1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/syscall.h"
7 #include <asm/unistd.h>
10 #include <sys/syscall.h>
11 #include <sys/types.h>
16 #include "base/basictypes.h"
17 #include "base/posix/eintr_wrapper.h"
18 #include "build/build_config.h"
19 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
21 #include "sandbox/linux/tests/unit_tests.h"
22 #include "testing/gtest/include/gtest/gtest.h"
28 // Different platforms use different symbols for the six-argument version
29 // of the mmap() system call. Test for the correct symbol at compile time.
31 const int kMMapNr
= __NR_mmap2
;
33 const int kMMapNr
= __NR_mmap
;
36 TEST(Syscall
, InvalidCallReturnsENOSYS
) {
37 EXPECT_EQ(-ENOSYS
, Syscall::InvalidCall());
40 TEST(Syscall
, WellKnownEntryPoint
) {
41 // Test that Syscall::Call(-1) is handled specially. Don't do this on ARM,
42 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
43 // are still testing ARM code in the next set of tests.
44 #if !defined(__arm__) && !defined(__aarch64__)
45 EXPECT_NE(Syscall::Call(-1), syscall(-1));
48 // If possible, test that Syscall::Call(-1) returns the address right
50 // a kernel entry point.
52 EXPECT_EQ(0x80CDu
, ((uint16_t*)Syscall::Call(-1))[-1]); // INT 0x80
53 #elif defined(__x86_64__)
54 EXPECT_EQ(0x050Fu
, ((uint16_t*)Syscall::Call(-1))[-1]); // SYSCALL
55 #elif defined(__arm__)
56 #if defined(__thumb__)
57 EXPECT_EQ(0xDF00u
, ((uint16_t*)Syscall::Call(-1))[-1]); // SWI 0
59 EXPECT_EQ(0xEF000000u
, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
61 #elif defined(__mips__)
62 // Opcode for MIPS sycall is in the lower 16-bits
63 EXPECT_EQ(0x0cu
, (((uint32_t*)Syscall::Call(-1))[-1]) & 0x0000FFFF);
64 #elif defined(__aarch64__)
65 EXPECT_EQ(0xD4000001u
, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
67 #warning Incomplete test case; need port for target platform
71 TEST(Syscall
, TrivialSyscallNoArgs
) {
72 // Test that we can do basic system calls
73 EXPECT_EQ(Syscall::Call(__NR_getpid
), syscall(__NR_getpid
));
76 TEST(Syscall
, TrivialSyscallOneArg
) {
78 // Duplicate standard error and close it.
79 ASSERT_GE(new_fd
= Syscall::Call(__NR_dup
, 2), 0);
80 int close_return_value
= IGNORE_EINTR(Syscall::Call(__NR_close
, new_fd
));
81 ASSERT_EQ(close_return_value
, 0);
84 TEST(Syscall
, TrivialFailingSyscall
) {
86 int ret
= Syscall::Call(__NR_dup
, -1);
87 ASSERT_EQ(-EBADF
, ret
);
88 // Verify that Syscall::Call does not touch errno.
89 ASSERT_EQ(-42, errno
);
92 // SIGSYS trap handler that will be called on __NR_uname.
93 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data
& args
, void* aux
) {
94 // |aux| is our BPF_AUX pointer.
95 std::vector
<uint64_t>* const seen_syscall_args
=
96 static_cast<std::vector
<uint64_t>*>(aux
);
97 BPF_ASSERT(arraysize(args
.args
) == 6);
98 seen_syscall_args
->assign(args
.args
, args
.args
+ arraysize(args
.args
));
102 ErrorCode
CopyAllArgsOnUnamePolicy(SandboxBPF
* sandbox
,
104 std::vector
<uint64_t>* aux
) {
105 if (!SandboxBPF::IsValidSyscallNumber(sysno
)) {
106 return ErrorCode(ENOSYS
);
108 if (sysno
== __NR_uname
) {
109 return sandbox
->Trap(CopySyscallArgsToAux
, aux
);
111 return ErrorCode(ErrorCode::ERR_ALLOWED
);
115 // We are testing Syscall::Call() by making use of a BPF filter that
117 // to inspect the system call arguments that the kernel saw.
120 CopyAllArgsOnUnamePolicy
,
121 std::vector
<uint64_t> /* (*BPF_AUX) */) {
122 const int kExpectedValue
= 42;
123 // In this test we only pass integers to the kernel. We might want to make
124 // additional tests to try other types. What we will see depends on
125 // implementation details of kernel BPF filters and we will need to document
126 // the expected behavior very clearly.
128 for (size_t i
= 0; i
< arraysize(syscall_args
); ++i
) {
129 syscall_args
[i
] = kExpectedValue
+ i
;
132 // We could use pretty much any system call we don't need here. uname() is
133 // nice because it doesn't have any dangerous side effects.
134 BPF_ASSERT(Syscall::Call(__NR_uname
,
140 syscall_args
[5]) == -ENOMEM
);
142 // We expect the trap handler to have copied the 6 arguments.
143 BPF_ASSERT(BPF_AUX
->size() == 6);
145 // Don't loop here so that we can see which argument does cause the failure
146 // easily from the failing line.
147 // uint64_t is the type passed to our SIGSYS handler.
148 BPF_ASSERT((*BPF_AUX
)[0] == static_cast<uint64_t>(syscall_args
[0]));
149 BPF_ASSERT((*BPF_AUX
)[1] == static_cast<uint64_t>(syscall_args
[1]));
150 BPF_ASSERT((*BPF_AUX
)[2] == static_cast<uint64_t>(syscall_args
[2]));
151 BPF_ASSERT((*BPF_AUX
)[3] == static_cast<uint64_t>(syscall_args
[3]));
152 BPF_ASSERT((*BPF_AUX
)[4] == static_cast<uint64_t>(syscall_args
[4]));
153 BPF_ASSERT((*BPF_AUX
)[5] == static_cast<uint64_t>(syscall_args
[5]));
156 TEST(Syscall
, ComplexSyscallSixArgs
) {
159 fd
= Syscall::Call(__NR_openat
, AT_FDCWD
, "/dev/null", O_RDWR
, 0L));
161 // Use mmap() to allocate some read-only memory
165 addr0
= reinterpret_cast<char*>(Syscall::Call(kMMapNr
,
169 MAP_PRIVATE
| MAP_ANONYMOUS
,
173 // Try to replace the existing mapping with a read-write mapping
176 addr1
= reinterpret_cast<char*>(
177 Syscall::Call(kMMapNr
,
180 PROT_READ
| PROT_WRITE
,
181 MAP_PRIVATE
| MAP_ANONYMOUS
| MAP_FIXED
,
184 ++*addr1
; // This should not seg fault
187 EXPECT_EQ(0, Syscall::Call(__NR_munmap
, addr1
, 4096L));
188 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close
, fd
)));
190 // Check that the offset argument (i.e. the sixth argument) is processed
193 fd
= Syscall::Call(__NR_openat
, AT_FDCWD
, "/proc/self/exe", O_RDONLY
, 0L),
196 ASSERT_NE((char*)NULL
,
197 addr2
= reinterpret_cast<char*>(Syscall::Call(
198 kMMapNr
, (void*)NULL
, 8192L, PROT_READ
, MAP_PRIVATE
, fd
, 0L)));
199 ASSERT_NE((char*)NULL
,
200 addr3
= reinterpret_cast<char*>(Syscall::Call(kMMapNr
,
206 #if defined(__NR_mmap2)
212 EXPECT_EQ(0, memcmp(addr2
+ 4096, addr3
, 4096));
214 // Just to be absolutely on the safe side, also verify that the file
215 // contents matches what we are getting from a read() operation.
217 EXPECT_EQ(8192, Syscall::Call(__NR_read
, fd
, buf
, 8192L));
218 EXPECT_EQ(0, memcmp(addr2
, buf
, 8192));
221 EXPECT_EQ(0, Syscall::Call(__NR_munmap
, addr2
, 8192L));
222 EXPECT_EQ(0, Syscall::Call(__NR_munmap
, addr3
, 4096L));
223 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close
, fd
)));
228 } // namespace sandbox