Re: git: afc38f1f23ac - main - sysctl: Add a regression test which runs sysctl -a

> On Jan 31, 2025, at 11:22 PM, Mark Johnston <markj@FreeBSD.org> wrote:
> 
> The branch main has been updated by markj:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=afc38f1f23ac3b579144d0d1d0c3fadf735d57bd
> 
> commit afc38f1f23ac3b579144d0d1d0c3fadf735d57bd
> Author:     Mark Johnston <markj@FreeBSD.org>
> AuthorDate: 2025-01-31 15:20:04 +0000
> Commit:     Mark Johnston <markj@FreeBSD.org>
> CommitDate: 2025-01-31 15:22:24 +0000
> 
>    sysctl: Add a regression test which runs sysctl -a
> 
>    Run sysctl -a during the test suite so that KASAN/KMSAN have a chance to
>    catch something.
> 
>    Inspired by https://jprx.io/cve-2024-54507/

That's a damn good example !

> 
>    Reviewed by:    jhb, emaste
>    MFC after:      2 weeks
>    Sponsored by:   Klara, Inc.
>    Differential Revision:  https://reviews.freebsd.org/D48659
> ---
> sbin/sysctl/tests/sysctl_test.sh | 57 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 57 insertions(+)
> 
> diff --git a/sbin/sysctl/tests/sysctl_test.sh b/sbin/sysctl/tests/sysctl_test.sh
> index e932626a9f14..dfc32a87b212 100644
> --- a/sbin/sysctl/tests/sysctl_test.sh
> +++ b/sbin/sysctl/tests/sysctl_test.sh
> @@ -1,3 +1,6 @@
> +#
> +# SPDX-License-Identifier: BSD-2-Clause
> +#
> # Copyright (c) 2022 Yoshihiro Ota <ota@j.email.ne.jp>
> #
> # Redistribution and use in source and binary forms, with or without
> @@ -20,12 +23,64 @@
> # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> # SUCH DAMAGE.
> +#
> 
> sysctl_name="kern.ostype"
> sysctl_value="FreeBSD"
> sysctl_type="string"
> sysctl_description="Operating system type"
> 
> +atf_test_case sysctl_aflag
> +sysctl_aflag_head()
> +{
> +	atf_set "descr" "Exercise all sysctl handlers"
> +}
> +sysctl_aflag_body()
> +{
> +	# Avoid using atf_check here since sysctl -ao generates tons of
> +	# output and it would all otherwise be saved.
> +	sysctl -ao >/dev/null 2>stderr
> +	if [ $? -ne 0 ]; then
> +		atf_fail "sysctl -ao failed"
> +	elif [ -s stderr ]; then
> +		cat stderr
> +		atf_fail "sysctl -ao printed to stderr"
> +	fi
> +}
> +
> +
> +atf_test_case sysctl_aflag_jail
> +sysctl_aflag_jail_head()
> +{
> +	atf_set "descr" "Exercise all sysctl handlers in a jail"
> +	atf_set "require.user" "root"
> +}
> +sysctl_aflag_jail_body()
> +{
> +	local jail
> +
> +	jail=sysctl_test_aflag_jail
> +
> +	# Avoid using atf_check here since sysctl -ao generates tons of
> +	# output and it would all otherwise be saved.
> +	jail -c name=$jail command=sysctl -ao >/dev/null 2>stderr
> +	if [ $? -ne 0 ]; then
> +		atf_fail "sysctl -ao failed"
> +	elif [ -s stderr ]; then
> +		cat stderr
> +		atf_fail "sysctl -ao printed to stderr"
> +	fi
> +
> +	jail -c name=$jail vnet command=sysctl -ao >/dev/null 2>stderr
> +	if [ $? -ne 0 ]; then
> +		atf_fail "sysctl -ao failed"
> +	elif [ -s stderr ]; then
> +		cat stderr
> +		atf_fail "sysctl -ao printed to stderr"
> +	fi
> +}
> +
> +
> atf_test_case sysctl_by_name
> sysctl_by_name_head()
> {
> @@ -106,6 +161,8 @@ sysctl_nflag_tflag_dflag_body()
> 
> atf_init_test_cases()
> {
> +	atf_add_test_case sysctl_aflag
> +	atf_add_test_case sysctl_aflag_jail
> 	atf_add_test_case sysctl_by_name
> 	atf_add_test_case sysctl_nflag
> 	atf_add_test_case sysctl_eflag