1 // Regression test for https://crbug.com/502974, where ASan was unable to read 2 // the binary name because of sandbox restrictions. 3 // This test uses seccomp-BPF to restrict the readlink() system call and makes 4 // sure ASan is still able to 5 // RUN: not ls /usr/include/linux/seccomp.h || ( %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s ) 6 // UNSUPPORTED: android 7 8 #include <errno.h> 9 #include <stddef.h> 10 #include <stdlib.h> 11 #include <stdio.h> 12 #include <sys/prctl.h> 13 #include <sys/syscall.h> 14 #include <linux/filter.h> 15 #include <linux/seccomp.h> 16 17 #ifndef __NR_readlink 18 # define __NR_readlink __NR_readlinkat 19 #endif 20 21 #define syscall_nr (offsetof(struct seccomp_data, nr)) 22 23 void corrupt() { 24 void *p = malloc(10); 25 free(p); 26 free(p); 27 } 28 29 int main() { 30 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); 31 32 struct sock_filter filter[] = { 33 /* Grab the system call number */ 34 BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr), 35 // If this is __NR_readlink, 36 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1), 37 // return with EPERM, 38 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM), 39 // otherwise allow the syscall. 40 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW) 41 }; 42 struct sock_fprog prog; 43 prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])); 44 prog.filter = filter; 45 46 int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); 47 if (res != 0) { 48 fprintf(stderr, "PR_SET_SECCOMP unsupported!\n"); 49 } 50 corrupt(); 51 // CHECK: AddressSanitizer 52 // CHECK-NOT: reading executable name failed 53 return 0; 54 } 55
