blob: b09096c89cb7d433bec6db070786f793987fface [file] [log] [blame]
Pirama Arumuga Nainar799172d2016-03-03 15:50:30 -08001// Regression test for https://crbug.com/502974, where ASan was unable to read
2// the binary name because of sandbox restrictions.
3// This test uses seccomp-BPF to restrict the readlink() system call and makes
4// sure ASan is still able to
5// RUN: not ls /usr/include/linux/seccomp.h || ( %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s )
6// UNSUPPORTED: android
7
8#include <errno.h>
9#include <stddef.h>
10#include <stdlib.h>
11#include <stdio.h>
12#include <sys/prctl.h>
13#include <sys/syscall.h>
14#include <linux/filter.h>
15#include <linux/seccomp.h>
16
17#ifndef __NR_readlink
18# define __NR_readlink __NR_readlinkat
19#endif
20
21#define syscall_nr (offsetof(struct seccomp_data, nr))
22
23void corrupt() {
24 void *p = malloc(10);
25 free(p);
26 free(p);
27}
28
29int main() {
30 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
31
32 struct sock_filter filter[] = {
33 /* Grab the system call number */
34 BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr),
35 // If this is __NR_readlink,
36 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1),
37 // return with EPERM,
38 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM),
39 // otherwise allow the syscall.
40 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW)
41 };
42 struct sock_fprog prog;
43 prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0]));
44 prog.filter = filter;
45
46 int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0);
47 if (res != 0) {
48 fprintf(stderr, "PR_SET_SECCOMP unsupported!\n");
49 }
50 corrupt();
51 // CHECK: AddressSanitizer
52 // CHECK-NOT: reading executable name failed
53 return 0;
54}