[LTP] [PATCH v3] syscalls/prctl04: Fix false positive report when SECCOMP_MODE_FILTER is not supported
xuyang2018.jy@fujitsu.com
xuyang2018.jy@fujitsu.com
Wed Nov 23 07:17:32 CET 2022
Hi he
> Hi He
>
>> The child process really should not receive the expected siganl, SIGSYS, when
>> kernel doesn't support SECCOMP_MODE_FILTER.
> I still feel confused, so which subtestcase has problem since we have do
> check whether support SECCOMP_MODE_FILTER in check_filter_mode.
It seems kernel without CONFIG_SECCOMP doesn't report errror when set
filter, so the previous check doesn't work.
>>
>> This patch tests if SECCOMP_MODE_FILTER is supported in setup and adds a
>> variable to record it.
>>
>> Before this patch:
>> root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04
>> tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s
>> ---- snip ----
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>> prctl04.c:204: TFAIL: SECCOMP_MODE_FILTER permits exit() unexpectedly
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>>
>> After this patch:
>> root@xilinx-zynq:~# /opt/ltp/testcases/bin/prctl04
>> tst_test.c:1431: TINFO: Timeout per run is 0h 05m 00s
>> ---- snip ----
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>> prctl04.c:154: TCONF: kernel doesn't support SECCOMP_MODE_FILTER
>
>
> The line 154 and 204 is refer to origin case[1], so do you use the
> lastest ltp?
>
> [1]
> https://github.com/linux-test-project/ltp/commit/3ddc217d7b466f16782c257e29e18b251969edec#diff-6ae2f0e9ae152457424103cc20b7885e242f33f58b2e543b7941671f418d9485R154
>
> Best Regards
> Yang Xu
>>
>> Signed-off-by: He Zhe <zhe.he@windriver.com>
>> ---
>> v2: Add a variable to record the support status instead of exit(1)
>> v3: Move mode_filter_not_supported check a bit upper to save a prctl call
>>
>> testcases/kernel/syscalls/prctl/prctl04.c | 30 +++++++++++++++++------
>> 1 file changed, 22 insertions(+), 8 deletions(-)
>>
>> diff --git a/testcases/kernel/syscalls/prctl/prctl04.c b/testcases/kernel/syscalls/prctl/prctl04.c
>> index b9f4c2a10..d3de4b0d6 100644
>> --- a/testcases/kernel/syscalls/prctl/prctl04.c
>> +++ b/testcases/kernel/syscalls/prctl/prctl04.c
>> @@ -93,6 +93,9 @@ static struct tcase {
>> "SECCOMP_MODE_FILTER doesn't permit exit()"}
>> };
>>
>> +
>> +static int mode_filter_not_supported;
>> +
>> static void check_filter_mode_inherit(void)
>> {
>> int childpid;
>> @@ -154,16 +157,17 @@ static void check_filter_mode(int val)
>> {
>> int fd;
>>
>> + if (mode_filter_not_supported == 1) {
>> + tst_res(TCONF, "kernel doesn't support SECCOMP_MODE_FILTER");
>> + return;
>> + }
>> +
>> fd = SAFE_OPEN(FNAME, O_RDWR | O_CREAT, 0666);
>>
>> TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &strict));
>> if (TST_RET == -1) {
>> - if (TST_ERR == EINVAL)
>> - tst_res(TCONF,
>> - "kernel doesn't support SECCOMP_MODE_FILTER");
>> - else
>> - tst_res(TFAIL | TERRNO,
>> - "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed");
>> + tst_res(TFAIL | TERRNO,
>> + "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed");
>> return;
>> }
>>
>> @@ -208,7 +212,7 @@ static void verify_prctl(unsigned int n)
>> return;
>> }
>>
>> - if (tc->pass_flag == 2)
>> + if (mode_filter_not_supported == 0 && tc->pass_flag == 2)
I prefer to use "tc->pass_flag == 2 && mode_filter_not_supported ==
0"because only one case's pass_flag value is 2, so we don't need to run
the latter to many times when kernel without CONFIG_SECCOMP_FILTER.
with commit message fix and this fix,
Reviewed-by: Yang Xu <xuyang2018.jy@fujitsu.com>
ps:BTW, I think split this case into two cases by checking strict mode
and filter_mode is more clear ie prctl04_1.c prctl04_2.c, so we can add
these kernel checks by using tst_test struct's need_kconfig member.
Best Regards
Yang Xu
>> tst_res(TFAIL,
>> "SECCOMP_MODE_FILTER permits exit() unexpectedly");
>> }
>> @@ -218,7 +222,17 @@ static void setup(void)
>> {
>> TEST(prctl(PR_GET_SECCOMP));
>> if (TST_RET == 0) {
>> - tst_res(TINFO, "kernel support PR_GET/SET_SECCOMP");
>> + tst_res(TINFO, "kernel supports PR_GET/SET_SECCOMP");
>> +
>> + TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL));
>> + if (TST_RET == -1)
>> + if (TST_ERR == EINVAL) {
>> + mode_filter_not_supported = 1;
>> + return;
>> + }
>> +
>> + tst_res(TINFO, "kernel supports SECCOMP_MODE_FILTER");
>> +
>> return;
>> }
>>
>
More information about the ltp
mailing list