Fix link in German terms of service.
[chromium-blink-merge.git] / sandbox / linux / seccomp-bpf / syscall_unittest.cc
blob5fdee6c49540bd60f50f0ce5334670f3eeffc291
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/linux/seccomp-bpf/syscall.h"
7 #include <asm/unistd.h>
8 #include <fcntl.h>
9 #include <sys/mman.h>
10 #include <sys/syscall.h>
11 #include <sys/types.h>
12 #include <unistd.h>
14 #include <vector>
16 #include "base/posix/eintr_wrapper.h"
17 #include "build/build_config.h"
18 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
19 #include "sandbox/linux/bpf_dsl/policy.h"
20 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
21 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
22 #include "sandbox/linux/tests/unit_tests.h"
23 #include "testing/gtest/include/gtest/gtest.h"
25 using sandbox::bpf_dsl::Allow;
26 using sandbox::bpf_dsl::ResultExpr;
27 using sandbox::bpf_dsl::Trap;
29 namespace sandbox {
31 namespace {
33 // Different platforms use different symbols for the six-argument version
34 // of the mmap() system call. Test for the correct symbol at compile time.
35 #ifdef __NR_mmap2
36 const int kMMapNr = __NR_mmap2;
37 #else
38 const int kMMapNr = __NR_mmap;
39 #endif
41 TEST(Syscall, InvalidCallReturnsENOSYS) {
42 EXPECT_EQ(-ENOSYS, Syscall::InvalidCall());
45 TEST(Syscall, WellKnownEntryPoint) {
46 // Test that Syscall::Call(-1) is handled specially. Don't do this on ARM,
47 // where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
48 // are still testing ARM code in the next set of tests.
49 #if !defined(__arm__) && !defined(__aarch64__)
50 EXPECT_NE(Syscall::Call(-1), syscall(-1));
51 #endif
53 // If possible, test that Syscall::Call(-1) returns the address right
54 // after
55 // a kernel entry point.
56 #if defined(__i386__)
57 EXPECT_EQ(0x80CDu, ((uint16_t*)Syscall::Call(-1))[-1]); // INT 0x80
58 #elif defined(__x86_64__)
59 EXPECT_EQ(0x050Fu, ((uint16_t*)Syscall::Call(-1))[-1]); // SYSCALL
60 #elif defined(__arm__)
61 #if defined(__thumb__)
62 EXPECT_EQ(0xDF00u, ((uint16_t*)Syscall::Call(-1))[-1]); // SWI 0
63 #else
64 EXPECT_EQ(0xEF000000u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
65 #endif
66 #elif defined(__mips__)
67 // Opcode for MIPS sycall is in the lower 16-bits
68 EXPECT_EQ(0x0cu, (((uint32_t*)Syscall::Call(-1))[-1]) & 0x0000FFFF);
69 #elif defined(__aarch64__)
70 EXPECT_EQ(0xD4000001u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
71 #else
72 #warning Incomplete test case; need port for target platform
73 #endif
76 TEST(Syscall, TrivialSyscallNoArgs) {
77 // Test that we can do basic system calls
78 EXPECT_EQ(Syscall::Call(__NR_getpid), syscall(__NR_getpid));
81 TEST(Syscall, TrivialSyscallOneArg) {
82 int new_fd;
83 // Duplicate standard error and close it.
84 ASSERT_GE(new_fd = Syscall::Call(__NR_dup, 2), 0);
85 int close_return_value = IGNORE_EINTR(Syscall::Call(__NR_close, new_fd));
86 ASSERT_EQ(close_return_value, 0);
89 TEST(Syscall, TrivialFailingSyscall) {
90 errno = -42;
91 int ret = Syscall::Call(__NR_dup, -1);
92 ASSERT_EQ(-EBADF, ret);
93 // Verify that Syscall::Call does not touch errno.
94 ASSERT_EQ(-42, errno);
97 // SIGSYS trap handler that will be called on __NR_uname.
98 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) {
99 // |aux| is our BPF_AUX pointer.
100 std::vector<uint64_t>* const seen_syscall_args =
101 static_cast<std::vector<uint64_t>*>(aux);
102 BPF_ASSERT(arraysize(args.args) == 6);
103 seen_syscall_args->assign(args.args, args.args + arraysize(args.args));
104 return -ENOMEM;
107 class CopyAllArgsOnUnamePolicy : public bpf_dsl::Policy {
108 public:
109 explicit CopyAllArgsOnUnamePolicy(std::vector<uint64_t>* aux) : aux_(aux) {}
110 ~CopyAllArgsOnUnamePolicy() override {}
112 ResultExpr EvaluateSyscall(int sysno) const override {
113 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
114 if (sysno == __NR_uname) {
115 return Trap(CopySyscallArgsToAux, aux_);
116 } else {
117 return Allow();
121 private:
122 std::vector<uint64_t>* aux_;
124 DISALLOW_COPY_AND_ASSIGN(CopyAllArgsOnUnamePolicy);
127 // We are testing Syscall::Call() by making use of a BPF filter that
128 // allows us
129 // to inspect the system call arguments that the kernel saw.
130 BPF_TEST(Syscall,
131 SyntheticSixArgs,
132 CopyAllArgsOnUnamePolicy,
133 std::vector<uint64_t> /* (*BPF_AUX) */) {
134 const int kExpectedValue = 42;
135 // In this test we only pass integers to the kernel. We might want to make
136 // additional tests to try other types. What we will see depends on
137 // implementation details of kernel BPF filters and we will need to document
138 // the expected behavior very clearly.
139 int syscall_args[6];
140 for (size_t i = 0; i < arraysize(syscall_args); ++i) {
141 syscall_args[i] = kExpectedValue + i;
144 // We could use pretty much any system call we don't need here. uname() is
145 // nice because it doesn't have any dangerous side effects.
146 BPF_ASSERT(Syscall::Call(__NR_uname,
147 syscall_args[0],
148 syscall_args[1],
149 syscall_args[2],
150 syscall_args[3],
151 syscall_args[4],
152 syscall_args[5]) == -ENOMEM);
154 // We expect the trap handler to have copied the 6 arguments.
155 BPF_ASSERT(BPF_AUX->size() == 6);
157 // Don't loop here so that we can see which argument does cause the failure
158 // easily from the failing line.
159 // uint64_t is the type passed to our SIGSYS handler.
160 BPF_ASSERT((*BPF_AUX)[0] == static_cast<uint64_t>(syscall_args[0]));
161 BPF_ASSERT((*BPF_AUX)[1] == static_cast<uint64_t>(syscall_args[1]));
162 BPF_ASSERT((*BPF_AUX)[2] == static_cast<uint64_t>(syscall_args[2]));
163 BPF_ASSERT((*BPF_AUX)[3] == static_cast<uint64_t>(syscall_args[3]));
164 BPF_ASSERT((*BPF_AUX)[4] == static_cast<uint64_t>(syscall_args[4]));
165 BPF_ASSERT((*BPF_AUX)[5] == static_cast<uint64_t>(syscall_args[5]));
168 TEST(Syscall, ComplexSyscallSixArgs) {
169 int fd;
170 ASSERT_LE(0,
171 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/dev/null", O_RDWR, 0L));
173 // Use mmap() to allocate some read-only memory
174 char* addr0;
175 ASSERT_NE(
176 (char*)NULL,
177 addr0 = reinterpret_cast<char*>(Syscall::Call(kMMapNr,
178 (void*)NULL,
179 4096,
180 PROT_READ,
181 MAP_PRIVATE | MAP_ANONYMOUS,
183 0L)));
185 // Try to replace the existing mapping with a read-write mapping
186 char* addr1;
187 ASSERT_EQ(addr0,
188 addr1 = reinterpret_cast<char*>(
189 Syscall::Call(kMMapNr,
190 addr0,
191 4096L,
192 PROT_READ | PROT_WRITE,
193 MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED,
195 0L)));
196 ++*addr1; // This should not seg fault
198 // Clean up
199 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr1, 4096L));
200 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd)));
202 // Check that the offset argument (i.e. the sixth argument) is processed
203 // correctly.
204 ASSERT_GE(
205 fd = Syscall::Call(__NR_openat, AT_FDCWD, "/proc/self/exe", O_RDONLY, 0L),
207 char* addr2, *addr3;
208 ASSERT_NE((char*)NULL,
209 addr2 = reinterpret_cast<char*>(Syscall::Call(
210 kMMapNr, (void*)NULL, 8192L, PROT_READ, MAP_PRIVATE, fd, 0L)));
211 ASSERT_NE((char*)NULL,
212 addr3 = reinterpret_cast<char*>(Syscall::Call(kMMapNr,
213 (void*)NULL,
214 4096L,
215 PROT_READ,
216 MAP_PRIVATE,
218 #if defined(__NR_mmap2)
220 #else
221 4096L
222 #endif
223 )));
224 EXPECT_EQ(0, memcmp(addr2 + 4096, addr3, 4096));
226 // Just to be absolutely on the safe side, also verify that the file
227 // contents matches what we are getting from a read() operation.
228 char buf[8192];
229 EXPECT_EQ(8192, Syscall::Call(__NR_read, fd, buf, 8192L));
230 EXPECT_EQ(0, memcmp(addr2, buf, 8192));
232 // Clean up
233 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr2, 8192L));
234 EXPECT_EQ(0, Syscall::Call(__NR_munmap, addr3, 4096L));
235 EXPECT_EQ(0, IGNORE_EINTR(Syscall::Call(__NR_close, fd)));
238 } // namespace
240 } // namespace sandbox