api: provide 32-bit friendly argument comparison macros

We have a longstanding issue with 32-bit to 64-bit sign extension
inadvertently resulting in bogus syscall argument extensions. This
patch introduces a new set of argument comparison macros which
limit the argument values to 32-bit values so that we don't run into
problems with sign extension.

We use the macro overloading proposed by Roman at
https://kecher.net/overloading-macros/ to retain the feature of these
macros being usable as static initializers.

Thanks to @jdstrand on GitHub for reporting the problem.

Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Michael Weiser <michael.weiser@gmx.de>

4 files changed, 178 insertions, 3 deletions

diff --git a/tests/48-sim-32b_args.c b/tests/48-sim-32b_args.c
new file mode 100644
index 0000000..2d10519
--- /dev/null
+++ b/tests/48-sim-32b_args.c
@@ -0,0 +1,84 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ * Additions: Michael Weiser <michael.weiser@gmx.de>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+#include <inttypes.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	struct util_options opts;
+	scmp_filter_ctx ctx = NULL;
+	struct args {
+		uint32_t action;
+		int syscall;
+		struct scmp_arg_cmp cmp;
+	} *a, f[] = {
+		{SCMP_ACT_ALLOW, 2000, SCMP_A0(SCMP_CMP_EQ, -1)},
+		{SCMP_ACT_ALLOW, 2064, SCMP_A0_64(SCMP_CMP_EQ, -1)},
+		{SCMP_ACT_ALLOW, 2032, SCMP_A0_32(SCMP_CMP_EQ, -1)},
+		{0},
+	};
+
+	rc = util_getopt(argc, argv, &opts);
+	if (rc < 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_KILL);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1000, 1,
+				    SCMP_A0(SCMP_CMP_EQ, -1));
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1064, 1,
+				    SCMP_A0_64(SCMP_CMP_EQ, -1));
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add_exact(ctx, SCMP_ACT_ALLOW, 1032, 1,
+				    SCMP_A0_32(SCMP_CMP_EQ, -1));
+	if (rc != 0)
+		goto out;
+
+	for (a = f; a->syscall != 0; a++) {
+		rc = seccomp_rule_add_exact(ctx, a->action, a->syscall, 1,
+					    a->cmp);
+		if (rc != 0)
+			goto out;
+	}
+
+	rc = util_filter_output(&opts, ctx);
+	if (rc)
+		goto out;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff --git a/tests/48-sim-32b_args.py b/tests/48-sim-32b_args.py
new file mode 100755
index 0000000..486c488
--- /dev/null
+++ b/tests/48-sim-32b_args.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(KILL)
+    # NOTE: this test is different from the native/c test as the bindings don't
+    #       allow negative numbers (which is a good thing here)
+    f.add_rule_exactly(ALLOW, 1000, Arg(0, EQ, 0xffffffffffffffff))
+    f.add_rule_exactly(ALLOW, 1064, Arg(0, EQ, 0xffffffffffffffff))
+    f.add_rule_exactly(ALLOW, 1032, Arg(0, EQ, 0xffffffff))
+    # here we do not have static initializers to test but need to keep
+    # behaviour in sync with the native test
+    f.add_rule_exactly(ALLOW, 2000, Arg(0, EQ, 0xffffffffffffffff))
+    f.add_rule_exactly(ALLOW, 2064, Arg(0, EQ, 0xffffffffffffffff))
+    f.add_rule_exactly(ALLOW, 2032, Arg(0, EQ, 0xffffffff))
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/48-sim-32b_args.tests b/tests/48-sim-32b_args.tests
new file mode 100644
index 0000000..b19fe5e
--- /dev/null
+++ b/tests/48-sim-32b_args.tests
@@ -0,0 +1,38 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
+# Author: Paul Moore <paul@paul-moore.com>
+#
+
+test type: bpf-sim
+
+# Testname		Arch	Syscall	Arg0			Arg1	Arg2	Arg3	Arg4	Arg5	Result
+48-sim-32b_args		all	1000	0x0			N	N	N	N	N	KILL
+48-sim-32b_args		all	1000	0xffffffff		N	N	N	N	N	KILL
+48-sim-32b_args		all	1000	0xffffffffffffffff	N	N	N	N	N	ALLOW
+48-sim-32b_args		all	1032	0x0			N	N	N	N	N	KILL
+48-sim-32b_args		all	1032	0xffffffff		N	N	N	N	N	ALLOW
+48-sim-32b_args		all	1032	0xffffffffffffffff	N	N	N	N	N	KILL
+48-sim-32b_args		all	1064	0x0			N	N	N	N	N	KILL
+48-sim-32b_args		all	1064	0xffffffff		N	N	N	N	N	KILL
+48-sim-32b_args		all	1064	0xffffffffffffffff	N	N	N	N	N	ALLOW
+48-sim-32b_args		all	2000	0x0			N	N	N	N	N	KILL
+48-sim-32b_args		all	2000	0xffffffff		N	N	N	N	N	KILL
+48-sim-32b_args		all	2000	0xffffffffffffffff	N	N	N	N	N	ALLOW
+48-sim-32b_args		all	2032	0x0			N	N	N	N	N	KILL
+48-sim-32b_args		all	2032	0xffffffff		N	N	N	N	N	ALLOW
+48-sim-32b_args		all	2032	0xffffffffffffffff	N	N	N	N	N	KILL
+48-sim-32b_args		all	2064	0x0			N	N	N	N	N	KILL
+48-sim-32b_args		all	2064	0xffffffff		N	N	N	N	N	KILL
+48-sim-32b_args		all	2064	0xffffffffffffffff	N	N	N	N	N	ALLOW
+
+test type: bpf-sim-fuzz
+
+# Testname		StressCount
+48-sim-32b_args		50
+
+test type: bpf-valgrind
+
+# Testname
+48-sim-32b_args
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 07e1654..365ae7e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -86,7 +86,8 @@ check_PROGRAMS = \
 	44-live-a2_order \
 	45-sim-chain_code_coverage \
 	46-sim-kill_process \
-	47-live-kill_process
+	47-live-kill_process \
+	48-sim-32b_args
 
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -135,7 +136,8 @@ EXTRA_DIST_TESTPYTHON = \
 	44-live-a2_order.py \
 	45-sim-chain_code_coverage.py \
 	46-sim-kill_process.py \
-	47-live-kill_process.py
+	47-live-kill_process.py \
+	48-sim-32b_args.py
 
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -184,7 +186,8 @@ EXTRA_DIST_TESTCFGS = \
 	44-live-a2_order.tests \
 	45-sim-chain_code_coverage.tests \
 	46-sim-kill_process.tests \
-	47-live-kill_process.tests
+	47-live-kill_process.tests \
+	48-sim-32b_args.tests
 
 EXTRA_DIST_TESTSCRIPTS = \
 	38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc