1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <asm/unistd.h> 6 #include <fcntl.h> 7 #include <sys/mman.h> 8 #include <sys/syscall.h> 9 #include <unistd.h> 10 11 #include <vector> 12 13 #include "base/basictypes.h" 14 #include "base/posix/eintr_wrapper.h" 15 #include "build/build_config.h" 16 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" 17 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 18 #include "sandbox/linux/seccomp-bpf/syscall.h" 19 #include "sandbox/linux/tests/unit_tests.h" 20 #include "testing/gtest/include/gtest/gtest.h" 21 22 namespace sandbox { 23 24 namespace { 25 26 // Different platforms use different symbols for the six-argument version 27 // of the mmap() system call. Test for the correct symbol at compile time. 28 #ifdef __NR_mmap2 29 const int kMMapNr = __NR_mmap2; 30 #else 31 const int kMMapNr = __NR_mmap; 32 #endif 33 34 TEST(Syscall, WellKnownEntryPoint) { 35 // Test that Syscall::Call(-1) is handled specially. Don't do this on ARM, 36 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we 37 // are still testing ARM code in the next set of tests. 38 #if !defined(__arm__) 39 EXPECT_NE(Syscall::Call(-1), syscall(-1)); 40 #endif 41 42 // If possible, test that Syscall::Call(-1) returns the address right 43 // after 44 // a kernel entry point. 45 #if defined(__i386__) 46 EXPECT_EQ(0x80CDu, ((uint16_t*)Syscall::Call(-1))[-1]); // INT 0x80 47 #elif defined(__x86_64__) 48 EXPECT_EQ(0x050Fu, ((uint16_t*)Syscall::Call(-1))[-1]); // SYSCALL 49 #elif defined(__arm__) 50 #if defined(__thumb__) 51 EXPECT_EQ(0xDF00u, ((uint16_t*)Syscall::Call(-1))[-1]); // SWI 0 52 #else 53 EXPECT_EQ(0xEF000000u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0 54 #endif 55 #else 56 #warning Incomplete test case; need port for target platform 57 #endif 58 } 59 60 TEST(Syscall, TrivialSyscallNoArgs) { 61 // Test that we can do basic system calls 62 EXPECT_EQ(Syscall::Call(__NR_getpid), syscall(__NR_getpid)); 63 } 64 65 TEST(Syscall, TrivialSyscallOneArg) { 66 int new_fd; 67 // Duplicate standard error and close it. 68 ASSERT_GE(new_fd = Syscall::Call(__NR_dup, 2), 0); 69 int close_return_value = IGNORE_EINTR(Syscall::Call(__NR_close, new_fd)); 70 ASSERT_EQ(close_return_value, 0); 71 } 72 73 TEST(Syscall, TrivialFailingSyscall) { 74 errno = -42; 75 int ret = Syscall::Call(__NR_dup, -1); 76 ASSERT_EQ(-EBADF, ret); 77 // Verify that Syscall::Call does not touch errno. 78 ASSERT_EQ(-42, errno); 79 } 80 81 // SIGSYS trap handler that will be called on __NR_uname. 82 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { 83 // |aux| is our BPF_AUX pointer. 84 std::vector<uint64_t>* const seen_syscall_args = 85 static_cast<std::vector<uint64_t>*>(aux); 86 BPF_ASSERT(arraysize(args.args) == 6); 87 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); 88 return -ENOMEM; 89 } 90 91 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox, 92 int sysno, 93 std::vector<uint64_t>* aux) { 94 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { 95 return ErrorCode(ENOSYS); 96 } 97 if (sysno == __NR_uname) { 98 return sandbox->Trap(CopySyscallArgsToAux, aux); 99 } else { 100 return ErrorCode(ErrorCode::ERR_ALLOWED); 101 } 102 } 103 104 // We are testing Syscall::Call() by making use of a BPF filter that 105 // allows us 106 // to inspect the system call arguments that the kernel saw. 107 BPF_TEST(Syscall, 108 SyntheticSixArgs, 109 CopyAllArgsOnUnamePolicy, 110 std::vector<uint64_t> /* (*BPF_AUX) */) { 111 const int kExpectedValue = 42; 112 // In this test we only pass integers to the kernel. We might want to make 113 // additional tests to try other types. What we will see depends on 114 // implementation details of kernel BPF filters and we will need to document 115 // the expected behavior very clearly. 116 int syscall_args[6]; 117 for (size_t i = 0; i < arraysize(syscall_args); ++i) { 118 syscall_args[i] = kExpectedValue + i; 119 } 120 121 // We could use pretty much any system call we don't need here. uname() is 122 // nice because it doesn't have any dangerous side effects. 123 BPF_ASSERT(Syscall::Call(__NR_uname, 124 syscall_args[0], 125 syscall_args[1], 126 syscall_args[2], 127 syscall_args[3], 128 syscall_args[4], 129 syscall_args[5]) == -ENOMEM); 130 131 // We expect the trap handler to have copied the 6 arguments. 132 BPF_ASSERT(BPF_AUX->size() == 6); 133 134 // Don't loop here so that we can see which argument does cause the failure 135 // easily from the failing line. 136 // uint64_t is the type passed to our SIGSYS handler. 137 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0])); 138 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1])); 139 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2])); 140 BPF_ASSERT((*BPF_AUX)[3] == static_cast<uint64_t>(syscall_args[3])); 141 BPF_ASSERT((*BPF_AUX)[4] == static_cast<uint64_t>(syscall_args[4])); 142 BPF_ASSERT((*BPF_AUX)[5] == static_cast<uint64_t>(syscall_args[5])); 143 } 144 145 TEST(Syscall, ComplexSyscallSixArgs) { 146 int fd; 147 ASSERT_LE(0, fd = Syscall::Call(__NR_open, "/dev/null", O_RDWR, 0L)); 148 149 // Use mmap() to allocate some read-only memory 150 char* addr0; 151 ASSERT_NE( 152 (char*)NULL, 153 addr0 = reinterpret_cast<char*>(Syscall::Call(kMMapNr, 154 (void*)NULL, 155 4096, 156 PROT_READ, 157 MAP_PRIVATE | MAP_ANONYMOUS, 158 fd, 159 0L))); 160 161 // Try to replace the existing mapping with a read-write mapping 162 char* addr1; 163 ASSERT_EQ(addr0, 164 addr1 = reinterpret_cast<char*>( 165 Syscall::Call(kMMapNr, 166 addr0, 167 4096L, 168 PROT_READ | PROT_WRITE, 169 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 170 fd, 171 0L))); 172 ++*addr1; // This should not seg fault 173 174 // Clean up 175 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr1, 4096L)); 176 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd))); 177 178 // Check that the offset argument (i.e. the sixth argument) is processed 179 // correctly. 180 ASSERT_GE(fd = Syscall::Call(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0); 181 char* addr2, *addr3; 182 ASSERT_NE((char*)NULL, 183 addr2 = reinterpret_cast<char*>(Syscall::Call( 184 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L))); 185 ASSERT_NE((char*)NULL, 186 addr3 = reinterpret_cast<char*>(Syscall::Call(kMMapNr, 187 (void*)NULL, 188 4096L, 189 PROT_READ, 190 MAP_PRIVATE, 191 fd, 192 #if defined(__NR_mmap2) 193 1L 194 #else 195 4096L 196 #endif 197 ))); 198 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096)); 199 200 // Just to be absolutely on the safe side, also verify that the file 201 // contents matches what we are getting from a read() operation. 202 char buf[8192]; 203 EXPECT_EQ(8192, Syscall::Call(__NR_read, fd, buf, 8192L)); 204 EXPECT_EQ(0, memcmp(addr2, buf, 8192)); 205 206 // Clean up 207 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr2, 8192L)); 208 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr3, 4096L)); 209 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd))); 210 } 211 212 } // namespace 213 214 } // namespace sandbox 215
