1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2019 FUJITSU LIMITED. All rights reserved.
4 * Author: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
5 */
6
7 /*\
8 * [Description]
9 *
10 * Test PR_GET_SECCOMP and PR_SET_SECCOMP of prctl(2).
11 *
12 * - If PR_SET_SECCOMP sets the SECCOMP_MODE_STRICT for the calling thread,
13 * the only system call that the thread is permitted to make are read(2),
14 * write(2),_exit(2)(but not exit_group(2)), and sigreturn(2). Other
15 * system calls result in the delivery of a SIGKILL signal. This operation
16 * is available only if the kernel is configured with CONFIG_SECCOMP enabled.
17 *
18 * - If PR_SET_SECCOMP sets the SECCOMP_MODE_FILTER for the calling thread,
19 * the system calls allowed are defined by a pointer to a Berkeley Packet
20 * Filter. Other system calls result int the delivery of a SIGSYS signal
21 * with SECCOMP_RET_KILL. The SECCOMP_SET_MODE_FILTER operation is available
22 * only if the kernel is configured with CONFIG_SECCOMP_FILTER enabled.
23 *
24 * - If SECCOMP_MODE_FILTER filters permit fork(2), then the seccomp mode
25 * is inherited by children created by fork(2).
26 */
27
28 #include <errno.h>
29 #include <signal.h>
30 #include <sys/prctl.h>
31 #include <sys/wait.h>
32 #include <sys/types.h>
33 #include <linux/filter.h>
34 #include <unistd.h>
35 #include <stdlib.h>
36 #include <stddef.h>
37 #include "tst_test.h"
38 #include "lapi/syscalls.h"
39 #include "lapi/prctl.h"
40 #include "config.h"
41 #include "lapi/seccomp.h"
42
43 #define FNAME "filename"
44
45 static const struct sock_filter strict_filter[] = {
46 BPF_STMT(BPF_LD | BPF_W | BPF_ABS, (offsetof(struct seccomp_data, nr))),
47
48 BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_rt_sigprocmask, 6, 0),
49 BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_close, 5, 0),
50 BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_exit, 4, 0),
51 BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_wait4, 3, 0),
52 BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_write, 2, 0),
53 BPF_JUMP(BPF_JMP | BPF_JEQ, __NR_clone, 1, 0),
54
55 BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL),
56 BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW)
57 };
58
59 static const struct sock_fprog strict = {
60 .len = (unsigned short)ARRAY_SIZE(strict_filter),
61 .filter = (struct sock_filter *)strict_filter
62 };
63
64 static void check_strict_mode(int);
65 static void check_filter_mode(int);
66
67 static struct tcase {
68 void (*func_check)();
69 int pass_flag;
70 int val;
71 int exp_signal;
72 char *message;
73 } tcases[] = {
74 {check_strict_mode, 1, 1, SIGKILL,
75 "SECCOMP_MODE_STRICT doesn't permit GET_SECCOMP call"},
76
77 {check_strict_mode, 0, 2, SIGKILL,
78 "SECCOMP_MODE_STRICT doesn't permit read(2) write(2) and _exit(2)"},
79
80 {check_strict_mode, 1, 3, SIGKILL,
81 "SECCOMP_MODE_STRICT doesn't permit close(2)"},
82
83 {check_filter_mode, 1, 1, SIGSYS,
84 "SECCOMP_MODE_FILTER doestn't permit GET_SECCOMP call"},
85
86 {check_filter_mode, 0, 2, SIGSYS,
87 "SECCOMP_MODE_FILTER doesn't permit close(2)"},
88
89 {check_filter_mode, 2, 3, SIGSYS,
90 "SECCOMP_MODE_FILTER doesn't permit exit()"},
91
92 {check_filter_mode, 0, 4, SIGSYS,
93 "SECCOMP_MODE_FILTER doesn't permit exit()"}
94 };
95
96
97 static int mode_filter_not_supported;
98
check_filter_mode_inherit(void)99 static void check_filter_mode_inherit(void)
100 {
101 int childpid;
102 int childstatus;
103
104 childpid = SAFE_FORK();
105 if (childpid == 0) {
106 tst_res(TPASS, "SECCOMP_MODE_FILTER permits fork(2)");
107 exit(0);
108 }
109
110 wait4(childpid, &childstatus, 0, NULL);
111 if (WIFSIGNALED(childstatus) && WTERMSIG(childstatus) == SIGSYS)
112 tst_res(TPASS,
113 "SECCOMP_MODE_FILTER has been inherited by child");
114 else
115 tst_res(TFAIL,
116 "SECCOMP_MODE_FILTER isn't been inherited by child");
117 }
118
check_strict_mode(int val)119 static void check_strict_mode(int val)
120 {
121 int fd;
122 char buf[2];
123
124 fd = SAFE_OPEN(FNAME, O_RDWR | O_CREAT, 0666);
125
126 TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT));
127 if (TST_RET == -1) {
128 tst_res(TFAIL | TTERRNO,
129 "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_STRICT failed");
130 return;
131 }
132
133 switch (val) {
134 case 1:
135 tst_res(TPASS,
136 "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_STRICT succeed");
137 prctl(PR_GET_SECCOMP);
138 tst_res(TFAIL, "prctl(PR_GET_SECCOMP) succeed unexpectedly");
139 break;
140 case 2:
141 SAFE_WRITE(SAFE_WRITE_ALL, fd, "a", 1);
142 SAFE_READ(0, fd, buf, 1);
143 tst_res(TPASS,
144 "SECCOMP_MODE_STRICT permits read(2) write(2) and _exit(2)");
145 break;
146 case 3:
147 close(fd);
148 tst_res(TFAIL,
149 "SECCOMP_MODE_STRICT permits close(2) unexpectdly");
150 break;
151 }
152
153 tst_syscall(__NR_exit, 0);
154 }
155
check_filter_mode(int val)156 static void check_filter_mode(int val)
157 {
158 int fd;
159
160 if (mode_filter_not_supported == 1) {
161 tst_res(TCONF, "kernel doesn't support SECCOMP_MODE_FILTER");
162 return;
163 }
164
165 fd = SAFE_OPEN(FNAME, O_RDWR | O_CREAT, 0666);
166
167 TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &strict));
168 if (TST_RET == -1) {
169 tst_res(TFAIL | TERRNO,
170 "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER failed");
171 return;
172 }
173
174 switch (val) {
175 case 1:
176 tst_res(TPASS,
177 "prctl(PR_SET_SECCOMP) sets SECCOMP_MODE_FILTER succeed");
178 prctl(PR_GET_SECCOMP);
179 tst_res(TFAIL, "prctl(PR_GET_SECCOMP) succeed unexpectedly");
180 break;
181 case 2:
182 close(fd);
183 tst_res(TPASS, "SECCOMP_MODE_FILTER permits close(2)");
184 break;
185 case 3:
186 exit(0);
187 break;
188 case 4:
189 check_filter_mode_inherit();
190 break;
191 }
192
193 tst_syscall(__NR_exit, 0);
194 }
195
verify_prctl(unsigned int n)196 static void verify_prctl(unsigned int n)
197 {
198 int pid;
199 int status;
200 struct tcase *tc = &tcases[n];
201
202 pid = SAFE_FORK();
203 if (pid == 0) {
204 tc->func_check(tc->val);
205 } else {
206 SAFE_WAITPID(pid, &status, 0);
207 if (WIFSIGNALED(status) && WTERMSIG(status) == tc->exp_signal) {
208 if (tc->pass_flag)
209 tst_res(TPASS, "%s", tc->message);
210 else
211 tst_res(TFAIL, "%s", tc->message);
212 return;
213 }
214
215 if (tc->pass_flag == 2 && mode_filter_not_supported == 0)
216 tst_res(TFAIL,
217 "SECCOMP_MODE_FILTER permits exit() unexpectedly");
218 }
219 }
220
setup(void)221 static void setup(void)
222 {
223 TEST(prctl(PR_GET_SECCOMP));
224 if (TST_RET == 0) {
225 tst_res(TINFO, "kernel supports PR_GET/SET_SECCOMP");
226
227 TEST(prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL));
228 if (TST_RET == -1 && TST_ERR == EINVAL) {
229 mode_filter_not_supported = 1;
230 return;
231 }
232
233 tst_res(TINFO, "kernel supports SECCOMP_MODE_FILTER");
234 return;
235 }
236
237 if (TST_ERR == EINVAL)
238 tst_brk(TCONF, "kernel doesn't support PR_GET/SET_SECCOMP");
239
240 tst_brk(TBROK | TTERRNO,
241 "current environment doesn't permit PR_GET/SET_SECCOMP");
242 }
243
244 static struct tst_test test = {
245 .setup = setup,
246 .test = verify_prctl,
247 .tcnt = ARRAY_SIZE(tcases),
248 .forks_child = 1,
249 .needs_tmpdir = 1,
250 .needs_root = 1,
251 };
252