tests: improve 05-sim-long_jumps to work better across arch/ABIs

This patch primarily moves the test away from abstract syscall numbers to honest-to-goodness actual syscalls which are present on all currently supported arch/ABIs. This change should make it easier to support this test across different platforms now and moving forward. Signed-off-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
author: Paul Moore <paul@paul-moore.com> 2021-11-01 10:07:44 -0600
committer: Tom Hromatka <tom.hromatka@oracle.com> 2021-11-01 10:08:00 -0600
commit: 3c2da115b5b35222afbc62f27779832d47a34786 (patch)
tree: 7cb67cb2dc02ab885ea501e51c6430c7d706559b /tests
parent: ee3660f91879eb82eb1885a9a5688fec245dcfbf (diff)
download: libseccomp-3c2da115b5b35222afbc62f27779832d47a34786.tar.gz
3 files changed, 52 insertions, 43 deletions
diff --git a/tests/05-sim-long_jumps.c b/tests/05-sim-long_jumps.c
index 9acbb91..24e5cf2 100644
--- a/tests/05-sim-long_jumps.c
+++ b/tests/05-sim-long_jumps.c
@@ -2,6 +2,7 @@
  * Seccomp Library test program
  *
  * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+ * Copyright (c) 2021 Microsoft Corporation <paulmoore@microsoft.com>
  * Author: Paul Moore <paul@paul-moore.com>
  */
 
@@ -30,7 +31,8 @@
 int main(int argc, char *argv[])
 {
 	int rc;
-	int iter;
+	int iter, ctr;
+	char *syscall;
 	struct util_options opts;
 	scmp_filter_ctx ctx = NULL;
 
@@ -42,31 +44,37 @@ int main(int argc, char *argv[])
 	if (ctx == NULL)
 		return ENOMEM;
 
-	/* NOTE - syscalls referenced by number to make the test simpler */
-
-	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1, 0);
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(brk), 0);
 	if (rc != 0)
 		goto out;
 
 	/* same syscall, many chains */
 	for (iter = 0; iter < 100; iter++) {
-		rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 3,
-					    SCMP_A0(SCMP_CMP_EQ, iter),
-					    SCMP_A1(SCMP_CMP_NE, 0x0),
-					    SCMP_A2(SCMP_CMP_LT, SSIZE_MAX));
+		rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chdir), 3,
+				      SCMP_A0(SCMP_CMP_EQ, iter),
+				      SCMP_A1(SCMP_CMP_NE, 0x0),
+				      SCMP_A2(SCMP_CMP_LT, SSIZE_MAX));
 		if (rc != 0)
 			goto out;
 	}
 
 	/* many syscalls, same chain */
-	for (iter = 100; iter < 200; iter++) {
-		rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, iter, 1,
-					    SCMP_A0(SCMP_CMP_NE, 0));
-		if (rc != 0)
-			goto out;
+	for (iter = 0, ctr = 0; iter < 10000 && ctr < 100; iter++) {
+		if (iter == SCMP_SYS(chdir))
+			continue;
+		syscall = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE,
+							   iter);
+		if (syscall) {
+			free(syscall);
+			rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, iter, 1,
+					      SCMP_A0(SCMP_CMP_NE, 0));
+			if (rc != 0)
+				goto out;
+			ctr++;
+		}
 	}
 
-	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 4, 0);
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
 	if (rc != 0)
 		goto out;
 
diff --git a/tests/05-sim-long_jumps.py b/tests/05-sim-long_jumps.py
index 1ec9a24..6d9d5d4 100755
--- a/tests/05-sim-long_jumps.py
+++ b/tests/05-sim-long_jumps.py
@@ -4,6 +4,7 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2012 Red Hat <pmoore@redhat.com>
+# Copyright (c) 2021 Microsoft Corporation <paulmoore@microsoft.com>
 # Author: Paul Moore <paul@paul-moore.com>
 #
 
@@ -30,21 +31,28 @@ from seccomp import *
 
 def test(args):
     f = SyscallFilter(KILL)
-    # syscalls referenced by number to make the test simpler
-    f.add_rule_exactly(ALLOW, 1)
+    f.add_rule(ALLOW, "brk")
     i = 0
     while i < 100:
-        f.add_rule_exactly(ALLOW, 1000,
-                           Arg(0, EQ, i),
-                           Arg(1, NE, 0),
-                           Arg(2, LT, sys.maxsize))
+        f.add_rule(ALLOW, "chdir",
+                   Arg(0, EQ, i),
+                   Arg(1, NE, 0),
+                   Arg(2, LT, sys.maxsize))
         i += 1
-    i = 100
-    while i < 200:
-        f.add_rule_exactly(ALLOW, i,
-                           Arg(0, NE, 0))
+    i = 0
+    ctr = 0
+    while i < 10000 and ctr < 100:
+        sc = i
         i += 1
-    f.add_rule_exactly(ALLOW, 4)
+        if sc == resolve_syscall(Arch(), "chdir"):
+            continue
+        try:
+            resolve_syscall(Arch(), sc)
+        except ValueError:
+            continue
+        f.add_rule(ALLOW, sc, Arg(0, NE, 0))
+        ctr += 1
+    f.add_rule(ALLOW, "close")
     return f
 
 args = util.get_opt()
diff --git a/tests/05-sim-long_jumps.tests b/tests/05-sim-long_jumps.tests
index a2d6dd0..d1eb92c 100644
--- a/tests/05-sim-long_jumps.tests
+++ b/tests/05-sim-long_jumps.tests
@@ -1,30 +1,23 @@
 #
 # libseccomp regression test automation data
 #
-# Copyright IBM Corp. 2012
+# Copyright (c) 2012 IBM Corp.
+# Copyright (c) 2021 Microsoft Corporation <paulmoore@microsoft.com>
 # Author: Corey Bryant <coreyb@linux.vnet.ibm.com>
 #
 
 test type: bpf-sim
 
 # Testname		Arch		Syscall	Arg0	Arg1		Arg2			Arg3	Arg4	Arg5	Result
-05-sim-long_jumps	all,-x32	1	1	2		3			4	5	6	ALLOW
-05-sim-long_jumps	all,-x32	2	N	N		N			N	N	N	KILL
-05-sim-long_jumps	all,-x32	999	N	N		N			N	N	N	KILL
-05-sim-long_jumps	x86		1000	0-5 	0x856B008	0x7FFFFFFE		N	N	N	ALLOW
-05-sim-long_jumps	x86_64		1000	0-5 	0x856B008	0x7FFFFFFFFFFFFFFE	N	N	N	ALLOW
-05-sim-long_jumps	x86		1000	95-99	0x856B008	0x7FFFFFFE		N	N	N	ALLOW
-05-sim-long_jumps	x86_64		1000	95-99	0x856B008	0x7FFFFFFFFFFFFFFE	N	N	N	ALLOW
-05-sim-long_jumps	x86		1000	100	0x856B008	0x7FFFFFFE		N	N	N	KILL
-05-sim-long_jumps	x86_64		1000	100	0x856B008	0x7FFFFFFFFFFFFFFE	N	N	N	KILL
-05-sim-long_jumps	all,-x32	1001	N	N		N			N	N	N	KILL
-05-sim-long_jumps	all,-x32	99	1	N		N			N	N	N	KILL
-05-sim-long_jumps	all,-x32	100-105	1	N		N			N	N	N	ALLOW
-05-sim-long_jumps	all,-x32	195-199	1	N		N			N	N	N	ALLOW
-05-sim-long_jumps	all,-x32	200	1	N		N			N	N	N	KILL
-05-sim-long_jumps	all,-x32	3	N	N		N			N	N	N	KILL
-05-sim-long_jumps	all,-x32	4	1	2		3			4	5	6	ALLOW
-05-sim-long_jumps	all,-x32	5	N	N		N			N	N	N	KILL
+05-sim-long_jumps	all,-x32	brk	1	2		3			4	5	6	ALLOW
+05-sim-long_jumps	all,-x32	9999	N	N		N			N	N	N	KILL
+05-sim-long_jumps	x86		chdir	0-5 	0x856B008	0x7FFFFFFE		N	N	N	ALLOW
+05-sim-long_jumps	x86_64		chdir	0-5 	0x856B008	0x7FFFFFFFFFFFFFFE	N	N	N	ALLOW
+05-sim-long_jumps	x86		chdir	95-99	0x856B008	0x7FFFFFFE		N	N	N	ALLOW
+05-sim-long_jumps	x86_64		chdir	95-99	0x856B008	0x7FFFFFFFFFFFFFFE	N	N	N	ALLOW
+05-sim-long_jumps	x86		chdir	100	0x856B008	0x7FFFFFFE		N	N	N	KILL
+05-sim-long_jumps	x86_64		chdir	100	0x856B008	0x7FFFFFFFFFFFFFFE	N	N	N	KILL
+05-sim-long_jumps	all,-x32	close	1	N		N			N	N	N	ALLOW
 
 test type: bpf-sim-fuzz
author	Paul Moore <paul@paul-moore.com>	2021-11-01 10:07:44 -0600
committer	Tom Hromatka <tom.hromatka@oracle.com>	2021-11-01 10:08:00 -0600
commit	3c2da115b5b35222afbc62f27779832d47a34786 (patch)
tree	7cb67cb2dc02ab885ea501e51c6430c7d706559b /tests
parent	ee3660f91879eb82eb1885a9a5688fec245dcfbf (diff)
download	libseccomp-3c2da115b5b35222afbc62f27779832d47a34786.tar.gz