From patchwork Sun Jul 5 06:12:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11644107 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7100513BD for ; Sun, 5 Jul 2020 06:12:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5737A2088E for ; Sun, 5 Jul 2020 06:12:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="NEaE42su" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726480AbgGEGMj (ORCPT ); Sun, 5 Jul 2020 02:12:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726271AbgGEGMi (ORCPT ); Sun, 5 Jul 2020 02:12:38 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC45EC08C5E0 for ; Sat, 4 Jul 2020 23:12:38 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id k5so6065058pjg.3 for ; Sat, 04 Jul 2020 23:12:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=OZzsxmLpal9LTjS6QimvxdwVWVZQo7ewuu92tmSkSEM=; b=NEaE42suoMG6ZDKlb2zks2hev0bjNVC22CHG5tz/AXRLVd6ati8EXXjPjszVuoztVz gzkRK2bg/hQ0ox2IXt7OIlweA60JlAHqzrAWzDf/QsuWpyIkSm4PkO/cVsOCimZrSZNS yKjJGoxVg09mZppo3eWFwRJAyVXh+fQlfiwko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=OZzsxmLpal9LTjS6QimvxdwVWVZQo7ewuu92tmSkSEM=; b=ksacxTQvCWhGHVdRMLDcrzbaBTelT3LTUhICYV6fa35TroTWimHzTqcQff+RCNaQ5O MWzhdUMUpUMP7en5JW3UxJCyQyKkvbq3fogXfh/H0vbKnjBwb/v+nHVwnlwaHOlcTnbn lUEPhqaHKYLWqOGClRdbiZZqBgLf5JJqbUrbOjLsorrAwxUadieuG/KyhiaP1uO1EO2t qS2UQbOydVVoWpPp/WNTU4tp+RSwV9voRz+XTG8f7ePRQ8LOf2mTWgc4jUBq6+CVEQ3F lXGY8kbtnv0TvOYjJG3pGyzb5EBaDxIIxY372NcpHhbhf59n6vHdRZcemvFcAczPrb2s 96Pw== X-Gm-Message-State: AOAM532YmAW6OUQFrB9/sBS4Ek/C5NxlOQzm8DGFUAqJcBgb0flMWohe 7OUeG8uUJKXd6rhmOPF86ktM6RppuCA= X-Google-Smtp-Source: ABdhPJxYU+9no/GAQsZ2SUruyg8rI3uRDDgkYyoxepJnOl5HAOJAu0LUTlJALyhd3hG8h6GiUnRacQ== X-Received: by 2002:a17:902:8d89:: with SMTP id v9mr36013600plo.191.1593929558470; Sat, 04 Jul 2020 23:12:38 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id o1sm15174098pjf.17.2020.07.04.23.12.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jul 2020 23:12:37 -0700 (PDT) From: Kees Cook To: Will Deacon Cc: Kees Cook , Shuah Khan , Jakub Kicinski , Keno Fischer , Andy Lutomirski , Will Drewry , Oleg Nesterov , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/3] selftests/harness: Clean up kern-doc for fixtures Date: Sat, 4 Jul 2020 23:12:30 -0700 Message-Id: <20200705061232.4151319-2-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200705061232.4151319-1-keescook@chromium.org> References: <20200705061232.4151319-1-keescook@chromium.org> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org The FIXTURE*() macro kern-doc examples had the wrong names for the C code examples associated with them. Fix those and clarify that FIXTURE_DATA() usage should be avoided. Cc: Shuah Khan Cc: Jakub Kicinski Fixes: 74bc7c97fa88 ("kselftest: add fixture variants") Signed-off-by: Kees Cook Reviewed-by: Jakub Kicinski --- tools/testing/selftests/kselftest_harness.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index c9f03ef93338..7f32a7099a81 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -195,8 +195,9 @@ * * .. code-block:: c * - * FIXTURE_DATA(datatype name) + * FIXTURE_DATA(datatype_name) * + * Almost always, you want just FIXTURE() instead (see below). * This call may be used when the type of the fixture data * is needed. In general, this should not be needed unless * the *self* is being passed to a helper directly. @@ -211,7 +212,7 @@ * * .. code-block:: c * - * FIXTURE(datatype name) { + * FIXTURE(fixture_name) { * type property1; * ... * }; @@ -238,7 +239,7 @@ * * .. code-block:: c * - * FIXTURE_SETUP(fixture name) { implementation } + * FIXTURE_SETUP(fixture_name) { implementation } * * Populates the required "setup" function for a fixture. An instance of the * datatype defined with FIXTURE_DATA() will be exposed as *self* for the @@ -264,7 +265,7 @@ * * .. code-block:: c * - * FIXTURE_TEARDOWN(fixture name) { implementation } + * FIXTURE_TEARDOWN(fixture_name) { implementation } * * Populates the required "teardown" function for a fixture. An instance of the * datatype defined with FIXTURE_DATA() will be exposed as *self* for the @@ -285,7 +286,7 @@ * * .. code-block:: c * - * FIXTURE_VARIANT(datatype name) { + * FIXTURE_VARIANT(fixture_name) { * type property1; * ... * }; @@ -305,8 +306,8 @@ * * .. code-block:: c * - * FIXTURE_ADD(datatype name) { - * .property1 = val1; + * FIXTURE_VARIANT_ADD(fixture_name, variant_name) { + * .property1 = val1, * ... * }; * From patchwork Sun Jul 5 06:12:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11644105 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 30701618 for ; Sun, 5 Jul 2020 06:12:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0DD0120771 for ; Sun, 5 Jul 2020 06:12:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="dYnMuSbB" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726523AbgGEGMq (ORCPT ); Sun, 5 Jul 2020 02:12:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41438 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726491AbgGEGMj (ORCPT ); Sun, 5 Jul 2020 02:12:39 -0400 Received: from mail-pf1-x441.google.com (mail-pf1-x441.google.com [IPv6:2607:f8b0:4864:20::441]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D0E2C08C5DE for ; Sat, 4 Jul 2020 23:12:39 -0700 (PDT) Received: by mail-pf1-x441.google.com with SMTP id z3so6357132pfn.12 for ; Sat, 04 Jul 2020 23:12:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3E0uLB2FTHGittSE2WW+VBNudtR2vmOtGreRUF/f/08=; b=dYnMuSbB17n9OLZDtK7z/14x0Xb0QPfd20H+TekXxuK3S2XhAXgecX1iQGY+4FZpLf IonmjGnoInvwbHuSEkJhm+VL9ApHm67nbCAaIG7R3fTJg66Y3BbgJap4ghLslERBhKUF WV7aPcWwNf0czNLJSHCY3sCIoQhaOyNMfA3XA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3E0uLB2FTHGittSE2WW+VBNudtR2vmOtGreRUF/f/08=; b=jLqVzbJ0uC3+mUFpuTaDR4tHMmFWlyArsTd8Jj/CoY/TAMp1WIXBMj8Saf8yDh6VMy nAT133dxFn5W7N9UwFINxfGJ7cWQN187wO7YEHe77GOgKN+5vzVbuPDJTeQwYRWPzbn0 ltyp01KPYmKXWCPfD8xnJRPJzLvbqANjaAvpMUZneWfh/gRDTp22AZVsq4/+bfKLZH+9 TjdD4rVbCgN7y1VGtxslNO9dyyOF2Ph/3zbm/yWLgX0/n6ulQE2OMEv/F+sUIcV/rUWt bXII+n23F9ay2wbumfJBTDw1WQT7uae+v1CIQWpqMPHUksfQ9s/YDM/o9wQlsKl7f9v6 VeSQ== X-Gm-Message-State: AOAM530GRPPLel1MaRcnOr/1FKDJMtmjIXmM31OOJSssE00QfF+/qy6o XyaVBG9+8i5AJfy+fQ09NIgwUA== X-Google-Smtp-Source: ABdhPJxCPU1z+SvR3EFcNeiEW/8U1XFg952c7+MC2aV7TWlUYQ4rWpe49hTsCPFiUu/4LX3XoaRT7A== X-Received: by 2002:a63:7c5e:: with SMTP id l30mr35179751pgn.276.1593929558913; Sat, 04 Jul 2020 23:12:38 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id g135sm16340876pfb.41.2020.07.04.23.12.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jul 2020 23:12:37 -0700 (PDT) From: Kees Cook To: Will Deacon Cc: Kees Cook , Andy Lutomirski , Will Drewry , Jakub Kicinski , Keno Fischer , Oleg Nesterov , Shuah Khan , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/3] selftests/seccomp: Refactor to use fixture variants Date: Sat, 4 Jul 2020 23:12:31 -0700 Message-Id: <20200705061232.4151319-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200705061232.4151319-1-keescook@chromium.org> References: <20200705061232.4151319-1-keescook@chromium.org> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Now that the selftest harness has variants, use them to eliminate a bunch of copy/paste duplication. Cc: Andy Lutomirski Cc: Will Drewry Cc: Jakub Kicinski Signed-off-by: Kees Cook Acked-by: Jakub Kicinski --- tools/testing/selftests/seccomp/seccomp_bpf.c | 199 ++++-------------- 1 file changed, 42 insertions(+), 157 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 6439c031a85d..966dec340ea8 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1541,6 +1541,7 @@ pid_t setup_trace_fixture(struct __test_metadata *_metadata, return tracer_pid; } + void teardown_trace_fixture(struct __test_metadata *_metadata, pid_t tracer) { @@ -1820,7 +1821,7 @@ void change_syscall(struct __test_metadata *_metadata, EXPECT_EQ(0, ret); } -void tracer_syscall(struct __test_metadata *_metadata, pid_t tracee, +void tracer_seccomp(struct __test_metadata *_metadata, pid_t tracee, int status, void *args) { int ret; @@ -1897,6 +1898,24 @@ FIXTURE(TRACE_syscall) { pid_t tracer, mytid, mypid, parent; }; +FIXTURE_VARIANT(TRACE_syscall) { + /* + * All of the SECCOMP_RET_TRACE behaviors can be tested with either + * SECCOMP_RET_TRACE+PTRACE_CONT or plain ptrace()+PTRACE_SYSCALL. + * This indicates if we should use SECCOMP_RET_TRACE (false), or + * ptrace (true). + */ + bool use_ptrace; +}; + +FIXTURE_VARIANT_ADD(TRACE_syscall, ptrace) { + .use_ptrace = true, +}; + +FIXTURE_VARIANT_ADD(TRACE_syscall, seccomp) { + .use_ptrace = false, +}; + FIXTURE_SETUP(TRACE_syscall) { struct sock_filter filter[] = { @@ -1912,12 +1931,11 @@ FIXTURE_SETUP(TRACE_syscall) BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRACE | 0x1005), BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), }; - - memset(&self->prog, 0, sizeof(self->prog)); - self->prog.filter = malloc(sizeof(filter)); - ASSERT_NE(NULL, self->prog.filter); - memcpy(self->prog.filter, filter, sizeof(filter)); - self->prog.len = (unsigned short)ARRAY_SIZE(filter); + struct sock_fprog prog = { + .len = (unsigned short)ARRAY_SIZE(filter), + .filter = filter, + }; + long ret; /* Prepare some testable syscall results. */ self->mytid = syscall(__NR_gettid); @@ -1935,60 +1953,28 @@ FIXTURE_SETUP(TRACE_syscall) ASSERT_NE(self->parent, self->mypid); /* Launch tracer. */ - self->tracer = setup_trace_fixture(_metadata, tracer_syscall, NULL, - false); -} - -FIXTURE_TEARDOWN(TRACE_syscall) -{ - teardown_trace_fixture(_metadata, self->tracer); - if (self->prog.filter) - free(self->prog.filter); -} + self->tracer = setup_trace_fixture(_metadata, + variant->use_ptrace ? tracer_ptrace + : tracer_seccomp, + NULL, variant->use_ptrace); -TEST_F(TRACE_syscall, ptrace_syscall_redirected) -{ - /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ - teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, - true); - - /* Tracer will redirect getpid to getppid. */ - EXPECT_NE(self->mypid, syscall(__NR_getpid)); -} + ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); + ASSERT_EQ(0, ret); -TEST_F(TRACE_syscall, ptrace_syscall_errno) -{ - /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ - teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, - true); + if (variant->use_ptrace) + return; - /* Tracer should skip the open syscall, resulting in ESRCH. */ - EXPECT_SYSCALL_RETURN(-ESRCH, syscall(__NR_openat)); + ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); + ASSERT_EQ(0, ret); } -TEST_F(TRACE_syscall, ptrace_syscall_faked) +FIXTURE_TEARDOWN(TRACE_syscall) { - /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, - true); - - /* Tracer should skip the gettid syscall, resulting fake pid. */ - EXPECT_SYSCALL_RETURN(45000, syscall(__NR_gettid)); } TEST_F(TRACE_syscall, syscall_allowed) { - long ret; - - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); - ASSERT_EQ(0, ret); - /* getppid works as expected (no changes). */ EXPECT_EQ(self->parent, syscall(__NR_getppid)); EXPECT_NE(self->mypid, syscall(__NR_getppid)); @@ -1996,14 +1982,6 @@ TEST_F(TRACE_syscall, syscall_allowed) TEST_F(TRACE_syscall, syscall_redirected) { - long ret; - - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); - ASSERT_EQ(0, ret); - /* getpid has been redirected to getppid as expected. */ EXPECT_EQ(self->parent, syscall(__NR_getpid)); EXPECT_NE(self->mypid, syscall(__NR_getpid)); @@ -2011,33 +1989,17 @@ TEST_F(TRACE_syscall, syscall_redirected) TEST_F(TRACE_syscall, syscall_errno) { - long ret; - - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); - ASSERT_EQ(0, ret); - - /* openat has been skipped and an errno return. */ + /* Tracer should skip the open syscall, resulting in ESRCH. */ EXPECT_SYSCALL_RETURN(-ESRCH, syscall(__NR_openat)); } TEST_F(TRACE_syscall, syscall_faked) { - long ret; - - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); - ASSERT_EQ(0, ret); - - /* gettid has been skipped and an altered return value stored. */ + /* Tracer skips the gettid syscall and store altered return value. */ EXPECT_SYSCALL_RETURN(45000, syscall(__NR_gettid)); } -TEST_F(TRACE_syscall, skip_after_RET_TRACE) +TEST_F(TRACE_syscall, skip_after) { struct sock_filter filter[] = { BPF_STMT(BPF_LD|BPF_W|BPF_ABS, @@ -2052,14 +2014,7 @@ TEST_F(TRACE_syscall, skip_after_RET_TRACE) }; long ret; - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - /* Install fixture filter. */ - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); - ASSERT_EQ(0, ret); - - /* Install "errno on getppid" filter. */ + /* Install additional "errno on getppid" filter. */ ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); ASSERT_EQ(0, ret); @@ -2069,7 +2024,7 @@ TEST_F(TRACE_syscall, skip_after_RET_TRACE) EXPECT_EQ(EPERM, errno); } -TEST_F_SIGNAL(TRACE_syscall, kill_after_RET_TRACE, SIGSYS) +TEST_F_SIGNAL(TRACE_syscall, kill_after, SIGSYS) { struct sock_filter filter[] = { BPF_STMT(BPF_LD|BPF_W|BPF_ABS, @@ -2084,77 +2039,7 @@ TEST_F_SIGNAL(TRACE_syscall, kill_after_RET_TRACE, SIGSYS) }; long ret; - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - /* Install fixture filter. */ - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); - ASSERT_EQ(0, ret); - - /* Install "death on getppid" filter. */ - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); - ASSERT_EQ(0, ret); - - /* Tracer will redirect getpid to getppid, and we should die. */ - EXPECT_NE(self->mypid, syscall(__NR_getpid)); -} - -TEST_F(TRACE_syscall, skip_after_ptrace) -{ - struct sock_filter filter[] = { - BPF_STMT(BPF_LD|BPF_W|BPF_ABS, - offsetof(struct seccomp_data, nr)), - BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_getppid, 0, 1), - BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO | EPERM), - BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), - }; - struct sock_fprog prog = { - .len = (unsigned short)ARRAY_SIZE(filter), - .filter = filter, - }; - long ret; - - /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ - teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, - true); - - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - /* Install "errno on getppid" filter. */ - ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); - ASSERT_EQ(0, ret); - - /* Tracer will redirect getpid to getppid, and we should see EPERM. */ - EXPECT_EQ(-1, syscall(__NR_getpid)); - EXPECT_EQ(EPERM, errno); -} - -TEST_F_SIGNAL(TRACE_syscall, kill_after_ptrace, SIGSYS) -{ - struct sock_filter filter[] = { - BPF_STMT(BPF_LD|BPF_W|BPF_ABS, - offsetof(struct seccomp_data, nr)), - BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_getppid, 0, 1), - BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL), - BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), - }; - struct sock_fprog prog = { - .len = (unsigned short)ARRAY_SIZE(filter), - .filter = filter, - }; - long ret; - - /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ - teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, - true); - - ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - ASSERT_EQ(0, ret); - - /* Install "death on getppid" filter. */ + /* Install additional "death on getppid" filter. */ ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); ASSERT_EQ(0, ret); From patchwork Sun Jul 5 06:12:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11644103 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D793618 for ; Sun, 5 Jul 2020 06:12:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 21D2B2088E for ; Sun, 5 Jul 2020 06:12:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="eHez7mRe" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726558AbgGEGMl (ORCPT ); Sun, 5 Jul 2020 02:12:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726538AbgGEGMk (ORCPT ); Sun, 5 Jul 2020 02:12:40 -0400 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 356EBC08C5DF for ; Sat, 4 Jul 2020 23:12:40 -0700 (PDT) Received: by mail-pj1-x1041.google.com with SMTP id o22so10579247pjw.2 for ; Sat, 04 Jul 2020 23:12:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fPweZ6DZU1ENxuozio/NA02HLt4qwCgCF26PVdwgmUw=; b=eHez7mRezl3LRANbjE9V3fYHuiKTipMbrZxyLSQ8DYa+CsUnkd7R93uYjLh8qhclBF astTE3wzBXb6w0ko4CNb3iCWSSyKMABzRVflBHuKZATMtETPiDqIYxCGlugWhQxJnQAe tcWFVOjHZeqkFFnKprhnoBDKbp1h+KP0S01jU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fPweZ6DZU1ENxuozio/NA02HLt4qwCgCF26PVdwgmUw=; b=uS+k4jHU3wBsOJaU4m+K/i0QzT1OpyWK+sTgOPn+HBrDaSBW3MtY1Rb7ioeYuUTZJj UudOA4czzdXoIINIs/Ayb0+9OB4hqntTv2zPMf9AIcPLUP2tM5GJ/e/57Mci1y1kttET vK64XOUzDq0zPb1R85piQzt2qP59kwoi+spEnoq7HC7kfjcxhasYSmHPYtUkpaPRj8eA W0MbgAHyQjpM7EBkHC/QVyjv5xztM2hXvymexxxbBPDoKdAoE0axI2PIVTGF8ZZAWqi8 hE4+MhLD2Q+tp871J7v+QNfOOxzJ1Qb5uWEcFhI/qMRi2hb88wGxeN7OEAd3u8o/h+Si yoEA== X-Gm-Message-State: AOAM5309a8zgaNCCHUfIlBdx6L4st67tlYUOJAJnxliXBPc/KJy0xfQg /S12TV6XJMdoovWnDzCbADqUCg== X-Google-Smtp-Source: ABdhPJz3fz9uNnH3pm1N5xpLDXk919zAKiGqawBuegK156HeIrG5riLllTgK7fEcIVuXZxaN1UTCSw== X-Received: by 2002:a17:90a:c5:: with SMTP id v5mr46527588pjd.192.1593929559801; Sat, 04 Jul 2020 23:12:39 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id n62sm5275663pjb.28.2020.07.04.23.12.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jul 2020 23:12:37 -0700 (PDT) From: Kees Cook To: Will Deacon Cc: Kees Cook , Andy Lutomirski , Will Drewry , Keno Fischer , Oleg Nesterov , Shuah Khan , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/3] selftests/seccomp: Check ENOSYS under tracing Date: Sat, 4 Jul 2020 23:12:32 -0700 Message-Id: <20200705061232.4151319-4-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200705061232.4151319-1-keescook@chromium.org> References: <20200705061232.4151319-1-keescook@chromium.org> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org There should be no difference between -1 and other negative syscalls while tracing. Cc: Andy Lutomirski Cc: Will Drewry Cc: Will Deacon Cc: Keno Fischer Signed-off-by: Kees Cook --- tools/testing/selftests/seccomp/seccomp_bpf.c | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 966dec340ea8..bf6aa06c435c 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1973,6 +1973,32 @@ FIXTURE_TEARDOWN(TRACE_syscall) teardown_trace_fixture(_metadata, self->tracer); } +TEST(negative_ENOSYS) +{ + /* Untraced negative syscalls should return ENOSYS. */ + errno = 0; + EXPECT_EQ(-1, syscall(-1)); + EXPECT_EQ(errno, ENOSYS); + errno = 0; + EXPECT_EQ(-1, syscall(-101)); + EXPECT_EQ(errno, ENOSYS); +} + +TEST_F(TRACE_syscall, negative_ENOSYS) +{ + /* + * There should be no difference between an "internal" skip + * and userspace asking for syscall "-1". + */ + errno = 0; + EXPECT_EQ(-1, syscall(-1)); + EXPECT_EQ(errno, ENOSYS); + /* And no difference for "still not valid but not -1". */ + errno = 0; + EXPECT_EQ(-1, syscall(-101)); + EXPECT_EQ(errno, ENOSYS); +} + TEST_F(TRACE_syscall, syscall_allowed) { /* getppid works as expected (no changes). */