diff options
author | Sargun Dhillon <sargun@sargun.me> | 2019-12-30 12:38:11 -0800 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2020-01-02 13:15:45 -0800 |
commit | e4ab5ccc357b978999328fadae164e098c26fa40 (patch) | |
tree | 5ceffa20d8e817119506f5feddc9d28da802f5f8 /tools | |
parent | 2882d53c9c6f3b8311d225062522f03772cf0179 (diff) | |
download | linux-e4ab5ccc357b978999328fadae164e098c26fa40.tar.bz2 |
selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
This adds logic to the user_notification_basic test to set a member
of struct seccomp_notif to an invalid value to ensure that the kernel
returns EINVAL if any of the struct seccomp_notif members are set to
invalid values.
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20191230203811.4996-1-sargun@sargun.me
Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/testing/selftests/seccomp/seccomp_bpf.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index f53f14971bff..ee1b727ede04 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3158,7 +3158,18 @@ TEST(user_notification_basic) EXPECT_GT(poll(&pollfd, 1, -1), 0); EXPECT_EQ(pollfd.revents, POLLIN); - EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); + /* Test that we can't pass garbage to the kernel. */ + memset(&req, 0, sizeof(req)); + req.pid = -1; + errno = 0; + ret = ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req); + EXPECT_EQ(-1, ret); + EXPECT_EQ(EINVAL, errno); + + if (ret) { + req.pid = 0; + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); + } pollfd.fd = listener; pollfd.events = POLLIN | POLLOUT; |