OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/mman.h> | 7 #include <sys/mman.h> |
8 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
9 #include <unistd.h> | 9 #include <unistd.h> |
10 | 10 |
11 #include <vector> | 11 #include <vector> |
12 | 12 |
13 #include "base/basictypes.h" | 13 #include "base/basictypes.h" |
14 #include "base/posix/eintr_wrapper.h" | 14 #include "base/posix/eintr_wrapper.h" |
15 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 15 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 16 #include "sandbox/linux/seccomp-bpf/kernel_return_value_helpers.h" |
16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 17 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
17 #include "sandbox/linux/seccomp-bpf/syscall.h" | 18 #include "sandbox/linux/seccomp-bpf/syscall.h" |
18 #include "sandbox/linux/tests/unit_tests.h" | 19 #include "sandbox/linux/tests/unit_tests.h" |
19 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
20 | 21 |
21 namespace sandbox { | 22 namespace sandbox { |
22 | 23 |
23 namespace { | 24 namespace { |
24 | 25 |
25 // Different platforms use different symbols for the six-argument version | 26 // Different platforms use different symbols for the six-argument version |
(...skipping 17 matching lines...) Expand all Loading... |
43 #if defined(__i386__) | 44 #if defined(__i386__) |
44 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80 | 45 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80 |
45 #elif defined(__x86_64__) | 46 #elif defined(__x86_64__) |
46 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL | 47 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL |
47 #elif defined(__arm__) | 48 #elif defined(__arm__) |
48 #if defined(__thumb__) | 49 #if defined(__thumb__) |
49 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0 | 50 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0 |
50 #else | 51 #else |
51 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0 | 52 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0 |
52 #endif | 53 #endif |
| 54 #elif defined(__mips__) |
| 55 // Opcode for MIPS sycall is in the lower 16-bits |
| 56 EXPECT_EQ(0x0cu, (((uint32_t *)SandboxSyscall(-1))[-1])&0x0000FFFF); |
53 #else | 57 #else |
54 #warning Incomplete test case; need port for target platform | 58 #warning Incomplete test case; need port for target platform |
55 #endif | 59 #endif |
56 } | 60 } |
57 | 61 |
58 TEST(Syscall, TrivialSyscallNoArgs) { | 62 TEST(Syscall, TrivialSyscallNoArgs) { |
59 // Test that we can do basic system calls | 63 // Test that we can do basic system calls |
60 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid)); | 64 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid)); |
61 } | 65 } |
62 | 66 |
63 TEST(Syscall, TrivialSyscallOneArg) { | 67 TEST(Syscall, TrivialSyscallOneArg) { |
64 int new_fd; | 68 int new_fd; |
65 // Duplicate standard error and close it. | 69 // Duplicate standard error and close it. |
66 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0); | 70 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0); |
67 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd)); | 71 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd)); |
68 ASSERT_EQ(close_return_value, 0); | 72 ASSERT_EQ(close_return_value, 0); |
69 } | 73 } |
70 | 74 |
71 // SIGSYS trap handler that will be called on __NR_uname. | 75 // SIGSYS trap handler that will be called on __NR_uname. |
72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { | 76 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { |
73 // |aux| is our BPF_AUX pointer. | 77 // |aux| is our BPF_AUX pointer. |
74 std::vector<uint64_t>* const seen_syscall_args = | 78 std::vector<uint64_t>* const seen_syscall_args = |
75 static_cast<std::vector<uint64_t>*>(aux); | 79 static_cast<std::vector<uint64_t>*>(aux); |
76 BPF_ASSERT(arraysize(args.args) == 6); | 80 BPF_ASSERT(arraysize(args.args) == 6); |
77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); | 81 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); |
78 return -ENOMEM; | 82 return ErrnoToKernelRet(ENOMEM); |
79 } | 83 } |
80 | 84 |
81 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox, | 85 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox, |
82 int sysno, | 86 int sysno, |
83 std::vector<uint64_t>* aux) { | 87 std::vector<uint64_t>* aux) { |
84 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { | 88 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { |
85 return ErrorCode(ENOSYS); | 89 return ErrorCode(ENOSYS); |
86 } | 90 } |
87 if (sysno == __NR_uname) { | 91 if (sysno == __NR_uname) { |
88 return sandbox->Trap(CopySyscallArgsToAux, aux); | 92 return sandbox->Trap(CopySyscallArgsToAux, aux); |
(...skipping 19 matching lines...) Expand all Loading... |
108 } | 112 } |
109 | 113 |
110 // We could use pretty much any system call we don't need here. uname() is | 114 // We could use pretty much any system call we don't need here. uname() is |
111 // nice because it doesn't have any dangerous side effects. | 115 // nice because it doesn't have any dangerous side effects. |
112 BPF_ASSERT(SandboxSyscall(__NR_uname, | 116 BPF_ASSERT(SandboxSyscall(__NR_uname, |
113 syscall_args[0], | 117 syscall_args[0], |
114 syscall_args[1], | 118 syscall_args[1], |
115 syscall_args[2], | 119 syscall_args[2], |
116 syscall_args[3], | 120 syscall_args[3], |
117 syscall_args[4], | 121 syscall_args[4], |
118 syscall_args[5]) == -ENOMEM); | 122 syscall_args[5]) == ErrnoToKernelRet(ENOMEM)); |
119 | 123 |
120 // We expect the trap handler to have copied the 6 arguments. | 124 // We expect the trap handler to have copied the 6 arguments. |
121 BPF_ASSERT(BPF_AUX->size() == 6); | 125 BPF_ASSERT(BPF_AUX->size() == 6); |
122 | 126 |
123 // Don't loop here so that we can see which argument does cause the failure | 127 // Don't loop here so that we can see which argument does cause the failure |
124 // easily from the failing line. | 128 // easily from the failing line. |
125 // uint64_t is the type passed to our SIGSYS handler. | 129 // uint64_t is the type passed to our SIGSYS handler. |
126 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0])); | 130 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0])); |
127 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1])); | 131 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1])); |
128 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2])); | 132 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2])); |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
194 | 198 |
195 // Clean up | 199 // Clean up |
196 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); | 200 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); |
197 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); | 201 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); |
198 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd))); | 202 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd))); |
199 } | 203 } |
200 | 204 |
201 } // namespace | 205 } // namespace |
202 | 206 |
203 } // namespace sandbox | 207 } // namespace sandbox |
OLD | NEW |