From patchwork Thu Aug 10 20:26:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 134235 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b824:0:b0:3f2:4152:657d with SMTP id z4csp711746vqi; Thu, 10 Aug 2023 15:02:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFiTqW7k3hFcGd9Ygqg23B0Q/+E1ZRw55D9e5VShp26nin5QDlY6tz5xWj9x89IRyUyX/OZ X-Received: by 2002:a17:906:5306:b0:993:ea6b:edf6 with SMTP id h6-20020a170906530600b00993ea6bedf6mr176530ejo.0.1691704965949; Thu, 10 Aug 2023 15:02:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691704965; cv=none; d=google.com; s=arc-20160816; b=G7WnV4luM//mAL4yZ3MaZQiun92cYjKEWQl9HQl3tiYljCJphZaroMtc2kbrDGAL+r 8a0j4nMNaUELnvGzSEkqH4wwn8Yy5WQa0SRxhmUYRAmYOXnDk98MMtyZiOGChW26rCDI DULPaLFRGvsRfIwdbnKVHQ8f6DluXNrKrD8aHNa7sMYLe6WuQ8UZllMjO+KBNcfdmj0H perXfKCC0WnfANxBMycHxNy9ISgygf0zVVXeWg+kJGek9Zb5nq5OtcCTp71PVUpyRVF3 fU9vHGnTx7kepzoGYWLN5z3B0KQhYRXgVYsM+sBTJ4iPnvQrp44ToVikA10JNGTmNMeH KLCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=7VqWk9TlJRT8ykwWsdvSnZzCfxI5F9cpgpLcByRA+sY=; fh=XBU78NoWzdHmDMVKOMjmonqv8Pg7DAQjjujRHdWubT8=; b=gXUj5CXXAcB3FGnVwZFhuBveug//q8fZRLUrj+fhsLHouvkRJQFC2IRtUn7KhlUByj 1PR+osOHqmnl4rUecQZLBFe0nRvOd3z2Kf2kQpdspf9MgBdALYfxB3usVZfTu8i24X/T QfWu3vFrkm4zr9LQVgBIlZs0n1zYH/na9hZmD+a+gV6sC0itZZV4f4hdnuKeHFv3m9v3 fz8HCKvIZ6l/vyLh72UsGAGZkcrAccBdgYV7/kY4Oz8eRC0GiHj7XgoCo8eHPEX4/cBL q8xgWHSXwD55yfgDSU2jy6imXu9kIazGqQU+0s1oOsPbDhwEFrhbhc2azz8eqn4+Jmp7 b1Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=K6Xr+Jpf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f19-20020a170906495300b0099bd7b268easi2186236ejt.121.2023.08.10.15.02.07; Thu, 10 Aug 2023 15:02:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=K6Xr+Jpf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234181AbjHJU1C (ORCPT + 99 others); Thu, 10 Aug 2023 16:27:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235771AbjHJU07 (ORCPT ); Thu, 10 Aug 2023 16:26:59 -0400 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61D762710 for ; Thu, 10 Aug 2023 13:26:59 -0700 (PDT) Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1bb893e6365so10150785ad.2 for ; Thu, 10 Aug 2023 13:26:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1691699219; x=1692304019; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=7VqWk9TlJRT8ykwWsdvSnZzCfxI5F9cpgpLcByRA+sY=; b=K6Xr+JpfP3xNnjYDhY0dK5WU16CS3QdsDehTrDhfKyWhlQr9Ju/mj540r6Y+bgal7r Iu8tF0uh1VerGPWpO5/wmQxvZkh8iK1gyky0YbGqEnpkyPiNkPHdIw5lKML5Pok1+I7a XPeKJAL5CSpLJAKuJCFlHYDzyBBWqVnVMzUfw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691699219; x=1692304019; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7VqWk9TlJRT8ykwWsdvSnZzCfxI5F9cpgpLcByRA+sY=; b=cTfnQCywDVhFJzIT3DCzSL26sITVdbPuFWQJ/uiAof8hgTRmarAh3lLR+U2AUABC6n Z/SmQSws/LsBGz6QtZ3cn0bqtGrB0sGR1s20038wxv6LLnRRi6WICftqaCjgOclpbL6T /VzT80F1PuCvoSzSlrDf3S2VTEaXXM8Hme/Qlblzj/kgldfeEum/rqARn+FVJ9P7T10+ 46RfeDrXB43q9maYUiYNsrEgXdLl0dXyAns9bS02PMqim1zXj9pykDSjG62N5c3KBY0X 4btI+/R2y4f1uL4vOuXXlj5H4ByaGaqv7cGZfj0ZRcMPd4T4uvNfADcwcfNOq3g9q4FW HW1Q== X-Gm-Message-State: AOJu0Yyw6L2sIAVZG7DYMvipgfbGwOSEJqOcCt57wcF7UPLH5/Kvrgsq K587EljIFZ9jIqs87XA5XUsKhg== X-Received: by 2002:a17:902:d3cd:b0:1bb:5b88:73da with SMTP id w13-20020a170902d3cd00b001bb5b8873damr2990326plb.61.1691699218904; Thu, 10 Aug 2023 13:26:58 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id k3-20020a170902694300b001a98f844e60sm2183276plt.263.2023.08.10.13.26.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Aug 2023 13:26:58 -0700 (PDT) From: Kees Cook To: Lecopzer Chen Cc: Kees Cook , Andy Lutomirski , Will Drewry , Shuah Khan , Christian Brauner , Matthias Brugger , AngeloGioacchino Del Regno , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-hardening@vger.kernel.org Subject: [PATCH] selftests/seccomp: Handle arm32 corner cases better Date: Thu, 10 Aug 2023 13:26:56 -0700 Message-Id: <20230810202653.never.932-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2014; i=keescook@chromium.org; h=from:subject:message-id; bh=CLpz6EOfRrbHfxs+DW+QOBPRQnZKfWBS9qhYDrihYZA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBk1UgQGhY779bsGNZZQsbavTn3fuJhNl9tmHaJi pe/oTK88q2JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZNVIEAAKCRCJcvTf3G3A JuJ/EACTcQ+/SL8NKJMeMFthsYqig1wZP1bL6BwiogHpMrhrE4JVzTccWGM8XLHbP63E9NyJdTG CbifBfVw4Q2qw1VXKAvuSpkN6uSsMv4s3/BosmYE5yEu4i608R2SQMqm1ifN1U1ovAAYvXxVXY4 mEy+5TG5jPr/3XZrHHgf7ygankQSzS38Na8mfcmebpJfZweX8kDy8Zew6h2tSG09wMBoAlirQEt K2TKbjN/dhB2e906M3h7tHIXjIH8gThBwY+4s6o+DI5vhpDjT/6ETxNgaAK9wmXNCyP2v+o3GBL hscos8jzbMZ4QJ/+1PCtSgY7j2PzQmbNzr/wDgkA/LSuAVhL58isbFkaIrHmgXPHd6IDjiaEXR5 Vr7pR97vDB1V6HJ5lHg9kZShcr1TABvwit/h/O5anJXH2Aer12Ng1kHn9m+2buZI5tYjvB8gicC JJg/zttnHUhUwzKUKUk3wlToFm9Czbj+vraJF+kexBjCW+DPUS0l6Oa6JPjElLKe5BrrUhTlyBN 3LLd16WA4HhAwVyVlq6vm2gbEUUeXthpn3hm6b/JxOULzY/vOxkMGjjbKalbsRof+RKDJPz6vM5 cYVUoyL+rap+LF2B7gOhxuHz9zwF4EvwPoQ4wd4snZlGZ/T6NlRz3bHc8/4DkmejD6OCLSsBxS6 UCCv7P2 xUDMYFGA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773881226572031226 X-GMAIL-MSGID: 1773881226572031226 It turns out arm32 doesn't handle syscall -1 gracefully, so skip testing for that. Additionally skip tests that depend on clone3 when it is not available (for example when building the seccomp selftests on an old arm image without clone3 headers). And improve error reporting for when nanosleep fails, as seen on arm32 since v5.15. Cc: Lecopzer Chen Signed-off-by: Kees Cook --- tools/testing/selftests/seccomp/seccomp_bpf.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index f6a04d88e02f..38f651469968 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -2184,6 +2184,9 @@ FIXTURE_TEARDOWN(TRACE_syscall) TEST(negative_ENOSYS) { +#if defined(__arm__) + SKIP(return, "arm32 does not support calling syscall -1"); +#endif /* * There should be no difference between an "internal" skip * and userspace asking for syscall "-1". @@ -3072,7 +3075,8 @@ TEST(syscall_restart) timeout.tv_sec = 1; errno = 0; EXPECT_EQ(0, nanosleep(&timeout, NULL)) { - TH_LOG("Call to nanosleep() failed (errno %d)", errno); + TH_LOG("Call to nanosleep() failed (errno %d: %s)", + errno, strerror(errno)); } /* Read final sync from parent. */ @@ -3908,6 +3912,9 @@ TEST(user_notification_filter_empty) TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); } + if (__NR_clone3 < 0) + SKIP(return, "Test not built with clone3 support"); + pid = sys_clone3(&args, sizeof(args)); ASSERT_GE(pid, 0); @@ -3962,6 +3969,9 @@ TEST(user_notification_filter_empty_threaded) TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); } + if (__NR_clone3 < 0) + SKIP(return, "Test not built with clone3 support"); + pid = sys_clone3(&args, sizeof(args)); ASSERT_GE(pid, 0);