Changeset View
Standalone View
tests/sys/audit/miscellaneous.c
- This file was added.
/*- | |||||
* Copyright (c) 2018 Aniket Pandey | |||||
* | |||||
* Redistribution and use in source and binary forms, with or without | |||||
* modification, are permitted provided that the following conditions | |||||
* are met: | |||||
* 1. Redistributions of source code must retain the above copyright | |||||
* notice, this list of conditions and the following disclaimer. | |||||
* 2. Redistributions in binary form must reproduce the above copyright | |||||
* notice, this list of conditions and the following disclaimer in the | |||||
* documentation and/or other materials provided with the distribution. | |||||
* | |||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
* SUCH DAMAGE. | |||||
* | |||||
* $FreeBSD$ | |||||
*/ | |||||
#include <sys/types.h> | |||||
#include <sys/sysctl.h> | |||||
#include <bsm/audit.h> | |||||
#include <machine/sysarch.h> | |||||
#include <atf-c.h> | |||||
#include <unistd.h> | |||||
#include "utils.h" | |||||
static pid_t pid; | |||||
static char miscreg[80]; | |||||
static struct pollfd fds[1]; | |||||
static const char *auclass = "ot"; | |||||
/* | |||||
* Success case of audit(2) is skipped for now as the behaviour is quite | |||||
* undeterministic. It will be added when the intermittency is resolved. | |||||
*/ | |||||
ATF_TC_WITH_CLEANUP(audit_failure); | |||||
ATF_TC_HEAD(audit_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"audit(2) call"); | |||||
} | |||||
ATF_TC_BODY(audit_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(miscreg, sizeof(miscreg), "audit.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: Invalid argument */ | |||||
ATF_REQUIRE_EQ(-1, audit(NULL, -1)); | |||||
check_audit(fds, miscreg, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(audit_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(sysarch_success); | |||||
ATF_TC_HEAD(sysarch_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"sysarch(2) call"); | |||||
} | |||||
ATF_TC_BODY(sysarch_success, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(miscreg, sizeof(miscreg), "sysarch.*%d.*return,success", pid); | |||||
/* Set sysnum to the syscall corresponding to the system architecture */ | |||||
#if defined(I386_GET_IOPERM) /* i386 */ | |||||
struct i386_ioperm_args i3sysarg; | |||||
bzero(&i3sysarg, sizeof(i3sysarg)); | |||||
#elif defined(AMD64_GET_FSBASE) /* amd64 */ | |||||
register_t amd64arg; | |||||
asomers: Technically this is an input/output argument, so you still need to initialize all fields or… | |||||
#elif defined(MIPS_GET_TLS) /* MIPS */ | |||||
char *mipsarg; | |||||
#elif defined(ARM_SYNC_ICACHE) /* ARM */ | |||||
Done Inline ActionsThis should be a register_t, not a void*. asomers: This should be a `register_t`, not a `void*`. | |||||
struct arm_sync_icache_args armsysarg; | |||||
bzero(&armsysarg, sizeof(armsysarg)); | |||||
Done Inline ActionsI'm curious. Why is sysarch unsafe on sparc? asomers: I'm curious. Why is sysarch unsafe on sparc? | |||||
Done Inline ActionsWell. TBH, I don't know. The only allowed syscalls were SPARC_UTRAP_INSTALL and SPARC_SIGTRAMP_INSTALL. I don't know what they do and not sure if I should add them to the tests. Though if you think they are safe enough, I can add their tests no issue. aniketp: Well. TBH, I don't know. The only allowed syscalls were `SPARC_UTRAP_INSTALL` and… | |||||
Done Inline ActionsIt looks fine. According to an old Solaris man page for that function, you can use it to install no handler for a certain trap. That should be a nop. https://docs.oracle.com/cd/E19455-01/806-0626/6j9vgh69s/index.html asomers: It looks fine. According to an old Solaris man page for that function, you can use it to… | |||||
#elif defined(SPARC_UTRAP_INSTALL) /* Sparc64 */ | |||||
struct sparc_utrap_args handler = { | |||||
Not Done Inline Actions@asomers, I have the semicolon here. Why would the build fail otherwise? aniketp: @asomers, I have the semicolon here. Why would the build fail otherwise? | |||||
.type = UT_DIVISION_BY_ZERO, | |||||
Done Inline ActionsDid you mean to change the value of sysnum? asomers: Did you mean to change the value of `sysnum`? | |||||
/* We don't want to change the previous handlers */ | |||||
.new_precise = UTH_NOCHANGE, | |||||
.new_deferred = UTH_NOCHANGE, | |||||
.old_precise = NULL, | |||||
.old_deferred = NULL | |||||
}; | |||||
struct sparc_utrap_install_args sparc64arg = { | |||||
.num = ST_DIVISION_BY_ZERO, | |||||
.handlers = &handler | |||||
}; | |||||
#else | |||||
/* For PowerPC, ARM64, RISCV archs, sysarch(2) is not supported */ | |||||
atf_tc_skip("sysarch(2) is not supported for the system architecture"); | |||||
#endif | |||||
FILE *pipefd = setup(fds, auclass); | |||||
#if defined(I386_GET_IOPERM) | |||||
ATF_REQUIRE_EQ(0, sysarch(I386_GET_IOPERM, &i3sysarg)); | |||||
#elif defined(AMD64_GET_FSBASE) | |||||
Done Inline ActionsThis isn't safe. For one thing, sysarg is uninitialized. For another, the kernel may be interpreting it differently for different syscalls. It might be expecting a pointer to a structure containing other pointers, for example. asomers: This isn't safe. For one thing, `sysarg` is uninitialized. For another, the kernel may be… | |||||
ATF_REQUIRE_EQ(0, sysarch(AMD64_GET_FSBASE, &amd64arg)); | |||||
#elif defined(MIPS_GET_TLS) | |||||
ATF_REQUIRE_EQ(0, sysarch(MIPS_GET_TLS, &mipsarg)); | |||||
#elif defined(ARM_SYNC_ICACHE) | |||||
ATF_REQUIRE_EQ(0, sysarch(ARM_SYNC_ICACHE, &armsysarg)); | |||||
#elif defined(SPARC_UTRAP_INSTALL) | |||||
ATF_REQUIRE_EQ(0, sysarch(SPARC_UTRAP_INSTALL, &sparc64arg)); | |||||
#endif | |||||
check_audit(fds, miscreg, pipefd); | |||||
} | |||||
Done Inline ActionsMay as well inline sysnum here instead of setting it as a variable above. asomers: May as well inline sysnum here instead of setting it as a variable above. | |||||
ATF_TC_CLEANUP(sysarch_success, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(sysarch_failure); | |||||
ATF_TC_HEAD(sysarch_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"sysarch(2) call for any architecture"); | |||||
} | |||||
ATF_TC_BODY(sysarch_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(miscreg, sizeof(miscreg), "sysarch.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: Invalid argument and Bad address */ | |||||
ATF_REQUIRE_EQ(-1, sysarch(-1, NULL)); | |||||
check_audit(fds, miscreg, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(sysarch_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(sysctl_success); | |||||
ATF_TC_HEAD(sysctl_success, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " | |||||
"sysctl(3) call"); | |||||
} | |||||
ATF_TC_BODY(sysctl_success, tc) | |||||
{ | |||||
int mib[2], maxproc; | |||||
size_t proclen; | |||||
/* Set mib to retrieve the maximum number of allowed processes */ | |||||
mib[0] = CTL_KERN; | |||||
mib[1] = KERN_MAXPROC; | |||||
proclen = sizeof(maxproc); | |||||
pid = getpid(); | |||||
snprintf(miscreg, sizeof(miscreg), "sysctl.*%d.*return,success", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
ATF_REQUIRE_EQ(0, sysctl(mib, 2, &maxproc, &proclen, NULL, 0)); | |||||
check_audit(fds, miscreg, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(sysctl_success, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TC_WITH_CLEANUP(sysctl_failure); | |||||
ATF_TC_HEAD(sysctl_failure, tc) | |||||
{ | |||||
atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " | |||||
"sysctl(3) call"); | |||||
} | |||||
ATF_TC_BODY(sysctl_failure, tc) | |||||
{ | |||||
pid = getpid(); | |||||
snprintf(miscreg, sizeof(miscreg), "sysctl.*%d.*return,failure", pid); | |||||
FILE *pipefd = setup(fds, auclass); | |||||
/* Failure reason: Invalid arguments */ | |||||
ATF_REQUIRE_EQ(-1, sysctl(NULL, 0, NULL, NULL, NULL, 0)); | |||||
check_audit(fds, miscreg, pipefd); | |||||
} | |||||
ATF_TC_CLEANUP(sysctl_failure, tc) | |||||
{ | |||||
cleanup(); | |||||
} | |||||
ATF_TP_ADD_TCS(tp) | |||||
{ | |||||
ATF_TP_ADD_TC(tp, audit_failure); | |||||
ATF_TP_ADD_TC(tp, sysarch_success); | |||||
ATF_TP_ADD_TC(tp, sysarch_failure); | |||||
ATF_TP_ADD_TC(tp, sysctl_success); | |||||
ATF_TP_ADD_TC(tp, sysctl_failure); | |||||
return (atf_no_error()); | |||||
} | |||||
Done Inline ActionsI think you should rename the sysarch tests. We aren't actually testing AMD64_GET_FSBASE; we don't care what it does. We're just testing the architecture-independent audit(4) connection of sysarch(2). Therefore I think you should have just a single test case called sysarch_success. Use conditional compilation to call atf_skip on unsupported architectures. asomers: I think you should rename the sysarch tests. We aren't actually testing `AMD64_GET_FSBASE`; we… |
Technically this is an input/output argument, so you still need to initialize all fields or tools like Coverity will complain.