On Sat, Jul 04, 2020 at 11:12:32PM -0700, Kees Cook wrote:
There should be no difference between -1 and other negative syscalls while tracing.
Cc: Andy Lutomirski luto@amacapital.net Cc: Will Drewry wad@chromium.org Cc: Will Deacon will@kernel.org Cc: Keno Fischer keno@juliacomputing.com Signed-off-by: Kees Cook keescook@chromium.org
tools/testing/selftests/seccomp/seccomp_bpf.c | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 966dec340ea8..bf6aa06c435c 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1973,6 +1973,32 @@ FIXTURE_TEARDOWN(TRACE_syscall) teardown_trace_fixture(_metadata, self->tracer); } +TEST(negative_ENOSYS) +{
- /* Untraced negative syscalls should return ENOSYS. */
- errno = 0;
- EXPECT_EQ(-1, syscall(-1));
- EXPECT_EQ(errno, ENOSYS);
- errno = 0;
- EXPECT_EQ(-1, syscall(-101));
- EXPECT_EQ(errno, ENOSYS);
+}
+TEST_F(TRACE_syscall, negative_ENOSYS) +{
- /*
* There should be no difference between an "internal" skip* and userspace asking for syscall "-1".*/- errno = 0;
- EXPECT_EQ(-1, syscall(-1));
- EXPECT_EQ(errno, ENOSYS);
- /* And no difference for "still not valid but not -1". */
- errno = 0;
- EXPECT_EQ(-1, syscall(-101));
- EXPECT_EQ(errno, ENOSYS);
+}
I realized after sending this that the second function could just be:
+TEST_F(TRACE_syscall, negative_ENOSYS) +{ + negative_ENOSYS(_metadata); +}
:)
TEST_F(TRACE_syscall, syscall_allowed) { /* getppid works as expected (no changes). */ -- 2.25.1