tests: add a test for faulty handling of the x32 architecture

We currently allow calling close() on the x32 architecture when we're
generating a blacklist filter for x86 and x86_64, i.e. one with an
ALLOW policy. We shouldn't as the default handling for unsupported
architectures should be defined by the bad_arch handling -- not the
default policy.

The reason for the faulty behaviour is the wrong jump target for the
x32 architecture test. It should jump to the KILL label, not the next
architecture test instruction. That one won't test the architecture
any more as the accumulator register was already overwritten with the
syscall number for the x32 test.

This test generates a filter that should return ERRNO(1) on calls to
close() for supported architectures or KILL on unsupported ones. But,
currently, does not do so for x32 and ALLOWs the syscall instead.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: added a python version of the test]
Signed-off-by: Paul Moore <pmoore@redhat.com>

5 files changed, 148 insertions, 1 deletions

diff --git a/tests/.gitignore b/tests/.gitignore
index 19750fd..43ba0c1 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -31,3 +31,4 @@ util.pyc
 25-sim-multilevel_chains_adv
 26-sim-arch_all_be_basic
 27-sim-bpf_blk_state
+28-sim-arch_x86
diff --git a/tests/28-sim-arch_x86.c b/tests/28-sim-arch_x86.c
new file mode 100644
index 0000000..e93c0a7
--- /dev/null
+++ b/tests/28-sim-arch_x86.c
@@ -0,0 +1,71 @@
+/**
+ * Seccomp Library test program
+ *
+ * This test triggers a bug in libseccomp erroneously allowing the close()
+ * syscall on x32 instead of 'KILL'ing it, as it should do for unsupported
+ * architectures.
+ *
+ * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+ * Authors: Paul Moore <pmoore@redhat.com>
+ *          Mathias Krause <minipli@googlemail.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	struct util_options opts;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_getopt(argc, argv, &opts);
+	if (rc < 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
+	if (rc != 0)
+		goto out;
+
+	/* add x86-64 and x86 (in that order!) but explicitly leave out x32 */
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, SCMP_ARCH_X86);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(1), SCMP_SYS(close), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = util_filter_output(&opts, ctx);
+	if (rc)
+		goto out;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff --git a/tests/28-sim-arch_x86.py b/tests/28-sim-arch_x86.py
new file mode 100644
index 0000000..3ef7b77
--- /dev/null
+++ b/tests/28-sim-arch_x86.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2015 Red Hat <pmoore@redhat.com>
+# Author: Paul Moore <pmoore@redhat.com>
+#
+# Adapted from 29-sim-arch_x86.c by Mathias Krause <minipli@googlemail.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(ALLOW)
+    f.remove_arch(Arch())
+    # add x86-64 and x86 (in that order!) but explicitly leave out x32
+    f.add_arch(Arch("x86_64"))
+    f.add_arch(Arch("x86"))
+    f.add_rule(ERRNO(1), "close")
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/28-sim-arch_x86.tests b/tests/28-sim-arch_x86.tests
new file mode 100644
index 0000000..b86a047
--- /dev/null
+++ b/tests/28-sim-arch_x86.tests
@@ -0,0 +1,27 @@
+#
+# libseccomp regression test automation data
+#
+# This test triggers a bug in libseccomp erroneously allowing the close()
+# syscall on x32 instead of 'KILL'ing it, as it should do for unsupported
+# architectures.
+#
+# Author: Mathias Krause <minipli@googlemail.com>
+#
+
+test type: bpf-sim
+
+# Testname	Arch		Syscall	Arg0	Arg1	Arg2	Arg3	Arg4	Arg5	Result
+28-sim-arch_x86	+x86,+x86_64	read	N	N	N	N	N	N	ALLOW
+28-sim-arch_x86	+x86,+x86_64	close	N	N	N	N	N	N	ERRNO(1)
+28-sim-arch_x86	+arm,+x32	read	N	N	N	N	N	N	KILL
+28-sim-arch_x86	+arm,+x32	close	N	N	N	N	N	N	KILL
+
+test type: bpf-sim-fuzz
+
+# Testname	StressCount
+28-sim-arch_x86	50
+
+test type: bpf-valgrind
+
+# Testname
+28-sim-arch_x86
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d6f91fd..cba5bcb 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -52,7 +52,8 @@ check_PROGRAMS = \
 	24-live-arg_allow \
 	25-sim-multilevel_chains_adv \
 	26-sim-arch_all_be_basic \
-	27-sim-bpf_blk_state
+	27-sim-bpf_blk_state \
+	28-sim-arch_x86
 
 EXTRA_DIST_TESTPYTHON = \
 	util.py \