<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=GBK">
  </head>
  <body>
    <p><br>
    </p>
    <div class="moz-cite-prefix">
      <pre>on 2019/11/07 22:54, Cyril Hrubis wrote:</pre>
    </div>
    <blockquote type="cite" cite="mid:20191107145416.GA25608@rei.lan">
      <pre class="moz-quote-pre" wrap="">Hi!
</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap=""> #include <errno.h>
 #include <signal.h>
 #include <sys/prctl.h>
-
+#include <linux/filter.h>
+#include <linux/capability.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include "config.h"
+#include "lapi/prctl.h"
+#include "lapi/seccomp.h"
+#include "lapi/syscalls.h"
 #include "tst_test.h"
+#include "tst_capability.h"
 
 #define OPTION_INVALID 999
 #define INVALID_ARG 999
 
+static const struct sock_filter  strict_filter[] = {
+       BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (offsetof (struct seccomp_data, nr))),
+
+       BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_close, 5, 0),
+       BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_exit,  4, 0),
+       BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_wait4, 3, 0),
+       BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_write, 2, 0),
+       BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_clone, 1, 0),
+
+       BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL),
+       BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW)
+};
+
+static const struct sock_fprog  strict = {
+       .len = (unsigned short)ARRAY_SIZE(strict_filter),
+       .filter = (struct sock_filter *)strict_filter
+};
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
We do have the exact same bytecode in the prctl04.c, can we put it to a
header and include it in both tests?

Or alternatively do we need more than just one-liner with
BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW) here?</pre>
    </blockquote>
    <pre>we only need one-liner with BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW) here.
</pre>
    <blockquote type="cite" cite="mid:20191107145416.GA25608@rei.lan">
      <pre class="moz-quote-pre" wrap="">

</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap=""> static struct tcase {
        int option;
        unsigned long arg2;
+       unsigned long arg3;
        int exp_errno;
+       int bad_addr;
 } tcases[] = {
-       {OPTION_INVALID, 0, EINVAL},
-       {PR_SET_PDEATHSIG, INVALID_ARG, EINVAL},
+       {OPTION_INVALID, 0, 0, EINVAL, 0},
+       {PR_SET_PDEATHSIG, INVALID_ARG, 0, EINVAL, 0},
+       {PR_SET_DUMPABLE, 2, 0, EINVAL, 0},
+       {PR_SET_NAME, 0, 0, EFAULT, 1},
+       {PR_SET_SECCOMP, 2, 0, EFAULT, 1},
+       {PR_SET_SECCOMP, 2, 2, EACCES, 0},
+       {PR_SET_TIMING, 1, 0, EINVAL, 0},
+#ifdef HAVE_DECL_PR_SET_NO_NEW_PRIVS
+       {PR_SET_NO_NEW_PRIVS, 0, 0, EINVAL, 0},
+       {PR_SET_NO_NEW_PRIVS, 1, 1, EINVAL, 0},
+       {PR_GET_NO_NEW_PRIVS, 1, 0, EINVAL, 0},
+#endif
+#ifdef HAVE_DECL_PR_SET_THP_DISABLE
+       {PR_SET_THP_DISABLE, 0, 1, EINVAL, 0},
+       {PR_GET_THP_DISABLE, 1, 0, EINVAL, 0},
+#endif
+#ifdef HAVE_DECL_PR_CAP_AMBIENT
+       {PR_CAP_AMBIENT, 2, 1, EINVAL, 0},
+#endif
+#ifdef HAVE_DECL_PR_GET_SPECULATION_CTR
+       {PR_GET_SPECULATION_CTRL, 1, 0, EINVAL, 0},
+#endif
+       {PR_SET_SECUREBITS, 0, 0, EPERM, 0},
+       {PR_CAPBSET_DROP, 1, 0, EPERM, 0},
 };
 
 static void verify_prctl(unsigned int n)
 {
        struct tcase *tc = &tcases[n];
 
-       TEST(prctl(tc->option, tc->arg2));
+       if (tc->arg3 == 2)
+               tc->arg3 = (unsigned long)&strict;
+       if (tc->bad_addr) {
+               if (tc->arg2)
+                       tc->arg3 = (unsigned long)tst_get_bad_addr(NULL);
+               else
+                       tc->arg2 = (unsigned long)tst_get_bad_addr(NULL);
+       }
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
I do not like this hackery, can't we just change the test to use
pointers to pointers and initialize global variables in the test setup
as we usually do?</pre>
    </blockquote>
    <pre>Ok. I will do it as we usually do.</pre>
    <blockquote type="cite" cite="mid:20191107145416.GA25608@rei.lan">
      <pre class="moz-quote-pre" wrap="">

</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap="">+  TEST(prctl(tc->option, tc->arg2, tc->arg3));
        if (TST_RET == 0) {
                tst_res(TFAIL, "prctl() succeeded unexpectedly");
                return;
@@ -38,7 +123,10 @@ static void verify_prctl(unsigned int n)
        if (tc->exp_errno == TST_ERR) {
                tst_res(TPASS | TTERRNO, "prctl() failed as expected");
        } else {
-               tst_res(TFAIL | TTERRNO, "prctl() failed unexpectedly, expected %s",
+               if (tc->option == PR_SET_SECCOMP && TST_ERR == EINVAL)
+                       tst_res(TCONF, "current system was not built with CONFIG_SECCOMP.");
+               else
+                       tst_res(TFAIL | TTERRNO, "prctl() failed unexpectedly, expected %s",
                                tst_strerrno(tc->exp_errno));
        }
 }
@@ -46,4 +134,9 @@ static void verify_prctl(unsigned int n)
 static struct tst_test test = {
        .tcnt = ARRAY_SIZE(tcases),
        .test = verify_prctl,
+       .caps = (struct tst_cap []) {
+               TST_CAP(TST_CAP_DROP, CAP_SYS_ADMIN),
+               TST_CAP(TST_CAP_DROP, CAP_SETPCAP),
+               {}
+       },
 };
-- 
2.18.0




-- 
Mailing list info: <a class="moz-txt-link-freetext" href="https://lists.linux.it/listinfo/ltp">https://lists.linux.it/listinfo/ltp</a>
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
</pre>
    </blockquote>
  </body>
</html>