param deleted If non-NULL, set to true if the path associated with the FD
+ * seems to have been unlinked and to false otherwise.
+ * @return Number of bytes written including terminating '\0'.
+ */
+extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf,
+ unsigned bufsize, bool *deleted);
+
extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
bool *deleted);
Index: strace-5.18/src/pathtrace.c
===================================================================
--- strace-5.18.orig/src/pathtrace.c 2022-07-12 18:22:01.532254506 +0200
+++ strace-5.18/src/pathtrace.c 2022-07-12 18:22:06.202199392 +0200
@@ -77,11 +77,9 @@
set->paths_selected[set->num_selected++] = path;
}
-/*
- * Get path associated with fd of a process with pid.
- */
int
-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+get_proc_pid_fd_path(int proc_pid, int fd, char *buf, unsigned bufsize,
+ bool *deleted)
{
char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
ssize_t n;
@@ -89,10 +87,6 @@
if (fd < 0)
return -1;
- int proc_pid = get_proc_pid(pid);
- if (!proc_pid)
- return -1;
-
xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
n = readlink(linkpath, buf, bufsize - 1);
if (n < 0)
@@ -143,6 +137,22 @@
}
/*
+ * Get path associated with fd of a process with pid.
+ */
+int
+getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+{
+ if (fd < 0)
+ return -1;
+
+ int proc_pid = get_proc_pid(pid);
+ if (!proc_pid)
+ return -1;
+
+ return get_proc_pid_fd_path(proc_pid, fd, buf, bufsize, deleted);
+}
+
+/*
* Add a path to the set we're tracing. Also add the canonicalized
* version of the path. Specifying NULL will delete all paths.
*/
Index: strace-5.18/src/secontext.c
===================================================================
--- strace-5.18.orig/src/secontext.c 2022-07-12 18:22:01.564254128 +0200
+++ strace-5.18/src/secontext.c 2022-07-12 18:22:06.203199380 +0200
@@ -62,7 +62,7 @@
}
static int
-get_expected_filecontext(const char *path, char **secontext)
+get_expected_filecontext(const char *path, char **secontext, int mode)
{
static struct selabel_handle *hdl;
@@ -80,12 +80,7 @@
}
}
- strace_stat_t stb;
- if (stat_file(path, &stb) < 0) {
- return -1;
- }
-
- return selabel_lookup(hdl, secontext, path, stb.st_mode);
+ return selabel_lookup(hdl, secontext, path, mode);
}
/*
@@ -130,16 +125,22 @@
/*
* We need to resolve the path, because selabel_lookup() doesn't
- * resolve anything. Using readlink() is sufficient here.
+ * resolve anything.
*/
+ char buf[PATH_MAX + 1];
+ ssize_t n = get_proc_pid_fd_path(proc_pid, fd, buf, sizeof(buf), NULL);
+ if ((size_t) n >= (sizeof(buf) - 1))
+ return 0;
- char buf[PATH_MAX];
- ssize_t n = readlink(linkpath, buf, sizeof(buf));
- if ((size_t) n >= sizeof(buf))
+ /*
+ * We retrieve stat() here since the path the procfs link resolves into
+ * may be reused by a different file with different context.
+ */
+ strace_stat_t st;
+ if (stat_file(linkpath, &st))
return 0;
- buf[n] = '\0';
- get_expected_filecontext(buf, expected);
+ get_expected_filecontext(buf, expected, st.st_mode);
return 0;
}
@@ -190,7 +191,13 @@
if (!resolved)
return 0;
- get_expected_filecontext(resolved, expected);
+ strace_stat_t st;
+ if (stat_file(resolved, &st) < 0)
+ goto out;
+
+ get_expected_filecontext(resolved, expected, st.st_mode);
+
+out:
free(resolved);
return 0;

View File

@ -0,0 +1,70 @@
From 5338636cd9ae7f53ed73f1a7909db03189ea2ff3 Mon Sep 17 00:00:00 2001
From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Mon, 4 Jul 2022 12:29:22 +0200
Subject: [PATCH] tests/bpf: fix sloppy low FD number usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
FD 42 can already be opened, so close it. Otherwise, it may lead
to the following test failure:
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
bpf(BPF_LINK_CREATE, 0x3ff95574fe5, 28) = 841540765612359407 (INJECTED)
-bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
+bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
[...]
FAIL bpf-success-long-y.test (exit status: 1)
* tests/bpf.c (init_BPF_LINK_CREATE_attr7): Close iter_info_data[1] fd.
Fixes: v5.18~18 "bpf: improve bpf(BPF_LINK_CREATE) decoding"
Reported-by: Lenka Špačková <lkuprova@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103137
---
tests/bpf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/bpf.c b/tests/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests/bpf.c
+++ b/tests/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
diff --git a/tests-m32/bpf.c b/tests-m32/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests-m32/bpf.c
+++ b/tests-m32/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
diff --git a/tests-mx32/bpf.c b/tests-mx32/bpf.c
index 82d870e..6c1ffd4 100644
--- a/tests-mx32/bpf.c
+++ b/tests-mx32/bpf.c
@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
{
struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ close(iter_info_data[1]);
+
if (!iter_info_data_p) {
iter_info_data_p = tail_memdup(iter_info_data,
sizeof(iter_info_data));
--
2.1.4

View File

@ -1,9 +1,9 @@
Summary: Tracks and displays system calls associated with a running process Summary: Tracks and displays system calls associated with a running process
Name: strace Name: strace
Version: 5.13 Version: 5.18
Release: 7%{?dist} Release: 2%{?dist}
# The test suite is GPLv2+, all the rest is LGPLv2.1+. # The test suite is GPLv2+, all the rest is LGPLv2.1+.
License: LGPL-2.1+ and GPL-2.0+ License: LGPL-2.1-or-later and GPL-2.0-or-later
# Some distros require Group tag to be present, # Some distros require Group tag to be present,
# some require Group tag to be absent, # some require Group tag to be absent,
# some do not care about Group tag at all, # some do not care about Group tag at all,
@ -42,30 +42,53 @@ BuildRequires: pkgconfig(bluez)
%{?!buildroot:BuildRoot: %_tmppath/buildroot-%name-%version-%release} %{?!buildroot:BuildRoot: %_tmppath/buildroot-%name-%version-%release}
%define maybe_use_defattr %{?suse_version:%%defattr(-,root,root)} %define maybe_use_defattr %{?suse_version:%%defattr(-,root,root)}
# v5.13-10-g0211fdc "tests: change sockopt-timestamp test to use syscall(__NR_recvmsg)" ## v5.13-10-g0211fdc "tests: change sockopt-timestamp test to use syscall(__NR_recvmsg)"
Patch141: 0141-tests-change-sockopt-timestamp-test-to-use-syscall-_.patch #Patch141: 0141-tests-change-sockopt-timestamp-test-to-use-syscall-_.patch
# v5.13-55-g6b2191f "filter_qualify: free allocated data on the error path exit of parse_poke_token" ## v5.13-55-g6b2191f "filter_qualify: free allocated data on the error path exit of parse_poke_token"
Patch150: 0150-filter_qualify-free-allocated-data-on-the-error-path.patch #Patch150: 0150-filter_qualify-free-allocated-data-on-the-error-path.patch
# v5.13-56-g80dc60c "macros: expand BIT macros, add MASK macros; add *_SAFE macros" ## v5.13-56-g80dc60c "macros: expand BIT macros, add MASK macros; add *_SAFE macros"
Patch151: 0151-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch #Patch151: 0151-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch
# v5.13-58-g94ae5c2 "trie: use BIT* and MASK* macros" ## v5.13-58-g94ae5c2 "trie: use BIT* and MASK* macros"
Patch152: 0152-trie-use-BIT-and-MASK-macros.patch #Patch152: 0152-trie-use-BIT-and-MASK-macros.patch
# v5.13-65-g41b753e "tee: rewrite num_params access in tee_fetch_buf_data" ## v5.13-65-g41b753e "tee: rewrite num_params access in tee_fetch_buf_data"
Patch153: 0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch #Patch153: 0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
Patch154: 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch ## v5.14~12 "tests: call setsockopt directly in sockopt-timestamp"
#Patch154: 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch
# v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition" ## v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition"
Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch #Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
# v5.15~18 "m4: fix st_SELINUX check" ## v5.15~18 "m4: fix st_SELINUX check"
Patch168: 0168-m4-fix-st_SELINUX-check.patch #Patch168: 0168-m4-fix-st_SELINUX-check.patch
# v5.16~31 "Implement displaying of expected context upon mismatch" ## v5.16~31 "Implement displaying of expected context upon mismatch"
Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch #Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch
Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch #Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
Patch171: 0171-tests-secontext-add-secontext-field-getters.patch #Patch171: 0171-tests-secontext-add-secontext-field-getters.patch
Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch #Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch #Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch #Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
## https://bugzilla.redhat.com/2103068 covscan fixes
# v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup"
Patch175: 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch
# v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups"
Patch176: 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
# v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access"
Patch177: 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch
# v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t"
Patch178: 0178-util-add-offs-sanity-check-to-print_clock_t.patch
## https://bugzilla.redhat.com/2087693
# v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field"
Patch179: 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
# v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path"
Patch180: 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
# v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs"
Patch181: 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
## https://bugzilla.redhat.com/2103137
# v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage"
Patch182: 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
# Fallback definitions for make_build/make_install macros # Fallback definitions for make_build/make_install macros
%{?!__make: %global __make %_bindir/make} %{?!__make: %global __make %_bindir/make}
@ -86,26 +109,38 @@ received by a process.
%prep %prep
%setup -q %setup -q
%patch141 -p1 #%patch141 -p1
%patch150 -p1 #%patch150 -p1
%patch151 -p1 #%patch151 -p1
%patch152 -p1 #%patch152 -p1
%patch153 -p1 #%patch153 -p1
%patch154 -p1 #%patch154 -p1
%patch167 -p1 #%patch167 -p1
%patch168 -p1 #%patch168 -p1
%patch169 -p1 #%patch169 -p1
%patch170 -p1 #%patch170 -p1
%patch171 -p1 #%patch171 -p1
%patch172 -p1 #%patch172 -p1
%patch173 -p1 #%patch173 -p1
%patch174 -p1 #%patch174 -p1
%patch175 -p1
%patch176 -p1
%patch177 -p1
%patch178 -p1
%patch179 -p1
%patch180 -p1
%patch181 -p1
%patch182 -p1
chmod a+x tests/*.test
echo -n %version-%release > .tarball-version echo -n %version-%release > .tarball-version
echo -n 2021 > .year echo -n 2022 > .year
echo -n 2021-07-20 > doc/.strace.1.in.date echo -n 2022-06-22 > doc/.strace.1.in.date
echo -n 2022-06-22 > doc/.strace-log-merge.1.in.date
%build %build
echo 'BEGIN OF BUILD ENVIRONMENT INFORMATION' echo 'BEGIN OF BUILD ENVIRONMENT INFORMATION'
@ -159,6 +194,15 @@ echo 'END OF TEST SUITE INFORMATION'
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Jul 11 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-2
- Fix the issues reported by covscan (#2103068).
- Fix SELinux context matching for the deleted paths (#2087693).
- Fix sloppy FD usage in the bpf test (#2103137).
- Cater for RHEL 9 license requirement idiosyncrasies (#2103032).
* Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1
- Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002).
* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-7 * Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-7
- Update tests-m32 and tests-mx32 with --secontext=mismatch option support - Update tests-m32 and tests-mx32 with --secontext=mismatch option support
changes (#2046264). changes (#2046264).