From f4faa5442779bbf059753d439863e3c82ddf1225 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 19 Apr 2024 10:26:14 +0200 Subject: [PATCH] fix(test/drivers): only assert `dev` parameter on ext4 FS. Refs #1805 Signed-off-by: Federico Di Pierro Co-authored-by: Andrea Terzolo --- test/drivers/event_class/event_class.cpp | 16 ++++++++++++++++ test/drivers/event_class/event_class.h | 7 +++++++ .../syscall_exit_suite/creat_x.cpp | 6 +++++- .../open_by_handle_at_x.cpp | 19 ++++++++++++++----- .../test_suites/syscall_exit_suite/open_x.cpp | 6 +++++- .../syscall_exit_suite/openat2_x.cpp | 12 ++++++++++-- .../syscall_exit_suite/openat_x.cpp | 12 ++++++++++-- 7 files changed, 67 insertions(+), 11 deletions(-) diff --git a/test/drivers/event_class/event_class.cpp b/test/drivers/event_class/event_class.cpp index 4e0228876b..a37c24d1d1 100644 --- a/test/drivers/event_class/event_class.cpp +++ b/test/drivers/event_class/event_class.cpp @@ -1,6 +1,8 @@ #include #include "event_class.h" #include +#include /* or */ +#include #define MAX_CHARBUF_NUM 16 #define CGROUP_NUMBER 5 @@ -987,3 +989,17 @@ void event_test::assert_event_in_buffers(pid_t pid_to_search, int event_to_searc } } } + +bool event_test::is_ext4_fs(int fd) +{ +#ifdef __NR_fstatfs + struct statfs buf; + if (fstatfs(fd, &buf) != 0) { + return false; + } + if (buf.f_type == EXT4_SUPER_MAGIC) { + return true; + } +#endif + return false; +} \ No newline at end of file diff --git a/test/drivers/event_class/event_class.h b/test/drivers/event_class/event_class.h index 5ab42b2654..360f65620b 100644 --- a/test/drivers/event_class/event_class.h +++ b/test/drivers/event_class/event_class.h @@ -634,6 +634,13 @@ class event_test */ void assert_fd_list(int param_num, struct fd_poll* expected_fds, int32_t nfds); + /** + * @brief We only support correct `dev` param for + * open family of syscalls on ext4. + * See https://github.com/falcosecurity/libs/issues/1805. + */ + static bool is_ext4_fs(int fd); + private: ppm_event_code m_event_type; /* type of the event we want to assert in this test. */ std::vector m_event_params; /* all the params of the event (len+value). */ diff --git a/test/drivers/test_suites/syscall_exit_suite/creat_x.cpp b/test/drivers/test_suites/syscall_exit_suite/creat_x.cpp index 36bb8f577d..ef2cb176eb 100644 --- a/test/drivers/test_suites/syscall_exit_suite/creat_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/creat_x.cpp @@ -21,6 +21,7 @@ TEST(SyscallExit, creatX_success) assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1); uint32_t dev = (uint32_t)file_stat.st_dev; uint64_t inode = file_stat.st_ino; + const bool is_ext4 = event_test::is_ext4_fs(fd); /* Remove the file. */ syscall(__NR_close, fd); @@ -53,7 +54,10 @@ TEST(SyscallExit, creatX_success) evt_test->assert_numeric_param(3, (uint32_t)(PPM_S_IRUSR | PPM_S_IWUSR | PPM_S_IXUSR)); /* Parameter 4: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(4, (uint32_t)dev); + if (is_ext4) + { + evt_test->assert_numeric_param(4, (uint32_t)dev); + } /* Parameter 5: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(5, (uint64_t)inode); diff --git a/test/drivers/test_suites/syscall_exit_suite/open_by_handle_at_x.cpp b/test/drivers/test_suites/syscall_exit_suite/open_by_handle_at_x.cpp index ea3fb4e7ed..b4c7a75413 100644 --- a/test/drivers/test_suites/syscall_exit_suite/open_by_handle_at_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/open_by_handle_at_x.cpp @@ -8,7 +8,7 @@ #define MAX_FSPATH_LEN 4096 -void do___open_by_handle_atX_success(int *open_by_handle_fd, int *dirfd, char *fspath, uint32_t *dev, uint64_t *inode, int use_mountpoint) +void do___open_by_handle_atX_success(int *open_by_handle_fd, int *dirfd, char *fspath, uint32_t *dev, uint64_t *inode, bool *is_ext4, int use_mountpoint) { /* * 0. Create (temporary) mount point (if use_mountpoint). @@ -107,6 +107,7 @@ void do___open_by_handle_atX_success(int *open_by_handle_fd, int *dirfd, char *f assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, *open_by_handle_fd, &file_stat), NOT_EQUAL, -1); *dev = (uint32_t)file_stat.st_dev; *inode = file_stat.st_ino; + *is_ext4 = event_test::is_ext4_fs(*open_by_handle_fd); #endif /* * 7. Cleaning phase. @@ -158,7 +159,8 @@ TEST(SyscallExit, open_by_handle_atX_success) char fspath[MAX_FSPATH_LEN]; uint32_t dev; uint64_t inode; - do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, 0); + bool is_ext4; + do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, &is_ext4, 0); /*=============================== TRIGGER SYSCALL ===========================*/ @@ -190,7 +192,10 @@ TEST(SyscallExit, open_by_handle_atX_success) #ifdef __NR_fstat /* Parameter 5: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(5, dev); + if (is_ext4) + { + evt_test->assert_numeric_param(5, dev); + } /* Parameter 6: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(6, inode); @@ -215,7 +220,8 @@ TEST(SyscallExit, open_by_handle_atX_success_mp) char fspath[MAX_FSPATH_LEN]; uint32_t dev; uint64_t inode; - do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, 1); + bool is_ext4; + do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, &is_ext4, 1); /*=============================== TRIGGER SYSCALL ===========================*/ @@ -248,7 +254,10 @@ TEST(SyscallExit, open_by_handle_atX_success_mp) #ifdef __NR_fstat /* Parameter 5: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(5, dev); + if (is_ext4) + { + evt_test->assert_numeric_param(5, dev); + } /* Parameter 6: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(6, inode); diff --git a/test/drivers/test_suites/syscall_exit_suite/open_x.cpp b/test/drivers/test_suites/syscall_exit_suite/open_x.cpp index e00bbd7032..17f0b267d0 100644 --- a/test/drivers/test_suites/syscall_exit_suite/open_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/open_x.cpp @@ -30,6 +30,7 @@ TEST(SyscallExit, openX_success) assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1); uint32_t dev = (uint32_t)file_stat.st_dev; uint64_t inode = file_stat.st_ino; + const bool is_ext4 = event_test::is_ext4_fs(fd); close(fd); if(notmpfile) @@ -69,7 +70,10 @@ TEST(SyscallExit, openX_success) evt_test->assert_numeric_param(4, (uint32_t)mode); /* Parameter 5: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(5, (uint32_t)dev); + if (is_ext4) + { + evt_test->assert_numeric_param(5, (uint32_t)dev); + } /* Parameter 6: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(6, inode); diff --git a/test/drivers/test_suites/syscall_exit_suite/openat2_x.cpp b/test/drivers/test_suites/syscall_exit_suite/openat2_x.cpp index 230f099e0a..ea5eb40ffa 100644 --- a/test/drivers/test_suites/syscall_exit_suite/openat2_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/openat2_x.cpp @@ -30,6 +30,7 @@ TEST(SyscallExit, openat2X_success) assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1); uint32_t dev = (uint32_t)file_stat.st_dev; uint64_t inode = file_stat.st_ino; + const bool is_ext4 = event_test::is_ext4_fs(fd); #endif close(fd); @@ -70,7 +71,10 @@ TEST(SyscallExit, openat2X_success) #ifdef __NR_fstat /* Parameter 7: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(7, dev); + if (is_ext4) + { + evt_test->assert_numeric_param(7, dev); + } /* Parameter 8: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(8, inode); @@ -175,6 +179,7 @@ TEST(SyscallExit, openat2X_create_success) assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1); uint32_t dev = (uint32_t)file_stat.st_dev; uint64_t inode = file_stat.st_ino; + const bool is_ext4 = event_test::is_ext4_fs(fd); #endif close(fd); @@ -215,7 +220,10 @@ TEST(SyscallExit, openat2X_create_success) #ifdef __NR_fstat /* Parameter 7: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(7, dev); + if (is_ext4) + { + evt_test->assert_numeric_param(7, dev); + } /* Parameter 8: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(8, inode); diff --git a/test/drivers/test_suites/syscall_exit_suite/openat_x.cpp b/test/drivers/test_suites/syscall_exit_suite/openat_x.cpp index 07f7d5137c..891ac22a32 100644 --- a/test/drivers/test_suites/syscall_exit_suite/openat_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/openat_x.cpp @@ -33,6 +33,7 @@ TEST(SyscallExit, openatX_success) assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1); uint32_t dev = (uint32_t)file_stat.st_dev; uint64_t inode = file_stat.st_ino; + const bool is_ext4 = event_test::is_ext4_fs(fd); close(fd); if(notmpfile) @@ -74,7 +75,10 @@ TEST(SyscallExit, openatX_success) evt_test->assert_numeric_param(5, (uint32_t)mode); /* Parameter 6: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(6, (uint32_t)dev); + if (is_ext4) + { + evt_test->assert_numeric_param(6, (uint32_t)dev); + } /* Parameter 7: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(7, inode); @@ -170,6 +174,7 @@ TEST(SyscallExit, openatX_create_success) assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1); uint32_t dev = (uint32_t)file_stat.st_dev; uint64_t inode = file_stat.st_ino; + const bool is_ext4 = event_test::is_ext4_fs(fd); close(fd); /*=============================== TRIGGER SYSCALL ===========================*/ @@ -205,7 +210,10 @@ TEST(SyscallExit, openatX_create_success) evt_test->assert_numeric_param(5, (uint32_t)mode); /* Parameter 6: dev (type: PT_UINT32) */ - evt_test->assert_numeric_param(6, (uint32_t)dev); + if (is_ext4) + { + evt_test->assert_numeric_param(6, (uint32_t)dev); + } /* Parameter 7: ino (type: PT_UINT64) */ evt_test->assert_numeric_param(7, inode);