1 // Regression test for https://crbug.com/502974, where ASan was unable to read
2 // the binary name because of sandbox restrictions.
3 // This test uses seccomp-BPF to restrict the readlink() system call and makes
4 // sure ASan is still able to
5 // RUN: not ls /usr/include/linux/seccomp.h || ( %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s )
6 // UNSUPPORTED: android
7
8 #include <errno.h>
9 #include <stddef.h>
10 #include <stdlib.h>
11 #include <stdio.h>
12 #include <sys/prctl.h>
13 #include <sys/syscall.h>
14 #include <linux/filter.h>
15 #include <linux/seccomp.h>
16
17 #ifndef __NR_readlink
18 # define __NR_readlink __NR_readlinkat
19 #endif
20
21 #define syscall_nr (offsetof(struct seccomp_data, nr))
22
corrupt()23 void corrupt() {
24 void *p = malloc(10);
25 free(p);
26 free(p);
27 }
28
main()29 int main() {
30 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
31
32 struct sock_filter filter[] = {
33 /* Grab the system call number */
34 BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr),
35 // If this is __NR_readlink,
36 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1),
37 // return with EPERM,
38 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM),
39 // otherwise allow the syscall.
40 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW)
41 };
42 struct sock_fprog prog;
43 prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0]));
44 prog.filter = filter;
45
46 int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0);
47 if (res != 0) {
48 fprintf(stderr, "PR_SET_SECCOMP unsupported!\n");
49 }
50 corrupt();
51 // CHECK: AddressSanitizer
52 // CHECK-NOT: reading executable name failed
53 return 0;
54 }
55