tests: add a test for faulty handling of the x32 architecture

We currently allow calling close() on the x32 architecture when we're
generating a blacklist filter for x86 and x86_64, i.e. one with an
ALLOW policy. We shouldn't as the default handling for unsupported
architectures should be defined by the bad_arch handling -- not the
default policy.

The reason for the faulty behaviour is the wrong jump target for the
x32 architecture test. It should jump to the KILL label, not the next
architecture test instruction. That one won't test the architecture
any more as the accumulator register was already overwritten with the
syscall number for the x32 test.

This test generates a filter that should return ERRNO(1) on calls to
close() for supported architectures or KILL on unsupported ones. But,
currently, does not do so for x32 and ALLOWs the syscall instead.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
[PM: added a python version of the test]
Signed-off-by: Paul Moore <pmoore@redhat.com>

1 files changed, 27 insertions, 0 deletions

diff --git a/tests/28-sim-arch_x86.tests b/tests/28-sim-arch_x86.tests
new file mode 100644
index 0000000..b86a047
--- /dev/null
+++ b/tests/28-sim-arch_x86.tests
@@ -0,0 +1,27 @@
+#
+# libseccomp regression test automation data
+#
+# This test triggers a bug in libseccomp erroneously allowing the close()
+# syscall on x32 instead of 'KILL'ing it, as it should do for unsupported
+# architectures.
+#
+# Author: Mathias Krause <minipli@googlemail.com>
+#
+
+test type: bpf-sim
+
+# Testname	Arch		Syscall	Arg0	Arg1	Arg2	Arg3	Arg4	Arg5	Result
+28-sim-arch_x86	+x86,+x86_64	read	N	N	N	N	N	N	ALLOW
+28-sim-arch_x86	+x86,+x86_64	close	N	N	N	N	N	N	ERRNO(1)
+28-sim-arch_x86	+arm,+x32	read	N	N	N	N	N	N	KILL
+28-sim-arch_x86	+arm,+x32	close	N	N	N	N	N	N	KILL
+
+test type: bpf-sim-fuzz
+
+# Testname	StressCount
+28-sim-arch_x86	50
+
+test type: bpf-valgrind
+
+# Testname
+28-sim-arch_x86