| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 6 |
| 7 #include <asm/unistd.h> |
| 8 #include <fcntl.h> |
| 9 #include <sys/mman.h> |
| 10 #include <sys/syscall.h> |
| 11 #include <sys/types.h> |
| 12 #include <unistd.h> |
| 13 |
| 14 #include <vector> |
| 15 |
| 16 #include "base/basictypes.h" |
| 17 #include "base/posix/eintr_wrapper.h" |
| 18 #include "build/build_config.h" |
| 19 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 20 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 21 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 22 #include "sandbox/linux/tests/unit_tests.h" |
| 23 #include "testing/gtest/include/gtest/gtest.h" |
| 24 |
| 25 using sandbox::bpf_dsl::Allow; |
| 26 using sandbox::bpf_dsl::ResultExpr; |
| 27 using sandbox::bpf_dsl::Trap; |
| 28 using sandbox::bpf_dsl::SandboxBPFDSLPolicy; |
| 29 |
| 30 namespace sandbox { |
| 31 |
| 32 namespace { |
| 33 |
| 34 // Different platforms use different symbols for the six-argument version |
| 35 // of the mmap() system call. Test for the correct symbol at compile time. |
| 36 #ifdef __NR_mmap2 |
| 37 const int kMMapNr = __NR_mmap2; |
| 38 #else |
| 39 const int kMMapNr = __NR_mmap; |
| 40 #endif |
| 41 |
| 42 TEST(Syscall, InvalidCallReturnsENOSYS) { |
| 43 EXPECT_EQ(-ENOSYS, Syscall::InvalidCall()); |
| 44 } |
| 45 |
| 46 TEST(Syscall, WellKnownEntryPoint) { |
| 47 // Test that Syscall::Call(-1) is handled specially. Don't do this on ARM, |
| 48 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we |
| 49 // are still testing ARM code in the next set of tests. |
| 50 #if !defined(__arm__) && !defined(__aarch64__) |
| 51 EXPECT_NE(Syscall::Call(-1), syscall(-1)); |
| 52 #endif |
| 53 |
| 54 // If possible, test that Syscall::Call(-1) returns the address right |
| 55 // after |
| 56 // a kernel entry point. |
| 57 #if defined(__i386__) |
| 58 EXPECT_EQ(0x80CDu, ((uint16_t*)Syscall::Call(-1))[-1]); // INT 0x80 |
| 59 #elif defined(__x86_64__) |
| 60 EXPECT_EQ(0x050Fu, ((uint16_t*)Syscall::Call(-1))[-1]); // SYSCALL |
| 61 #elif defined(__arm__) |
| 62 #if defined(__thumb__) |
| 63 EXPECT_EQ(0xDF00u, ((uint16_t*)Syscall::Call(-1))[-1]); // SWI 0 |
| 64 #else |
| 65 EXPECT_EQ(0xEF000000u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0 |
| 66 #endif |
| 67 #elif defined(__mips__) |
| 68 // Opcode for MIPS sycall is in the lower 16-bits |
| 69 EXPECT_EQ(0x0cu, (((uint32_t*)Syscall::Call(-1))[-1]) & 0x0000FFFF); |
| 70 #elif defined(__aarch64__) |
| 71 EXPECT_EQ(0xD4000001u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0 |
| 72 #else |
| 73 #warning Incomplete test case; need port for target platform |
| 74 #endif |
| 75 } |
| 76 |
| 77 TEST(Syscall, TrivialSyscallNoArgs) { |
| 78 // Test that we can do basic system calls |
| 79 EXPECT_EQ(Syscall::Call(__NR_getpid), syscall(__NR_getpid)); |
| 80 } |
| 81 |
| 82 TEST(Syscall, TrivialSyscallOneArg) { |
| 83 int new_fd; |
| 84 // Duplicate standard error and close it. |
| 85 ASSERT_GE(new_fd = Syscall::Call(__NR_dup, 2), 0); |
| 86 int close_return_value = IGNORE_EINTR(Syscall::Call(__NR_close, new_fd)); |
| 87 ASSERT_EQ(close_return_value, 0); |
| 88 } |
| 89 |
| 90 TEST(Syscall, TrivialFailingSyscall) { |
| 91 errno = -42; |
| 92 int ret = Syscall::Call(__NR_dup, -1); |
| 93 ASSERT_EQ(-EBADF, ret); |
| 94 // Verify that Syscall::Call does not touch errno. |
| 95 ASSERT_EQ(-42, errno); |
| 96 } |
| 97 |
| 98 // SIGSYS trap handler that will be called on __NR_uname. |
| 99 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { |
| 100 // |aux| is our BPF_AUX pointer. |
| 101 std::vector<uint64_t>* const seen_syscall_args = |
| 102 static_cast<std::vector<uint64_t>*>(aux); |
| 103 BPF_ASSERT(arraysize(args.args) == 6); |
| 104 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); |
| 105 return -ENOMEM; |
| 106 } |
| 107 |
| 108 class CopyAllArgsOnUnamePolicy : public SandboxBPFDSLPolicy { |
| 109 public: |
| 110 explicit CopyAllArgsOnUnamePolicy(std::vector<uint64_t>* aux) : aux_(aux) {} |
| 111 virtual ~CopyAllArgsOnUnamePolicy() {} |
| 112 |
| 113 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 114 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 115 if (sysno == __NR_uname) { |
| 116 return Trap(CopySyscallArgsToAux, aux_); |
| 117 } else { |
| 118 return Allow(); |
| 119 } |
| 120 } |
| 121 |
| 122 private: |
| 123 std::vector<uint64_t>* aux_; |
| 124 |
| 125 DISALLOW_COPY_AND_ASSIGN(CopyAllArgsOnUnamePolicy); |
| 126 }; |
| 127 |
| 128 // We are testing Syscall::Call() by making use of a BPF filter that |
| 129 // allows us |
| 130 // to inspect the system call arguments that the kernel saw. |
| 131 BPF_TEST(Syscall, |
| 132 SyntheticSixArgs, |
| 133 CopyAllArgsOnUnamePolicy, |
| 134 std::vector<uint64_t> /* (*BPF_AUX) */) { |
| 135 const int kExpectedValue = 42; |
| 136 // In this test we only pass integers to the kernel. We might want to make |
| 137 // additional tests to try other types. What we will see depends on |
| 138 // implementation details of kernel BPF filters and we will need to document |
| 139 // the expected behavior very clearly. |
| 140 int syscall_args[6]; |
| 141 for (size_t i = 0; i < arraysize(syscall_args); ++i) { |
| 142 syscall_args[i] = kExpectedValue + i; |
| 143 } |
| 144 |
| 145 // We could use pretty much any system call we don't need here. uname() is |
| 146 // nice because it doesn't have any dangerous side effects. |
| 147 BPF_ASSERT(Syscall::Call(__NR_uname, |
| 148 syscall_args[0], |
| 149 syscall_args[1], |
| 150 syscall_args[2], |
| 151 syscall_args[3], |
| 152 syscall_args[4], |
| 153 syscall_args[5]) == -ENOMEM); |
| 154 |
| 155 // We expect the trap handler to have copied the 6 arguments. |
| 156 BPF_ASSERT(BPF_AUX->size() == 6); |
| 157 |
| 158 // Don't loop here so that we can see which argument does cause the failure |
| 159 // easily from the failing line. |
| 160 // uint64_t is the type passed to our SIGSYS handler. |
| 161 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0])); |
| 162 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1])); |
| 163 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2])); |
| 164 BPF_ASSERT((*BPF_AUX)[3] == static_cast<uint64_t>(syscall_args[3])); |
| 165 BPF_ASSERT((*BPF_AUX)[4] == static_cast<uint64_t>(syscall_args[4])); |
| 166 BPF_ASSERT((*BPF_AUX)[5] == static_cast<uint64_t>(syscall_args[5])); |
| 167 } |
| 168 |
| 169 TEST(Syscall, ComplexSyscallSixArgs) { |
| 170 int fd; |
| 171 ASSERT_LE(0, |
| 172 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/dev/null", O_RDWR, 0L)); |
| 173 |
| 174 // Use mmap() to allocate some read-only memory |
| 175 char* addr0; |
| 176 ASSERT_NE( |
| 177 (char*)NULL, |
| 178 addr0 = reinterpret_cast<char*>(Syscall::Call(kMMapNr, |
| 179 (void*)NULL, |
| 180 4096, |
| 181 PROT_READ, |
| 182 MAP_PRIVATE | MAP_ANONYMOUS, |
| 183 fd, |
| 184 0L))); |
| 185 |
| 186 // Try to replace the existing mapping with a read-write mapping |
| 187 char* addr1; |
| 188 ASSERT_EQ(addr0, |
| 189 addr1 = reinterpret_cast<char*>( |
| 190 Syscall::Call(kMMapNr, |
| 191 addr0, |
| 192 4096L, |
| 193 PROT_READ | PROT_WRITE, |
| 194 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, |
| 195 fd, |
| 196 0L))); |
| 197 ++*addr1; // This should not seg fault |
| 198 |
| 199 // Clean up |
| 200 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr1, 4096L)); |
| 201 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd))); |
| 202 |
| 203 // Check that the offset argument (i.e. the sixth argument) is processed |
| 204 // correctly. |
| 205 ASSERT_GE( |
| 206 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/proc/self/exe", O_RDONLY, 0L), |
| 207 0); |
| 208 char* addr2, *addr3; |
| 209 ASSERT_NE((char*)NULL, |
| 210 addr2 = reinterpret_cast<char*>(Syscall::Call( |
| 211 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L))); |
| 212 ASSERT_NE((char*)NULL, |
| 213 addr3 = reinterpret_cast<char*>(Syscall::Call(kMMapNr, |
| 214 (void*)NULL, |
| 215 4096L, |
| 216 PROT_READ, |
| 217 MAP_PRIVATE, |
| 218 fd, |
| 219 #if defined(__NR_mmap2) |
| 220 1L |
| 221 #else |
| 222 4096L |
| 223 #endif |
| 224 ))); |
| 225 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096)); |
| 226 |
| 227 // Just to be absolutely on the safe side, also verify that the file |
| 228 // contents matches what we are getting from a read() operation. |
| 229 char buf[8192]; |
| 230 EXPECT_EQ(8192, Syscall::Call(__NR_read, fd, buf, 8192L)); |
| 231 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); |
| 232 |
| 233 // Clean up |
| 234 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr2, 8192L)); |
| 235 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr3, 4096L)); |
| 236 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd))); |
| 237 } |
| 238 |
| 239 } // namespace |
| 240 |
| 241 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 670183003:
Update from chromium 62675d9fb31fb8cedc40f68e78e8445a74f362e7 (Closed)
Base URL: git@github.com:domokit/mojo.git@master