tests: add test 62-sim-arch_transactions

drakenclimber · drakenclimber · commit 361cb2473ad1 · 2024-12-05T11:27:33.000-07:00
Add a test to verify the logic at the end of db_col_transaction_commit()
properly copies and releases the snapshots from the filter when the
filter length doesn't match the snapshot length.

Signed-off-by: Tom Hromatka &lt;tom.hromatka@oracle.com&gt;
[PM: subj tweak]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
Signed-off-by: Tom Hromatka &lt;tom.hromatka@oracle.com&gt;
diff --git a/tests/.gitignore b/tests/.gitignore
@@ -69,3 +69,4 @@ util.pyc
 59-basic-empty_binary_tree
 60-sim-precompute
 61-sim-transactions
+62-sim-arch_transactions
diff --git a/tests/62-sim-arch_transactions.c b/tests/62-sim-arch_transactions.c
@@ -0,0 +1,110 @@
+/**
+ * Seccomp Library test program
+ *
+ * Copyright (c) 2023 Microsoft Corporation <paulmoore@microsoft.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ * Author: Tom Hromatka <tom.hromatka@oracle.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#include <seccomp.h>
+
+#include "util.h"
+
+int main(int argc, char *argv[])
+{
+	int rc;
+	struct util_options opts;
+	scmp_filter_ctx ctx = NULL;
+
+	rc = util_getopt(argc, argv, &opts);
+	if (rc < 0)
+		goto out;
+
+	ctx = seccomp_init(SCMP_ACT_ALLOW);
+	if (ctx == NULL)
+		return ENOMEM;
+
+	/* To avoid endian-ness collisions, only run this test against
+	 * x86_64.  This will ensure that we can successfully add the "x86"
+	 * architecture later in the test. */
+	rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("x86_64"));
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_transaction_start(ctx);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_transaction_start(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(read), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_transaction_commit(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("x86"));
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_transaction_commit(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 0);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_transaction_start(ctx);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_transaction_start(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_arch_remove(ctx, seccomp_arch_resolve_name("x86"));
+	if (rc != 0)
+		goto out;
+	rc = seccomp_transaction_commit(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(open), 0);
+	if (rc != 0)
+		goto out;
+	rc = seccomp_transaction_commit(ctx);
+	if (rc != 0)
+		goto out;
+
+	rc = util_filter_output(&opts, ctx);
+	if (rc)
+		goto out;
+
+out:
+	seccomp_release(ctx);
+	return (rc < 0 ? -rc : rc);
+}
diff --git a/tests/62-sim-arch_transactions.py b/tests/62-sim-arch_transactions.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+#
+# Seccomp Library test program
+#
+# Copyright (c) 2023 Microsoft Corporation <paulmoore@microsoft.com>
+# Author: Paul Moore <paul@paul-moore.com>
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+
+#
+# This library is free software; you can redistribute it and/or modify it
+# under the terms of version 2.1 of the GNU Lesser General Public License as
+# published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+# for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library; if not, see <http://www.gnu.org/licenses>.
+#
+
+import argparse
+import sys
+
+import util
+
+from seccomp import *
+
+def test(args):
+    f = SyscallFilter(ALLOW)
+
+    f.remove_arch(Arch())
+    f.add_arch(Arch("x86_64"))
+
+    f.start_transaction()
+    f.start_transaction()
+    f.add_rule(KILL, "read")
+    f.commit_transaction()
+    f.add_arch(Arch("x86"))
+    f.commit_transaction()
+
+    f.add_rule(KILL, "write")
+
+    f.start_transaction()
+    f.start_transaction()
+    f.remove_arch(Arch("x86"))
+    f.commit_transaction()
+    f.add_rule(KILL, "open")
+    f.commit_transaction()
+
+    return f
+
+args = util.get_opt()
+ctx = test(args)
+util.filter_output(args, ctx)
+
+# kate: syntax python;
+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
diff --git a/tests/62-sim-arch_transactions.tests b/tests/62-sim-arch_transactions.tests
@@ -0,0 +1,25 @@
+#
+# libseccomp regression test automation data
+#
+# Copyright (c) 2023 Microsoft Corporation <paulmoore@microsoft.com>
+# Author: Paul Moore <paul@paul-moore.com>
+# Author: Tom Hromatka <tom.hromatka@oracle.com>
+#
+
+test type: bpf-sim
+
+# Testname			Arch	Syscall		Arg0	Arg1	Arg2	Arg3	Arg4	Arg5	Result
+62-sim-arch_transactions	+x86_64	read		N	N	N	N	N	N	KILL
+62-sim-arch_transactions	+x86_64	write		N	N	N	N	N	N	KILL
+62-sim-arch_transactions	+x86_64	open		N	N	N	N	N	N	KILL
+62-sim-arch_transactions	+x86_64	close		N	N	N	N	N	N	ALLOW
+
+test type: bpf-sim-fuzz
+
+# Testname			StressCount
+62-sim-arch_transactions	5
+
+test type: bpf-valgrind
+
+# Testname
+62-sim-arch_transactions
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -96,7 +96,8 @@ check_PROGRAMS = \
 	58-live-tsync_notify \
 	59-basic-empty_binary_tree \
 	60-sim-precompute \
-	61-sim-transactions
+	61-sim-transactions \
+	62-sim-arch_transactions
 
 EXTRA_DIST_TESTPYTHON = \
 	util.py \
@@ -158,7 +159,8 @@ EXTRA_DIST_TESTPYTHON = \
 	58-live-tsync_notify.py \
 	59-basic-empty_binary_tree.py \
 	60-sim-precompute.py \
-	61-sim-transactions.py
+	61-sim-transactions.py \
+	62-sim-arch_transactions.py
 
 EXTRA_DIST_TESTCFGS = \
 	01-sim-allow.tests \
@@ -221,7 +223,8 @@ EXTRA_DIST_TESTCFGS = \
 	58-live-tsync_notify.tests \
 	59-basic-empty_binary_tree.tests \
 	60-sim-precompute.tests \
-	61-sim-transactions.tests
+	61-sim-transactions.tests \
+	62-sim-arch_transactions.tests
 
 EXTRA_DIST_TESTSCRIPTS = \
 	38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \
