Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/tools/testing/selftests/seccomp?h=master 2022-07-27T19:12:16Z 2022-07-27T19:12:16Z YiFei Zhu zhuyifei@google.com 2022-05-26T22:34:07Z urn:sha1:3ce4b78f73e8e00fb86bad67ee7f6fe12019707e clang has -Wconstant-conversion by default, and the constant 0xAAAAAAAAA (9 As) being converted to an int, which is generally 32 bits, results in the compile warning: clang -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/ -lpthread seccomp_bpf.c -lcap -o seccomp_bpf seccomp_bpf.c:812:67: warning: implicit conversion from 'long' to 'int' changes value from 45812984490 to -1431655766 [-Wconstant-conversion] int kill = kill_how == KILL_PROCESS ? SECCOMP_RET_KILL_PROCESS : 0xAAAAAAAAA; ~~~~ ^~~~~~~~~~~ 1 warning generated. -1431655766 is the expected truncation, 0xAAAAAAAA (8 As), so use this directly in the code to avoid the warning. Fixes: 3932fcecd962 ("selftests/seccomp: Add test for unknown SECCOMP_RET kill behavior") Signed-off-by: YiFei Zhu <zhuyifei@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220526223407.1686936-1-zhuyifei@google.com 2022-05-04T20:31:21Z Colin Ian King colin.i.king@gmail.com 2022-05-04T15:55:35Z urn:sha1:5e91d2a4146946ea0abc984ca957f12b70632901 There is a spelling mistake in an error message. Fix it. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220504155535.239180-1-colin.i.king@gmail.com 2022-05-03T21:20:49Z Sargun Dhillon sargun@sargun.me 2022-05-03T08:09:58Z urn:sha1:3b96a9c522b2ee267fa1f46943ebc5d9cdd7b3dc This verifies that if a filter is set up with the wait killable feature that it obeys the semantics that non-fatal signals are ignored during a notification after the notification is received. Cases tested: * Non-fatal signal prior to receive * Non-fatal signal during receive * Fatal signal after receive The normal signal handling is tested in user_notification_signal. That behaviour remains unchanged. On an unsupported kernel, these tests will immediately bail as it relies on a new seccomp flag. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503080958.20220-4-sargun@sargun.me 2022-05-03T21:20:49Z Sargun Dhillon sargun@sargun.me 2022-05-03T08:09:57Z urn:sha1:922a1b520c5ffb09079dddeb0c686f9c008a9923 This splits up the get_proc_stat function to make it so we can use it as a generic helper to read the nth field from multiple different files, versus replicating the logic in multiple places. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503080958.20220-3-sargun@sargun.me 2022-04-29T18:49:18Z Sargun Dhillon sargun@sargun.me 2022-04-28T01:54:47Z urn:sha1:662340ef921828507c931da6db303fa3cb02228e When multiple notifications are waiting, ensure they show up in order, as defined by the (predictable) seccomp notification ID. This ensures FIFO ordering of notification delivery as notification ids are monitonic and decided when the notification is generated (as opposed to received). Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: linux-kselftest@vger.kernel.org Acked-by: Tycho Andersen <tycho@tycho.pizza> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220428015447.13661-2-sargun@sargun.me 2022-04-29T18:28:43Z Yang Guang yang.guang5@zte.com.cn 2022-03-30T00:22:10Z urn:sha1:95a126d9812ff51f7ff3e42d956390ff9a1801f8 Running the seccomp tests under the kernel with "defconfig" shouldn't fail. Because the CONFIG_USER_NS is not supported in "defconfig". Skipping this case instead of failing it is better. Signed-off-by: Yang Guang <yang.guang5@zte.com.cn> Signed-off-by: David Yang <davidcomponentone@gmail.com> Reviewed-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/7f7687696a5c0a2d040a24474616e945c7cf2bb5.1648599460.git.yang.guang5@zte.com.cn 2022-04-29T18:28:42Z Jann Horn jannh@google.com 2022-03-19T01:08:38Z urn:sha1:d250a3e4e5b41d9d805a8bfd2458b548d1681742 Add a test to check that PTRACE_O_SUSPEND_SECCOMP can't be set without CAP_SYS_ADMIN through PTRACE_SEIZE or PTRACE_SETOPTIONS. Signed-off-by: Jann Horn <jannh@google.com> Co-developed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> 2022-04-29T18:28:41Z Jann Horn jannh@google.com 2022-03-19T01:00:11Z urn:sha1:2bfed7d2ffa5d86c462d3e2067f2832eaf8c04c7 Since commit 92d25637a3a4 ("kselftest: signal all child processes"), tests are executed in background process groups. This means that trying to read from stdin now throws SIGTTIN when stdin is a TTY, which breaks some seccomp selftests that try to use read(0, NULL, 0) as a dummy syscall. The simplest way to fix that is probably to just use -1 instead of 0 as the dummy read()'s FD. Fixes: 92d25637a3a4 ("kselftest: signal all child processes") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220319010011.1374622-1-jannh@google.com 2022-02-14T18:14:38Z Sherry Yang sherry.yang@oracle.com 2022-02-10T20:30:49Z urn:sha1:21bffcb76ee2fbafc7d5946cef10abc9df5cfff7 seccomp_bpf failed on tests 47 global.user_notification_filter_empty and 48 global.user_notification_filter_empty_threaded when it's tested on updated kernel but with old kernel headers. Because old kernel headers don't have definition of macro __NR_clone3 which is required for these two tests. Since under selftests/, we can install headers once for all tests (the default INSTALL_HDR_PATH is usr/include), fix it by adding usr/include to the list of directories to be searched. Use "-isystem" to indicate it's a system directory as the real kernel headers directories are. Signed-off-by: Sherry Yang <sherry.yang@oracle.com> Tested-by: Sherry Yang <sherry.yang@oracle.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2022-01-10T20:08:12Z Linus Torvalds torvalds@linux-foundation.org 2022-01-10T20:08:12Z urn:sha1:4369b3cec2134a6b8ff59b0ed5cca2f816d6e388 Pull Kselftest update from Shuah Khan: "Fixes to build errors, false negatives, and several code cleanups, including the ARRAY_SIZE cleanup that removes 25+ duplicates ARRAY_SIZE defines from individual tests" * tag 'linux-kselftest-next-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests/vm: remove ARRAY_SIZE define from individual tests selftests/timens: remove ARRAY_SIZE define from individual tests selftests/sparc64: remove ARRAY_SIZE define from adi-test selftests/seccomp: remove ARRAY_SIZE define from seccomp_benchmark selftests/rseq: remove ARRAY_SIZE define from individual tests selftests/net: remove ARRAY_SIZE define from individual tests selftests/landlock: remove ARRAY_SIZE define from common.h selftests/ir: remove ARRAY_SIZE define from ir_loopback.c selftests/core: remove ARRAY_SIZE define from close_range_test.c selftests/cgroup: remove ARRAY_SIZE define from cgroup_util.h selftests/arm64: remove ARRAY_SIZE define from vec-syscfg.c tools: fix ARRAY_SIZE defines in tools and selftests hdrs selftests: cgroup: build error multiple outpt files selftests/move_mount_set_group remove unneeded conversion to bool selftests/mount: remove unneeded conversion to bool selftests: harness: avoid false negatives if test has no ASSERTs selftests/ftrace: make kprobe profile testcase description unique selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST selftests: timers: Remove unneeded semicolon kselftests: timers:Remove unneeded semicolon