Differential D16116 Diff 45545 tests/sys/audit/miscellaneous.c

Changeset View

Standalone View

tests/sys/audit/miscellaneous.c

This file was added.

				/*-
				* Copyright (c) 2018 Aniket Pandey
				*
				* Redistribution and use in source and binary forms, with or without
				* modification, are permitted provided that the following conditions
				* are met:
				* 1. Redistributions of source code must retain the above copyright
				* notice, this list of conditions and the following disclaimer.
				* 2. Redistributions in binary form must reproduce the above copyright
				* notice, this list of conditions and the following disclaimer in the
				* documentation and/or other materials provided with the distribution.
				*
				* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
				* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
				* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
				* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
				* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
				* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
				* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
				* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
				* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
				* SUCH DAMAGE.
				*
				* $FreeBSD$
				*/

				#include <sys/types.h>
				#include <sys/sysctl.h>

				#include <bsm/audit.h>
				#include <machine/sysarch.h>

				#include <atf-c.h>
				#include <unistd.h>

				#include "utils.h"

				static pid_t pid;
				static char miscreg[80];
				static struct pollfd fds[1];
				static const char *auclass = "ot";


				/*
				* Success case of audit(2) is skipped for now as the behaviour is quite
				* undeterministic. It will be added when the intermittency is resolved.
				*/


				ATF_TC_WITH_CLEANUP(audit_failure);
				ATF_TC_HEAD(audit_failure, tc)
				{
				atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
				"audit(2) call");
				}

				ATF_TC_BODY(audit_failure, tc)
				{
				pid = getpid();
				snprintf(miscreg, sizeof(miscreg), "audit.%d.return,failure", pid);

				FILE *pipefd = setup(fds, auclass);
				/* Failure reason: Invalid argument */
				ATF_REQUIRE_EQ(-1, audit(NULL, -1));
				check_audit(fds, miscreg, pipefd);
				}

				ATF_TC_CLEANUP(audit_failure, tc)
				{
				cleanup();
				}


				ATF_TC_WITH_CLEANUP(sysarch_success);
				ATF_TC_HEAD(sysarch_success, tc)
				{
				atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
				"sysarch(2) call");
				}

				ATF_TC_BODY(sysarch_success, tc)
				{
				pid = getpid();
				snprintf(miscreg, sizeof(miscreg), "sysarch.%d.return,success", pid);

				/* Set sysnum to the syscall corresponding to the system architecture */
				#if defined(I386_GET_IOPERM) /* i386 */
				struct i386_ioperm_args i3sysarg;
				bzero(&i3sysarg, sizeof(i3sysarg));

				#elif defined(AMD64_GET_FSBASE) /* amd64 */
				register_t amd64arg;

				asomersUnsubmitted Done Inline Actions Technically this is an input/output argument, so you still need to initialize all fields or tools like Coverity will complain. asomers: Technically this is an input/output argument, so you still need to initialize all fields or…
				#elif defined(MIPS_GET_TLS) /* MIPS */
				char *mipsarg;

				#elif defined(ARM_SYNC_ICACHE) /* ARM */
				asomersUnsubmitted Done Inline Actions This should be a `register_t`, not a `void`. asomers:* This should be a `register_t`, not a `void*`.
				struct arm_sync_icache_args armsysarg;
				bzero(&armsysarg, sizeof(armsysarg));
				asomersUnsubmitted Done Inline Actions I'm curious. Why is sysarch unsafe on sparc? asomers: I'm curious. Why is sysarch unsafe on sparc?
				aniketpAuthorUnsubmitted Done Inline Actions Well. TBH, I don't know. The only allowed syscalls were `SPARC_UTRAP_INSTALL` and `SPARC_SIGTRAMP_INSTALL`. I don't know what they do and not sure if I should add them to the tests. Though if you think they are safe enough, I can add their tests no issue. aniketp: Well. TBH, I don't know. The only allowed syscalls were `SPARC_UTRAP_INSTALL` and…
				asomersUnsubmitted Done Inline Actions It looks fine. According to an old Solaris man page for that function, you can use it to install no handler for a certain trap. That should be a nop. https://docs.oracle.com/cd/E19455-01/806-0626/6j9vgh69s/index.html asomers: It looks fine. According to an old Solaris man page for that function, you can use it to…

				#elif defined(SPARC_UTRAP_INSTALL) /* Sparc64 */
				struct sparc_utrap_args handler = {
				aniketpAuthorUnsubmitted Not Done Inline Actions @asomers, I have the semicolon here. Why would the build fail otherwise? aniketp: @asomers, I have the semicolon here. Why would the build fail otherwise?
				.type = UT_DIVISION_BY_ZERO,
				asomersUnsubmitted Done Inline Actions Did you mean to change the value of `sysnum`? asomers: Did you mean to change the value of `sysnum`?
				/* We don't want to change the previous handlers */
				.new_precise = UTH_NOCHANGE,
				.new_deferred = UTH_NOCHANGE,
				.old_precise = NULL,
				.old_deferred = NULL
				};

				struct sparc_utrap_install_args sparc64arg = {
				.num = ST_DIVISION_BY_ZERO,
				.handlers = &handler
				};
				#else
				/* For PowerPC, ARM64, RISCV archs, sysarch(2) is not supported */
				atf_tc_skip("sysarch(2) is not supported for the system architecture");
				#endif

				FILE *pipefd = setup(fds, auclass);
				#if defined(I386_GET_IOPERM)
				ATF_REQUIRE_EQ(0, sysarch(I386_GET_IOPERM, &i3sysarg));
				#elif defined(AMD64_GET_FSBASE)
				asomersUnsubmitted Done Inline Actions This isn't safe. For one thing, `sysarg` is uninitialized. For another, the kernel may be interpreting it differently for different syscalls. It might be expecting a pointer to a structure containing other pointers, for example. asomers: This isn't safe. For one thing, `sysarg` is uninitialized. For another, the kernel may be…
				ATF_REQUIRE_EQ(0, sysarch(AMD64_GET_FSBASE, &amd64arg));
				#elif defined(MIPS_GET_TLS)
				ATF_REQUIRE_EQ(0, sysarch(MIPS_GET_TLS, &mipsarg));
				#elif defined(ARM_SYNC_ICACHE)
				ATF_REQUIRE_EQ(0, sysarch(ARM_SYNC_ICACHE, &armsysarg));
				#elif defined(SPARC_UTRAP_INSTALL)
				ATF_REQUIRE_EQ(0, sysarch(SPARC_UTRAP_INSTALL, &sparc64arg));
				#endif
				check_audit(fds, miscreg, pipefd);
				}
				asomersUnsubmitted Done Inline Actions May as well inline sysnum here instead of setting it as a variable above. asomers: May as well inline sysnum here instead of setting it as a variable above.

				ATF_TC_CLEANUP(sysarch_success, tc)
				{
				cleanup();
				}


				ATF_TC_WITH_CLEANUP(sysarch_failure);
				ATF_TC_HEAD(sysarch_failure, tc)
				{
				atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
				"sysarch(2) call for any architecture");
				}

				ATF_TC_BODY(sysarch_failure, tc)
				{
				pid = getpid();
				snprintf(miscreg, sizeof(miscreg), "sysarch.%d.return,failure", pid);

				FILE *pipefd = setup(fds, auclass);
				/* Failure reason: Invalid argument and Bad address */
				ATF_REQUIRE_EQ(-1, sysarch(-1, NULL));
				check_audit(fds, miscreg, pipefd);
				}

				ATF_TC_CLEANUP(sysarch_failure, tc)
				{
				cleanup();
				}


				ATF_TC_WITH_CLEANUP(sysctl_success);
				ATF_TC_HEAD(sysctl_success, tc)
				{
				atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
				"sysctl(3) call");
				}

				ATF_TC_BODY(sysctl_success, tc)
				{
				int mib[2], maxproc;
				size_t proclen;

				/* Set mib to retrieve the maximum number of allowed processes */
				mib[0] = CTL_KERN;
				mib[1] = KERN_MAXPROC;
				proclen = sizeof(maxproc);

				pid = getpid();
				snprintf(miscreg, sizeof(miscreg), "sysctl.%d.return,success", pid);

				FILE *pipefd = setup(fds, auclass);
				ATF_REQUIRE_EQ(0, sysctl(mib, 2, &maxproc, &proclen, NULL, 0));
				check_audit(fds, miscreg, pipefd);
				}

				ATF_TC_CLEANUP(sysctl_success, tc)
				{
				cleanup();
				}


				ATF_TC_WITH_CLEANUP(sysctl_failure);
				ATF_TC_HEAD(sysctl_failure, tc)
				{
				atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
				"sysctl(3) call");
				}

				ATF_TC_BODY(sysctl_failure, tc)
				{
				pid = getpid();
				snprintf(miscreg, sizeof(miscreg), "sysctl.%d.return,failure", pid);

				FILE *pipefd = setup(fds, auclass);
				/* Failure reason: Invalid arguments */
				ATF_REQUIRE_EQ(-1, sysctl(NULL, 0, NULL, NULL, NULL, 0));
				check_audit(fds, miscreg, pipefd);
				}

				ATF_TC_CLEANUP(sysctl_failure, tc)
				{
				cleanup();
				}


				ATF_TP_ADD_TCS(tp)
				{
				ATF_TP_ADD_TC(tp, audit_failure);

				ATF_TP_ADD_TC(tp, sysarch_success);
				ATF_TP_ADD_TC(tp, sysarch_failure);

				ATF_TP_ADD_TC(tp, sysctl_success);
				ATF_TP_ADD_TC(tp, sysctl_failure);

				return (atf_no_error());
				}
				asomersUnsubmitted Done Inline Actions I think you should rename the sysarch tests. We aren't actually testing `AMD64_GET_FSBASE`; we don't care what it does. We're just testing the architecture-independent audit(4) connection of sysarch(2). Therefore I think you should have just a single test case called `sysarch_success`. Use conditional compilation to call `atf_skip` on unsupported architectures. asomers: I think you should rename the sysarch tests. We aren't actually testing `AMD64_GET_FSBASE`; we…