seccomp updates for v5.17-rc1

- Improve seccomp selftests in support of signal handler refactoring (Kees Cook)
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmHV0rkWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJj6XD/9hgsz2VEQHIL2oDLiqCvS42L36
 lAZ1l4htcg2/x20Lj1u7BHgwDV74UyXXGrmpL4IHEdi6eLbE0Lg6c9FePn8oQjfY
 h9Bq9y82Q9JgWr3v6Mn1nR3zGb2tq/ThDS6VIMb6vGJ+3hKX4qTg56rANlV7cLgH
 0q8Z9oECf3Xsgw7uZGAzSNbU69aZerCgkrdMqQAjE1dBqzwKoLEa9E+b6INf+Tio
 SCsz5F3TnQ8KbvYim9JF7WSBOhQtY3ZP1oYiJjQXnRhCSvAZAC42c63rynLYm3ep
 v4epzONb8XUrwZVpSTwh31na7DDdRywIMr0YS6otvtaQ8jirnuDhVhGPx2ltDUis
 sgPJl39C6Hl1cR7/Fl8k7lWYh5nZOUbecn7V2Ihs2eEvayMBFLwED/0EZmVnFva/
 3Bq3B8n38VpshDmP6ADB+Ii1spCCNC8c3llyUoMHS/Ghw3K6fgd18UoMqHf6VssM
 0sEsllvbQfI2F7LXhg8+264Q3fihsgBUV3OyVXNwzC9tiBR5azj/mSYzU604H9Wf
 1jwUvldTg7GB+N3K7qtAj4VGE2zOSh3fL9v8LvCovlgvNzPOBpkL3xLuLZxFVlHH
 y2C1mohGDdTLOg4d6g3HZaWrmlq2F14kCT9V3XNbEbHhijNLks+xQcDLvYjlnEL1
 jbRqj3UgGarzSiC1uw==
 =JeMn
 -----END PGP SIGNATURE-----

Merge tag 'seccomp-v5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull seccomp updates from Kees Cook:
 "The core seccomp code hasn't changed for this cycle, but the selftests
  were improved while helping to debug the recent signal handling
  refactoring work Eric did.

  Summary:

   - Improve seccomp selftests in support of signal handler refactoring
     (Kees Cook)"

* tag 'seccomp-v5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  selftests/seccomp: Report event mismatches more clearly
  selftests/seccomp: Stop USER_NOTIF test if kcmp() fails
This commit is contained in:
Linus Torvalds 2022-01-10 11:50:57 -08:00
commit 9d3a1e0a88
1 changed files with 51 additions and 7 deletions

View File

@ -1487,7 +1487,7 @@ TEST_F(precedence, log_is_fifth_in_any_order)
#define PTRACE_EVENT_SECCOMP 7 #define PTRACE_EVENT_SECCOMP 7
#endif #endif
#define IS_SECCOMP_EVENT(status) ((status >> 16) == PTRACE_EVENT_SECCOMP) #define PTRACE_EVENT_MASK(status) ((status) >> 16)
bool tracer_running; bool tracer_running;
void tracer_stop(int sig) void tracer_stop(int sig)
{ {
@ -1539,12 +1539,22 @@ void start_tracer(struct __test_metadata *_metadata, int fd, pid_t tracee,
if (wait(&status) != tracee) if (wait(&status) != tracee)
continue; continue;
if (WIFSIGNALED(status) || WIFEXITED(status))
/* Child is dead. Time to go. */
return;
/* Check if this is a seccomp event. */ if (WIFSIGNALED(status)) {
ASSERT_EQ(!ptrace_syscall, IS_SECCOMP_EVENT(status)); /* Child caught a fatal signal. */
return;
}
if (WIFEXITED(status)) {
/* Child exited with code. */
return;
}
/* Check if we got an expected event. */
ASSERT_EQ(WIFCONTINUED(status), false);
ASSERT_EQ(WIFSTOPPED(status), true);
ASSERT_EQ(WSTOPSIG(status) & SIGTRAP, SIGTRAP) {
TH_LOG("Unexpected WSTOPSIG: %d", WSTOPSIG(status));
}
tracer_func(_metadata, tracee, status, args); tracer_func(_metadata, tracee, status, args);
@ -1961,6 +1971,11 @@ void tracer_seccomp(struct __test_metadata *_metadata, pid_t tracee,
int ret; int ret;
unsigned long msg; unsigned long msg;
EXPECT_EQ(PTRACE_EVENT_MASK(status), PTRACE_EVENT_SECCOMP) {
TH_LOG("Unexpected ptrace event: %d", PTRACE_EVENT_MASK(status));
return;
}
/* Make sure we got the right message. */ /* Make sure we got the right message. */
ret = ptrace(PTRACE_GETEVENTMSG, tracee, NULL, &msg); ret = ptrace(PTRACE_GETEVENTMSG, tracee, NULL, &msg);
EXPECT_EQ(0, ret); EXPECT_EQ(0, ret);
@ -2011,6 +2026,11 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
long *syscall_nr = NULL, *syscall_ret = NULL; long *syscall_nr = NULL, *syscall_ret = NULL;
FIXTURE_DATA(TRACE_syscall) *self = args; FIXTURE_DATA(TRACE_syscall) *self = args;
EXPECT_EQ(WSTOPSIG(status) & 0x80, 0x80) {
TH_LOG("Unexpected WSTOPSIG: %d", WSTOPSIG(status));
return;
}
/* /*
* The traditional way to tell PTRACE_SYSCALL entry/exit * The traditional way to tell PTRACE_SYSCALL entry/exit
* is by counting. * is by counting.
@ -2128,6 +2148,7 @@ FIXTURE_SETUP(TRACE_syscall)
ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
/* Do not install seccomp rewrite filters, as we'll use ptrace instead. */
if (variant->use_ptrace) if (variant->use_ptrace)
return; return;
@ -2186,6 +2207,29 @@ TEST_F(TRACE_syscall, syscall_faked)
EXPECT_SYSCALL_RETURN(45000, syscall(__NR_gettid)); EXPECT_SYSCALL_RETURN(45000, syscall(__NR_gettid));
} }
TEST_F_SIGNAL(TRACE_syscall, kill_immediate, SIGSYS)
{
struct sock_filter filter[] = {
BPF_STMT(BPF_LD|BPF_W|BPF_ABS,
offsetof(struct seccomp_data, nr)),
BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_mknodat, 0, 1),
BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL_THREAD),
BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
};
struct sock_fprog prog = {
.len = (unsigned short)ARRAY_SIZE(filter),
.filter = filter,
};
long ret;
/* Install "kill on mknodat" filter. */
ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0);
ASSERT_EQ(0, ret);
/* This should immediately die with SIGSYS, regardless of tracer. */
EXPECT_EQ(-1, syscall(__NR_mknodat, -1, NULL, 0, 0));
}
TEST_F(TRACE_syscall, skip_after) TEST_F(TRACE_syscall, skip_after)
{ {
struct sock_filter filter[] = { struct sock_filter filter[] = {
@ -4087,7 +4131,7 @@ TEST(user_notification_addfd)
* lowest available fd to be assigned here. * lowest available fd to be assigned here.
*/ */
EXPECT_EQ(fd, nextfd++); EXPECT_EQ(fd, nextfd++);
EXPECT_EQ(filecmp(getpid(), pid, memfd, fd), 0); ASSERT_EQ(filecmp(getpid(), pid, memfd, fd), 0);
/* /*
* This sets the ID of the ADD FD to the last request plus 1. The * This sets the ID of the ADD FD to the last request plus 1. The