2 * Check decoding of ptrace syscall.
4 * Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include <asm/unistd.h>
40 #include <linux/audit.h>
42 static const char *errstr;
45 do_ptrace(unsigned long request, unsigned long pid,
46 unsigned long addr, unsigned long data)
48 long rc = syscall(__NR_ptrace, request, pid, addr, data);
49 errstr = sprintrc(rc);
54 test_peeksiginfo(unsigned long pid, const unsigned long bad_request)
56 do_ptrace(PTRACE_PEEKSIGINFO, pid, 0, bad_request);
57 printf("ptrace(PTRACE_PEEKSIGINFO, %u, NULL, %#lx) = %s\n",
58 (unsigned) pid, bad_request, errstr);
61 unsigned long long off;
62 unsigned int flags, nr;
63 } *const psi = tail_alloc(sizeof(*psi));
65 psi->off = 0xdeadbeeffacefeedULL;
69 do_ptrace(PTRACE_PEEKSIGINFO, pid, (unsigned long) psi, bad_request);
70 printf("ptrace(PTRACE_PEEKSIGINFO, %u, {off=%llu"
71 ", flags=PTRACE_PEEKSIGINFO_SHARED, nr=%u}, %#lx) = %s\n",
72 (unsigned) pid, psi->off, psi->nr, bad_request, errstr);
76 perror_msg_and_fail("fork");
81 sigaddset(&mask, SIGUSR1);
82 sigaddset(&mask, SIGUSR2);
83 sigaddset(&mask, SIGALRM);
85 if (sigprocmask(SIG_BLOCK, &mask, NULL))
86 perror_msg_and_fail("sigprocmask");
92 if (do_ptrace(PTRACE_TRACEME, 0, 0, 0))
93 perror_msg_and_fail("child: PTRACE_TRACEME");
99 const unsigned int nsigs = 4;
100 const uid_t uid = geteuid();
101 siginfo_t *sigs = tail_alloc(sizeof(*sigs) * nsigs);
108 int status, tracee, saved;
111 tracee = wait(&status);
118 perror_msg_and_fail("wait");
120 if (WIFEXITED(status)) {
121 if (WEXITSTATUS(status) == 0)
123 error_msg_and_fail("unexpected exit status %u",
124 WEXITSTATUS(status));
126 if (WIFSIGNALED(status))
127 error_msg_and_fail("unexpected signal %u",
129 if (!WIFSTOPPED(status) || WSTOPSIG(status) != SIGSTOP) {
131 error_msg_and_fail("unexpected wait status %x",
135 long rc = do_ptrace(PTRACE_PEEKSIGINFO, pid,
136 (unsigned long) psi, (unsigned long) sigs);
138 printf("ptrace(PTRACE_PEEKSIGINFO, %u"
139 ", {off=%llu, flags=0, nr=%u}, %p) = %s\n",
140 (unsigned) pid, psi->off, psi->nr, sigs,
143 printf("ptrace(PTRACE_PEEKSIGINFO, %u"
144 ", {off=%llu, flags=0, nr=%u}"
145 ", [{si_signo=SIGUSR1, si_code=SI_TKILL"
146 ", si_pid=%u, si_uid=%u}"
147 ", {si_signo=SIGUSR2, si_code=SI_TKILL"
148 ", si_pid=%u, si_uid=%u}"
149 ", {si_signo=SIGALRM, si_code=SI_TKILL"
150 ", si_pid=%u, si_uid=%u}"
152 (unsigned) pid, psi->off, psi->nr,
153 (unsigned) pid, (unsigned) uid,
154 (unsigned) pid, (unsigned) uid,
155 (unsigned) pid, (unsigned) uid,
159 if (do_ptrace(PTRACE_CONT, pid, 0, 0)) {
163 perror_msg_and_fail("ptrace");
165 printf("ptrace(PTRACE_CONT, %ld, NULL, SIG_0) = 0\n", pid);
172 const unsigned long bad_request =
173 (unsigned long) 0xdeadbeeffffffeedULL;
174 const unsigned long bad_data =
175 (unsigned long) 0xdeadcafefffff00dULL;
176 const unsigned long pid =
177 (unsigned long) 0xdefaced00000000ULL | (unsigned) getpid();
179 const unsigned int sigset_size = get_sigset_size();
181 void *const k_set = tail_alloc(sigset_size);
182 TAIL_ALLOC_OBJECT_CONST_PTR(siginfo_t, sip);
184 do_ptrace(bad_request, pid, 0, 0);
185 printf("ptrace(%#lx /* PTRACE_??? */, %u, NULL, NULL) = %s\n",
186 bad_request, (unsigned) pid, errstr);
188 do_ptrace(PTRACE_PEEKDATA, pid, bad_request, bad_data);
190 printf("ptrace(PTRACE_PEEKDATA, %u, %#lx) = %s\n",
191 (unsigned) pid, bad_request, errstr);
193 printf("ptrace(PTRACE_PEEKDATA, %u, %#lx, %#lx) = %s\n",
194 (unsigned) pid, bad_request, bad_data, errstr);
197 do_ptrace(PTRACE_PEEKTEXT, pid, bad_request, bad_data);
199 printf("ptrace(PTRACE_PEEKTEXT, %u, %#lx) = %s\n",
200 (unsigned) pid, bad_request, errstr);
202 printf("ptrace(PTRACE_PEEKTEXT, %u, %#lx, %#lx) = %s\n",
203 (unsigned) pid, bad_request, bad_data, errstr);
206 do_ptrace(PTRACE_PEEKUSER, pid, bad_request, bad_data);
208 printf("ptrace(PTRACE_PEEKUSER, %u, %#lx) = %s\n",
209 (unsigned) pid, bad_request, errstr);
211 printf("ptrace(PTRACE_PEEKUSER, %u, %#lx, %#lx) = %s\n",
212 (unsigned) pid, bad_request, bad_data, errstr);
215 do_ptrace(PTRACE_POKEUSER, pid, bad_request, bad_data);
216 printf("ptrace(PTRACE_POKEUSER, %u, %#lx, %#lx) = %s\n",
217 (unsigned) pid, bad_request, bad_data, errstr);
219 do_ptrace(PTRACE_ATTACH, pid, 0, 0);
220 printf("ptrace(PTRACE_ATTACH, %u) = %s\n", (unsigned) pid, errstr);
222 do_ptrace(PTRACE_INTERRUPT, pid, 0, 0);
223 printf("ptrace(PTRACE_INTERRUPT, %u) = %s\n", (unsigned) pid, errstr);
225 do_ptrace(PTRACE_KILL, pid, 0, 0);
226 printf("ptrace(PTRACE_KILL, %u) = %s\n", (unsigned) pid, errstr);
228 do_ptrace(PTRACE_LISTEN, pid, 0, 0);
229 printf("ptrace(PTRACE_LISTEN, %u) = %s\n", (unsigned) pid, errstr);
232 sigemptyset(&libc_set);
233 sigaddset(&libc_set, SIGUSR1);
234 memcpy(k_set, &libc_set, sigset_size);
236 do_ptrace(PTRACE_SETSIGMASK, pid, sigset_size, (unsigned long) k_set);
237 printf("ptrace(PTRACE_SETSIGMASK, %u, %u, [USR1]) = %s\n",
238 (unsigned) pid, sigset_size, errstr);
240 do_ptrace(PTRACE_GETSIGMASK, pid, sigset_size, (unsigned long) k_set);
241 printf("ptrace(PTRACE_GETSIGMASK, %u, %u, %p) = %s\n",
242 (unsigned) pid, sigset_size, k_set, errstr);
244 do_ptrace(PTRACE_SECCOMP_GET_FILTER, pid, 42, 0);
245 printf("ptrace(PTRACE_SECCOMP_GET_FILTER, %u, 42, NULL) = %s\n",
246 (unsigned) pid, errstr);
248 do_ptrace(PTRACE_GETEVENTMSG, pid, bad_request, bad_data);
249 printf("ptrace(PTRACE_GETEVENTMSG, %u, %#lx, %#lx) = %s\n",
250 (unsigned) pid, bad_request, bad_data, errstr);
252 memset(sip, -1, sizeof(*sip));
253 sip->si_signo = SIGIO;
255 sip->si_errno = ENOENT;
258 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
259 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGIO"
260 ", si_code=POLL_IN, si_errno=ENOENT, si_band=-2}) = %s\n",
261 (unsigned) pid, bad_request, errstr);
263 memset(sip, -1, sizeof(*sip));
264 sip->si_signo = SIGTRAP;
266 sip->si_errno = ENOENT;
269 sip->si_ptr = (void *) bad_request;
271 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
272 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGTRAP"
273 ", si_code=TRAP_BRKPT, si_errno=ENOENT, si_pid=2, si_uid=3"
274 ", si_value={int=%d, ptr=%p}}) = %s\n",
275 (unsigned) pid, bad_request, sip->si_int, sip->si_ptr,
278 memset(sip, -1, sizeof(*sip));
279 sip->si_signo = SIGILL;
281 sip->si_errno = ENOENT;
282 sip->si_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL;
284 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
285 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGILL"
286 ", si_code=ILL_ILLOPC, si_errno=ENOENT, si_addr=%p}) = %s\n",
287 (unsigned) pid, bad_request, sip->si_addr, errstr);
289 memset(sip, -1, sizeof(*sip));
290 sip->si_signo = SIGFPE;
292 sip->si_errno = ENOENT;
293 sip->si_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL;
295 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
296 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGFPE"
297 ", si_code=FPE_INTDIV, si_errno=ENOENT, si_addr=%p}) = %s\n",
298 (unsigned) pid, bad_request, sip->si_addr, errstr);
300 memset(sip, -1, sizeof(*sip));
301 sip->si_signo = SIGBUS;
304 sip->si_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL;
306 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
307 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGBUS"
308 ", si_code=BUS_ADRALN, si_errno=%d, si_addr=%p}) = %s\n",
309 (unsigned) pid, bad_request, sip->si_errno, sip->si_addr,
312 memset(sip, -1, sizeof(*sip));
313 sip->si_signo = SIGPROF;
314 sip->si_code = 0xbadc0ded;
320 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
321 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGPROF"
322 ", si_code=%#x, si_errno=%d, si_pid=0, si_uid=3}) = %s\n",
323 (unsigned) pid, bad_request, sip->si_code, sip->si_errno,
326 #ifdef HAVE_SIGINFO_T_SI_SYSCALL
327 memset(sip, -1, sizeof(*sip));
328 sip->si_signo = SIGSYS;
330 sip->si_errno = ENOENT;
331 sip->si_call_addr = (void *) (unsigned long) 0xfacefeeddeadbeefULL;
332 sip->si_syscall = -1U;
333 sip->si_arch = AUDIT_ARCH_X86_64;
335 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
336 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGSYS"
337 ", si_code=SYS_SECCOMP, si_errno=ENOENT, si_call_addr=%p"
338 ", si_syscall=%u, si_arch=AUDIT_ARCH_X86_64})"
340 (unsigned) pid, bad_request, sip->si_call_addr, sip->si_syscall,
343 sip->si_errno = 3141592653U;
344 sip->si_call_addr = NULL;
345 sip->si_syscall = __NR_read;
346 sip->si_arch = 0xda7a1057;
348 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
349 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGSYS"
350 ", si_code=SYS_SECCOMP, si_errno=%d, si_call_addr=NULL"
351 ", si_syscall=__NR_read, si_arch=%#x /* AUDIT_ARCH_??? */})"
353 (unsigned) pid, bad_request, sip->si_errno, sip->si_arch,
357 #if defined HAVE_SIGINFO_T_SI_TIMERID && defined HAVE_SIGINFO_T_SI_OVERRUN
358 memset(sip, -1, sizeof(*sip));
359 sip->si_signo = SIGHUP;
360 sip->si_code = SI_TIMER;
361 sip->si_errno = ENOENT;
362 sip->si_timerid = 0xdeadbeef;
363 sip->si_overrun = -1;
364 sip->si_ptr = (void *) (unsigned long) 0xfacefeeddeadbeefULL;
366 do_ptrace(PTRACE_SETSIGINFO, pid, bad_request, (unsigned long) sip);
367 printf("ptrace(PTRACE_SETSIGINFO, %u, %#lx, {si_signo=SIGHUP"
368 ", si_code=SI_TIMER, si_errno=ENOENT, si_timerid=%#x"
369 ", si_overrun=%d, si_value={int=%d, ptr=%p}}) = %s\n",
370 (unsigned) pid, bad_request, sip->si_timerid, sip->si_overrun,
371 sip->si_int, sip->si_ptr, errstr);
374 do_ptrace(PTRACE_GETSIGINFO, pid, bad_request, (unsigned long) sip);
375 printf("ptrace(PTRACE_GETSIGINFO, %u, %#lx, %p)"
376 " = %s\n", (unsigned) pid, bad_request, sip, errstr);
378 do_ptrace(PTRACE_CONT, pid, 0, SIGUSR1);
379 printf("ptrace(PTRACE_CONT, %u, NULL, SIGUSR1) = %s\n",
380 (unsigned) pid, errstr);
382 do_ptrace(PTRACE_DETACH, pid, 0, SIGUSR2);
383 printf("ptrace(PTRACE_DETACH, %u, NULL, SIGUSR2) = %s\n",
384 (unsigned) pid, errstr);
386 do_ptrace(PTRACE_SYSCALL, pid, 0, SIGUSR1);
387 printf("ptrace(PTRACE_SYSCALL, %u, NULL, SIGUSR1) = %s\n",
388 (unsigned) pid, errstr);
390 #ifdef PTRACE_SINGLESTEP
391 do_ptrace(PTRACE_SINGLESTEP, pid, 0, SIGUSR2);
392 printf("ptrace(PTRACE_SINGLESTEP, %u, NULL, SIGUSR2) = %s\n",
393 (unsigned) pid, errstr);
396 #ifdef PTRACE_SINGLEBLOCK
397 do_ptrace(PTRACE_SINGLEBLOCK, pid, 0, SIGUSR1);
398 printf("ptrace(PTRACE_SINGLEBLOCK, %u, NULL, SIGUSR1) = %s\n",
399 (unsigned) pid, errstr);
403 do_ptrace(PTRACE_SYSEMU, pid, 0, SIGUSR2);
404 printf("ptrace(PTRACE_SYSEMU, %u, NULL, SIGUSR2) = %s\n",
405 (unsigned) pid, errstr);
407 #ifdef PTRACE_SYSEMU_SINGLESTEP
408 do_ptrace(PTRACE_SYSEMU_SINGLESTEP, pid, 0, SIGUSR1);
409 printf("ptrace(PTRACE_SYSEMU_SINGLESTEP, %u, NULL, SIGUSR1) = %s\n",
410 (unsigned) pid, errstr);
413 do_ptrace(PTRACE_SETOPTIONS,
414 pid, 0, PTRACE_O_TRACEFORK|PTRACE_O_TRACECLONE);
415 printf("ptrace(PTRACE_SETOPTIONS, %u, NULL"
416 ", PTRACE_O_TRACEFORK|PTRACE_O_TRACECLONE) = %s\n",
417 (unsigned) pid, errstr);
419 do_ptrace(PTRACE_SEIZE, pid, bad_request, PTRACE_O_TRACESYSGOOD);
420 printf("ptrace(PTRACE_SEIZE, %u, %#lx, PTRACE_O_TRACESYSGOOD) = %s\n",
421 (unsigned) pid, bad_request, errstr);
423 do_ptrace(PTRACE_SETREGSET, pid, 1, bad_request);
424 printf("ptrace(PTRACE_SETREGSET, %u, NT_PRSTATUS, %#lx) = %s\n",
425 (unsigned) pid, bad_request, errstr);
427 do_ptrace(PTRACE_GETREGSET, pid, 3, bad_request);
428 printf("ptrace(PTRACE_GETREGSET, %u, NT_PRPSINFO, %#lx) = %s\n",
429 (unsigned) pid, bad_request, errstr);
431 test_peeksiginfo(pid, bad_request);
433 do_ptrace(PTRACE_TRACEME, 0, 0, 0);
434 printf("ptrace(PTRACE_TRACEME) = %s\n", errstr);
436 puts("+++ exited with 0 +++");