Message ID | 20221119130619.10107-1-zhe.he@windriver.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [v2] syscalls/prctl04: Fix false positive report when SECCOMP_MODE_FILTER is not supported | expand |
Hi He > The child process really should not receive the expected siganl, SIGSYS, when > kernel doesn't support SECCOMP_MODE_FILTER. > > This patch tests if SECCOMP_MODE_FILTER is supported in setup and adds a > variable to record it. > > Before this patch: > root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04 > tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s > ---- snip ---- > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > prctl04.c:204: TFAIL: SECCOMP_MODE_FILTER permits exit() unexpectedly > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > > After this patch: > root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04 > tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s > ---- snip ---- > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER > > Signed-off-by: He Zhe <zhe.he@windriver.com> > --- > v2: Add a variable to record the support status instead of exit(1) > > testcases/kernel/syscalls/prctl/prctl04.c | 22 +++++++++++++++++----- > 1 file changed, 17 insertions(+), 5 deletions(-) > > diff --git a/testcases/kernel/syscalls/prctl/prctl04.c b/testcases/kernel/syscalls/prctl/prctl04.c > index b9f4c2a10..94e8db273 100644 > --- a/testcases/kernel/syscalls/prctl/prctl04.c > +++ b/testcases/kernel/syscalls/prctl/prctl04.c > @@ -93,6 +93,9 @@ static struct tcase { > "SECCOMP_MODE_FILTER doesn't permit exit()"} > }; > > + > +static int mode_filter_not_supported; > + > static void check_filter_mode_inherit(void) > { > int childpid; > @@ -158,9 +161,8 @@ static void check_filter_mode(int val) > > TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &strict)); > if (TST_RET == -1) { > - if (TST_ERR == EINVAL) > - tst_res(TCONF, > - "kernel doesn't support SECCOMP_MODE_FILTER"); > + if (mode_filter_not_supported == 1 && TST_ERR == EINVAL) > + tst_res(TCONF, "kernel doesn't support SECCOMP_MODE_FILTER"); I think we can move the mode_filter_not_supported to the beginning of check_filter_mode_inherit instead of here because we don't need to call prctl again. Best Regards Yang Xu > else > tst_res(TFAIL | TERRNO, > "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed"); > @@ -208,7 +210,7 @@ static void verify_prctl(unsigned int n) > return; > } > > - if (tc->pass_flag == 2) > + if (mode_filter_not_supported == 0 && tc->pass_flag == 2) > tst_res(TFAIL, > "SECCOMP_MODE_FILTER permits exit() unexpectedly"); > } > @@ -218,7 +220,17 @@ static void setup(void) > { > TEST(prctl(PR_GET_SECCOMP)); > if (TST_RET == 0) { > - tst_res(TINFO, "kernel support PR_GET/SET_SECCOMP"); > + tst_res(TINFO, "kernel supports PR_GET/SET_SECCOMP"); > + > + TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL)); > + if (TST_RET == -1) > + if (TST_ERR == EINVAL) { > + mode_filter_not_supported = 1; > + return; > + } > + > + tst_res(TINFO, "kernel supports SECCOMP_MODE_FILTER"); > + > return; > } >
diff --git a/testcases/kernel/syscalls/prctl/prctl04.c b/testcases/kernel/syscalls/prctl/prctl04.c index b9f4c2a10..94e8db273 100644 --- a/testcases/kernel/syscalls/prctl/prctl04.c +++ b/testcases/kernel/syscalls/prctl/prctl04.c @@ -93,6 +93,9 @@ static struct tcase { "SECCOMP_MODE_FILTER doesn't permit exit()"} }; + +static int mode_filter_not_supported; + static void check_filter_mode_inherit(void) { int childpid; @@ -158,9 +161,8 @@ static void check_filter_mode(int val) TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &strict)); if (TST_RET == -1) { - if (TST_ERR == EINVAL) - tst_res(TCONF, - "kernel doesn't support SECCOMP_MODE_FILTER"); + if (mode_filter_not_supported == 1 && TST_ERR == EINVAL) + tst_res(TCONF, "kernel doesn't support SECCOMP_MODE_FILTER"); else tst_res(TFAIL | TERRNO, "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed"); @@ -208,7 +210,7 @@ static void verify_prctl(unsigned int n) return; } - if (tc->pass_flag == 2) + if (mode_filter_not_supported == 0 && tc->pass_flag == 2) tst_res(TFAIL, "SECCOMP_MODE_FILTER permits exit() unexpectedly"); } @@ -218,7 +220,17 @@ static void setup(void) { TEST(prctl(PR_GET_SECCOMP)); if (TST_RET == 0) { - tst_res(TINFO, "kernel support PR_GET/SET_SECCOMP"); + tst_res(TINFO, "kernel supports PR_GET/SET_SECCOMP"); + + TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL)); + if (TST_RET == -1) + if (TST_ERR == EINVAL) { + mode_filter_not_supported = 1; + return; + } + + tst_res(TINFO, "kernel supports SECCOMP_MODE_FILTER"); + return; }
The child process really should not receive the expected siganl, SIGSYS, when kernel doesn't support SECCOMP_MODE_FILTER. This patch tests if SECCOMP_MODE_FILTER is supported in setup and adds a variable to record it. Before this patch: root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04 tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s ---- snip ---- prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER prctl04.c:204: TFAIL: SECCOMP_MODE_FILTER permits exit() unexpectedly prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER After this patch: root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04 tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s ---- snip ---- prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER Signed-off-by: He Zhe <zhe.he@windriver.com> --- v2: Add a variable to record the support status instead of exit(1) testcases/kernel/syscalls/prctl/prctl04.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-)