Add a self-test to make sure that the kernel returns EINVAL, if any
of the fields in seccomp_notif are set to non-null.
Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx>
Suggested-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 23 +++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index f53f14971bff..379391a7fa41 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -3601,6 +3601,29 @@ TEST(user_notification_continue)
}
}
+TEST(user_notification_garbage)
+{
+ /*
+ * intentionally set pid to a garbage value to make sure the kernel
+ * catches it
+ */
+ struct seccomp_notif req = {
+ .pid = 1,
+ };
+ int ret, listener;
+
+ ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ ASSERT_EQ(0, ret) {
+ TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!");
+ }
+
+ listener = user_trap_syscall(__NR_dup, SECCOMP_FILTER_FLAG_NEW_LISTENER);
+ ASSERT_GE(listener, 0);
+
+ EXPECT_EQ(-1, ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req));
+ EXPECT_EQ(EINVAL, errno);
+}
+
/*
* TODO:
* - add microbenchmarks
--
2.20.1
