1 /* 2 * Check decoding of ptrace syscall. 3 * 4 * Copyright (c) 2016 Dmitry V. Levin <ldv (at) altlinux.org> 5 * Copyright (c) 2016-2017 The strace developers. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "tests.h" 32 #include <asm/unistd.h> 33 34 #include <errno.h> 35 #include <signal.h> 36 #include <stdio.h> 37 #include <string.h> 38 #include <sys/wait.h> 39 #include <unistd.h> 40 #include "ptrace.h" 41 #include <linux/audit.h> 42 43 static const char *errstr; 44 45 static long 46 do_ptrace(unsigned long request, unsigned long pid, 47 unsigned long addr, unsigned long data) 48 { 49 long rc = syscall(__NR_ptrace, request, pid, addr, data); 50 errstr = sprintrc(rc); 51 return rc; 52 } 53 54 static void 55 test_peeksiginfo(unsigned long pid, const unsigned long bad_request) 56 { 57 do_ptrace(PTRACE_PEEKSIGINFO, pid, 0, bad_request); 58 printf("ptrace(PTRACE_PEEKSIGINFO, %u, NULL, %#lx) = %s\n", 59 (unsigned) pid, bad_request, errstr); 60 61 struct { 62 unsigned long long off; 63 unsigned int flags, nr; 64 } *const psi = tail_alloc(sizeof(*psi)); 65 66 psi->off = 0xdeadbeeffacefeedULL; 67 psi->flags = 1; 68 psi->nr = 42; 69 70 do_ptrace(PTRACE_PEEKSIGINFO, pid, (unsigned long) psi, bad_request); 71 printf("ptrace(PTRACE_PEEKSIGINFO, %u, {off=%llu" 72 ", flags=PTRACE_PEEKSIGINFO_SHARED, nr=%u}, %#lx) = %s\n", 73 (unsigned) pid, psi->off, psi->nr, bad_request, errstr); 74 75 pid = fork(); 76 if ((pid_t) pid < 0) 77 perror_msg_and_fail("fork"); 78 79 if (!pid) { 80 sigset_t mask; 81 sigemptyset(&mask); 82 sigaddset(&mask, SIGUSR1); 83 sigaddset(&mask, SIGUSR2); 84 sigaddset(&mask, SIGALRM); 85 86 if (sigprocmask(SIG_BLOCK, &mask, NULL)) 87 perror_msg_and_fail("sigprocmask"); 88 89 raise(SIGUSR1); 90 raise(SIGUSR2); 91 raise(SIGALRM); 92 93 if (do_ptrace(PTRACE_TRACEME, 0, 0, 0)) 94 perror_msg_and_fail("child: PTRACE_TRACEME"); 95 96 raise(SIGSTOP); 97 _exit(0); 98 } 99 100 const unsigned int nsigs = 4; 101 const uid_t uid = geteuid(); 102 siginfo_t *sigs = tail_alloc(sizeof(*sigs) * nsigs); 103 104 psi->off = 0; 105 psi->flags = 0; 106 psi->nr = nsigs; 107 108 for (;;) { 109 int status, tracee, saved; 110 111 errno = 0; 112 tracee = wait(&status); 113 if (tracee <= 0) { 114 if (errno == EINTR) 115 continue; 116 saved = errno; 117 kill(pid, SIGKILL); 118 errno = saved; 119 perror_msg_and_fail("wait"); 120 } 121 if (WIFEXITED(status)) { 122 if (WEXITSTATUS(status) == 0) 123 break; 124 error_msg_and_fail("unexpected exit status %u", 125 WEXITSTATUS(status)); 126 } 127 if (WIFSIGNALED(status)) 128 error_msg_and_fail("unexpected signal %u", 129 WTERMSIG(status)); 130 if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) { 131 kill(pid, SIGKILL); 132 error_msg_and_fail("unexpected wait status %x", 133 status); 134 } 135 136 long rc = do_ptrace(PTRACE_PEEKSIGINFO, pid, 137 (unsigned long) psi, (unsigned long) sigs); 138 if (rc < 0) { 139 printf("ptrace(PTRACE_PEEKSIGINFO, %u" 140 ", {off=%llu, flags=0, nr=%u}, %p) = %s\n", 141 (unsigned) pid, psi->off, psi->nr, sigs, 142 errstr); 143 } else { 144 printf("ptrace(PTRACE_PEEKSIGINFO, %u" 145 ", {off=%llu, flags=0, nr=%u}" 146 ", [{si_signo=SIGUSR1, si_code=SI_TKILL" 147 ", si_pid=%u, si_uid=%u}" 148 ", {si_signo=SIGUSR2, si_code=SI_TKILL" 149 ", si_pid=%u, si_uid=%u}" 150 ", {si_signo=SIGALRM, si_code=SI_TKILL" 151 ", si_pid=%u, si_uid=%u}" 152 "]) = %s\n", 153 (unsigned) pid, psi->off, psi->nr, 154 (unsigned) pid, (unsigned) uid, 155 (unsigned) pid, (unsigned) uid, 156 (unsigned) pid, (unsigned) uid, 157 errstr); 158 } 159 160 if (do_ptrace(PTRACE_CONT, pid, 0, 0)) { 161 saved = errno; 162 kill(pid, SIGKILL); 163 errno = saved; 164 perror_msg_and_fail("ptrace"); 165 } 166 printf("ptrace(PTRACE_CONT, %ld, NULL, SIG_0) = 0\n", pid); 167 } 168 } 169 170 int 171 main(void) 172 { 173 const unsigned long bad_request = 174 (unsigned long) 0xdeadbeeffffffeedULL; 175 const unsigned long bad_data = 176 (unsigned long) 0xdeadcafefffff00dULL; 177 const unsigned long pid = 178 (unsigned long) 0xdefaced00000000ULL | (unsigned) getpid(); 179 180 const unsigned int sigset_size = get_sigset_size(); 181 182 void *const k_set = tail_alloc(sigset_size); 183 TAIL_ALLOC_OBJECT_CONST_PTR(siginfo_t, sip); 184 185 do_ptrace(bad_request, pid, 0, 0); 186 printf("ptrace(%#lx /* PTRACE_??? */, %u, NULL, NULL) = %s\n", 187 bad_request, (unsigned) pid, errstr); 188 189 do_ptrace(PTRACE_PEEKDATA, pid, bad_request, bad_data); 190 #ifdef IA64 191 printf("ptrace(PTRACE_PEEKDATA, %u, %#lx) = %s\n", 192 (unsigned) pid, bad_request, errstr); 193 #else 194 printf("ptrace(PTRACE_PEEKDATA, %u, %#lx, %#lx) = %s\n", 195 (unsigned) pid, bad_request, bad_data, errstr); 196 #endif 197 198 do_ptrace(PTRACE_PEEKTEXT, pid, bad_request, bad_data); 199 #ifdef IA64 200 printf("ptrace(PTRACE_PEEKTEXT, %u, %#lx) = %s\n", 201 (unsigned) pid, bad_request, errstr); 202 #else 203 printf("ptrace(PTRACE_PEEKTEXT, %u, %#lx, %#lx) = %s\n", 204 (unsigned) pid, bad_request, bad_data, errstr); 205 #endif 206 207 do_ptrace(PTRACE_PEEKUSER, pid, bad_request, bad_data); 208 #ifdef IA64 209 printf("ptrace(PTRACE_PEEKUSER, %u, %#lx) = %s\n", 210 (unsigned) pid, bad_request, errstr); 211 #else 212 printf("ptrace(PTRACE_PEEKUSER, %u, %#lx, %#lx) = %s\n", 213 (unsigned) pid, bad_request, bad_data, errstr); 214 #endif 215 216 do_ptrace(PTRACE_POKEUSER, pid, bad_request, bad_data); 217 printf("ptrace(PTRACE_POKEUSER, %u, %#lx, %#lx) = %s\n", 218 (unsigned) pid, bad_request, bad_data, errstr); 219 220 do_ptrace(PTRACE_ATTACH, pid, 0, 0); 221 printf("ptrace(PTRACE_ATTACH, %u) = %s\n", (unsigned) pid, errstr); 222 223 do_ptrace(PTRACE_INTERRUPT, pid, 0, 0); 224 printf("ptrace(PTRACE_INTERRUPT, %u) = %s\n", (unsigned) pid, errstr); 225 226 do_ptrace(PTRACE_KILL, pid, 0, 0); 227 printf("ptrace(PTRACE_KILL, %u) = %s\n", (unsigned) pid, errstr); 228 229 do_ptrace(PTRACE_LISTEN, pid, 0, 0); 230 printf("ptrace(PTRACE_LISTEN, %u) = %s\n", (unsigned) pid, errstr); 231 232 sigset_t libc_set; 233 sigemptyset(&libc_set); 234 sigaddset(&libc_set, SIGUSR1); 235 memcpy(k_set, &libc_set, sigset_size); 236 237 do_ptrace(PTRACE_SETSIGMASK, pid, sigset_size, (unsigned long) k_set); 238 printf("ptrace(PTRACE_SETSIGMASK, %u, %u, [USR1]) = %s\n", 239 (unsigned) pid, sigset_size, errstr); 240 241 do_ptrace(PTRACE_GETSIGMASK, pid, sigset_size, (unsigned long) k_set); 242 printf("ptrace(PTRACE_GETSIGMASK, %u, %u, %p) = %s\n", 243 (unsigned) pid, sigset_size, k_set, errstr); 244 245 do_ptrace(PTRACE_SECCOMP_GET_FILTER, pid, 42, 0); 246 printf("ptrace(PTRACE_SECCOMP_GET_FILTER, %u, 42, NULL) = %s\n", 247 (unsigned) pid, errstr); 248 249 do_ptrace(PTRACE_GETEVENTMSG, pid, bad_request, bad_data); 250 printf("ptrace(PTRACE_GETEVENTMSG, %u, %#lx, %#lx) = %s\n", 251 (unsigned) pid, bad_request, bad_data, errstr); 252 253 memset(sip, -1, sizeof(*sip)); 254 sip->si_signo = SIGIO; 255 sip->si_code = 1; 256 sip->si_errno = ENOENT; 257 sip->si_band = -2; 258 259 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 260 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGIO" 261 ", si_code=POLL_IN, si_errno=ENOENT, si_band=-2}) = %s\n", 262 (unsigned) pid, bad_request, errstr); 263 264 memset(sip, -1, sizeof(*sip)); 265 sip->si_signo = SIGTRAP; 266 sip->si_code = 1; 267 sip->si_errno = ENOENT; 268 sip->si_pid = 2; 269 sip->si_uid = 3; 270 sip->si_ptr = (void *) bad_request; 271 272 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 273 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGTRAP" 274 ", si_code=TRAP_BRKPT, si_errno=ENOENT, si_pid=2, si_uid=3" 275 ", si_value={int=%d, ptr=%p}}) = %s\n", 276 (unsigned) pid, bad_request, sip->si_int, sip->si_ptr, 277 errstr); 278 279 memset(sip, -1, sizeof(*sip)); 280 sip->si_signo = SIGILL; 281 sip->si_code = 1; 282 sip->si_errno = ENOENT; 283 sip->si_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL; 284 285 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 286 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGILL" 287 ", si_code=ILL_ILLOPC, si_errno=ENOENT, si_addr=%p}) = %s\n", 288 (unsigned) pid, bad_request, sip->si_addr, errstr); 289 290 memset(sip, -1, sizeof(*sip)); 291 sip->si_signo = SIGFPE; 292 sip->si_code = 1; 293 sip->si_errno = ENOENT; 294 sip->si_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL; 295 296 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 297 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGFPE" 298 ", si_code=FPE_INTDIV, si_errno=ENOENT, si_addr=%p}) = %s\n", 299 (unsigned) pid, bad_request, sip->si_addr, errstr); 300 301 memset(sip, -1, sizeof(*sip)); 302 sip->si_signo = SIGBUS; 303 sip->si_code = 1; 304 sip->si_errno = -2; 305 sip->si_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL; 306 307 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 308 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGBUS" 309 ", si_code=BUS_ADRALN, si_errno=%d, si_addr=%p}) = %s\n", 310 (unsigned) pid, bad_request, sip->si_errno, sip->si_addr, 311 errstr); 312 313 memset(sip, -1, sizeof(*sip)); 314 sip->si_signo = SIGPROF; 315 sip->si_code = 0xbadc0ded; 316 sip->si_errno = -2; 317 sip->si_pid = 0; 318 sip->si_uid = 3; 319 sip->si_ptr = 0; 320 321 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 322 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGPROF" 323 ", si_code=%#x, si_errno=%d, si_pid=0, si_uid=3}) = %s\n", 324 (unsigned) pid, bad_request, sip->si_code, sip->si_errno, 325 errstr); 326 327 #ifdef HAVE_SIGINFO_T_SI_SYSCALL 328 memset(sip, -1, sizeof(*sip)); 329 sip->si_signo = SIGSYS; 330 sip->si_code = 1; 331 sip->si_errno = ENOENT; 332 sip->si_call_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL; 333 sip->si_syscall = -1U; 334 sip->si_arch = AUDIT_ARCH_X86_64; 335 336 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 337 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGSYS" 338 ", si_code=SYS_SECCOMP, si_errno=ENOENT, si_call_addr=%p" 339 ", si_syscall=%u, si_arch=AUDIT_ARCH_X86_64})" 340 " = %s\n", 341 (unsigned) pid, bad_request, sip->si_call_addr, sip->si_syscall, 342 errstr); 343 344 sip->si_errno = 3141592653U; 345 sip->si_call_addr = NULL; 346 sip->si_syscall = __NR_read; 347 sip->si_arch = 0xda7a1057; 348 349 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 350 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGSYS" 351 ", si_code=SYS_SECCOMP, si_errno=%d, si_call_addr=NULL" 352 ", si_syscall=__NR_read, si_arch=%#x /* AUDIT_ARCH_??? */})" 353 " = %s\n", 354 (unsigned) pid, bad_request, sip->si_errno, sip->si_arch, 355 errstr); 356 #endif 357 358 #if defined HAVE_SIGINFO_T_SI_TIMERID && defined HAVE_SIGINFO_T_SI_OVERRUN 359 memset(sip, -1, sizeof(*sip)); 360 sip->si_signo = SIGHUP; 361 sip->si_code = SI_TIMER; 362 sip->si_errno = ENOENT; 363 sip->si_timerid = 0xdeadbeef; 364 sip->si_overrun = -1; 365 sip->si_ptr = (void *) (unsigned long) 0xfacefeeddeadbeefULL; 366 367 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip); 368 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGHUP" 369 ", si_code=SI_TIMER, si_errno=ENOENT, si_timerid=%#x" 370 ", si_overrun=%d, si_value={int=%d, ptr=%p}}) = %s\n", 371 (unsigned) pid, bad_request, sip->si_timerid, sip->si_overrun, 372 sip->si_int, sip->si_ptr, errstr); 373 #endif 374 375 do_ptrace(PTRACE_GETSIGINFO, pid, bad_request, (unsigned long) sip); 376 printf("ptrace(PTRACE_GETSIGINFO, %u, %#lx, %p)" 377 " = %s\n", (unsigned) pid, bad_request, sip, errstr); 378 379 do_ptrace(PTRACE_CONT, pid, 0, SIGUSR1); 380 printf("ptrace(PTRACE_CONT, %u, NULL, SIGUSR1) = %s\n", 381 (unsigned) pid, errstr); 382 383 do_ptrace(PTRACE_DETACH, pid, 0, SIGUSR2); 384 printf("ptrace(PTRACE_DETACH, %u, NULL, SIGUSR2) = %s\n", 385 (unsigned) pid, errstr); 386 387 do_ptrace(PTRACE_SYSCALL, pid, 0, SIGUSR1); 388 printf("ptrace(PTRACE_SYSCALL, %u, NULL, SIGUSR1) = %s\n", 389 (unsigned) pid, errstr); 390 391 #ifdef PTRACE_SINGLESTEP 392 do_ptrace(PTRACE_SINGLESTEP, pid, 0, SIGUSR2); 393 printf("ptrace(PTRACE_SINGLESTEP, %u, NULL, SIGUSR2) = %s\n", 394 (unsigned) pid, errstr); 395 #endif 396 397 #ifdef PTRACE_SINGLEBLOCK 398 do_ptrace(PTRACE_SINGLEBLOCK, pid, 0, SIGUSR1); 399 printf("ptrace(PTRACE_SINGLEBLOCK, %u, NULL, SIGUSR1) = %s\n", 400 (unsigned) pid, errstr); 401 #endif 402 403 #ifdef PTRACE_SYSEMU 404 do_ptrace(PTRACE_SYSEMU, pid, 0, SIGUSR2); 405 printf("ptrace(PTRACE_SYSEMU, %u, NULL, SIGUSR2) = %s\n", 406 (unsigned) pid, errstr); 407 #endif 408 #ifdef PTRACE_SYSEMU_SINGLESTEP 409 do_ptrace(PTRACE_SYSEMU_SINGLESTEP, pid, 0, SIGUSR1); 410 printf("ptrace(PTRACE_SYSEMU_SINGLESTEP, %u, NULL, SIGUSR1) = %s\n", 411 (unsigned) pid, errstr); 412 #endif 413 414 do_ptrace(PTRACE_SETOPTIONS, 415 pid, 0, PTRACE_O_TRACEFORK|PTRACE_O_TRACECLONE); 416 printf("ptrace(PTRACE_SETOPTIONS, %u, NULL" 417 ", PTRACE_O_TRACEFORK|PTRACE_O_TRACECLONE) = %s\n", 418 (unsigned) pid, errstr); 419 420 do_ptrace(PTRACE_SEIZE, pid, bad_request, PTRACE_O_TRACESYSGOOD); 421 printf("ptrace(PTRACE_SEIZE, %u, %#lx, PTRACE_O_TRACESYSGOOD) = %s\n", 422 (unsigned) pid, bad_request, errstr); 423 424 do_ptrace(PTRACE_SETREGSET, pid, 1, bad_request); 425 printf("ptrace(PTRACE_SETREGSET, %u, NT_PRSTATUS, %#lx) = %s\n", 426 (unsigned) pid, bad_request, errstr); 427 428 do_ptrace(PTRACE_GETREGSET, pid, 3, bad_request); 429 printf("ptrace(PTRACE_GETREGSET, %u, NT_PRPSINFO, %#lx) = %s\n", 430 (unsigned) pid, bad_request, errstr); 431 432 test_peeksiginfo(pid, bad_request); 433 434 do_ptrace(PTRACE_TRACEME, 0, 0, 0); 435 printf("ptrace(PTRACE_TRACEME) = %s\n", errstr); 436 437 puts("+++ exited with 0 +++"); 438 return 0; 439 } 440