search

linux-test-project / ltp

Linux Test Project (mailing list: https://lists.linux.it/listinfo/ltp)
https://linux-test-project.readthedocs.io/
GNU General Public License v2.0
2.32k stars 1.01k forks source link

Add test for audit oops #916

Open metan-ucw opened 2 years ago

metan-ucw commented 2 years ago

See:

commit 7a82f89de92aac5a244d3735b2bd162c1147620c
Author: Paul Moore <paul@paul-moore.com>
Date:   Wed Feb 9 14:49:38 2022 -0500

    audit: don't deref the syscall args when checking the openat2 open_how::flags

    As reported by Jeff, dereferencing the openat2 syscall argument in
    audit_match_perm() to obtain the open_how::flags can result in an
    oops/page-fault.  This patch fixes this by using the open_how struct
    that we store in the audit_context with audit_openat2_how().

    Fixes: 1c30e3af8a79 ("audit: add support for the openat2 syscall")

I guess that after all we should add a very basic audit test support for LTP, something similar that the Common Criteria tests do, just call a bunch of syscalls and make sure they are logged correctly and that the system does not crash.

The original CC testsuite code is a bit messy the main function for this is the run_test() in the syscalls/run.conf [1] but basically what it does is to prepare environment for the syscall (e.g. create file if the syscall in question is unlink()) rotate audit logs, then calls the sycall helper and grep audit logs if the syscall was logged correctly.

[1] https://github.com/comps/audit-test/blob/83a7521d8187e15ca0991631fd3db2aab911dbc7/audit-test/syscalls/run.conf#L73

There is also another more modern audit testsuite that is combination of C and perl at [2].

[2] https://github.com/linux-audit/audit-testsuite

For LTP audit smoketest I would limit us to C if possible, maybe generate the actual tests based on some syscall description table.