[0/3] selftests/seccomp seccomp_bpf test fixes

Message ID 20240124141357.1243457-1-terry.tritton@linaro.org
Headers
Series selftests/seccomp seccomp_bpf test fixes |

Message

Terry Tritton Jan. 24, 2024, 2:13 p.m. UTC
  Hi,
Here are a few fixes for seccomp_bpf tests found when testing on 
Android:

user_notification_sibling_pid_ns:
  unshare(CLONE_NEWPID) can return EINVAL so have added a check for this.

KILL_THREAD:
  This one is a bit more Android specific. 
  In Bionic pthread_create is calling prctl, this is causing the test to 
  fail as prctl is in the filter for this test and is killed when it is 
  called. I've just changed prctl to getpid in this case.

user_notification_addfd:
  This test can fail if there are existing file descriptors when the test 
  starts. It expects the next file descriptor to always increase 
  sequentially which is not always the case.
  Added a get_next_fd function to return the next expected file descriptor.

Regards,

Terry

Terry Tritton (3):
  selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
  selftests/seccomp: Change the syscall used in KILL_THREAD test
  selftests/seccomp: user_notification_addfd check nextfd is available

 tools/testing/selftests/seccomp/seccomp_bpf.c | 41 ++++++++++++++-----
 1 file changed, 31 insertions(+), 10 deletions(-)
  

Comments

Kees Cook Jan. 24, 2024, 4:21 p.m. UTC | #1
On Wed, 24 Jan 2024 14:13:54 +0000, Terry Tritton wrote:
> Here are a few fixes for seccomp_bpf tests found when testing on
> Android:
> 
> user_notification_sibling_pid_ns:
>   unshare(CLONE_NEWPID) can return EINVAL so have added a check for this.
> 
> KILL_THREAD:
>   This one is a bit more Android specific.
>   In Bionic pthread_create is calling prctl, this is causing the test to
>   fail as prctl is in the filter for this test and is killed when it is
>   called. I've just changed prctl to getpid in this case.
> 
> [...]

Thanks for tracking all of these down. These look good to me.

Applied to for-next/seccomp, thanks!

[1/3] selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID)
      https://git.kernel.org/kees/c/18975ce05799
[2/3] selftests/seccomp: Change the syscall used in KILL_THREAD test
      https://git.kernel.org/kees/c/fbcdf41167fe
[3/3] selftests/seccomp: user_notification_addfd check nextfd is available
      https://git.kernel.org/kees/c/0c6f28a84431

Take care,