Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / sandbox / linux / seccomp-bpf / syscall_unittest.cc
blob54e1dda254f55d37b2195fd17697ae867d60933f
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/syscall.h"
7 #include <asm/unistd.h>
8 #include <fcntl.h>
9 #include <sys/mman.h>
10 #include <sys/syscall.h>
11 #include <sys/types.h>
12 #include <unistd.h>
14 #include <vector>
16 #include "base/basictypes.h"
17 #include "base/posix/eintr_wrapper.h"
18 #include "build/build_config.h"
19 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
21 #include "sandbox/linux/tests/unit_tests.h"
22 #include "testing/gtest/include/gtest/gtest.h"
24 namespace sandbox {
26 namespace {
28 // Different platforms use different symbols for the six-argument version
29 // of the mmap() system call. Test for the correct symbol at compile time.
30 #ifdef __NR_mmap2
31 const int kMMapNr = __NR_mmap2;
32 #else
33 const int kMMapNr = __NR_mmap;
34 #endif
36 TEST(Syscall, InvalidCallReturnsENOSYS) {
37 EXPECT_EQ(-ENOSYS, Syscall::InvalidCall());
40 TEST(Syscall, WellKnownEntryPoint) {
41 // Test that Syscall::Call(-1) is handled specially. Don't do this on ARM,
42 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
43 // are still testing ARM code in the next set of tests.
44 #if !defined(__arm__) && !defined(__aarch64__)
45 EXPECT_NE(Syscall::Call(-1), syscall(-1));
46 #endif
48 // If possible, test that Syscall::Call(-1) returns the address right
49 // after
50 // a kernel entry point.
51 #if defined(__i386__)
52 EXPECT_EQ(0x80CDu, ((uint16_t*)Syscall::Call(-1))[-1]); // INT 0x80
53 #elif defined(__x86_64__)
54 EXPECT_EQ(0x050Fu, ((uint16_t*)Syscall::Call(-1))[-1]); // SYSCALL
55 #elif defined(__arm__)
56 #if defined(__thumb__)
57 EXPECT_EQ(0xDF00u, ((uint16_t*)Syscall::Call(-1))[-1]); // SWI 0
58 #else
59 EXPECT_EQ(0xEF000000u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
60 #endif
61 #elif defined(__mips__)
62 // Opcode for MIPS sycall is in the lower 16-bits
63 EXPECT_EQ(0x0cu, (((uint32_t*)Syscall::Call(-1))[-1]) & 0x0000FFFF);
64 #elif defined(__aarch64__)
65 EXPECT_EQ(0xD4000001u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
66 #else
67 #warning Incomplete test case; need port for target platform
68 #endif
71 TEST(Syscall, TrivialSyscallNoArgs) {
72 // Test that we can do basic system calls
73 EXPECT_EQ(Syscall::Call(__NR_getpid), syscall(__NR_getpid));
76 TEST(Syscall, TrivialSyscallOneArg) {
77 int new_fd;
78 // Duplicate standard error and close it.
79 ASSERT_GE(new_fd = Syscall::Call(__NR_dup, 2), 0);
80 int close_return_value = IGNORE_EINTR(Syscall::Call(__NR_close, new_fd));
81 ASSERT_EQ(close_return_value, 0);
84 TEST(Syscall, TrivialFailingSyscall) {
85 errno = -42;
86 int ret = Syscall::Call(__NR_dup, -1);
87 ASSERT_EQ(-EBADF, ret);
88 // Verify that Syscall::Call does not touch errno.
89 ASSERT_EQ(-42, errno);
92 // SIGSYS trap handler that will be called on __NR_uname.
93 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) {
94 // |aux| is our BPF_AUX pointer.
95 std::vector<uint64_t>* const seen_syscall_args =
96 static_cast<std::vector<uint64_t>*>(aux);
97 BPF_ASSERT(arraysize(args.args) == 6);
98 seen_syscall_args->assign(args.args, args.args + arraysize(args.args));
99 return -ENOMEM;
102 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox,
103 int sysno,
104 std::vector<uint64_t>* aux) {
105 if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
106 return ErrorCode(ENOSYS);
108 if (sysno == __NR_uname) {
109 return sandbox->Trap(CopySyscallArgsToAux, aux);
110 } else {
111 return ErrorCode(ErrorCode::ERR_ALLOWED);
115 // We are testing Syscall::Call() by making use of a BPF filter that
116 // allows us
117 // to inspect the system call arguments that the kernel saw.
118 BPF_TEST(Syscall,
119 SyntheticSixArgs,
120 CopyAllArgsOnUnamePolicy,
121 std::vector<uint64_t> /* (*BPF_AUX) */) {
122 const int kExpectedValue = 42;
123 // In this test we only pass integers to the kernel. We might want to make
124 // additional tests to try other types. What we will see depends on
125 // implementation details of kernel BPF filters and we will need to document
126 // the expected behavior very clearly.
127 int syscall_args[6];
128 for (size_t i = 0; i < arraysize(syscall_args); ++i) {
129 syscall_args[i] = kExpectedValue + i;
132 // We could use pretty much any system call we don't need here. uname() is
133 // nice because it doesn't have any dangerous side effects.
134 BPF_ASSERT(Syscall::Call(__NR_uname,
135 syscall_args[0],
136 syscall_args[1],
137 syscall_args[2],
138 syscall_args[3],
139 syscall_args[4],
140 syscall_args[5]) == -ENOMEM);
142 // We expect the trap handler to have copied the 6 arguments.
143 BPF_ASSERT(BPF_AUX->size() == 6);
145 // Don't loop here so that we can see which argument does cause the failure
146 // easily from the failing line.
147 // uint64_t is the type passed to our SIGSYS handler.
148 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0]));
149 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1]));
150 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2]));
151 BPF_ASSERT((*BPF_AUX)[3] == static_cast<uint64_t>(syscall_args[3]));
152 BPF_ASSERT((*BPF_AUX)[4] == static_cast<uint64_t>(syscall_args[4]));
153 BPF_ASSERT((*BPF_AUX)[5] == static_cast<uint64_t>(syscall_args[5]));
156 TEST(Syscall, ComplexSyscallSixArgs) {
157 int fd;
158 ASSERT_LE(0,
159 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/dev/null", O_RDWR, 0L));
161 // Use mmap() to allocate some read-only memory
162 char* addr0;
163 ASSERT_NE(
164 (char*)NULL,
165 addr0 = reinterpret_cast<char*>(Syscall::Call(kMMapNr,
166 (void*)NULL,
167 4096,
168 PROT_READ,
169 MAP_PRIVATE | MAP_ANONYMOUS,
171 0L)));
173 // Try to replace the existing mapping with a read-write mapping
174 char* addr1;
175 ASSERT_EQ(addr0,
176 addr1 = reinterpret_cast<char*>(
177 Syscall::Call(kMMapNr,
178 addr0,
179 4096L,
180 PROT_READ | PROT_WRITE,
181 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED,
183 0L)));
184 ++*addr1; // This should not seg fault
186 // Clean up
187 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr1, 4096L));
188 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd)));
190 // Check that the offset argument (i.e. the sixth argument) is processed
191 // correctly.
192 ASSERT_GE(
193 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/proc/self/exe", O_RDONLY, 0L),
195 char* addr2, *addr3;
196 ASSERT_NE((char*)NULL,
197 addr2 = reinterpret_cast<char*>(Syscall::Call(
198 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L)));
199 ASSERT_NE((char*)NULL,
200 addr3 = reinterpret_cast<char*>(Syscall::Call(kMMapNr,
201 (void*)NULL,
202 4096L,
203 PROT_READ,
204 MAP_PRIVATE,
206 #if defined(__NR_mmap2)
208 #else
209 4096L
210 #endif
211 )));
212 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096));
214 // Just to be absolutely on the safe side, also verify that the file
215 // contents matches what we are getting from a read() operation.
216 char buf[8192];
217 EXPECT_EQ(8192, Syscall::Call(__NR_read, fd, buf, 8192L));
218 EXPECT_EQ(0, memcmp(addr2, buf, 8192));
220 // Clean up
221 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr2, 8192L));
222 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr3, 4096L));
223 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd)));
226 } // namespace
228 } // namespace sandbox