From patchwork Mon Aug 14 20:52:20 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9900133
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	613DC602D9
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 14 Aug 2017 20:52:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5404628737
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 14 Aug 2017 20:52:27 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 4889A28739; Mon, 14 Aug 2017 20:52:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B419C28737
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 14 Aug 2017 20:52:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752491AbdHNUwZ (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Mon, 14 Aug 2017 16:52:25 -0400
Received: from mail-pg0-f52.google.com ([74.125.83.52]:38879 "EHLO
	mail-pg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752490AbdHNUwY (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Mon, 14 Aug 2017 16:52:24 -0400
Received: by mail-pg0-f52.google.com with SMTP id l64so54158106pge.5
	for <linux-security-module@vger.kernel.org>;
	Mon, 14 Aug 2017 13:52:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=chromium.org; s=google;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition;
	bh=1veDbGwKo3fsaBQtgo/rvR2wmaasOjzokEQdzEXWVTQ=;
	b=Kiffl54/JZAldpGhPteImeMzYBYmekCzDdbzjuUYiGDkCXSr7dXFmJM3sQ1woN+yKc
	8b2Q9EIstOsw9xh7HMXWR8FlTYtOQITzN36h33Yxz++zLDLpVpEnoKkSLjW6k3Yg/eWe
	CV8ZhWj3uIko7ez4CE1/n0Nrt7xsjUmjnpF90=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition;
	bh=1veDbGwKo3fsaBQtgo/rvR2wmaasOjzokEQdzEXWVTQ=;
	b=eja22dcwf1Vt0hukVKni7Zji6HGHBWwdDIGN7sdrBztm5eJVqUf8PJ+1zBwLfl/NHq
	E8TpDIw6wE/TVUGM/2Ks1m3cMSxY9BjIlxjeyFuMuSD+6rxSRkHEeodlMQ6YCacLynkp
	ZlzC+6xAcYt4QirNyIVxY0QY98QfKGnUsdhYmgZ7dGN5ls64QmeW1jMgcKafmz5aqh5x
	Dn8UrhvAbDGH98yizJz5ad7Zkr6dpYdWk6d/IDlRcRMMEyD4+dhSXle/KfFZDiQ85KBC
	U/fPo6mpYKVZjelYVsQ2u2tz/q0YGaaq/T2CHtP6oFJ4LMENR0Z2SihOp9G6Y+FttrIN
	HneQ==
X-Gm-Message-State: AHYfb5i3PQ7QO1JqoQkXBBI/lH41hK0SJkj5UGmbhBG7jPxY8ns6wgMu
	ScrzCHBCakOzBJHG
X-Received: by 10.84.224.141 with SMTP id s13mr28791074plj.212.1502743943515;
	Mon, 14 Aug 2017 13:52:23 -0700 (PDT)
Received: from www.outflux.net
	(173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
	by smtp.gmail.com with ESMTPSA id
	d5sm14574865pfc.110.2017.08.14.13.52.21
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 14 Aug 2017 13:52:22 -0700 (PDT)
Date: Mon, 14 Aug 2017 13:52:20 -0700
From: Kees Cook <keescook@chromium.org>
To: Shuah Khan <shuahkh@osg.samsung.com>
Cc: Shuah Khan <shuah@kernel.org>, linux-kselftest@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>, Will Drewry <wad@chromium.org>,
	linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] selftests/seccomp: Add tests for basic ptrace actions
Message-ID: <20170814205220.GA60267@beast>
MIME-Version: 1.0
Content-Disposition: inline
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

This adds tests for using only ptrace to perform syscall changes, just
to validate matching behavior between seccomp events and ptrace events.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
I'd like this to go through the seccomp tree, since it's part of a number
of other improvements. If I can get an Ack, that would be great. :) Thanks!
---
 tools/testing/selftests/seccomp/seccomp_bpf.c | 41 ++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 7 deletions(-)

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 73f5ea6778ce..e61b963f011b 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -1262,6 +1262,13 @@ TEST_F(TRACE_poke, getpid_runs_normally)
 # error "Do not know how to find your architecture's registers and syscalls"
 #endif
 
+/* When the syscall return can't be changed, stub out the tests for it. */
+#ifdef SYSCALL_NUM_RET_SHARE_REG
+# define EXPECT_SYSCALL_RETURN(val, action)	EXPECT_EQ(-1, action)
+#else
+# define EXPECT_SYSCALL_RETURN(val, action)	EXPECT_EQ(val, action)
+#endif
+
 /* Use PTRACE_GETREGS and PTRACE_SETREGS when available. This is useful for
  * architectures without HAVE_ARCH_TRACEHOOK (e.g. User-mode Linux).
  */
@@ -1357,7 +1364,7 @@ void change_syscall(struct __test_metadata *_metadata,
 #ifdef SYSCALL_NUM_RET_SHARE_REG
 		TH_LOG("Can't modify syscall return on this architecture");
 #else
-		regs.SYSCALL_RET = 1;
+		regs.SYSCALL_RET = EPERM;
 #endif
 
 #ifdef HAVE_GETREGS
@@ -1426,6 +1433,8 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee,
 
 	if (nr == __NR_getpid)
 		change_syscall(_metadata, tracee, __NR_getppid);
+	if (nr == __NR_open)
+		change_syscall(_metadata, tracee, -1);
 }
 
 FIXTURE_DATA(TRACE_syscall) {
@@ -1480,6 +1489,28 @@ FIXTURE_TEARDOWN(TRACE_syscall)
 		free(self->prog.filter);
 }
 
+TEST_F(TRACE_syscall, ptrace_syscall_redirected)
+{
+	/* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */
+	teardown_trace_fixture(_metadata, self->tracer);
+	self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL,
+					   true);
+
+	/* Tracer will redirect getpid to getppid. */
+	EXPECT_NE(self->mypid, syscall(__NR_getpid));
+}
+
+TEST_F(TRACE_syscall, ptrace_syscall_dropped)
+{
+	/* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */
+	teardown_trace_fixture(_metadata, self->tracer);
+	self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL,
+					   true);
+
+	/* Tracer should skip the open syscall, resulting in EPERM. */
+	EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_open));
+}
+
 TEST_F(TRACE_syscall, syscall_allowed)
 {
 	long ret;
@@ -1520,13 +1551,8 @@ TEST_F(TRACE_syscall, syscall_dropped)
 	ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &self->prog, 0, 0);
 	ASSERT_EQ(0, ret);
 
-#ifdef SYSCALL_NUM_RET_SHARE_REG
-	/* gettid has been skipped */
-	EXPECT_EQ(-1, syscall(__NR_gettid));
-#else
 	/* gettid has been skipped and an altered return value stored. */
-	EXPECT_EQ(1, syscall(__NR_gettid));
-#endif
+	EXPECT_SYSCALL_RETURN(EPERM, syscall(__NR_gettid));
 	EXPECT_NE(self->mytid, syscall(__NR_gettid));
 }
 
@@ -1557,6 +1583,7 @@ TEST_F(TRACE_syscall, skip_after_RET_TRACE)
 	ASSERT_EQ(0, ret);
 
 	/* Tracer will redirect getpid to getppid, and we should see EPERM. */
+	errno = 0;
 	EXPECT_EQ(-1, syscall(__NR_getpid));
 	EXPECT_EQ(EPERM, errno);
 }