1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH v3 0/3] Don't touch user data from tests
  4. View patch

[libvirt] [PATCH v3 3/3] virtestmock: Track action

Michal Privoznik posted 3 patches 7 years, 6 months ago
[libvirt] [PATCH v3 3/3] virtestmock: Track action
Posted by Michal Privoznik 7 years, 6 months ago 
As advertised in the previous commit, we need the list of
accessed files to also contain action that caused the $path to
appear on the list. Not only this enables us to fine tune our
white list rules it also helps us to see why $path is reported.
For instance:

  /run/user/1000/libvirt/libvirt-sock: connect: qemuxml2argvtest: QEMU XML-2-ARGV net-vhostuser-multiq

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 tests/virtestmock.c | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/tests/virtestmock.c b/tests/virtestmock.c
index 654af24a10..25aadf8aea 100644
--- a/tests/virtestmock.c
+++ b/tests/virtestmock.c
@@ -88,7 +88,8 @@ static void init_syms(void)
 }
 
 static void
-printFile(const char *file)
+printFile(const char *file,
+          const char *func)
 {
     FILE *fp;
     const char *testname = getenv("VIR_TEST_MOCK_TESTNAME");
@@ -116,9 +117,9 @@ printFile(const char *file)
     }
 
     /* Now append the following line into the output file:
-     * $file: $progname $testname */
+     * $file: $progname: $func: $testname */
 
-    fprintf(fp, "%s: %s", file, progname);
+    fprintf(fp, "%s: %s: %s", file, func, progname);
     if (testname)
         fprintf(fp, ": %s", testname);
 
@@ -128,8 +129,12 @@ printFile(const char *file)
     fclose(fp);
 }
 
+#define CHECK_PATH(path) \
+    checkPath(path, __FUNCTION__)
+
 static void
-checkPath(const char *path)
+checkPath(const char *path,
+          const char *func)
 {
     char *fullPath = NULL;
     char *relPath = NULL;
@@ -160,7 +165,7 @@ checkPath(const char *path)
 
     if (!STRPREFIX(path, abs_topsrcdir) &&
         !STRPREFIX(path, abs_topbuilddir)) {
-        printFile(path);
+        printFile(path, func);
     }
 
     VIR_FREE(crippledPath);
@@ -180,7 +185,7 @@ int open(const char *path, int flags, ...)
 
     init_syms();
 
-    checkPath(path);
+    CHECK_PATH(path);
 
     if (flags & O_CREAT) {
         va_list ap;
@@ -199,7 +204,7 @@ FILE *fopen(const char *path, const char *mode)
 {
     init_syms();
 
-    checkPath(path);
+    CHECK_PATH(path);
 
     return real_fopen(path, mode);
 }
@@ -209,7 +214,7 @@ int access(const char *path, int mode)
 {
     init_syms();
 
-    checkPath(path);
+    CHECK_PATH(path);
 
     return real_access(path, mode);
 }
@@ -239,7 +244,7 @@ int stat(const char *path, struct stat *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "stat");
 
     return real_stat(path, sb);
 }
@@ -250,7 +255,7 @@ int stat64(const char *path, struct stat64 *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "stat");
 
     return real_stat64(path, sb);
 }
@@ -262,7 +267,7 @@ __xstat(int ver, const char *path, struct stat *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "stat");
 
     return real___xstat(ver, path, sb);
 }
@@ -274,7 +279,7 @@ __xstat64(int ver, const char *path, struct stat64 *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "stat");
 
     return real___xstat64(ver, path, sb);
 }
@@ -286,7 +291,7 @@ lstat(const char *path, struct stat *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "lstat");
 
     return real_lstat(path, sb);
 }
@@ -298,7 +303,7 @@ lstat64(const char *path, struct stat64 *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "lstat");
 
     return real_lstat64(path, sb);
 }
@@ -310,7 +315,7 @@ __lxstat(int ver, const char *path, struct stat *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "lstat");
 
     return real___lxstat(ver, path, sb);
 }
@@ -322,7 +327,7 @@ __lxstat64(int ver, const char *path, struct stat64 *sb)
 {
     init_syms();
 
-    checkPath(path);
+    checkPath(path, "lstat");
 
     return real___lxstat64(ver, path, sb);
 }
@@ -337,7 +342,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
     if (addrlen == sizeof(struct sockaddr_un)) {
         struct sockaddr_un *tmp = (struct sockaddr_un *) addr;
         if (tmp->sun_family == AF_UNIX)
-            checkPath(tmp->sun_path);
+            CHECK_PATH(tmp->sun_path);
     }
 #endif
 
-- 
2.16.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 3/3] virtestmock: Track action
Posted by John Ferlan 7 years, 5 months ago 

On 07/27/2018 11:24 AM, Michal Privoznik wrote:
> As advertised in the previous commit, we need the list of
> accessed files to also contain action that caused the $path to
> appear on the list. Not only this enables us to fine tune our
> white list rules it also helps us to see why $path is reported.
> For instance:
> 
>   /run/user/1000/libvirt/libvirt-sock: connect: qemuxml2argvtest: QEMU XML-2-ARGV net-vhostuser-multiq
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  tests/virtestmock.c | 39 ++++++++++++++++++++++-----------------
>  1 file changed, 22 insertions(+), 17 deletions(-)
> 

As noted in patch1 review, not sure how to trigger the above message any
more with the fake nwfilter driver connection set. The code appears to
be fine to me though, so you have my

Reviewed-by: John Ferlan <jferlan@redhat.com>

and as noted in patch1 response, I'll leave it up to you in order to
determine the need.

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 3/3] virtestmock: Track action
Posted by Michal Privoznik 7 years, 5 months ago 
On 08/14/2018 11:54 PM, John Ferlan wrote:
> 
> 
> On 07/27/2018 11:24 AM, Michal Privoznik wrote:
>> As advertised in the previous commit, we need the list of
>> accessed files to also contain action that caused the $path to
>> appear on the list. Not only this enables us to fine tune our
>> white list rules it also helps us to see why $path is reported.
>> For instance:
>>
>>   /run/user/1000/libvirt/libvirt-sock: connect: qemuxml2argvtest: QEMU XML-2-ARGV net-vhostuser-multiq
>>
>> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>> ---
>>  tests/virtestmock.c | 39 ++++++++++++++++++++++-----------------
>>  1 file changed, 22 insertions(+), 17 deletions(-)
>>
> 
> As noted in patch1 review, not sure how to trigger the above message any
> more with the fake nwfilter driver connection set. The code appears to
> be fine to me though, so you have my
> 
> Reviewed-by: John Ferlan <jferlan@redhat.com>
> 
> and as noted in patch1 response, I'll leave it up to you in order to
> determine the need.


The point of 2/3 and 3/3 is not to demonstrate the problem that 1/3 is
fixing but to detect it should it happen in the future. But you can see
these patches in action if you temporarily revert 1/3 and run 'make
check-access':

libvirt.git/tests $ make check-access | grep connect | grep /run/user
/run/user/1000/libvirt: connect: qemuxml2argvtest: QEMU XML-2-ARGV
net-vhostuser-multiq


Thanks for the review!

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.