1// Regression test for https://crbug.com/502974, where ASan was unable to read 2// the binary name because of sandbox restrictions. 3// This test uses seccomp-BPF to restrict the readlink() system call and makes 4// sure ASan is still able to 5// RUN: not ls /usr/include/linux/seccomp.h || ( %clang_asan %s -o %t && not %run %t 2>&1 | FileCheck %s ) 6// UNSUPPORTED: android 7 8#include <errno.h> 9#include <stddef.h> 10#include <stdlib.h> 11#include <stdio.h> 12#include <sys/prctl.h> 13#include <sys/syscall.h> 14#include <linux/filter.h> 15#include <linux/seccomp.h> 16 17#ifndef __NR_readlink 18# define __NR_readlink __NR_readlinkat 19#endif 20 21#define syscall_nr (offsetof(struct seccomp_data, nr)) 22 23void corrupt() { 24 void *p = malloc(10); 25 free(p); 26 free(p); 27} 28 29int main() { 30 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); 31 32 struct sock_filter filter[] = { 33 /* Grab the system call number */ 34 BPF_STMT(BPF_LD + BPF_W + BPF_ABS, syscall_nr), 35 // If this is __NR_readlink, 36 BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_readlink, 0, 1), 37 // return with EPERM, 38 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | EPERM), 39 // otherwise allow the syscall. 40 BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW) 41 }; 42 struct sock_fprog prog; 43 prog.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])); 44 prog.filter = filter; 45 46 int res = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0); 47 if (res != 0) { 48 fprintf(stderr, "PR_SET_SECCOMP unsupported!\n"); 49 } 50 corrupt(); 51 // CHECK: AddressSanitizer 52 // CHECK-NOT: reading executable name failed 53 return 0; 54} 55