OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/mman.h> | 7 #include <sys/mman.h> |
8 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
9 #include <unistd.h> | 9 #include <unistd.h> |
10 | 10 |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
43 #if defined(__i386__) | 43 #if defined(__i386__) |
44 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80 | 44 EXPECT_EQ(0x80CDu, ((uint16_t*)SandboxSyscall(-1))[-1]); // INT 0x80 |
45 #elif defined(__x86_64__) | 45 #elif defined(__x86_64__) |
46 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL | 46 EXPECT_EQ(0x050Fu, ((uint16_t*)SandboxSyscall(-1))[-1]); // SYSCALL |
47 #elif defined(__arm__) | 47 #elif defined(__arm__) |
48 #if defined(__thumb__) | 48 #if defined(__thumb__) |
49 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0 | 49 EXPECT_EQ(0xDF00u, ((uint16_t*)SandboxSyscall(-1))[-1]); // SWI 0 |
50 #else | 50 #else |
51 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0 | 51 EXPECT_EQ(0xEF000000u, ((uint32_t*)SandboxSyscall(-1))[-1]); // SVC 0 |
52 #endif | 52 #endif |
| 53 #elif defined(__mips__) |
| 54 // Opcode for MIPS sycall is in the lower 16-bits |
| 55 EXPECT_EQ(0x0cu, (((uint32_t *)SandboxSyscall(-1))[-1])&0x0000FFFF); |
53 #else | 56 #else |
54 #warning Incomplete test case; need port for target platform | 57 #warning Incomplete test case; need port for target platform |
55 #endif | 58 #endif |
56 } | 59 } |
57 | 60 |
58 TEST(Syscall, TrivialSyscallNoArgs) { | 61 TEST(Syscall, TrivialSyscallNoArgs) { |
59 // Test that we can do basic system calls | 62 // Test that we can do basic system calls |
60 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid)); | 63 EXPECT_EQ(SandboxSyscall(__NR_getpid), syscall(__NR_getpid)); |
61 } | 64 } |
62 | 65 |
63 TEST(Syscall, TrivialSyscallOneArg) { | 66 TEST(Syscall, TrivialSyscallOneArg) { |
64 int new_fd; | 67 int new_fd; |
65 // Duplicate standard error and close it. | 68 // Duplicate standard error and close it. |
66 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0); | 69 ASSERT_GE(new_fd = SandboxSyscall(__NR_dup, 2), 0); |
67 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd)); | 70 int close_return_value = IGNORE_EINTR(SandboxSyscall(__NR_close, new_fd)); |
68 ASSERT_EQ(close_return_value, 0); | 71 ASSERT_EQ(close_return_value, 0); |
69 } | 72 } |
70 | 73 |
71 // SIGSYS trap handler that will be called on __NR_uname. | 74 // SIGSYS trap handler that will be called on __NR_uname. |
72 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { | 75 intptr_t CopySyscallArgsToAux(const struct arch_seccomp_data& args, void* aux) { |
73 // |aux| is a pointer to our BPF_AUX. | 76 // |aux| is a pointer to our BPF_AUX. |
74 std::vector<uint64_t>* const seen_syscall_args = | 77 std::vector<uint64_t>* const seen_syscall_args = |
75 static_cast<std::vector<uint64_t>*>(aux); | 78 static_cast<std::vector<uint64_t>*>(aux); |
76 BPF_ASSERT(arraysize(args.args) == 6); | 79 BPF_ASSERT(arraysize(args.args) == 6); |
77 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); | 80 seen_syscall_args->assign(args.args, args.args + arraysize(args.args)); |
| 81 #if defined(__mips__) |
| 82 // On MIPS, kernel returns errno and not -errno |
| 83 return ENOMEM; |
| 84 #else |
78 return -ENOMEM; | 85 return -ENOMEM; |
| 86 #endif |
79 } | 87 } |
80 | 88 |
81 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox, int sysno, void* aux) { | 89 ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox, int sysno, void* aux) { |
82 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { | 90 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { |
83 return ErrorCode(ENOSYS); | 91 return ErrorCode(ENOSYS); |
84 } | 92 } |
85 if (sysno == __NR_uname) { | 93 if (sysno == __NR_uname) { |
86 return sandbox->Trap(CopySyscallArgsToAux, aux); | 94 return sandbox->Trap(CopySyscallArgsToAux, aux); |
87 } else { | 95 } else { |
88 return ErrorCode(ErrorCode::ERR_ALLOWED); | 96 return ErrorCode(ErrorCode::ERR_ALLOWED); |
(...skipping 11 matching lines...) Expand all Loading... |
100 // additional tests to try other types. What we will see depends on | 108 // additional tests to try other types. What we will see depends on |
101 // implementation details of kernel BPF filters and we will need to document | 109 // implementation details of kernel BPF filters and we will need to document |
102 // the expected behavior very clearly. | 110 // the expected behavior very clearly. |
103 int syscall_args[6]; | 111 int syscall_args[6]; |
104 for (size_t i = 0; i < arraysize(syscall_args); ++i) { | 112 for (size_t i = 0; i < arraysize(syscall_args); ++i) { |
105 syscall_args[i] = kExpectedValue + i; | 113 syscall_args[i] = kExpectedValue + i; |
106 } | 114 } |
107 | 115 |
108 // We could use pretty much any system call we don't need here. uname() is | 116 // We could use pretty much any system call we don't need here. uname() is |
109 // nice because it doesn't have any dangerous side effects. | 117 // nice because it doesn't have any dangerous side effects. |
| 118 #if defined(__mips__) |
110 BPF_ASSERT(SandboxSyscall(__NR_uname, | 119 BPF_ASSERT(SandboxSyscall(__NR_uname, |
111 syscall_args[0], | 120 syscall_args[0], |
112 syscall_args[1], | 121 syscall_args[1], |
| 122 syscall_args[2], |
| 123 syscall_args[3], |
| 124 syscall_args[4], |
| 125 syscall_args[5]) == ENOMEM); |
| 126 #else |
| 127 BPF_ASSERT(SandboxSyscall(__NR_uname, |
| 128 syscall_args[0], |
| 129 syscall_args[1], |
113 syscall_args[2], | 130 syscall_args[2], |
114 syscall_args[3], | 131 syscall_args[3], |
115 syscall_args[4], | 132 syscall_args[4], |
116 syscall_args[5]) == -ENOMEM); | 133 syscall_args[5]) == -ENOMEM); |
| 134 #endif |
117 | 135 |
118 // We expect the trap handler to have copied the 6 arguments. | 136 // We expect the trap handler to have copied the 6 arguments. |
119 BPF_ASSERT(BPF_AUX.size() == 6); | 137 BPF_ASSERT(BPF_AUX.size() == 6); |
120 | 138 |
121 // Don't loop here so that we can see which argument does cause the failure | 139 // Don't loop here so that we can see which argument does cause the failure |
122 // easily from the failing line. | 140 // easily from the failing line. |
123 // uint64_t is the type passed to our SIGSYS handler. | 141 // uint64_t is the type passed to our SIGSYS handler. |
124 BPF_ASSERT(BPF_AUX[0] == static_cast<uint64_t>(syscall_args[0])); | 142 BPF_ASSERT(BPF_AUX[0] == static_cast<uint64_t>(syscall_args[0])); |
125 BPF_ASSERT(BPF_AUX[1] == static_cast<uint64_t>(syscall_args[1])); | 143 BPF_ASSERT(BPF_AUX[1] == static_cast<uint64_t>(syscall_args[1])); |
126 BPF_ASSERT(BPF_AUX[2] == static_cast<uint64_t>(syscall_args[2])); | 144 BPF_ASSERT(BPF_AUX[2] == static_cast<uint64_t>(syscall_args[2])); |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 | 210 |
193 // Clean up | 211 // Clean up |
194 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); | 212 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr2, 8192L)); |
195 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); | 213 EXPECT_EQ(0, SandboxSyscall(__NR_munmap, addr3, 4096L)); |
196 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd))); | 214 EXPECT_EQ(0, IGNORE_EINTR(SandboxSyscall(__NR_close, fd))); |
197 } | 215 } |
198 | 216 |
199 } // namespace | 217 } // namespace |
200 | 218 |
201 } // namespace sandbox | 219 } // namespace sandbox |
OLD | NEW |