1From 12b079e9c33bef8dfaea8faa68c38fd19562758c Mon Sep 17 00:00:00 2001
2From: Steve Muckle <[email protected]>
3Date: Mon, 23 Oct 2017 17:24:47 -0700
4Subject: [PATCH 08/20] seccomp_bpf: disable incompatible tests >= 4.14
5
6Disable tests that break from newer seccomp flags and comment on why
7they failed
8
9Bug: 33027081
10Bug: 147676645
11Test: atest vts_linux_kselftest_x86_64:seccomp_seccomp_bpf_x86_64
12Signed-off-by: Edward Liaw <[email protected]>
13---
14 tools/testing/selftests/seccomp/seccomp_bpf.c | 136 +++++++++++++++++-
15 1 file changed, 134 insertions(+), 2 deletions(-)
16
17diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
18index 4ae6c8991307..325725ca082f 100644
19--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
20+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
21@@ -13,12 +13,14 @@
22  * we need to use the kernel's siginfo.h file and trick glibc
23  * into accepting it.
24  */
25+#if defined(__GLIBC_PREREQ)
26 #if !__GLIBC_PREREQ(2, 26)
27 # include <asm/siginfo.h>
28 # define __have_siginfo_t 1
29 # define __have_sigval_t 1
30 # define __have_sigevent_t 1
31 #endif
32+#endif
33
34 #include <errno.h>
35 #include <linux/filter.h>
36@@ -855,6 +857,14 @@ void kill_thread_or_group(struct __test_metadata *_metadata,
37 	exit(42);
38 }
39
40+/*
41+ * b/147676645
42+ * SECCOMP_FILTER_FLAG_TSYNC_ESRCH not compatible < 5.7
43+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
44+ * SECCOMP_FILTER_FLAG_SPEC_ALLOW not compatible < 4.17
45+ * SECCOMP_FILTER_FLAG_LOG not compatible < 4.14
46+ */
47+#ifndef __ANDROID__
48 TEST(KILL_thread)
49 {
50 	int status;
51@@ -873,6 +883,7 @@ TEST(KILL_thread)
52 	ASSERT_TRUE(WIFEXITED(status));
53 	ASSERT_EQ(42, WEXITSTATUS(status));
54 }
55+#endif
56
57 TEST(KILL_process)
58 {
59@@ -2047,8 +2058,15 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
60 	/* Make sure we got an appropriate message. */
61 	ret = ptrace(PTRACE_GETEVENTMSG, tracee, NULL, &msg);
62 	EXPECT_EQ(0, ret);
63-	EXPECT_EQ(entry ? PTRACE_EVENTMSG_SYSCALL_ENTRY
64-			: PTRACE_EVENTMSG_SYSCALL_EXIT, msg);
65+
66+	/*
67+	 * TODO: b/33027081
68+	 * PTRACE_EVENTMSG_SYSCALL_ENTRY and PTRACE_EVENTMSG_SYSCALL_EXIT not
69+	 * compatible < 5.3 (see 201766a)
70+	 *
71+	 * EXPECT_EQ(entry ? PTRACE_EVENTMSG_SYSCALL_ENTRY
72+	 *		: PTRACE_EVENTMSG_SYSCALL_EXIT, msg);
73+	 */
74
75 	/*
76 	 * Some architectures only support setting return values during
77@@ -2373,6 +2391,14 @@ TEST(seccomp_syscall_mode_lock)
78 	}
79 }
80
81+/*
82+ * b/147676645
83+ * SECCOMP_FILTER_FLAG_TSYNC_ESRCH not compatible < 5.7
84+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
85+ * SECCOMP_FILTER_FLAG_SPEC_ALLOW not compatible < 4.17
86+ * SECCOMP_FILTER_FLAG_LOG not compatible < 4.14
87+ */
88+#ifndef __ANDROID__
89 /*
90  * Test detection of known and unknown filter flags. Userspace needs to be able
91  * to check if a filter flag is supported by the current kernel and a good way
92@@ -2463,6 +2489,7 @@ TEST(detect_seccomp_filter_flags)
93 		       flag);
94 	}
95 }
96+#endif
97
98 TEST(TSYNC_first)
99 {
100@@ -2844,6 +2871,11 @@ TEST_F(TSYNC, two_siblings_with_one_divergence)
101 	EXPECT_EQ(SIBLING_EXIT_UNKILLED, (long)status);
102 }
103
104+/*
105+ * b/147676645
106+ * SECCOMP_FILTER_FLAG_TSYNC_ESRCH not compatible < 5.7
107+ */
108+#ifndef __ANDROID__
109 TEST_F(TSYNC, two_siblings_with_one_divergence_no_tid_in_err)
110 {
111 	long ret, flags;
112@@ -2892,6 +2924,7 @@ TEST_F(TSYNC, two_siblings_with_one_divergence_no_tid_in_err)
113 	PTHREAD_JOIN(self->sibling[1].tid, &status);
114 	EXPECT_EQ(SIBLING_EXIT_UNKILLED, (long)status);
115 }
116+#endif
117
118 TEST_F(TSYNC, two_siblings_not_under_filter)
119 {
120@@ -3252,6 +3285,11 @@ TEST(get_action_avail)
121 	EXPECT_EQ(errno, EOPNOTSUPP);
122 }
123
124+/*
125+ * b/147676645
126+ * PTRACE_SECCOMP_GET_METADATA not compatible < 4.16
127+ */
128+#ifndef __ANDROID__
129 TEST(get_metadata)
130 {
131 	pid_t pid;
132@@ -3320,6 +3358,7 @@ TEST(get_metadata)
133 skip:
134 	ASSERT_EQ(0, kill(pid, SIGKILL));
135 }
136+#endif
137
138 static int user_notif_syscall(int nr, unsigned int flags)
139 {
140@@ -3340,6 +3379,12 @@ static int user_notif_syscall(int nr, unsigned int flags)
141 }
142
143 #define USER_NOTIF_MAGIC INT_MAX
144+
145+/*
146+ * b/147676645
147+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
148+ */
149+#ifndef __ANDROID__
150 TEST(user_notification_basic)
151 {
152 	pid_t pid;
153@@ -3445,7 +3490,13 @@ TEST(user_notification_basic)
154 	EXPECT_EQ(true, WIFEXITED(status));
155 	EXPECT_EQ(0, WEXITSTATUS(status));
156 }
157+#endif
158
159+/*
160+ * b/147676645
161+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
162+ */
163+#ifndef __ANDROID__
164 TEST(user_notification_with_tsync)
165 {
166 	int ret;
167@@ -3468,7 +3519,13 @@ TEST(user_notification_with_tsync)
168 	close(ret);
169 	ASSERT_LE(0, ret);
170 }
171+#endif
172
173+/*
174+ * b/147676645
175+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
176+ */
177+#ifndef __ANDROID__
178 TEST(user_notification_kill_in_middle)
179 {
180 	pid_t pid;
181@@ -3511,6 +3568,7 @@ TEST(user_notification_kill_in_middle)
182 	EXPECT_EQ(ret, -1);
183 	EXPECT_EQ(errno, ENOENT);
184 }
185+#endif
186
187 static int handled = -1;
188
189@@ -3520,6 +3578,11 @@ static void signal_handler(int signal)
190 		perror("write from signal");
191 }
192
193+/*
194+ * b/147676645
195+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
196+ */
197+#ifndef __ANDROID__
198 TEST(user_notification_signal)
199 {
200 	pid_t pid;
201@@ -3594,7 +3657,13 @@ TEST(user_notification_signal)
202 	EXPECT_EQ(true, WIFEXITED(status));
203 	EXPECT_EQ(0, WEXITSTATUS(status));
204 }
205+#endif
206
207+/*
208+ * b/147676645
209+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
210+ */
211+#ifndef __ANDROID__
212 TEST(user_notification_closed_listener)
213 {
214 	pid_t pid;
215@@ -3627,7 +3696,15 @@ TEST(user_notification_closed_listener)
216 	EXPECT_EQ(true, WIFEXITED(status));
217 	EXPECT_EQ(0, WEXITSTATUS(status));
218 }
219+#endif
220
221+/*
222+ * b/147676645
223+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
224+ * unshare(CLONE_NEWUSER) returns EINVAL with Android
225+ * unshare(CLONE_NEWPID) returns EINVAL with Android
226+ */
227+#ifndef __ANDROID__
228 /*
229  * Check that a pid in a child namespace still shows up as valid in ours.
230  */
231@@ -3667,7 +3744,14 @@ TEST(user_notification_child_pid_ns)
232 	EXPECT_EQ(0, WEXITSTATUS(status));
233 	close(listener);
234 }
235+#endif
236
237+/*
238+ * b/147676645
239+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
240+ * unshare(CLONE_NEWPID) returns EINVAL with Android
241+ */
242+#ifndef __ANDROID__
243 /*
244  * Check that a pid in a sibling (i.e. unrelated) namespace shows up as 0, i.e.
245  * invalid.
246@@ -3741,7 +3825,14 @@ TEST(user_notification_sibling_pid_ns)
247 	EXPECT_EQ(true, WIFEXITED(status));
248 	EXPECT_EQ(0, WEXITSTATUS(status));
249 }
250+#endif
251
252+/*
253+ * b/147676645
254+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
255+ * unshare(CLONE_NEWUSER) returns EINVAL with Android
256+ */
257+#ifndef __ANDROID__
258 TEST(user_notification_fault_recv)
259 {
260 	pid_t pid;
261@@ -3782,7 +3873,13 @@ TEST(user_notification_fault_recv)
262 	EXPECT_EQ(true, WIFEXITED(status));
263 	EXPECT_EQ(0, WEXITSTATUS(status));
264 }
265+#endif
266
267+/*
268+ * b/147676645
269+ * SECCOMP_GET_NOTIF_SIZES not compatible < 5.0
270+ */
271+#ifndef __ANDROID__
272 TEST(seccomp_get_notif_sizes)
273 {
274 	struct seccomp_notif_sizes sizes;
275@@ -3791,7 +3888,13 @@ TEST(seccomp_get_notif_sizes)
276 	EXPECT_EQ(sizes.seccomp_notif, sizeof(struct seccomp_notif));
277 	EXPECT_EQ(sizes.seccomp_notif_resp, sizeof(struct seccomp_notif_resp));
278 }
279+#endif
280
281+/*
282+ * b/147676645
283+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
284+ */
285+#ifndef __ANDROID__
286 TEST(user_notification_continue)
287 {
288 	pid_t pid;
289@@ -3877,7 +3980,13 @@ skip:
290 		}
291 	}
292 }
293+#endif
294
295+/*
296+ * b/147676645
297+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
298+ */
299+#ifndef __ANDROID__
300 TEST(user_notification_filter_empty)
301 {
302 	pid_t pid;
303@@ -3926,7 +4035,13 @@ TEST(user_notification_filter_empty)
304 	EXPECT_GT(poll(&pollfd, 1, 2000), 0);
305 	EXPECT_GT((pollfd.revents & POLLHUP) ?: 0, 0);
306 }
307+#endif
308
309+/*
310+ * b/147676645
311+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
312+ */
313+#ifndef __ANDROID__
314 static void *do_thread(void *data)
315 {
316 	return NULL;
317@@ -4012,7 +4127,15 @@ TEST(user_notification_filter_empty_threaded)
318 	EXPECT_GT(poll(&pollfd, 1, 2000), 0);
319 	EXPECT_GT((pollfd.revents & POLLHUP) ?: 0, 0);
320 }
321+#endif
322
323+/*
324+ * b/147676645
325+ * SECCOMP_ADDED_FLAG_SEND not compatible < 5.14
326+ * SECCOMP_IOCTL_NOTIF_ADDFD not comptible < 5.9
327+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
328+ */
329+#ifndef __ANDROID__
330 TEST(user_notification_addfd)
331 {
332 	pid_t pid;
333@@ -4170,7 +4293,15 @@ TEST(user_notification_addfd)
334
335 	close(memfd);
336 }
337+#endif
338
339+/*
340+ * b/147676645
341+ * SECCOMP_ADDED_FLAG_SEND not compatible < 5.14
342+ * SECCOMP_IOCTL_NOTIF_ADDFD not comptible < 5.9
343+ * SECCOMP_FILTER_FLAG_NEW_LISTENER not compatible < 5.0
344+ */
345+#ifndef __ANDROID__
346 TEST(user_notification_addfd_rlimit)
347 {
348 	pid_t pid;
349@@ -4240,6 +4371,7 @@ TEST(user_notification_addfd_rlimit)
350
351 	close(memfd);
352 }
353+#endif
354
355 /* Make sure PTRACE_O_SUSPEND_SECCOMP requires CAP_SYS_ADMIN. */
356 FIXTURE(O_SUSPEND_SECCOMP) {
357--
3582.42.0.609.gbb76f46606-goog
359
360