| 1 | // SPDX-License-Identifier: GPL-2.0-only |
|---|
| 2 | /* |
|---|
| 3 | * Copyright (c) 2020 Collabora Ltd. |
|---|
| 4 | * |
|---|
| 5 | * Test code for syscall user dispatch |
|---|
| 6 | */ |
|---|
| 7 | |
|---|
| 8 | #define _GNU_SOURCE |
|---|
| 9 | #include <sys/prctl.h> |
|---|
| 10 | #include <sys/sysinfo.h> |
|---|
| 11 | #include <sys/syscall.h> |
|---|
| 12 | #include <signal.h> |
|---|
| 13 | |
|---|
| 14 | #include <asm/unistd.h> |
|---|
| 15 | #include "../kselftest_harness.h" |
|---|
| 16 | |
|---|
| 17 | #ifndef PR_SET_SYSCALL_USER_DISPATCH |
|---|
| 18 | # define PR_SET_SYSCALL_USER_DISPATCH 59 |
|---|
| 19 | # define PR_SYS_DISPATCH_OFF 0 |
|---|
| 20 | # define PR_SYS_DISPATCH_ON 1 |
|---|
| 21 | # define SYSCALL_DISPATCH_FILTER_ALLOW 0 |
|---|
| 22 | # define SYSCALL_DISPATCH_FILTER_BLOCK 1 |
|---|
| 23 | #endif |
|---|
| 24 | |
|---|
| 25 | #ifndef SYS_USER_DISPATCH |
|---|
| 26 | # define SYS_USER_DISPATCH 2 |
|---|
| 27 | #endif |
|---|
| 28 | |
|---|
| 29 | #ifdef __NR_syscalls |
|---|
| 30 | # define MAGIC_SYSCALL_1 (__NR_syscalls + 1) /* Bad Linux syscall number */ |
|---|
| 31 | #else |
|---|
| 32 | # define MAGIC_SYSCALL_1 (0xff00) /* Bad Linux syscall number */ |
|---|
| 33 | #endif |
|---|
| 34 | |
|---|
| 35 | #define SYSCALL_DISPATCH_ON(x) ((x) = SYSCALL_DISPATCH_FILTER_BLOCK) |
|---|
| 36 | #define SYSCALL_DISPATCH_OFF(x) ((x) = SYSCALL_DISPATCH_FILTER_ALLOW) |
|---|
| 37 | |
|---|
| 38 | /* Test Summary: |
|---|
| 39 | * |
|---|
| 40 | * - dispatch_trigger_sigsys: Verify if PR_SET_SYSCALL_USER_DISPATCH is |
|---|
| 41 | * able to trigger SIGSYS on a syscall. |
|---|
| 42 | * |
|---|
| 43 | * - bad_selector: Test that a bad selector value triggers SIGSYS with |
|---|
| 44 | * si_errno EINVAL. |
|---|
| 45 | * |
|---|
| 46 | * - bad_prctl_param: Test that the API correctly rejects invalid |
|---|
| 47 | * parameters on prctl |
|---|
| 48 | * |
|---|
| 49 | * - dispatch_and_return: Test that a syscall is selectively dispatched |
|---|
| 50 | * to userspace depending on the value of selector. |
|---|
| 51 | * |
|---|
| 52 | * - disable_dispatch: Test that the PR_SYS_DISPATCH_OFF correctly |
|---|
| 53 | * disables the dispatcher |
|---|
| 54 | * |
|---|
| 55 | * - direct_dispatch_range: Test that a syscall within the allowed range |
|---|
| 56 | * can bypass the dispatcher. |
|---|
| 57 | */ |
|---|
| 58 | |
|---|
| 59 | TEST_SIGNAL(dispatch_trigger_sigsys, SIGSYS) |
|---|
| 60 | { |
|---|
| 61 | char sel = SYSCALL_DISPATCH_FILTER_ALLOW; |
|---|
| 62 | struct sysinfo info; |
|---|
| 63 | int ret; |
|---|
| 64 | |
|---|
| 65 | ret = sysinfo(&info); |
|---|
| 66 | ASSERT_EQ(0, ret); |
|---|
| 67 | |
|---|
| 68 | ret = prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 0, 0, &sel); |
|---|
| 69 | ASSERT_EQ(0, ret) { |
|---|
| 70 | TH_LOG("Kernel does not support CONFIG_SYSCALL_USER_DISPATCH" ); |
|---|
| 71 | } |
|---|
| 72 | |
|---|
| 73 | SYSCALL_DISPATCH_ON(sel); |
|---|
| 74 | |
|---|
| 75 | sysinfo(&info); |
|---|
| 76 | |
|---|
| 77 | EXPECT_FALSE(true) { |
|---|
| 78 | TH_LOG("Unreachable!" ); |
|---|
| 79 | } |
|---|
| 80 | } |
|---|
| 81 | |
|---|
| 82 | TEST(bad_prctl_param) |
|---|
| 83 | { |
|---|
| 84 | char sel = SYSCALL_DISPATCH_FILTER_ALLOW; |
|---|
| 85 | int op; |
|---|
| 86 | |
|---|
| 87 | /* Invalid op */ |
|---|
| 88 | op = -1; |
|---|
| 89 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0, 0, &sel); |
|---|
| 90 | ASSERT_EQ(EINVAL, errno); |
|---|
| 91 | |
|---|
| 92 | /* PR_SYS_DISPATCH_OFF */ |
|---|
| 93 | op = PR_SYS_DISPATCH_OFF; |
|---|
| 94 | |
|---|
| 95 | /* offset != 0 */ |
|---|
| 96 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x1, 0x0, 0); |
|---|
| 97 | EXPECT_EQ(EINVAL, errno); |
|---|
| 98 | |
|---|
| 99 | /* len != 0 */ |
|---|
| 100 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x0, 0xff, 0); |
|---|
| 101 | EXPECT_EQ(EINVAL, errno); |
|---|
| 102 | |
|---|
| 103 | /* sel != NULL */ |
|---|
| 104 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x0, 0x0, &sel); |
|---|
| 105 | EXPECT_EQ(EINVAL, errno); |
|---|
| 106 | |
|---|
| 107 | /* Valid parameter */ |
|---|
| 108 | errno = 0; |
|---|
| 109 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x0, 0x0, 0x0); |
|---|
| 110 | EXPECT_EQ(0, errno); |
|---|
| 111 | |
|---|
| 112 | /* PR_SYS_DISPATCH_ON */ |
|---|
| 113 | op = PR_SYS_DISPATCH_ON; |
|---|
| 114 | |
|---|
| 115 | /* Dispatcher region is bad (offset > 0 && len == 0) */ |
|---|
| 116 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x1, 0x0, &sel); |
|---|
| 117 | EXPECT_EQ(EINVAL, errno); |
|---|
| 118 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, -1L, 0x0, &sel); |
|---|
| 119 | EXPECT_EQ(EINVAL, errno); |
|---|
| 120 | |
|---|
| 121 | /* Invalid selector */ |
|---|
| 122 | prctl(PR_SET_SYSCALL_USER_DISPATCH, op, 0x0, 0x1, (void *) -1); |
|---|
| 123 | ASSERT_EQ(EFAULT, errno); |
|---|
| 124 | |
|---|
| 125 | /* |
|---|
| 126 | * Dispatcher range overflows unsigned long |
|---|
| 127 | */ |
|---|
| 128 | prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 1, -1L, &sel); |
|---|
| 129 | ASSERT_EQ(EINVAL, errno) { |
|---|
| 130 | TH_LOG("Should reject bad syscall range" ); |
|---|
| 131 | } |
|---|
| 132 | |
|---|
| 133 | /* |
|---|
| 134 | * Allowed range overflows usigned long |
|---|
| 135 | */ |
|---|
| 136 | prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, -1L, 0x1, &sel); |
|---|
| 137 | ASSERT_EQ(EINVAL, errno) { |
|---|
| 138 | TH_LOG("Should reject bad syscall range" ); |
|---|
| 139 | } |
|---|
| 140 | } |
|---|
| 141 | |
|---|
| 142 | /* |
|---|
| 143 | * Use global selector for handle_sigsys tests, to avoid passing |
|---|
| 144 | * selector to signal handler |
|---|
| 145 | */ |
|---|
| 146 | char glob_sel; |
|---|
| 147 | int nr_syscalls_emulated; |
|---|
| 148 | int si_code; |
|---|
| 149 | int si_errno; |
|---|
| 150 | |
|---|
| 151 | static void handle_sigsys(int sig, siginfo_t *info, void *ucontext) |
|---|
| 152 | { |
|---|
| 153 | si_code = info->si_code; |
|---|
| 154 | si_errno = info->si_errno; |
|---|
| 155 | |
|---|
| 156 | if (info->si_syscall == MAGIC_SYSCALL_1) |
|---|
| 157 | nr_syscalls_emulated++; |
|---|
| 158 | |
|---|
| 159 | /* In preparation for sigreturn. */ |
|---|
| 160 | SYSCALL_DISPATCH_OFF(glob_sel); |
|---|
| 161 | } |
|---|
| 162 | |
|---|
| 163 | TEST(dispatch_and_return) |
|---|
| 164 | { |
|---|
| 165 | long ret; |
|---|
| 166 | struct sigaction act; |
|---|
| 167 | sigset_t mask; |
|---|
| 168 | |
|---|
| 169 | glob_sel = 0; |
|---|
| 170 | nr_syscalls_emulated = 0; |
|---|
| 171 | si_code = 0; |
|---|
| 172 | si_errno = 0; |
|---|
| 173 | |
|---|
| 174 | memset(&act, 0, sizeof(act)); |
|---|
| 175 | sigemptyset(&mask); |
|---|
| 176 | |
|---|
| 177 | act.sa_sigaction = handle_sigsys; |
|---|
| 178 | act.sa_flags = SA_SIGINFO; |
|---|
| 179 | act.sa_mask = mask; |
|---|
| 180 | |
|---|
| 181 | ret = sigaction(SIGSYS, &act, NULL); |
|---|
| 182 | ASSERT_EQ(0, ret); |
|---|
| 183 | |
|---|
| 184 | /* Make sure selector is good prior to prctl. */ |
|---|
| 185 | SYSCALL_DISPATCH_OFF(glob_sel); |
|---|
| 186 | |
|---|
| 187 | ret = prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 0, 0, &glob_sel); |
|---|
| 188 | ASSERT_EQ(0, ret) { |
|---|
| 189 | TH_LOG("Kernel does not support CONFIG_SYSCALL_USER_DISPATCH" ); |
|---|
| 190 | } |
|---|
| 191 | |
|---|
| 192 | /* MAGIC_SYSCALL_1 doesn't exist. */ |
|---|
| 193 | SYSCALL_DISPATCH_OFF(glob_sel); |
|---|
| 194 | ret = syscall(MAGIC_SYSCALL_1); |
|---|
| 195 | EXPECT_EQ(-1, ret) { |
|---|
| 196 | TH_LOG("Dispatch triggered unexpectedly" ); |
|---|
| 197 | } |
|---|
| 198 | |
|---|
| 199 | /* MAGIC_SYSCALL_1 should be emulated. */ |
|---|
| 200 | nr_syscalls_emulated = 0; |
|---|
| 201 | SYSCALL_DISPATCH_ON(glob_sel); |
|---|
| 202 | |
|---|
| 203 | ret = syscall(MAGIC_SYSCALL_1); |
|---|
| 204 | EXPECT_EQ(MAGIC_SYSCALL_1, ret) { |
|---|
| 205 | TH_LOG("Failed to intercept syscall" ); |
|---|
| 206 | } |
|---|
| 207 | EXPECT_EQ(1, nr_syscalls_emulated) { |
|---|
| 208 | TH_LOG("Failed to emulate syscall" ); |
|---|
| 209 | } |
|---|
| 210 | ASSERT_EQ(SYS_USER_DISPATCH, si_code) { |
|---|
| 211 | TH_LOG("Bad si_code in SIGSYS" ); |
|---|
| 212 | } |
|---|
| 213 | ASSERT_EQ(0, si_errno) { |
|---|
| 214 | TH_LOG("Bad si_errno in SIGSYS" ); |
|---|
| 215 | } |
|---|
| 216 | } |
|---|
| 217 | |
|---|
| 218 | TEST_SIGNAL(bad_selector, SIGSYS) |
|---|
| 219 | { |
|---|
| 220 | long ret; |
|---|
| 221 | struct sigaction act; |
|---|
| 222 | sigset_t mask; |
|---|
| 223 | struct sysinfo info; |
|---|
| 224 | |
|---|
| 225 | glob_sel = SYSCALL_DISPATCH_FILTER_ALLOW; |
|---|
| 226 | nr_syscalls_emulated = 0; |
|---|
| 227 | si_code = 0; |
|---|
| 228 | si_errno = 0; |
|---|
| 229 | |
|---|
| 230 | memset(&act, 0, sizeof(act)); |
|---|
| 231 | sigemptyset(&mask); |
|---|
| 232 | |
|---|
| 233 | act.sa_sigaction = handle_sigsys; |
|---|
| 234 | act.sa_flags = SA_SIGINFO; |
|---|
| 235 | act.sa_mask = mask; |
|---|
| 236 | |
|---|
| 237 | ret = sigaction(SIGSYS, &act, NULL); |
|---|
| 238 | ASSERT_EQ(0, ret); |
|---|
| 239 | |
|---|
| 240 | /* Make sure selector is good prior to prctl. */ |
|---|
| 241 | SYSCALL_DISPATCH_OFF(glob_sel); |
|---|
| 242 | |
|---|
| 243 | ret = prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 0, 0, &glob_sel); |
|---|
| 244 | ASSERT_EQ(0, ret) { |
|---|
| 245 | TH_LOG("Kernel does not support CONFIG_SYSCALL_USER_DISPATCH" ); |
|---|
| 246 | } |
|---|
| 247 | |
|---|
| 248 | glob_sel = -1; |
|---|
| 249 | |
|---|
| 250 | sysinfo(&info); |
|---|
| 251 | |
|---|
| 252 | /* Even though it is ready to catch SIGSYS, the signal is |
|---|
| 253 | * supposed to be uncatchable. |
|---|
| 254 | */ |
|---|
| 255 | |
|---|
| 256 | EXPECT_FALSE(true) { |
|---|
| 257 | TH_LOG("Unreachable!" ); |
|---|
| 258 | } |
|---|
| 259 | } |
|---|
| 260 | |
|---|
| 261 | TEST(disable_dispatch) |
|---|
| 262 | { |
|---|
| 263 | int ret; |
|---|
| 264 | struct sysinfo info; |
|---|
| 265 | char sel = 0; |
|---|
| 266 | |
|---|
| 267 | ret = prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 0, 0, &sel); |
|---|
| 268 | ASSERT_EQ(0, ret) { |
|---|
| 269 | TH_LOG("Kernel does not support CONFIG_SYSCALL_USER_DISPATCH" ); |
|---|
| 270 | } |
|---|
| 271 | |
|---|
| 272 | /* MAGIC_SYSCALL_1 doesn't exist. */ |
|---|
| 273 | SYSCALL_DISPATCH_OFF(glob_sel); |
|---|
| 274 | |
|---|
| 275 | ret = prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_OFF, 0, 0, 0); |
|---|
| 276 | EXPECT_EQ(0, ret) { |
|---|
| 277 | TH_LOG("Failed to unset syscall user dispatch" ); |
|---|
| 278 | } |
|---|
| 279 | |
|---|
| 280 | /* Shouldn't have any effect... */ |
|---|
| 281 | SYSCALL_DISPATCH_ON(glob_sel); |
|---|
| 282 | |
|---|
| 283 | ret = syscall(__NR_sysinfo, &info); |
|---|
| 284 | EXPECT_EQ(0, ret) { |
|---|
| 285 | TH_LOG("Dispatch triggered unexpectedly" ); |
|---|
| 286 | } |
|---|
| 287 | } |
|---|
| 288 | |
|---|
| 289 | TEST(direct_dispatch_range) |
|---|
| 290 | { |
|---|
| 291 | int ret = 0; |
|---|
| 292 | struct sysinfo info; |
|---|
| 293 | char sel = SYSCALL_DISPATCH_FILTER_ALLOW; |
|---|
| 294 | |
|---|
| 295 | /* |
|---|
| 296 | * Instead of calculating libc addresses; allow the entire |
|---|
| 297 | * memory map and lock the selector. |
|---|
| 298 | */ |
|---|
| 299 | ret = prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, 0, -1L, &sel); |
|---|
| 300 | ASSERT_EQ(0, ret) { |
|---|
| 301 | TH_LOG("Kernel does not support CONFIG_SYSCALL_USER_DISPATCH" ); |
|---|
| 302 | } |
|---|
| 303 | |
|---|
| 304 | SYSCALL_DISPATCH_ON(sel); |
|---|
| 305 | |
|---|
| 306 | ret = sysinfo(&info); |
|---|
| 307 | ASSERT_EQ(0, ret) { |
|---|
| 308 | TH_LOG("Dispatch triggered unexpectedly" ); |
|---|
| 309 | } |
|---|
| 310 | } |
|---|
| 311 | |
|---|
| 312 | TEST_HARNESS_MAIN |
|---|
| 313 | |
|---|
