| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Sep 2019 11:13:46 -0600
From: shuah <shuah@...nel.org>
To: Christian Brauner <christian.brauner@...ntu.com>,
keescook@...omium.org, luto@...capital.net
Cc: jannh@...gle.com, wad@...omium.org, ast@...nel.org,
daniel@...earbox.net, kafai@...com, songliubraving@...com,
yhs@...com, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, netdev@...r.kernel.org,
bpf@...r.kernel.org, Tycho Andersen <tycho@...ho.ws>,
Tyler Hicks <tyhicks@...onical.com>, stable@...r.kernel.org,
shuah <shuah@...nel.org>
Subject: Re: [PATCH v1 3/3] seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE
On 9/19/19 3:59 AM, Christian Brauner wrote:
> Test whether a syscall can be performed after having been intercepted by
> the seccomp notifier. The test uses dup() and kcmp() since it allows us to
> nicely test whether the dup() syscall actually succeeded by comparing whether
> the fds refer to the same underlying struct file.
>
> Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Andy Lutomirski <luto@...capital.net>
> Cc: Will Drewry <wad@...omium.org>
> Cc: Shuah Khan <shuah@...nel.org>
> Cc: Alexei Starovoitov <ast@...nel.org>
> Cc: Daniel Borkmann <daniel@...earbox.net>
> Cc: Martin KaFai Lau <kafai@...com>
> Cc: Song Liu <songliubraving@...com>
> Cc: Yonghong Song <yhs@...com>
> Cc: Tycho Andersen <tycho@...ho.ws>
> CC: Tyler Hicks <tyhicks@...onical.com>
> Cc: stable@...r.kernel.org
> Cc: linux-kselftest@...r.kernel.org
> Cc: netdev@...r.kernel.org
> Cc: bpf@...r.kernel.org
> ---
> /* v1 */
> - Christian Brauner <christian.brauner@...ntu.com>:
> - adapt to new flag name SECCOMP_USER_NOTIF_FLAG_CONTINUE
>
> /* v0 */
> Link: https://lore.kernel.org/r/20190918084833.9369-5-christian.brauner@ubuntu.com
> ---
> tools/testing/selftests/seccomp/seccomp_bpf.c | 102 ++++++++++++++++++
> 1 file changed, 102 insertions(+)
>
> diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
> index e996d7b7fd6e..b0966599acb5 100644
> --- a/tools/testing/selftests/seccomp/seccomp_bpf.c
> +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
> @@ -44,6 +44,7 @@
> #include <sys/times.h>
> #include <sys/socket.h>
> #include <sys/ioctl.h>
> +#include <linux/kcmp.h>
>
> #include <unistd.h>
> #include <sys/syscall.h>
> @@ -167,6 +168,10 @@ struct seccomp_metadata {
>
> #define SECCOMP_RET_USER_NOTIF 0x7fc00000U
>
> +#ifndef SECCOMP_USER_NOTIF_FLAG_CONTINUE
> +#define SECCOMP_USER_NOTIF_FLAG_CONTINUE 0x00000001
> +#endif
> +
> #define SECCOMP_IOC_MAGIC '!'
> #define SECCOMP_IO(nr) _IO(SECCOMP_IOC_MAGIC, nr)
> #define SECCOMP_IOR(nr, type) _IOR(SECCOMP_IOC_MAGIC, nr, type)
> @@ -3481,6 +3486,103 @@ TEST(seccomp_get_notif_sizes)
> EXPECT_EQ(sizes.seccomp_notif_resp, sizeof(struct seccomp_notif_resp));
> }
>
> +static int filecmp(pid_t pid1, pid_t pid2, int fd1, int fd2)
> +{
> +#ifdef __NR_kcmp
> + return syscall(__NR_kcmp, pid1, pid2, KCMP_FILE, fd1, fd2);
> +#else
> + errno = ENOSYS;
> + return -1;
This should be SKIP for kselftest so this isn't counted a failure.
In this case test can't be run because of a missing dependency.
> +#endif
> +}
> +
> +TEST(user_notification_continue)
> +{
> + pid_t pid;
> + long ret;
> + int status, listener;
> + struct seccomp_notif req = {};
> + struct seccomp_notif_resp resp = {};
> + struct pollfd pollfd;
> +
> + ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
> + ASSERT_EQ(0, ret) {
> + TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
> + }
> +
> + listener = user_trap_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER);
> + ASSERT_GE(listener, 0);
> +
> + pid = fork();
> + ASSERT_GE(pid, 0);
> +
> + if (pid == 0) {
> + int dup_fd, pipe_fds[2];
> + pid_t self;
> +
> + ret = pipe(pipe_fds);
> + if (ret < 0)
> + exit(EXIT_FAILURE);
> +
> + dup_fd = dup(pipe_fds[0]);
> + if (dup_fd < 0)
> + exit(EXIT_FAILURE);
> +
> + self = getpid();
> +
> + ret = filecmp(self, self, pipe_fds[0], dup_fd);
> + if (ret)
> + exit(EXIT_FAILURE);
> +
> + exit(EXIT_SUCCESS);
> + }
> +
> + pollfd.fd = listener;
> + pollfd.events = POLLIN | POLLOUT;
> +
> + EXPECT_GT(poll(&pollfd, 1, -1), 0);
> + EXPECT_EQ(pollfd.revents, POLLIN);
> +
> + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0);
> +
> + pollfd.fd = listener;
> + pollfd.events = POLLIN | POLLOUT;
> +
> + EXPECT_GT(poll(&pollfd, 1, -1), 0);
> + EXPECT_EQ(pollfd.revents, POLLOUT);
> +
> + EXPECT_EQ(req.data.nr, __NR_dup);
> +
> + resp.id = req.id;
> + resp.flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;
> +
> + /*
> + * Verify that setting SECCOMP_USER_NOTIF_FLAG_CONTINUE enforces other
> + * args be set to 0.
> + */
> + resp.error = 0;
> + resp.val = USER_NOTIF_MAGIC;
> + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1);
> + EXPECT_EQ(errno, EINVAL);
> +
> + resp.error = USER_NOTIF_MAGIC;
> + resp.val = 0;
> + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), -1);
> + EXPECT_EQ(errno, EINVAL);
> +
> + resp.error = 0;
> + resp.val = 0;
> + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), 0) {
> + if (errno == EINVAL)
> + XFAIL(goto skip, "Kernel does not support SECCOMP_USER_NOTIF_FLAG_CONTINUE");
> + }
> +
> +skip:
> + EXPECT_EQ(waitpid(pid, &status, 0), pid);
> + EXPECT_EQ(true, WIFEXITED(status));
> + EXPECT_EQ(0, WEXITSTATUS(status));
> +}
> +
> /*
> * TODO:
> * - add microbenchmarks
>
thanks,
-- Shuah
Powered by blists - more mailing lists