tools/testing/selftests/ptrace/set_syscall_info.c

root/tools/testing/selftests/ptrace/set_syscall_info.c
// SPDX-License-Identifier: GPL-2.0+
/*
 * Copyright (c) 2018-2025 Dmitry V. Levin <ldv@strace.io>
 * All rights reserved.
 *
 * Check whether PTRACE_SET_SYSCALL_INFO semantics implemented in the kernel
 * matches userspace expectations.
 */

#include "kselftest_harness.h"
#include <err.h>
#include <fcntl.h>
#include <signal.h>
#include <asm/unistd.h>
#include <linux/types.h>
#include <linux/ptrace.h>

#if defined(_MIPS_SIM) && _MIPS_SIM == _MIPS_SIM_NABI32
/*
 * MIPS N32 is the only architecture where __kernel_ulong_t
 * does not match the bitness of syscall arguments.
 */
typedef unsigned long long kernel_ulong_t;
#else
typedef __kernel_ulong_t kernel_ulong_t;
#endif

struct si_entry {
        int nr;
        kernel_ulong_t args[6];
};
struct si_exit {
        unsigned int is_error;
        int rval;
};

static unsigned int ptrace_stop;
static pid_t tracee_pid;

static int
kill_tracee(pid_t pid)
{
        if (!pid)
                return 0;

        int saved_errno = errno;

        int rc = kill(pid, SIGKILL);

        errno = saved_errno;
        return rc;
}

static long
sys_ptrace(int request, pid_t pid, unsigned long addr, unsigned long data)
{
        return syscall(__NR_ptrace, request, pid, addr, data);
}

#define LOG_KILL_TRACEE(fmt, ...)                               \
        do {                                                    \
                kill_tracee(tracee_pid);                        \
                TH_LOG("wait #%d: " fmt,                        \
                       ptrace_stop, ##__VA_ARGS__);             \
        } while (0)

static void
check_psi_entry(struct __test_metadata *_metadata,
                const struct ptrace_syscall_info *info,
                const struct si_entry *exp_entry,
                const char *text)
{
        unsigned int i;
        int exp_nr = exp_entry->nr;
#if defined __s390__ || defined __s390x__
        /* s390 is the only architecture that has 16-bit syscall numbers */
        exp_nr &= 0xffff;
#endif

        ASSERT_EQ(PTRACE_SYSCALL_INFO_ENTRY, info->op) {
                LOG_KILL_TRACEE("%s: entry stop mismatch", text);
        }
        ASSERT_TRUE(info->arch) {
                LOG_KILL_TRACEE("%s: entry stop mismatch", text);
        }
        ASSERT_TRUE(info->instruction_pointer) {
                LOG_KILL_TRACEE("%s: entry stop mismatch", text);
        }
        ASSERT_TRUE(info->stack_pointer) {
                LOG_KILL_TRACEE("%s: entry stop mismatch", text);
        }
        ASSERT_EQ(exp_nr, info->entry.nr) {
                LOG_KILL_TRACEE("%s: syscall nr mismatch", text);
        }
        for (i = 0; i < ARRAY_SIZE(exp_entry->args); ++i) {
                ASSERT_EQ(exp_entry->args[i], info->entry.args[i]) {
                        LOG_KILL_TRACEE("%s: syscall arg #%u mismatch",
                                        text, i);
                }
        }
}

static void
check_psi_exit(struct __test_metadata *_metadata,
               const struct ptrace_syscall_info *info,
               const struct si_exit *exp_exit,
               const char *text)
{
        ASSERT_EQ(PTRACE_SYSCALL_INFO_EXIT, info->op) {
                LOG_KILL_TRACEE("%s: exit stop mismatch", text);
        }
        ASSERT_TRUE(info->arch) {
                LOG_KILL_TRACEE("%s: exit stop mismatch", text);
        }
        ASSERT_TRUE(info->instruction_pointer) {
                LOG_KILL_TRACEE("%s: exit stop mismatch", text);
        }
        ASSERT_TRUE(info->stack_pointer) {
                LOG_KILL_TRACEE("%s: exit stop mismatch", text);
        }
        ASSERT_EQ(exp_exit->is_error, info->exit.is_error) {
                LOG_KILL_TRACEE("%s: exit stop mismatch", text);
        }
        ASSERT_EQ(exp_exit->rval, info->exit.rval) {
                LOG_KILL_TRACEE("%s: exit stop mismatch", text);
        }
}

TEST(set_syscall_info)
{
        const pid_t tracer_pid = getpid();
        const kernel_ulong_t dummy[] = {
                (kernel_ulong_t) 0xdad0bef0bad0fed0ULL,
                (kernel_ulong_t) 0xdad1bef1bad1fed1ULL,
                (kernel_ulong_t) 0xdad2bef2bad2fed2ULL,
                (kernel_ulong_t) 0xdad3bef3bad3fed3ULL,
                (kernel_ulong_t) 0xdad4bef4bad4fed4ULL,
                (kernel_ulong_t) 0xdad5bef5bad5fed5ULL,
        };
        int splice_in[2], splice_out[2];

        ASSERT_EQ(0, pipe(splice_in));
        ASSERT_EQ(0, pipe(splice_out));
        ASSERT_EQ(sizeof(dummy), write(splice_in[1], dummy, sizeof(dummy)));

        const struct {
                struct si_entry entry[2];
                struct si_exit exit[2];
        } si[] = {
                /* change scno, keep non-error rval */
                {
                        {
                                {
                                        __NR_gettid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        __NR_getppid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 0, tracer_pid }, { 0, tracer_pid }
                        }
                },

                /* set scno to -1, keep error rval */
                {
                        {
                                {
                                        __NR_chdir,
                                        {
                                                (uintptr_t) ".",
                                                dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        -1,
                                        {
                                                (uintptr_t) ".",
                                                dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 1, -ENOSYS }, { 1, -ENOSYS }
                        }
                },

                /* keep scno, change non-error rval */
                {
                        {
                                {
                                        __NR_getppid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        __NR_getppid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 0, tracer_pid }, { 0, tracer_pid + 1 }
                        }
                },

                /* change arg1, keep non-error rval */
                {
                        {
                                {
                                        __NR_chdir,
                                        {
                                                (uintptr_t) "",
                                                dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        __NR_chdir,
                                        {
                                                (uintptr_t) ".",
                                                dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 0, 0 }, { 0, 0 }
                        }
                },

                /* set scno to -1, change error rval to non-error */
                {
                        {
                                {
                                        __NR_gettid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        -1,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 1, -ENOSYS }, { 0, tracer_pid }
                        }
                },

                /* change scno, change non-error rval to error */
                {
                        {
                                {
                                        __NR_chdir,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        __NR_getppid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 0, tracer_pid }, { 1, -EISDIR }
                        }
                },

                /* change scno and all args, change non-error rval */
                {
                        {
                                {
                                        __NR_gettid,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        __NR_splice,
                                        {
                                                splice_in[0], 0, splice_out[1], 0,
                                                sizeof(dummy), SPLICE_F_NONBLOCK
                                        }
                                }
                        }, {
                                { 0, sizeof(dummy) }, { 0, sizeof(dummy) + 1 }
                        }
                },

                /* change arg1, no exit stop */
                {
                        {
                                {
                                        __NR_exit_group,
                                        {
                                                dummy[0], dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }, {
                                        __NR_exit_group,
                                        {
                                                0, dummy[1], dummy[2],
                                                dummy[3], dummy[4], dummy[5]
                                        }
                                }
                        }, {
                                { 0, 0 }, { 0, 0 }
                        }
                },
        };

        long rc;
        unsigned int i;

        tracee_pid = fork();

        ASSERT_LE(0, tracee_pid) {
                TH_LOG("fork: %m");
        }

        if (tracee_pid == 0) {
                /* get the pid before PTRACE_TRACEME */
                tracee_pid = getpid();
                ASSERT_EQ(0, sys_ptrace(PTRACE_TRACEME, 0, 0, 0)) {
                        TH_LOG("PTRACE_TRACEME: %m");
                }
                ASSERT_EQ(0, kill(tracee_pid, SIGSTOP)) {
                        /* cannot happen */
                        TH_LOG("kill SIGSTOP: %m");
                }
                for (i = 0; i < ARRAY_SIZE(si); ++i) {
                        rc = syscall(si[i].entry[0].nr,
                                     si[i].entry[0].args[0],
                                     si[i].entry[0].args[1],
                                     si[i].entry[0].args[2],
                                     si[i].entry[0].args[3],
                                     si[i].entry[0].args[4],
                                     si[i].entry[0].args[5]);
                        if (si[i].exit[1].is_error) {
                                if (rc != -1 || errno != -si[i].exit[1].rval)
                                        break;
                        } else {
                                if (rc != si[i].exit[1].rval)
                                        break;
                        }
                }
                /*
                 * Something went wrong, but in this state tracee
                 * cannot reliably issue syscalls, so just crash.
                 */
                *(volatile unsigned char *) (uintptr_t) i = 42;
                /* unreachable */
                _exit(i + 1);
        }

        for (ptrace_stop = 0; ; ++ptrace_stop) {
                struct ptrace_syscall_info info = {
                        .op = 0xff      /* invalid PTRACE_SYSCALL_INFO_* op */
                };
                const size_t size = sizeof(info);
                const int expected_entry_size =
                        (void *) &info.entry.args[6] - (void *) &info;
                const int expected_exit_size =
                        (void *) (&info.exit.is_error + 1) -
                        (void *) &info;
                int status;

                ASSERT_EQ(tracee_pid, wait(&status)) {
                        /* cannot happen */
                        LOG_KILL_TRACEE("wait: %m");
                }
                if (WIFEXITED(status)) {
                        tracee_pid = 0; /* the tracee is no more */
                        ASSERT_EQ(0, WEXITSTATUS(status)) {
                                LOG_KILL_TRACEE("unexpected exit status %u",
                                                WEXITSTATUS(status));
                        }
                        break;
                }
                ASSERT_FALSE(WIFSIGNALED(status)) {
                        tracee_pid = 0; /* the tracee is no more */
                        LOG_KILL_TRACEE("unexpected signal %u",
                                        WTERMSIG(status));
                }
                ASSERT_TRUE(WIFSTOPPED(status)) {
                        /* cannot happen */
                        LOG_KILL_TRACEE("unexpected wait status %#x", status);
                }

                ASSERT_LT(ptrace_stop, ARRAY_SIZE(si) * 2) {
                        LOG_KILL_TRACEE("ptrace stop overflow");
                }

                switch (WSTOPSIG(status)) {
                case SIGSTOP:
                        ASSERT_EQ(0, ptrace_stop) {
                                LOG_KILL_TRACEE("unexpected signal stop");
                        }
                        ASSERT_EQ(0, sys_ptrace(PTRACE_SETOPTIONS, tracee_pid,
                                                0, PTRACE_O_TRACESYSGOOD)) {
                                LOG_KILL_TRACEE("PTRACE_SETOPTIONS: %m");
                        }
                        break;

                case SIGTRAP | 0x80:
                        ASSERT_LT(0, ptrace_stop) {
                                LOG_KILL_TRACEE("unexpected syscall stop");
                        }
                        ASSERT_LT(0, (rc = sys_ptrace(PTRACE_GET_SYSCALL_INFO,
                                                      tracee_pid, size,
                                                      (uintptr_t) &info))) {
                                LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO #1: %m");
                        }
                        if (ptrace_stop & 1) {
                                /* entering syscall */
                                const struct si_entry *exp_entry =
                                        &si[ptrace_stop / 2].entry[0];
                                const struct si_entry *set_entry =
                                        &si[ptrace_stop / 2].entry[1];

                                /* check ptrace_syscall_info before the changes */
                                ASSERT_EQ(expected_entry_size, rc) {
                                        LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO #1"
                                                        ": entry stop mismatch");
                                }
                                check_psi_entry(_metadata, &info, exp_entry,
                                                "PTRACE_GET_SYSCALL_INFO #1");

                                /* apply the changes */
                                info.entry.nr = set_entry->nr;
                                for (i = 0; i < ARRAY_SIZE(set_entry->args); ++i)
                                        info.entry.args[i] = set_entry->args[i];
                                ASSERT_EQ(0, sys_ptrace(PTRACE_SET_SYSCALL_INFO,
                                                        tracee_pid, size,
                                                        (uintptr_t) &info)) {
                                        LOG_KILL_TRACEE("PTRACE_SET_SYSCALL_INFO: %m");
                                }

                                /* check ptrace_syscall_info after the changes */
                                memset(&info, 0, sizeof(info));
                                info.op = 0xff;
                                ASSERT_LT(0, (rc = sys_ptrace(PTRACE_GET_SYSCALL_INFO,
                                                              tracee_pid, size,
                                                              (uintptr_t) &info))) {
                                        LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO: %m");
                                }
                                ASSERT_EQ(expected_entry_size, rc) {
                                        LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO #2"
                                                        ": entry stop mismatch");
                                }
                                check_psi_entry(_metadata, &info, set_entry,
                                                "PTRACE_GET_SYSCALL_INFO #2");
                        } else {
                                /* exiting syscall */
                                const struct si_exit *exp_exit =
                                        &si[ptrace_stop / 2 - 1].exit[0];
                                const struct si_exit *set_exit =
                                        &si[ptrace_stop / 2 - 1].exit[1];

                                /* check ptrace_syscall_info before the changes */
                                ASSERT_EQ(expected_exit_size, rc) {
                                        LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO #1"
                                                        ": exit stop mismatch");
                                }
                                check_psi_exit(_metadata, &info, exp_exit,
                                                "PTRACE_GET_SYSCALL_INFO #1");

                                /* apply the changes */
                                info.exit.is_error = set_exit->is_error;
                                info.exit.rval = set_exit->rval;
                                ASSERT_EQ(0, sys_ptrace(PTRACE_SET_SYSCALL_INFO,
                                                        tracee_pid, size,
                                                        (uintptr_t) &info)) {
                                        LOG_KILL_TRACEE("PTRACE_SET_SYSCALL_INFO: %m");
                                }

                                /* check ptrace_syscall_info after the changes */
                                memset(&info, 0, sizeof(info));
                                info.op = 0xff;
                                ASSERT_LT(0, (rc = sys_ptrace(PTRACE_GET_SYSCALL_INFO,
                                                              tracee_pid, size,
                                                              (uintptr_t) &info))) {
                                        LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO #2: %m");
                                }
                                ASSERT_EQ(expected_exit_size, rc) {
                                        LOG_KILL_TRACEE("PTRACE_GET_SYSCALL_INFO #2"
                                                        ": exit stop mismatch");
                                }
                                check_psi_exit(_metadata, &info, set_exit,
                                                "PTRACE_GET_SYSCALL_INFO #2");
                        }
                        break;

                default:
                        LOG_KILL_TRACEE("unexpected stop signal %u",
                                        WSTOPSIG(status));
                        abort();
                }

                ASSERT_EQ(0, sys_ptrace(PTRACE_SYSCALL, tracee_pid, 0, 0)) {
                        LOG_KILL_TRACEE("PTRACE_SYSCALL: %m");
                }
        }

        ASSERT_EQ(ptrace_stop, ARRAY_SIZE(si) * 2);
}

TEST_HARNESS_MAIN
Linux
