| // Regression test for https://crbug.com/502974, where ASan was unable to read |
| // the binary name because of sandbox restrictions. |
| // This test uses seccomp-BPF to restrict the readlink() system call and makes |
| // sure ASan is still able to |
| // RUN: not ls /usr/include/linux/seccomp.h || ( %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s ) |
| // UNSUPPORTED: android |
| |
| #include <errno.h> |
| #include <stddef.h> |
| #include <stdlib.h> |
| #include <stdio.h> |
| #include <sys/prctl.h> |
| #include <sys/syscall.h> |
| #include <linux/filter.h> |
| #include <linux/seccomp.h> |
| |
| #ifndef __NR_readlink |
| # define __NR_readlink __NR_readlinkat |
| #endif |
| |
| #define syscall_nr (offsetof(struct seccomp_data, nr)) |
| |
| void corrupt() { |
| void *p = malloc(10); |
| free(p); |
| free(p); |
| } |
| |
| int main() { |
| prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); |
| |
| struct sock_filter filter[] = { |
| /* Grab the system call number */ |
| BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr), |
| // If this is __NR_readlink, |
| BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1), |
| // return with EPERM, |
| BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM), |
| // otherwise allow the syscall. |
| BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW) |
| }; |
| struct sock_fprog prog; |
| prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])); |
| prog.filter = filter; |
| |
| int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); |
| if (res != 0) { |
| fprintf(stderr, "PR_SET_SECCOMP unsupported!\n"); |
| } |
| corrupt(); |
| // CHECK: AddressSanitizer |
| // CHECK-NOT: reading executable name failed |
| return 0; |
| } |
