[compiler-rt] r241072 - [ASan] Add a regression test for r240960 (https://crbug.com/502974)

Alexander Potapenko glider at google.com
Tue Jun 30 08:18:03 PDT 2015 

Author: glider
Date: Tue Jun 30 10:18:03 2015
New Revision: 241072

URL: http://llvm.org/viewvc/llvm-project?rev=241072&view=rev
Log:
[ASan] Add a regression test for r240960 (https://crbug.com/502974)

The test simulates a sandbox that prevents the program from calling readlink().
ASan is supposed to still be able to print the executable name regardless of that.

Added:
    compiler-rt/trunk/test/asan/TestCases/Linux/read_binary_name_regtest.c

Added: compiler-rt/trunk/test/asan/TestCases/Linux/read_binary_name_regtest.c
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Linux/read_binary_name_regtest.c?rev=241072&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/Linux/read_binary_name_regtest.c (added)
+++ compiler-rt/trunk/test/asan/TestCases/Linux/read_binary_name_regtest.c Tue Jun 30 10:18:03 2015
@@ -0,0 +1,48 @@
+// Regression test for https://crbug.com/502974, where ASan was unable to read
+// the binary name because of sandbox restrictions.
+// This test uses seccomp-BPF to restrict the readlink() system call and makes
+// sure ASan is still able to 
+// RUN: %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s
+#include <errno.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/prctl.h>
+#include <sys/syscall.h>
+#include <linux/filter.h>
+#include <linux/seccomp.h>
+
+#define syscall_nr (offsetof(struct seccomp_data, nr))
+
+void corrupt() {
+  void *p = malloc(10);
+  free(p);
+  free(p);
+}
+
+int main() {
+  prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+
+  struct sock_filter filter[] = {
+    /* Grab the system call number */
+    BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr),
+    // If this is __NR_readlink,
+    BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1),
+    // return with EPERM,
+    BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM),
+    // otherwise allow the syscall.
+    BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW)
+  };
+  struct sock_fprog prog;
+  prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0]));
+  prog.filter = filter;
+
+  int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0);
+  if (res != 0) {
+    fprintf(stderr, "PR_SET_SECCOMP unsupported!\n");
+  }
+  corrupt();
+  // CHECK: AddressSanitizer
+  // CHECK-NOT: reading executable name failed
+  return 0;
+}

More information about the llvm-commits mailing list