2019-11-29 05:55:34

by Max Filippov

[permalink] [raw]
Subject: [PATCH] tools/testing/selftests/seccomp: change USER_NOTIF_MAGIC definition

USER_NOTIF_MAGIC is used to both initialize seccomp_notif_resp::val and
verify syscall resturn value. On 32-bit architectures syscall return
value has type long, but the value of USER_NOTIF_MAGIC has type long
long because it doesn't fit into long. As a result all syscall return
value comparisons with USER_NOTIF_MAGIC are false. This is also reported
by the compiler when '-W' is added to CFLAGS.

Add explicit type cast to USER_NOTIF_MAGIC definition.
This fixes the following seccomp_bpf tests on 32-bit architectures:
global.user_notification_basic
global.user_notification_child_pid_ns
global.user_notification_sibling_pid_ns
global.user_notification_fault_recv

Signed-off-by: Max Filippov <[email protected]>
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 7f8b5c8982e3..16cc30e2ade4 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -3077,7 +3077,7 @@ static int user_trap_syscall(int nr, unsigned int flags)
return seccomp(SECCOMP_SET_MODE_FILTER, flags, &prog);
}

-#define USER_NOTIF_MAGIC 116983961184613L
+#define USER_NOTIF_MAGIC ((unsigned long)116983961184613L)
TEST(user_notification_basic)
{
pid_t pid;
--
2.20.1


2019-11-30 16:16:52

by Kees Cook

[permalink] [raw]
Subject: Re: [PATCH] tools/testing/selftests/seccomp: change USER_NOTIF_MAGIC definition

On Thu, Nov 28, 2019 at 09:51:28PM -0800, Max Filippov wrote:
> USER_NOTIF_MAGIC is used to both initialize seccomp_notif_resp::val and
> verify syscall resturn value. On 32-bit architectures syscall return
> value has type long, but the value of USER_NOTIF_MAGIC has type long
> long because it doesn't fit into long. As a result all syscall return
> value comparisons with USER_NOTIF_MAGIC are false. This is also reported
> by the compiler when '-W' is added to CFLAGS.

Hi! Thanks for sending this. There is already a patch in the pipeline
for getting it fixed; it should show up in Linus's tree soon:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp&id=223e660bc7638d126a0e4fbace4f33f2895788c4

--
Kees Cook