diff options
| -rw-r--r-- | tools/testing/selftests/seccomp/seccomp_bpf.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index f69d2ee29742..5019cdae5d0b 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c | |||
| @@ -2166,11 +2166,14 @@ TEST(detect_seccomp_filter_flags) | |||
| 2166 | SECCOMP_FILTER_FLAG_LOG, | 2166 | SECCOMP_FILTER_FLAG_LOG, |
| 2167 | SECCOMP_FILTER_FLAG_SPEC_ALLOW, | 2167 | SECCOMP_FILTER_FLAG_SPEC_ALLOW, |
| 2168 | SECCOMP_FILTER_FLAG_NEW_LISTENER }; | 2168 | SECCOMP_FILTER_FLAG_NEW_LISTENER }; |
| 2169 | unsigned int flag, all_flags; | 2169 | unsigned int exclusive[] = { |
| 2170 | SECCOMP_FILTER_FLAG_TSYNC, | ||
| 2171 | SECCOMP_FILTER_FLAG_NEW_LISTENER }; | ||
| 2172 | unsigned int flag, all_flags, exclusive_mask; | ||
| 2170 | int i; | 2173 | int i; |
| 2171 | long ret; | 2174 | long ret; |
| 2172 | 2175 | ||
| 2173 | /* Test detection of known-good filter flags */ | 2176 | /* Test detection of individual known-good filter flags */ |
| 2174 | for (i = 0, all_flags = 0; i < ARRAY_SIZE(flags); i++) { | 2177 | for (i = 0, all_flags = 0; i < ARRAY_SIZE(flags); i++) { |
| 2175 | int bits = 0; | 2178 | int bits = 0; |
| 2176 | 2179 | ||
| @@ -2197,16 +2200,29 @@ TEST(detect_seccomp_filter_flags) | |||
| 2197 | all_flags |= flag; | 2200 | all_flags |= flag; |
| 2198 | } | 2201 | } |
| 2199 | 2202 | ||
| 2200 | /* Test detection of all known-good filter flags */ | 2203 | /* |
| 2201 | ret = seccomp(SECCOMP_SET_MODE_FILTER, all_flags, NULL); | 2204 | * Test detection of all known-good filter flags combined. But |
| 2202 | EXPECT_EQ(-1, ret); | 2205 | * for the exclusive flags we need to mask them out and try them |
| 2203 | EXPECT_EQ(EFAULT, errno) { | 2206 | * individually for the "all flags" testing. |
| 2204 | TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!", | 2207 | */ |
| 2205 | all_flags); | 2208 | exclusive_mask = 0; |
| 2209 | for (i = 0; i < ARRAY_SIZE(exclusive); i++) | ||
| 2210 | exclusive_mask |= exclusive[i]; | ||
| 2211 | for (i = 0; i < ARRAY_SIZE(exclusive); i++) { | ||
| 2212 | flag = all_flags & ~exclusive_mask; | ||
| 2213 | flag |= exclusive[i]; | ||
| 2214 | |||
| 2215 | ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL); | ||
| 2216 | EXPECT_EQ(-1, ret); | ||
| 2217 | EXPECT_EQ(EFAULT, errno) { | ||
| 2218 | TH_LOG("Failed to detect that all known-good filter flags (0x%X) are supported!", | ||
| 2219 | flag); | ||
| 2220 | } | ||
| 2206 | } | 2221 | } |
| 2207 | 2222 | ||
| 2208 | /* Test detection of an unknown filter flag */ | 2223 | /* Test detection of an unknown filter flags, without exclusives. */ |
| 2209 | flag = -1; | 2224 | flag = -1; |
| 2225 | flag &= ~exclusive_mask; | ||
| 2210 | ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL); | 2226 | ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL); |
| 2211 | EXPECT_EQ(-1, ret); | 2227 | EXPECT_EQ(-1, ret); |
| 2212 | EXPECT_EQ(EINVAL, errno) { | 2228 | EXPECT_EQ(EINVAL, errno) { |