1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <asm/unistd.h>
8 #include <sys/syscall.h>
13 #include "base/basictypes.h"
14 #include "base/posix/eintr_wrapper.h"
15 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
17 #include "sandbox/linux/seccomp-bpf/syscall.h"
18 #include "sandbox/linux/tests/unit_tests.h"
19 #include "testing/gtest/include/gtest/gtest.h"
25 // Different platforms use different symbols for the six-argument version
26 // of the mmap() system call. Test for the correct symbol at compile time.
28 const int kMMapNr = __NR_mmap2;
30 const int kMMapNr = __NR_mmap;
33 TEST(Syscall, WellKnownEntryPoint) {
34 // Test that SandboxSyscall(-1) is handled specially. Don't do this on ARM,
35 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
36 // are still testing ARM code in the next set of tests.
38 EXPECT_NE(SandboxSyscall(-1), syscall(-1));
41 // If possible, test that SandboxSyscall(-1) returns the address right after
42 // a kernel entry point.
44 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80
45 #elif defined(__x86_64__)
46 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL
47 #elif defined(__arm__)
48 #if defined(__thumb__)
49 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0
51 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0
54 #warning Incomplete test case; need port for target platform
58 TEST(Syscall, TrivialSyscallNoArgs) {
59 // Test that we can do basic system calls
60 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid));
63 TEST(Syscall, TrivialSyscallOneArg) {
65 // Duplicate standard error and close it.
66 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0);
67 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd));
68 ASSERT_EQ(close_return_value, 0);
71 // SIGSYS trap handler that will be called on __NR_uname.
72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) {
73 // |aux| is our BPF_AUX pointer.
74 std::vector<uint64_t>* const seen_syscall_args =
75 static_cast<std::vector<uint64_t>*>(aux);
76 BPF_ASSERT(arraysize(args.args) == 6);
77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args));
81 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox,
83 std::vector<uint64_t>* aux) {
84 if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
85 return ErrorCode(ENOSYS);
87 if (sysno == __NR_uname) {
88 return sandbox->Trap(CopySyscallArgsToAux, aux);
90 return ErrorCode(ErrorCode::ERR_ALLOWED);
94 // We are testing SandboxSyscall() by making use of a BPF filter that allows us
95 // to inspect the system call arguments that the kernel saw.
98 CopyAllArgsOnUnamePolicy,
99 std::vector<uint64_t> /* (*BPF_AUX) */) {
100 const int kExpectedValue = 42;
101 // In this test we only pass integers to the kernel. We might want to make
102 // additional tests to try other types. What we will see depends on
103 // implementation details of kernel BPF filters and we will need to document
104 // the expected behavior very clearly.
106 for (size_t i = 0; i < arraysize(syscall_args); ++i) {
107 syscall_args[i] = kExpectedValue + i;
110 // We could use pretty much any system call we don't need here. uname() is
111 // nice because it doesn't have any dangerous side effects.
112 BPF_ASSERT(SandboxSyscall(__NR_uname,
118 syscall_args[5]) == -ENOMEM);
120 // We expect the trap handler to have copied the 6 arguments.
121 BPF_ASSERT(BPF_AUX->size() == 6);
123 // Don't loop here so that we can see which argument does cause the failure
124 // easily from the failing line.
125 // uint64_t is the type passed to our SIGSYS handler.
126 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0]));
127 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1]));
128 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2]));
129 BPF_ASSERT((*BPF_AUX)[3] == static_cast<uint64_t>(syscall_args[3]));
130 BPF_ASSERT((*BPF_AUX)[4] == static_cast<uint64_t>(syscall_args[4]));
131 BPF_ASSERT((*BPF_AUX)[5] == static_cast<uint64_t>(syscall_args[5]));
134 TEST(Syscall, ComplexSyscallSixArgs) {
136 ASSERT_LE(0, fd = SandboxSyscall(__NR_open, "/dev/null", O_RDWR, 0L));
138 // Use mmap() to allocate some read-only memory
140 ASSERT_NE((char*)NULL,
141 addr0 = reinterpret_cast<char*>(
142 SandboxSyscall(kMMapNr,
146 MAP_PRIVATE | MAP_ANONYMOUS,
150 // Try to replace the existing mapping with a read-write mapping
153 addr1 = reinterpret_cast<char*>(
154 SandboxSyscall(kMMapNr,
157 PROT_READ | PROT_WRITE,
158 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED,
161 ++*addr1; // This should not seg fault
164 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr1, 4096L));
165 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd)));
167 // Check that the offset argument (i.e. the sixth argument) is processed
169 ASSERT_GE(fd = SandboxSyscall(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0);
171 ASSERT_NE((char*)NULL,
172 addr2 = reinterpret_cast<char*>(SandboxSyscall(
173 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L)));
174 ASSERT_NE((char*)NULL,
175 addr3 = reinterpret_cast<char*>(SandboxSyscall(kMMapNr,
181 #if defined(__NR_mmap2)
187 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096));
189 // Just to be absolutely on the safe side, also verify that the file
190 // contents matches what we are getting from a read() operation.
192 EXPECT_EQ(8192, SandboxSyscall(__NR_read, fd, buf, 8192L));
193 EXPECT_EQ(0, memcmp(addr2, buf, 8192));
196 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L));
197 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L));
198 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd)));
203 } // namespace sandbox