1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/syscall.h"
7 #include <asm/unistd.h>
10 #include <sys/syscall.h>
11 #include <sys/types.h>
16 #include "base/basictypes.h"
17 #include "base/posix/eintr_wrapper.h"
18 #include "build/build_config.h"
19 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
21 #include "sandbox/linux/tests/unit_tests.h"
22 #include "testing/gtest/include/gtest/gtest.h"
28 // Different platforms use different symbols for the six-argument version
29 // of the mmap() system call. Test for the correct symbol at compile time.
31 const int kMMapNr = __NR_mmap2;
33 const int kMMapNr = __NR_mmap;
36 TEST(Syscall, InvalidCallReturnsENOSYS) {
37 EXPECT_EQ(-ENOSYS, Syscall::InvalidCall());
40 TEST(Syscall, WellKnownEntryPoint) {
41 // Test that Syscall::Call(-1) is handled specially. Don't do this on ARM,
42 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
43 // are still testing ARM code in the next set of tests.
44 #if !defined(__arm__) && !defined(__aarch64__)
45 EXPECT_NE(Syscall::Call(-1), syscall(-1));
48 // If possible, test that Syscall::Call(-1) returns the address right
50 // a kernel entry point.
52 EXPECT_EQ(0x80CDu, ((uint16_t*)Syscall::Call(-1))[-1]); // INT 0x80
53 #elif defined(__x86_64__)
54 EXPECT_EQ(0x050Fu, ((uint16_t*)Syscall::Call(-1))[-1]); // SYSCALL
55 #elif defined(__arm__)
56 #if defined(__thumb__)
57 EXPECT_EQ(0xDF00u, ((uint16_t*)Syscall::Call(-1))[-1]); // SWI 0
59 EXPECT_EQ(0xEF000000u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
61 #elif defined(__mips__)
62 // Opcode for MIPS sycall is in the lower 16-bits
63 EXPECT_EQ(0x0cu, (((uint32_t*)Syscall::Call(-1))[-1]) & 0x0000FFFF);
64 #elif defined(__aarch64__)
65 EXPECT_EQ(0xD4000001u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
67 #warning Incomplete test case; need port for target platform
71 TEST(Syscall, TrivialSyscallNoArgs) {
72 // Test that we can do basic system calls
73 EXPECT_EQ(Syscall::Call(__NR_getpid), syscall(__NR_getpid));
76 TEST(Syscall, TrivialSyscallOneArg) {
78 // Duplicate standard error and close it.
79 ASSERT_GE(new_fd = Syscall::Call(__NR_dup, 2), 0);
80 int close_return_value = IGNORE_EINTR(Syscall::Call(__NR_close, new_fd));
81 ASSERT_EQ(close_return_value, 0);
84 TEST(Syscall, TrivialFailingSyscall) {
86 int ret = Syscall::Call(__NR_dup, -1);
87 ASSERT_EQ(-EBADF, ret);
88 // Verify that Syscall::Call does not touch errno.
89 ASSERT_EQ(-42, errno);
92 // SIGSYS trap handler that will be called on __NR_uname.
93 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) {
94 // |aux| is our BPF_AUX pointer.
95 std::vector<uint64_t>* const seen_syscall_args =
96 static_cast<std::vector<uint64_t>*>(aux);
97 BPF_ASSERT(arraysize(args.args) == 6);
98 seen_syscall_args->assign(args.args, args.args + arraysize(args.args));
102 class CopyAllArgsOnUnamePolicy : public SandboxBPFPolicy {
104 explicit CopyAllArgsOnUnamePolicy(std::vector<uint64_t>* aux) : aux_(aux) {}
105 virtual ~CopyAllArgsOnUnamePolicy() {}
107 virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
108 int sysno) const OVERRIDE {
109 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
110 if (sysno == __NR_uname) {
111 return sandbox->Trap(CopySyscallArgsToAux, aux_);
113 return ErrorCode(ErrorCode::ERR_ALLOWED);
118 std::vector<uint64_t>* aux_;
120 DISALLOW_COPY_AND_ASSIGN(CopyAllArgsOnUnamePolicy);
123 // We are testing Syscall::Call() by making use of a BPF filter that
125 // to inspect the system call arguments that the kernel saw.
128 CopyAllArgsOnUnamePolicy,
129 std::vector<uint64_t> /* (*BPF_AUX) */) {
130 const int kExpectedValue = 42;
131 // In this test we only pass integers to the kernel. We might want to make
132 // additional tests to try other types. What we will see depends on
133 // implementation details of kernel BPF filters and we will need to document
134 // the expected behavior very clearly.
136 for (size_t i = 0; i < arraysize(syscall_args); ++i) {
137 syscall_args[i] = kExpectedValue + i;
140 // We could use pretty much any system call we don't need here. uname() is
141 // nice because it doesn't have any dangerous side effects.
142 BPF_ASSERT(Syscall::Call(__NR_uname,
148 syscall_args[5]) == -ENOMEM);
150 // We expect the trap handler to have copied the 6 arguments.
151 BPF_ASSERT(BPF_AUX->size() == 6);
153 // Don't loop here so that we can see which argument does cause the failure
154 // easily from the failing line.
155 // uint64_t is the type passed to our SIGSYS handler.
156 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0]));
157 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1]));
158 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2]));
159 BPF_ASSERT((*BPF_AUX)[3] == static_cast<uint64_t>(syscall_args[3]));
160 BPF_ASSERT((*BPF_AUX)[4] == static_cast<uint64_t>(syscall_args[4]));
161 BPF_ASSERT((*BPF_AUX)[5] == static_cast<uint64_t>(syscall_args[5]));
164 TEST(Syscall, ComplexSyscallSixArgs) {
167 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/dev/null", O_RDWR, 0L));
169 // Use mmap() to allocate some read-only memory
173 addr0 = reinterpret_cast<char*>(Syscall::Call(kMMapNr,
177 MAP_PRIVATE | MAP_ANONYMOUS,
181 // Try to replace the existing mapping with a read-write mapping
184 addr1 = reinterpret_cast<char*>(
185 Syscall::Call(kMMapNr,
188 PROT_READ | PROT_WRITE,
189 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED,
192 ++*addr1; // This should not seg fault
195 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr1, 4096L));
196 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd)));
198 // Check that the offset argument (i.e. the sixth argument) is processed
201 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/proc/self/exe", O_RDONLY, 0L),
204 ASSERT_NE((char*)NULL,
205 addr2 = reinterpret_cast<char*>(Syscall::Call(
206 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L)));
207 ASSERT_NE((char*)NULL,
208 addr3 = reinterpret_cast<char*>(Syscall::Call(kMMapNr,
214 #if defined(__NR_mmap2)
220 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096));
222 // Just to be absolutely on the safe side, also verify that the file
223 // contents matches what we are getting from a read() operation.
225 EXPECT_EQ(8192, Syscall::Call(__NR_read, fd, buf, 8192L));
226 EXPECT_EQ(0, memcmp(addr2, buf, 8192));
229 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr2, 8192L));
230 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr3, 4096L));
231 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd)));
236 } // namespace sandbox