Commit 279ed890 authored by Kees Cook's avatar Kees Cook

selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall()

The user_trap_syscall() helper creates a filter with
SECCOMP_RET_USER_NOTIF. To avoid confusion with SECCOMP_RET_TRAP, rename
the helper to user_notif_syscall().

Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Martin KaFai Lau <kafai@fb.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Yonghong Song <yhs@fb.com>
Cc: Andrii Nakryiko <andriin@fb.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: KP Singh <kpsingh@chromium.org>
Cc: linux-kselftest@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: bpf@vger.kernel.org
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent cf8918db
...@@ -3167,7 +3167,7 @@ TEST(get_metadata) ...@@ -3167,7 +3167,7 @@ TEST(get_metadata)
ASSERT_EQ(0, kill(pid, SIGKILL)); ASSERT_EQ(0, kill(pid, SIGKILL));
} }
static int user_trap_syscall(int nr, unsigned int flags) static int user_notif_syscall(int nr, unsigned int flags)
{ {
struct sock_filter filter[] = { struct sock_filter filter[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
...@@ -3213,7 +3213,7 @@ TEST(user_notification_basic) ...@@ -3213,7 +3213,7 @@ TEST(user_notification_basic)
/* Check that we get -ENOSYS with no listener attached */ /* Check that we get -ENOSYS with no listener attached */
if (pid == 0) { if (pid == 0) {
if (user_trap_syscall(__NR_getppid, 0) < 0) if (user_notif_syscall(__NR_getppid, 0) < 0)
exit(1); exit(1);
ret = syscall(__NR_getppid); ret = syscall(__NR_getppid);
exit(ret >= 0 || errno != ENOSYS); exit(ret >= 0 || errno != ENOSYS);
...@@ -3230,12 +3230,12 @@ TEST(user_notification_basic) ...@@ -3230,12 +3230,12 @@ TEST(user_notification_basic)
EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0); EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0);
/* Check that the basic notification machinery works */ /* Check that the basic notification machinery works */
listener = user_trap_syscall(__NR_getppid, listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
/* Installing a second listener in the chain should EBUSY */ /* Installing a second listener in the chain should EBUSY */
EXPECT_EQ(user_trap_syscall(__NR_getppid, EXPECT_EQ(user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER), SECCOMP_FILTER_FLAG_NEW_LISTENER),
-1); -1);
EXPECT_EQ(errno, EBUSY); EXPECT_EQ(errno, EBUSY);
...@@ -3305,12 +3305,12 @@ TEST(user_notification_with_tsync) ...@@ -3305,12 +3305,12 @@ TEST(user_notification_with_tsync)
/* these were exclusive */ /* these were exclusive */
flags = SECCOMP_FILTER_FLAG_NEW_LISTENER | flags = SECCOMP_FILTER_FLAG_NEW_LISTENER |
SECCOMP_FILTER_FLAG_TSYNC; SECCOMP_FILTER_FLAG_TSYNC;
ASSERT_EQ(-1, user_trap_syscall(__NR_getppid, flags)); ASSERT_EQ(-1, user_notif_syscall(__NR_getppid, flags));
ASSERT_EQ(EINVAL, errno); ASSERT_EQ(EINVAL, errno);
/* but now they're not */ /* but now they're not */
flags |= SECCOMP_FILTER_FLAG_TSYNC_ESRCH; flags |= SECCOMP_FILTER_FLAG_TSYNC_ESRCH;
ret = user_trap_syscall(__NR_getppid, flags); ret = user_notif_syscall(__NR_getppid, flags);
close(ret); close(ret);
ASSERT_LE(0, ret); ASSERT_LE(0, ret);
} }
...@@ -3328,7 +3328,7 @@ TEST(user_notification_kill_in_middle) ...@@ -3328,7 +3328,7 @@ TEST(user_notification_kill_in_middle)
TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
} }
listener = user_trap_syscall(__NR_getppid, listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
...@@ -3382,7 +3382,7 @@ TEST(user_notification_signal) ...@@ -3382,7 +3382,7 @@ TEST(user_notification_signal)
ASSERT_EQ(socketpair(PF_LOCAL, SOCK_SEQPACKET, 0, sk_pair), 0); ASSERT_EQ(socketpair(PF_LOCAL, SOCK_SEQPACKET, 0, sk_pair), 0);
listener = user_trap_syscall(__NR_gettid, listener = user_notif_syscall(__NR_gettid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
...@@ -3452,7 +3452,7 @@ TEST(user_notification_closed_listener) ...@@ -3452,7 +3452,7 @@ TEST(user_notification_closed_listener)
TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
} }
listener = user_trap_syscall(__NR_getppid, listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
...@@ -3489,7 +3489,7 @@ TEST(user_notification_child_pid_ns) ...@@ -3489,7 +3489,7 @@ TEST(user_notification_child_pid_ns)
SKIP(return, "kernel missing CLONE_NEWUSER support"); SKIP(return, "kernel missing CLONE_NEWUSER support");
}; };
listener = user_trap_syscall(__NR_getppid, listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
...@@ -3529,7 +3529,7 @@ TEST(user_notification_sibling_pid_ns) ...@@ -3529,7 +3529,7 @@ TEST(user_notification_sibling_pid_ns)
TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
} }
listener = user_trap_syscall(__NR_getppid, listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
...@@ -3597,7 +3597,7 @@ TEST(user_notification_fault_recv) ...@@ -3597,7 +3597,7 @@ TEST(user_notification_fault_recv)
ASSERT_EQ(unshare(CLONE_NEWUSER), 0); ASSERT_EQ(unshare(CLONE_NEWUSER), 0);
listener = user_trap_syscall(__NR_getppid, listener = user_notif_syscall(__NR_getppid,
SECCOMP_FILTER_FLAG_NEW_LISTENER); SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
...@@ -3649,7 +3649,7 @@ TEST(user_notification_continue) ...@@ -3649,7 +3649,7 @@ TEST(user_notification_continue)
TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
} }
listener = user_trap_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER); listener = user_notif_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER);
ASSERT_GE(listener, 0); ASSERT_GE(listener, 0);
pid = fork(); pid = fork();
...@@ -3743,7 +3743,7 @@ TEST(user_notification_filter_empty) ...@@ -3743,7 +3743,7 @@ TEST(user_notification_filter_empty)
if (pid == 0) { if (pid == 0) {
int listener; int listener;
listener = user_trap_syscall(__NR_mknod, SECCOMP_FILTER_FLAG_NEW_LISTENER); listener = user_notif_syscall(__NR_mknod, SECCOMP_FILTER_FLAG_NEW_LISTENER);
if (listener < 0) if (listener < 0)
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
...@@ -3799,7 +3799,7 @@ TEST(user_notification_filter_empty_threaded) ...@@ -3799,7 +3799,7 @@ TEST(user_notification_filter_empty_threaded)
int listener, status; int listener, status;
pthread_t thread; pthread_t thread;
listener = user_trap_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER); listener = user_notif_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER);
if (listener < 0) if (listener < 0)
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment