Lines Matching +full:self +full:- +full:test
1 // SPDX-License-Identifier: GPL-2.0-only
5 * Test code for seccomp bpf.
58 /* Attempt to de-conflict with the selftests tree. */
309 return -1; in __filecmp()
320 TH_LOG("kcmp() syscall missing (test is less accurate)");\
326 TEST(kcmp) in TEST() function
336 TEST(mode_strict_support) in TEST() function
362 /* Note! This doesn't test no new privs behavior */
363 TEST(no_new_privs_support) in TEST() function
374 TEST(mode_filter_support) in TEST() function
383 EXPECT_EQ(-1, ret); in TEST()
389 TEST(mode_filter_without_nnp) in TEST() function
411 EXPECT_EQ(-1, ret); in TEST()
420 TEST(filter_size_limits) in TEST() function
450 prog.len -= 1; in TEST()
457 TEST(filter_chain_limits) in TEST() function
492 TH_LOG("Allowed %d %d-insn filters (total with penalties:%d)", in TEST()
497 TEST(mode_filter_cannot_move_to_strict) in TEST() function
515 EXPECT_EQ(-1, ret); in TEST()
520 TEST(mode_filter_get_seccomp) in TEST() function
545 TEST(ALLOW_all) in TEST() function
563 TEST(empty_prog) in TEST() function
577 EXPECT_EQ(-1, ret); in TEST()
581 TEST(log_all) in TEST() function
699 /* Only both with lower 32-bit for now. */ in TEST_SIGNAL()
739 /* Only both with lower 32-bit for now. */ in TEST_SIGNAL()
764 ASSERT_NE(-1, fd); in TEST_SIGNAL()
775 /* The test failed, so clean up the resources. */ in TEST_SIGNAL()
864 TEST(KILL_thread) in TEST() function
883 TEST(KILL_process) in TEST() function
902 TEST(KILL_unknown) in TEST() function
923 /* TODO(wad) add 64-bit versus 32-bit arg tests. */
924 TEST(arg_out_of_range) in TEST() function
940 EXPECT_EQ(-1, ret); in TEST()
958 TEST(ERRNO_valid) in TEST() function
971 EXPECT_EQ(-1, read(-1, NULL, 0)); in TEST()
976 TEST(ERRNO_zero) in TEST() function
990 EXPECT_EQ(0, read(-1, NULL, 0)); in TEST()
998 TEST(ERRNO_capped) in TEST() function
1011 EXPECT_EQ(-1, read(-1, NULL, 0)); in TEST()
1021 TEST(ERRNO_order) in TEST() function
1042 EXPECT_EQ(-1, read(-1, NULL, 0)); in TEST()
1060 memset(&self->prog, 0, sizeof(self->prog)); in FIXTURE_SETUP()
1061 self->prog.filter = malloc(sizeof(filter)); in FIXTURE_SETUP()
1062 ASSERT_NE(NULL, self->prog.filter); in FIXTURE_SETUP()
1063 memcpy(self->prog.filter, filter, sizeof(filter)); in FIXTURE_SETUP()
1064 self->prog.len = (unsigned short)ARRAY_SIZE(filter); in FIXTURE_SETUP()
1069 if (self->prog.filter) in FIXTURE_TEARDOWN()
1070 free(self->prog.filter); in FIXTURE_TEARDOWN()
1080 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog); in TEST_F_SIGNAL()
1095 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog); in TEST_F_SIGNAL()
1110 int ret, test; in TEST_F() local
1131 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog); in TEST_F()
1139 test = TRAP_nr; in TEST_F()
1140 EXPECT_EQ(SIGSYS, test); in TEST_F()
1151 EXPECT_EQ(__NR_getpid, sigsys->_syscall); in TEST_F()
1152 /* Make sure arch is non-zero. */ in TEST_F()
1153 EXPECT_NE(0, sigsys->_arch); in TEST_F()
1154 EXPECT_NE(0, (unsigned long)sigsys->_call_addr); in TEST_F()
1207 memset(self, 0, sizeof(*self)); in FIXTURE_SETUP()
1209 self->_x.filter = malloc(sizeof(_x##_insns)); \ in FIXTURE_SETUP()
1210 ASSERT_NE(NULL, self->_x.filter); \ in FIXTURE_SETUP()
1211 memcpy(self->_x.filter, &_x##_insns, sizeof(_x##_insns)); \ in FIXTURE_SETUP()
1212 self->_x.len = (unsigned short)ARRAY_SIZE(_x##_insns) in FIXTURE_SETUP()
1223 #define FILTER_FREE(_x) if (self->_x.filter) free(self->_x.filter) in FIXTURE_TEARDOWN()
1241 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1243 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1245 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F()
1247 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F()
1249 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trap); in TEST_F()
1251 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->kill); in TEST_F()
1267 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F_SIGNAL()
1269 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F_SIGNAL()
1271 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F_SIGNAL()
1273 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F_SIGNAL()
1275 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trap); in TEST_F_SIGNAL()
1277 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->kill); in TEST_F_SIGNAL()
1296 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F_SIGNAL()
1298 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->kill); in TEST_F_SIGNAL()
1300 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F_SIGNAL()
1302 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F_SIGNAL()
1304 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F_SIGNAL()
1306 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trap); in TEST_F_SIGNAL()
1323 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F_SIGNAL()
1325 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F_SIGNAL()
1327 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F_SIGNAL()
1329 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F_SIGNAL()
1331 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trap); in TEST_F_SIGNAL()
1348 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F_SIGNAL()
1350 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trap); in TEST_F_SIGNAL()
1352 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F_SIGNAL()
1354 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F_SIGNAL()
1356 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F_SIGNAL()
1373 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1375 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1377 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F()
1379 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F()
1395 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1397 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->error); in TEST_F()
1399 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F()
1401 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1417 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1419 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1421 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F()
1426 EXPECT_EQ(-1, syscall(__NR_getpid)); in TEST_F()
1438 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->trace); in TEST_F()
1440 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1442 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1447 EXPECT_EQ(-1, syscall(__NR_getpid)); in TEST_F()
1460 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1462 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1480 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->log); in TEST_F()
1482 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->allow); in TEST_F()
1516 int ret = -1; in start_tracer()
1526 while (ret == -1 && errno != EINVAL) in start_tracer()
1578 /* Directly report the status of our test harness results. */ in start_tracer()
1579 syscall(__NR_exit, _metadata->passed ? EXIT_SUCCESS : EXIT_FAILURE); in start_tracer()
1626 _metadata->passed = 0; in teardown_trace_fixture()
1653 ret = ptrace(PTRACE_POKEDATA, tracee, info->poke_addr, 0x1001); in tracer_poke()
1674 self->poked = 0; in FIXTURE_SETUP()
1675 memset(&self->prog, 0, sizeof(self->prog)); in FIXTURE_SETUP()
1676 self->prog.filter = malloc(sizeof(filter)); in FIXTURE_SETUP()
1677 ASSERT_NE(NULL, self->prog.filter); in FIXTURE_SETUP()
1678 memcpy(self->prog.filter, filter, sizeof(filter)); in FIXTURE_SETUP()
1679 self->prog.len = (unsigned short)ARRAY_SIZE(filter); in FIXTURE_SETUP()
1682 self->tracer_args.poke_addr = (unsigned long)&self->poked; in FIXTURE_SETUP()
1685 self->tracer = setup_trace_fixture(_metadata, tracer_poke, in FIXTURE_SETUP()
1686 &self->tracer_args, false); in FIXTURE_SETUP()
1691 teardown_trace_fixture(_metadata, self->tracer); in FIXTURE_TEARDOWN()
1692 if (self->prog.filter) in FIXTURE_TEARDOWN()
1693 free(self->prog.filter); in FIXTURE_TEARDOWN()
1703 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); in TEST_F()
1706 EXPECT_EQ(0, self->poked); in TEST_F()
1707 ret = read(-1, NULL, 0); in TEST_F()
1708 EXPECT_EQ(-1, ret); in TEST_F()
1709 EXPECT_EQ(0x1001, self->poked); in TEST_F()
1719 ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0); in TEST_F()
1722 EXPECT_EQ(0, self->poked); in TEST_F()
1724 EXPECT_EQ(0, self->poked); in TEST_F()
1789 * scv 0 system call uses -ve result \
1800 SYSCALL_RET(_regs) = -_result; \
1872 * shared), report it with TH_LOG() in an arch-specific definition
1887 # define EXPECT_SYSCALL_RETURN(val, action) EXPECT_EQ(-1, action)
1893 EXPECT_EQ(-1, action); \
1894 EXPECT_EQ(-(val), errno); \
1915 * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
1935 /* Architecture-specific syscall fetching routine. */
1941 return -1; in get_syscall()
1947 /* Architecture-specific syscall changing routine. */
1980 /* Change syscall return value (and set syscall number to -1). */
1984 long syscall = -1; in change_syscall_ret()
2019 change_syscall_ret(_metadata, tracee, -ESRCH); in tracer_seccomp()
2048 FIXTURE_DATA(TRACE_syscall) *self = args; in tracer_ptrace()
2075 self->syscall_nr = get_syscall(_metadata, tracee); in tracer_ptrace()
2087 switch (self->syscall_nr) { in tracer_ptrace()
2094 syscall_nr_val = -1; in tracer_ptrace()
2098 syscall_nr_val = -1; in tracer_ptrace()
2099 syscall_ret_val = -ESRCH; in tracer_ptrace()
2149 self->mytid = syscall(__NR_gettid); in FIXTURE_SETUP()
2150 ASSERT_GT(self->mytid, 0); in FIXTURE_SETUP()
2151 ASSERT_NE(self->mytid, 1) { in FIXTURE_SETUP()
2152 TH_LOG("Running this test as init is not supported. :)"); in FIXTURE_SETUP()
2155 self->mypid = getpid(); in FIXTURE_SETUP()
2156 ASSERT_GT(self->mypid, 0); in FIXTURE_SETUP()
2157 ASSERT_EQ(self->mytid, self->mypid); in FIXTURE_SETUP()
2159 self->parent = getppid(); in FIXTURE_SETUP()
2160 ASSERT_GT(self->parent, 0); in FIXTURE_SETUP()
2161 ASSERT_NE(self->parent, self->mypid); in FIXTURE_SETUP()
2164 self->tracer = setup_trace_fixture(_metadata, in FIXTURE_SETUP()
2165 variant->use_ptrace ? tracer_ptrace in FIXTURE_SETUP()
2167 self, variant->use_ptrace); in FIXTURE_SETUP()
2173 if (variant->use_ptrace) in FIXTURE_SETUP()
2182 teardown_trace_fixture(_metadata, self->tracer); in FIXTURE_TEARDOWN()
2185 TEST(negative_ENOSYS) in TEST() function
2188 SKIP(return, "arm32 does not support calling syscall -1"); in TEST()
2192 * and userspace asking for syscall "-1". in TEST()
2195 EXPECT_EQ(-1, syscall(-1)); in TEST()
2197 /* And no difference for "still not valid but not -1". */ in TEST()
2199 EXPECT_EQ(-1, syscall(-101)); in TEST()
2211 EXPECT_EQ(self->parent, syscall(__NR_getppid)); in TEST_F()
2212 EXPECT_NE(self->mypid, syscall(__NR_getppid)); in TEST_F()
2218 EXPECT_EQ(self->parent, syscall(__NR_getpid)); in TEST_F()
2219 EXPECT_NE(self->mypid, syscall(__NR_getpid)); in TEST_F()
2225 EXPECT_SYSCALL_RETURN(-ESRCH, syscall(__NR_openat)); in TEST_F()
2254 EXPECT_EQ(-1, syscall(__NR_mknodat, -1, NULL, 0, 0)); in TEST_F_SIGNAL()
2278 EXPECT_EQ(-1, syscall(__NR_getpid)); in TEST_F()
2302 EXPECT_NE(self->mypid, syscall(__NR_getpid)); in TEST_F_SIGNAL()
2305 TEST(seccomp_syscall) in TEST() function
2322 ret = seccomp(-1, 0, &prog); in TEST()
2331 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); in TEST()
2341 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog); in TEST()
2357 TEST(seccomp_syscall_mode_lock) in TEST() function
2394 * Test detection of known and unknown filter flags. Userspace needs to be able
2400 TEST(detect_seccomp_filter_flags) in TEST() function
2414 /* Test detection of individual known-good filter flags */ in TEST()
2432 EXPECT_EQ(-1, ret); in TEST()
2434 TH_LOG("Failed to detect that a known-good filter flag (0x%X) is supported!", in TEST()
2442 * Test detection of all known-good filter flags combined. But in TEST()
2454 EXPECT_EQ(-1, ret); in TEST()
2456 TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!", in TEST()
2461 /* Test detection of an unknown filter flags, without exclusives. */ in TEST()
2462 flag = -1; in TEST()
2465 EXPECT_EQ(-1, ret); in TEST()
2472 * Test detection of an unknown filter flag that may simply need to be in TEST()
2473 * added to this test in TEST()
2475 flag = flags[ARRAY_SIZE(flags) - 1] << 1; in TEST()
2477 EXPECT_EQ(-1, ret); in TEST()
2479 …that an unknown filter flag (0x%X) is unsupported! Does a new flag need to be added to this test?", in TEST()
2484 TEST(TSYNC_first) in TEST() function
2562 memset(&self->root_prog, 0, sizeof(self->root_prog)); in FIXTURE_SETUP()
2563 memset(&self->apply_prog, 0, sizeof(self->apply_prog)); in FIXTURE_SETUP()
2564 memset(&self->sibling, 0, sizeof(self->sibling)); in FIXTURE_SETUP()
2565 self->root_prog.filter = malloc(sizeof(root_filter)); in FIXTURE_SETUP()
2566 ASSERT_NE(NULL, self->root_prog.filter); in FIXTURE_SETUP()
2567 memcpy(self->root_prog.filter, &root_filter, sizeof(root_filter)); in FIXTURE_SETUP()
2568 self->root_prog.len = (unsigned short)ARRAY_SIZE(root_filter); in FIXTURE_SETUP()
2570 self->apply_prog.filter = malloc(sizeof(apply_filter)); in FIXTURE_SETUP()
2571 ASSERT_NE(NULL, self->apply_prog.filter); in FIXTURE_SETUP()
2572 memcpy(self->apply_prog.filter, &apply_filter, sizeof(apply_filter)); in FIXTURE_SETUP()
2573 self->apply_prog.len = (unsigned short)ARRAY_SIZE(apply_filter); in FIXTURE_SETUP()
2575 self->sibling_count = 0; in FIXTURE_SETUP()
2576 pthread_mutex_init(&self->mutex, NULL); in FIXTURE_SETUP()
2577 pthread_cond_init(&self->cond, NULL); in FIXTURE_SETUP()
2578 sem_init(&self->started, 0, 0); in FIXTURE_SETUP()
2579 self->sibling[0].tid = 0; in FIXTURE_SETUP()
2580 self->sibling[0].cond = &self->cond; in FIXTURE_SETUP()
2581 self->sibling[0].started = &self->started; in FIXTURE_SETUP()
2582 self->sibling[0].mutex = &self->mutex; in FIXTURE_SETUP()
2583 self->sibling[0].diverge = 0; in FIXTURE_SETUP()
2584 self->sibling[0].num_waits = 1; in FIXTURE_SETUP()
2585 self->sibling[0].prog = &self->root_prog; in FIXTURE_SETUP()
2586 self->sibling[0].metadata = _metadata; in FIXTURE_SETUP()
2587 self->sibling[1].tid = 0; in FIXTURE_SETUP()
2588 self->sibling[1].cond = &self->cond; in FIXTURE_SETUP()
2589 self->sibling[1].started = &self->started; in FIXTURE_SETUP()
2590 self->sibling[1].mutex = &self->mutex; in FIXTURE_SETUP()
2591 self->sibling[1].diverge = 0; in FIXTURE_SETUP()
2592 self->sibling[1].prog = &self->root_prog; in FIXTURE_SETUP()
2593 self->sibling[1].num_waits = 1; in FIXTURE_SETUP()
2594 self->sibling[1].metadata = _metadata; in FIXTURE_SETUP()
2601 if (self->root_prog.filter) in FIXTURE_TEARDOWN()
2602 free(self->root_prog.filter); in FIXTURE_TEARDOWN()
2603 if (self->apply_prog.filter) in FIXTURE_TEARDOWN()
2604 free(self->apply_prog.filter); in FIXTURE_TEARDOWN()
2606 for ( ; sib < self->sibling_count; ++sib) { in FIXTURE_TEARDOWN()
2607 struct tsync_sibling *s = &self->sibling[sib]; in FIXTURE_TEARDOWN()
2609 if (!s->tid) in FIXTURE_TEARDOWN()
2615 pthread_kill(s->tid, 9); in FIXTURE_TEARDOWN()
2617 pthread_mutex_destroy(&self->mutex); in FIXTURE_TEARDOWN()
2618 pthread_cond_destroy(&self->cond); in FIXTURE_TEARDOWN()
2619 sem_destroy(&self->started); in FIXTURE_TEARDOWN()
2627 me->system_tid = syscall(__NR_gettid); in tsync_sibling()
2629 pthread_mutex_lock(me->mutex); in tsync_sibling()
2630 if (me->diverge) { in tsync_sibling()
2631 /* Just re-apply the root prog to fork the tree */ in tsync_sibling()
2633 me->prog, 0, 0); in tsync_sibling()
2635 sem_post(me->started); in tsync_sibling()
2638 pthread_mutex_unlock(me->mutex); in tsync_sibling()
2642 pthread_cond_wait(me->cond, me->mutex); in tsync_sibling()
2643 me->num_waits = me->num_waits - 1; in tsync_sibling()
2644 } while (me->num_waits); in tsync_sibling()
2645 pthread_mutex_unlock(me->mutex); in tsync_sibling()
2650 read(-1, NULL, 0); in tsync_sibling()
2656 pthread_create(&sibling->tid, NULL, tsync_sibling, (void *)sibling); in tsync_start_sibling()
2688 self->sibling[0].diverge = 1; in TEST_F()
2689 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2690 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2692 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2693 sem_wait(&self->started); in TEST_F()
2694 self->sibling_count++; in TEST_F()
2698 pthread_mutex_lock(&self->mutex); in TEST_F()
2699 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2700 TH_LOG("cond broadcast non-zero"); in TEST_F()
2702 pthread_mutex_unlock(&self->mutex); in TEST_F()
2705 PTHREAD_JOIN(self->sibling[0].tid, &status); in TEST_F()
2707 PTHREAD_JOIN(self->sibling[1].tid, &status); in TEST_F()
2720 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog); in TEST_F()
2727 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2728 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2730 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2731 sem_wait(&self->started); in TEST_F()
2732 self->sibling_count++; in TEST_F()
2736 &self->apply_prog); in TEST_F()
2740 /* Tell the siblings to test the policy */ in TEST_F()
2741 pthread_mutex_lock(&self->mutex); in TEST_F()
2742 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2743 TH_LOG("cond broadcast non-zero"); in TEST_F()
2745 pthread_mutex_unlock(&self->mutex); in TEST_F()
2747 PTHREAD_JOIN(self->sibling[0].tid, &status); in TEST_F()
2749 PTHREAD_JOIN(self->sibling[1].tid, &status); in TEST_F()
2758 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2759 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2760 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2761 sem_wait(&self->started); in TEST_F()
2762 self->sibling_count++; in TEST_F()
2765 /* Tell the siblings to test no policy */ in TEST_F()
2766 pthread_mutex_lock(&self->mutex); in TEST_F()
2767 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2768 TH_LOG("cond broadcast non-zero"); in TEST_F()
2770 pthread_mutex_unlock(&self->mutex); in TEST_F()
2773 PTHREAD_JOIN(self->sibling[0].tid, &status); in TEST_F()
2775 PTHREAD_JOIN(self->sibling[1].tid, &status); in TEST_F()
2785 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2786 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2787 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2788 sem_wait(&self->started); in TEST_F()
2789 self->sibling_count++; in TEST_F()
2797 &self->apply_prog); in TEST_F()
2805 /* Tell the siblings to test the policy */ in TEST_F()
2806 pthread_mutex_lock(&self->mutex); in TEST_F()
2807 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2808 TH_LOG("cond broadcast non-zero"); in TEST_F()
2810 pthread_mutex_unlock(&self->mutex); in TEST_F()
2813 PTHREAD_JOIN(self->sibling[0].tid, &status); in TEST_F()
2815 PTHREAD_JOIN(self->sibling[1].tid, &status); in TEST_F()
2828 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog); in TEST_F()
2835 self->sibling[0].diverge = 1; in TEST_F()
2836 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2837 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2839 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2840 sem_wait(&self->started); in TEST_F()
2841 self->sibling_count++; in TEST_F()
2845 &self->apply_prog); in TEST_F()
2846 ASSERT_EQ(self->sibling[0].system_tid, ret) { in TEST_F()
2851 pthread_mutex_lock(&self->mutex); in TEST_F()
2852 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2853 TH_LOG("cond broadcast non-zero"); in TEST_F()
2855 pthread_mutex_unlock(&self->mutex); in TEST_F()
2858 PTHREAD_JOIN(self->sibling[0].tid, &status); in TEST_F()
2860 PTHREAD_JOIN(self->sibling[1].tid, &status); in TEST_F()
2873 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog); in TEST_F()
2880 self->sibling[0].diverge = 1; in TEST_F()
2881 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2882 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2884 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2885 sem_wait(&self->started); in TEST_F()
2886 self->sibling_count++; in TEST_F()
2891 ret = seccomp(SECCOMP_SET_MODE_FILTER, flags, &self->apply_prog); in TEST_F()
2895 ASSERT_EQ(-1, ret) { in TEST_F()
2900 pthread_mutex_lock(&self->mutex); in TEST_F()
2901 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2902 TH_LOG("cond broadcast non-zero"); in TEST_F()
2904 pthread_mutex_unlock(&self->mutex); in TEST_F()
2907 PTHREAD_JOIN(self->sibling[0].tid, &status); in TEST_F()
2909 PTHREAD_JOIN(self->sibling[1].tid, &status); in TEST_F()
2929 self->sibling[0].diverge = 1; in TEST_F()
2930 tsync_start_sibling(&self->sibling[0]); in TEST_F()
2931 tsync_start_sibling(&self->sibling[1]); in TEST_F()
2933 while (self->sibling_count < TSYNC_SIBLINGS) { in TEST_F()
2934 sem_wait(&self->started); in TEST_F()
2935 self->sibling_count++; in TEST_F()
2938 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &self->root_prog); in TEST_F()
2947 &self->apply_prog); in TEST_F()
2948 ASSERT_EQ(ret, self->sibling[0].system_tid) { in TEST_F()
2952 if (ret == self->sibling[0].system_tid) in TEST_F()
2955 pthread_mutex_lock(&self->mutex); in TEST_F()
2960 self->sibling[!sib].num_waits += 1; in TEST_F()
2963 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2964 TH_LOG("cond broadcast non-zero"); in TEST_F()
2966 pthread_mutex_unlock(&self->mutex); in TEST_F()
2967 PTHREAD_JOIN(self->sibling[sib].tid, &status); in TEST_F()
2970 while (!kill(self->sibling[sib].system_tid, 0)) in TEST_F()
2976 &self->apply_prog); in TEST_F()
2981 pthread_mutex_lock(&self->mutex); in TEST_F()
2986 if (self->sibling[sib].num_waits > 1) in TEST_F()
2987 self->sibling[sib].num_waits = 1; in TEST_F()
2988 ASSERT_EQ(0, pthread_cond_broadcast(&self->cond)) { in TEST_F()
2989 TH_LOG("cond broadcast non-zero"); in TEST_F()
2991 pthread_mutex_unlock(&self->mutex); in TEST_F()
2992 PTHREAD_JOIN(self->sibling[sib].tid, &status); in TEST_F()
2995 while (!kill(self->sibling[sib].system_tid, 0)) in TEST_F()
2999 &self->apply_prog); in TEST_F()
3004 TEST(syscall_restart) in TEST() function
3090 /* Directly report the status of our test harness results. */ in TEST()
3091 syscall(__NR_exit, _metadata->passed ? EXIT_SUCCESS in TEST()
3120 /* Verify signal delivery came from child (seccomp-triggered). */ in TEST()
3158 * - native ARM registers do NOT expose true syscall. in TEST()
3159 * - compat ARM registers on ARM64 DO expose true syscall. in TEST()
3170 /* Write again to end test. */ in TEST()
3177 _metadata->passed = 0; in TEST()
3241 TEST(get_action_avail) in TEST() function
3269 EXPECT_EQ(ret, -1); in TEST()
3273 TEST(get_metadata) in TEST() function
3361 TEST(user_notification_basic) in TEST() function
3386 /* Check that we get -ENOSYS with no listener attached */ in TEST()
3398 /* Add some no-op filters for grins. */ in TEST()
3412 -1); in TEST()
3426 EXPECT_GT(poll(&pollfd, 1, -1), 0); in TEST()
3429 /* Test that we can't pass garbage to the kernel. */ in TEST()
3431 req.pid = -1; in TEST()
3434 EXPECT_EQ(-1, ret); in TEST()
3445 EXPECT_GT(poll(&pollfd, 1, -1), 0); in TEST()
3456 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1); in TEST()
3467 TEST(user_notification_with_tsync) in TEST() function
3480 ASSERT_EQ(-1, user_notif_syscall(__NR_getppid, flags)); in TEST()
3490 TEST(user_notification_kill_in_middle) in TEST() function
3525 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ID_VALID, &req.id), -1); in TEST()
3529 EXPECT_EQ(ret, -1); in TEST()
3533 static int handled = -1;
3541 TEST(user_notification_signal) in TEST() function
3572 * ERESTARTSYS behavior is a bit hard to test, because we need in TEST()
3578 exit(!(ret == -1 && errno == 512)); in TEST()
3596 resp.error = -EPERM; in TEST()
3599 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1); in TEST()
3606 resp.error = -512; /* -ERESTARTSYS */ in TEST()
3616 TEST(user_notification_closed_listener) in TEST() function
3639 exit(ret != -1 && errno != ENOSYS); in TEST()
3652 TEST(user_notification_child_pid_ns) in TEST() function
3693 TEST(user_notification_sibling_pid_ns) in TEST() function
3763 TEST(user_notification_fault_recv) in TEST() function
3786 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, NULL), -1); in TEST()
3804 TEST(seccomp_get_notif_sizes) in TEST() function
3813 TEST(user_notification_continue) in TEST() function
3835 pid_t self; in TEST() local
3843 self = getpid(); in TEST()
3844 ASSERT_EQ(filecmp(self, self, pipe_fds[0], dup_fd), 0); in TEST()
3851 EXPECT_GT(poll(&pollfd, 1, -1), 0); in TEST()
3859 EXPECT_GT(poll(&pollfd, 1, -1), 0); in TEST()
3873 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1); in TEST()
3878 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1); in TEST()
3899 TEST(user_notification_filter_empty) in TEST() function
3916 SKIP(return, "Test not built with clone3 support"); in TEST()
3956 TEST(user_notification_filter_empty_threaded) in TEST() function
3973 SKIP(return, "Test not built with clone3 support"); in TEST()
4040 TEST(user_notification_addfd) in TEST() function
4053 /* There may be arbitrary already-open fds at test start. */ in TEST()
4054 memfd = memfd_create("test", 0); in TEST()
4078 if (fcntl(syscall(__NR_getppid), F_GETFD) == -1) in TEST()
4093 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1); in TEST()
4099 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1); in TEST()
4105 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1); in TEST()
4110 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD_SMALL, &small), -1); in TEST()
4116 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD_BIG, &big), -1); in TEST()
4151 while (ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd) != -1 && in TEST()
4152 errno != -EINPROGRESS) in TEST()
4177 while (ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd) != -1 && in TEST()
4178 errno != -EINPROGRESS) in TEST()
4198 TEST(user_notification_addfd_rlimit) in TEST() function
4211 memfd = memfd_create("test", 0); in TEST()
4241 /* Should probably spot check /proc/sys/fs/file-nr */ in TEST()
4242 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1); in TEST()
4246 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1); in TEST()
4251 EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_ADDFD, &addfd), -1); in TEST()
4273 TEST(user_notification_sync) in TEST() function
4291 EXPECT_SYSCALL_RETURN(-EINVAL, in TEST()
4334 self->pid = 0; in FIXTURE_SETUP()
4346 self->pid = fork(); in FIXTURE_SETUP()
4347 ASSERT_GE(self->pid, 0); in FIXTURE_SETUP()
4349 if (self->pid == 0) { in FIXTURE_SETUP()
4358 if (self->pid) in FIXTURE_TEARDOWN()
4359 kill(self->pid, SIGKILL); in FIXTURE_TEARDOWN()
4366 ASSERT_EQ(0, ptrace(PTRACE_ATTACH, self->pid, NULL, 0)); in TEST_F()
4367 ASSERT_EQ(self->pid, wait(&wstatus)); in TEST_F()
4368 ASSERT_EQ(-1, ptrace(PTRACE_SETOPTIONS, self->pid, NULL, PTRACE_O_SUSPEND_SECCOMP)); in TEST_F()
4378 ret = ptrace(PTRACE_SEIZE, self->pid, NULL, PTRACE_O_SUSPEND_SECCOMP); in TEST_F()
4379 ASSERT_EQ(-1, ret); in TEST_F()
4386 * get_nth - Get the nth, space separated entry in a file.
4389 * Throws error if field is zero-lengthed.
4418 return nread - 1; in get_nth()
4437 TEST(user_notification_fifo) in TEST() function
4516 /* get_proc_syscall - Get the syscall in progress for a given pid
4519 * Returns -1 if not in syscall (running or blocked)
4524 long ret = -1; in get_proc_syscall()
4539 /* Ensure non-fatal signals prior to receive are unmodified */
4540 TEST(user_notification_wait_killable_pre_notification) in TEST() function
4579 /* Setup the non-fatal sigaction without SA_RESTART */ in TEST()
4587 exit(ret != -1 || errno != EINTR); in TEST()
4598 /* Send non-fatal kill signal */ in TEST()
4609 /* Ensure non-fatal signals after receive are blocked */
4610 TEST(user_notification_wait_killable) in TEST() function
4659 * non-preemptible (TASK_KILLABLE) state. in TEST()
4662 /* Send non-fatal kill signal */ in TEST()
4667 * D (Disk Sleep) state after receiving non-fatal signal. in TEST()
4689 TEST(user_notification_wait_killable_fatal) in TEST() function
4723 * non-preemptible (TASK_KILLABLE) state. in TEST()
4740 * - expand NNP testing
4741 * - better arch-specific TRACE and TRAP handlers.
4742 * - endianness checking when appropriate
4743 * - 64-bit arg prodding
4744 * - arch value testing (x86 modes especially)
4745 * - verify that FILTER_FLAG_LOG filters generate log messages
4746 * - verify that RET_LOG generates log messages