From 22dfc589eeacdd7e59b35ecdf9a8841bd1803f13 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 29 Apr 2022 12:17:37 -0700 Subject: seccomp: allow stat() for ubsan. We've had complaints about ubsan issues for years, but never got to the bottom of them, or saw them ourselves in testing. For some reason (still not understood) we've started to see this ourselves in T and downstream branches. So for now, let's just punch that extra hole. Longer term, ubsan should stop needing any of this, so once https://reviews.llvm.org/D124212 is in an LTS NDK, we should be able to get rid of this _and_ the existing sanitizer-related holes. Bug: https://github.com/android/ndk/issues/1298 Bug: http://b/229989971 Test: treehugger Change-Id: Id42cb29c4e943c0080c0d34ce4e5d6d1b32da9e8 (cherry picked from commit a0745cea5f8510c6bb53dfda16dcba9cca0905d1) Merged-In: Id42cb29c4e943c0080c0d34ce4e5d6d1b32da9e8 --- libc/SECCOMP_ALLOWLIST_COMMON.TXT | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libc/SECCOMP_ALLOWLIST_COMMON.TXT b/libc/SECCOMP_ALLOWLIST_COMMON.TXT index c440f9b74..0366fdf0f 100644 --- a/libc/SECCOMP_ALLOWLIST_COMMON.TXT +++ b/libc/SECCOMP_ALLOWLIST_COMMON.TXT @@ -31,6 +31,8 @@ int seccomp:seccomp(unsigned int operation, unsigned int flags, void *args) all int open:open(const char*, int, ...) arm,x86,x86_64 int stat64:stat64(const char*, struct stat64*) arm,x86 ssize_t readlink:readlink(const char*, char*, size_t) arm,x86,x86_64 +# Needed by ubsan in T? (http://b/229989971) +int stat(const char*, struct stat*) arm,x86,x86_64 # # Useful new syscalls which we don't yet use in bionic. -- cgit v1.2.3 From bbe7c690f1fbe714fe06c2107cb3e4d25bc791f2 Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Sat, 23 Apr 2022 01:46:25 +0000 Subject: Merge "Fix missing null-terminator to exec call." am: 7587e20eaf Original change: https://android-review.googlesource.com/c/platform/bionic/+/2073947 Change-Id: Id15a4a4e86f6bb05378ec1f775fb07693bd9fbda Ignore-AOSP-First: this is an automerge Signed-off-by: Automerger Merge Worker (cherry picked from commit 0f465478006806541d5761ba9921c108036172dc) --- tests/gwp_asan_test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/gwp_asan_test.cpp b/tests/gwp_asan_test.cpp index b442f51e6..b2c7780b1 100644 --- a/tests/gwp_asan_test.cpp +++ b/tests/gwp_asan_test.cpp @@ -43,7 +43,7 @@ void RunGwpAsanTest(const char* test_name) { std::string filter_arg = "--gtest_filter="; filter_arg += test_name; std::string exec(testing::internal::GetArgvs()[0]); - eh.SetArgs({exec.c_str(), "--gtest_also_run_disabled_tests", filter_arg.c_str()}); + eh.SetArgs({exec.c_str(), "--gtest_also_run_disabled_tests", filter_arg.c_str(), nullptr}); eh.Run([&]() { execve(exec.c_str(), eh.GetArgs(), eh.GetEnv()); }, /* expected_exit_status */ 0, // |expected_output_regex|, ensure at least one test ran: -- cgit v1.2.3