[LTP] [PATCH v2] syscalls/prctl04: Fix false positive report when SECCOMP_MODE_FILTER is not supported
xuyang2018.jy@fujitsu.com
xuyang2018.jy@fujitsu.com
Tue Nov 22 07:39:56 CET 2022
Hi He
> The child process really should not receive the expected siganl, SIGSYS, when
> kernel doesn't support SECCOMP_MODE_FILTER.
>
> This patch tests if SECCOMP_MODE_FILTER is supported in setup and adds a
> variable to record it.
>
> Before this patch:
> root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04
> tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s
> ---- snip ----
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
> prctl04.c:204: TFAIL: SECCOMP_MODE_FILTER permits exit() unexpectedly
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>
> After this patch:
> root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04
> tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s
> ---- snip ----
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>
> Signed-off-by: He Zhe <zhe.he@windriver.com>
> ---
> v2: Add a variable to record the support status instead of exit(1)
>
> testcases/kernel/syscalls/prctl/prctl04.c | 22 +++++++++++++++++-----
> 1 file changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/testcases/kernel/syscalls/prctl/prctl04.c b/testcases/kernel/syscalls/prctl/prctl04.c
> index b9f4c2a10..94e8db273 100644
> --- a/testcases/kernel/syscalls/prctl/prctl04.c
> +++ b/testcases/kernel/syscalls/prctl/prctl04.c
> @@ -93,6 +93,9 @@ static struct tcase {
> "SECCOMP_MODE_FILTER doesn't permit exit()"}
> };
>
> +
> +static int mode_filter_not_supported;
> +
> static void check_filter_mode_inherit(void)
> {
> int childpid;
> @@ -158,9 +161,8 @@ static void check_filter_mode(int val)
>
> TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &strict));
> if (TST_RET == -1) {
> - if (TST_ERR == EINVAL)
> - tst_res(TCONF,
> - "kernel doesn't support SECCOMP_MODE_FILTER");
> + if (mode_filter_not_supported == 1 && TST_ERR == EINVAL)
> + tst_res(TCONF, "kernel doesn't support SECCOMP_MODE_FILTER");
I think we can move the mode_filter_not_supported to the beginning of
check_filter_mode_inherit instead of here because we don't need to call
prctl again.
Best Regards
Yang Xu
> else
> tst_res(TFAIL | TERRNO,
> "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed");
> @@ -208,7 +210,7 @@ static void verify_prctl(unsigned int n)
> return;
> }
>
> - if (tc->pass_flag == 2)
> + if (mode_filter_not_supported == 0 && tc->pass_flag == 2)
> tst_res(TFAIL,
> "SECCOMP_MODE_FILTER permits exit() unexpectedly");
> }
> @@ -218,7 +220,17 @@ static void setup(void)
> {
> TEST(prctl(PR_GET_SECCOMP));
> if (TST_RET == 0) {
> - tst_res(TINFO, "kernel support PR_GET/SET_SECCOMP");
> + tst_res(TINFO, "kernel supports PR_GET/SET_SECCOMP");
> +
> + TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL));
> + if (TST_RET == -1)
> + if (TST_ERR == EINVAL) {
> + mode_filter_not_supported = 1;
> + return;
> + }
> +
> + tst_res(TINFO, "kernel supports SECCOMP_MODE_FILTER");
> +
> return;
> }
>
More information about the ltp
mailing list