Skip to content

Improve fork helper robustness#297

Open
gilles-peskine-arm wants to merge 8 commits intoMbed-TLS:mainfrom
gilles-peskine-arm:fork-helper-unit-tests-create-framework
Open

Improve fork helper robustness#297
gilles-peskine-arm wants to merge 8 commits intoMbed-TLS:mainfrom
gilles-peskine-arm:fork-helper-unit-tests-create-framework

Conversation

@gilles-peskine-arm
Copy link
Copy Markdown
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Apr 3, 2026

Resolves most of #295, except for the metatests which are added in a consuming branch instead: Mbed-TLS/TF-PSA-Crypto#737.

PR checklist

  • TF-PSA-Crypto development PR Add metatests for the fork test helper as unit tests TF-PSA-Crypto#737
  • TF-PSA-Crypto 1.1 PR not required because: can be updated whenever
  • mbedtls development PR not required because: does not use fork helper
  • mbedtls 4.1 PR not required because: does not use fork helper
  • mbedtls 3.6 PR not required because: can be updated whenever

@gilles-peskine-arm gilles-peskine-arm added needs-ci Needs to pass CI tests priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) labels Apr 3, 2026
@gilles-peskine-arm gilles-peskine-arm force-pushed the fork-helper-unit-tests-create-framework branch 2 times, most recently from 7f17fc3 to bc83f4e Compare April 3, 2026 19:43
@gilles-peskine-arm
New test helper TEST_STRSTR
7297687 
Assert on strstr(), and print the strings on failure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Note about test info requiring string literals in practice
1cf84c6 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
mbedtls_test_fork_run_child: Fix failure when the child outputs nothing
ff7c392 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
mbedtls_test_fork_run_child: Use temporary file instead of pipe
e1573d0 
Use a temporary file instead of a pipe to communicate the test result and
the output from the child to the parent. This makes the data flow and the
control flow easier because the code can seek back and forth, whereas a pipe
required doing things in order. In particular, there are now fewer special
cases to manage, and the parent can read the data in the most convenient
order.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
mbedtls_test_fork_run_child: Expose file to invasive metatest
e713bae 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Validate output length in the child
cd6fb18 
If the child reports an output length that's larger than the buffer, report
it rather than overread the buffer. The parent would catch the excess
length anyway, but having the child catch it makes the behavior more uniform
with respect to the presence or absence of sanitizers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm force-pushed the fork-helper-unit-tests-create-framework branch from bc83f4e to cd6fb18 Compare April 4, 2026 17:55
@bjwtaylor bjwtaylor self-requested a review April 8, 2026 12:23
bjwtaylor
bjwtaylor reviewed Apr 8, 2026
View reviewed changes
Comment thread tests/src/fork_helpers.c
Comment thread tests/src/fork_helpers.c Outdated

/* The child exited normally. Obtain the test result from the child. */
TEST_ASSERT_ERRNO(fseek(file, 0, SEEK_SET) == 0);
TEST_ASSERT_ERRNO(fread(&child_test_info, 1, sizeof(child_test_info), file) > 0);
Copy link
Copy Markdown

@bjwtaylor bjwtaylor Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would any scenario where less than child_test_info not be a failure here? I think it's minor, however presumably if the file was corrupted or truncated we would want it to fail here?

Copy link
Copy Markdown
Contributor Author

@gilles-peskine-arm gilles-peskine-arm Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I meant to read one record of the intended size, but I wrote it the other way round out of habit. I'll fix that.

I didn't bother writing a metatest for a truncated file because it's an unlikely failure that would require us to go out of our way. We don't normally test test code to that extent.

@gilles-peskine-arm
Improve robustness against read errors from the temporary file
7cd8a87 
In the unlikely event of a corrupted file or I/O error, don't accept a
partially written status.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Slightly simplify reading the child output
f61edfd 
Rather than seek forth and back, read up to the buffer size, and then check
that the file wasn't larger than the buffer size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm added the needs-review Every commit must be reviewed by at least two team members. label Apr 8, 2026
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Apr 8, 2026
Open
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Apr 9, 2026
Open
7 tasks
@gilles-peskine-arm gilles-peskine-arm removed the needs-ci Needs to pass CI tests label Apr 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjwtaylor bjwtaylor bjwtaylor approved these changes

@bensze01 bensze01 Awaiting requested review from bensze01

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

needs-review Every commit must be reviewed by at least two team members. priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)

Projects

Roadmap pull requests (new board)
Status: In Development

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gilles-peskine-arm @bjwtaylor