CVS commit: src

Kamil Rytarowski Wed, 22 Feb 2017 16:50:51 -0800

Module Name:    src
Committed By:   kamil
Date:           Thu Feb 23 00:50:09 UTC 2017


Modified Files:
        src/sys/kern: sys_ptrace_common.c
        src/tests/kernel: t_ptrace_wait.c

Log Message:
Improve PT_SET_SIGMASK and PT_GET_SIGMASK API in ptrace(2)

Use proper check for LW_SYSTEM, don't depend on PT_GETREGS/PT_SETREGS.
Don't allow to mask SA_CANTMASK signals with PT_SET_SIGMASK (this covers
SIGSTOP and SIGKILL).

Add new ATF tests:
 - setsigmask5
   Verify that sigmask cannot be set to SIGKILL

 - setsigmask6
   Verify that sigmask cannot be set to SIGSTOP

Sponsored by <The NetBSD Foundation>


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/kern/sys_ptrace_common.c
cvs rdiff -u -r1.71 -r1.72 src/tests/kernel/t_ptrace_wait.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/sys_ptrace_common.c
diff -u src/sys/kern/sys_ptrace_common.c:1.15 src/sys/kern/sys_ptrace_common.c:1.16
--- src/sys/kern/sys_ptrace_common.c:1.15	Wed Feb 22 23:43:43 2017
+++ src/sys/kern/sys_ptrace_common.c	Thu Feb 23 00:50:09 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: sys_ptrace_common.c,v 1.15 2017/02/22 23:43:43 kamil Exp $	*/
+/*	$NetBSD: sys_ptrace_common.c,v 1.16 2017/02/23 00:50:09 kamil Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -118,7 +118,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.15 2017/02/22 23:43:43 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.16 2017/02/23 00:50:09 kamil Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ptrace.h"
@@ -1098,11 +1098,12 @@ do_ptrace(struct ptrace_methods *ptm, st
 			mutex_exit(t->p_lock);
 		}
 
-		if (!process_validregs(lt))
+		if (lt->l_flag & LW_SYSTEM)
 			error = EINVAL;
-		else if (write == 1)
+		else if (write == 1) {
 			error = copyin(addr, &lt->l_sigmask, sizeof(sigset_t));
-		else
+			sigminusset(&sigcantmask, &lt->l_sigmask);
+		} else
 			error = copyout(&lt->l_sigmask, addr, sizeof(sigset_t));
 			
 		break;

Index: src/tests/kernel/t_ptrace_wait.c
diff -u src/tests/kernel/t_ptrace_wait.c:1.71 src/tests/kernel/t_ptrace_wait.c:1.72
--- src/tests/kernel/t_ptrace_wait.c:1.71	Wed Feb 22 23:43:43 2017
+++ src/tests/kernel/t_ptrace_wait.c	Thu Feb 23 00:50:09 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: t_ptrace_wait.c,v 1.71 2017/02/22 23:43:43 kamil Exp $	*/
+/*	$NetBSD: t_ptrace_wait.c,v 1.72 2017/02/23 00:50:09 kamil Exp $	*/
 
 /*-
  * Copyright (c) 2016 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_ptrace_wait.c,v 1.71 2017/02/22 23:43:43 kamil Exp $");
+__RCSID("$NetBSD: t_ptrace_wait.c,v 1.72 2017/02/23 00:50:09 kamil Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -6947,6 +6947,128 @@ ATF_TC_BODY(setsigmask4, tc)
 	TWAIT_REQUIRE_FAILURE(ECHILD, wpid = TWAIT_GENERIC(child, &status, 0));
 }
 
+ATF_TC(setsigmask5);
+ATF_TC_HEAD(setsigmask5, tc)
+{
+	atf_tc_set_md_var(tc, "descr",
+	    "Verify that sigmask cannot be set to SIGKILL");
+}
+
+ATF_TC_BODY(setsigmask5, tc)
+{
+	const int exitval = 5;
+	const int sigval = SIGSTOP;
+	pid_t child, wpid;
+#if defined(TWAIT_HAVE_STATUS)
+	int status;
+#endif
+	sigset_t new_mask;
+	sigset_t mask;
+	ATF_REQUIRE(sigemptyset(&new_mask) == 0);
+	ATF_REQUIRE(sigemptyset(&mask) == 0);
+	ATF_REQUIRE(sigaddset(&mask, SIGKILL) == 0);
+
+	printf("Before forking process PID=%d\n", getpid());
+	ATF_REQUIRE((child = fork()) != -1);
+	if (child == 0) {
+		printf("Before calling PT_TRACE_ME from child %d\n", getpid());
+		FORKEE_ASSERT(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
+
+		printf("Before raising %s from child\n", strsignal(sigval));
+		FORKEE_ASSERT(raise(sigval) == 0);
+
+		printf("Before exiting of the child process\n");
+		_exit(exitval);
+	}
+	printf("Parent process PID=%d, child's PID=%d\n", getpid(), child);
+
+	printf("Before calling %s() for the child\n", TWAIT_FNAME);
+	TWAIT_REQUIRE_SUCCESS(wpid = TWAIT_GENERIC(child, &status, 0), child);
+
+	validate_status_stopped(status, sigval);
+
+	printf("Before calling PT_SET_SIGMASK for new mask with SIGINT\n");
+	ATF_REQUIRE(ptrace(PT_SET_SIGMASK, child, &mask, 0) != -1);
+
+	printf("Before calling PT_GET_SIGMASK to store it in new_mask\n");
+	ATF_REQUIRE(ptrace(PT_GET_SIGMASK, child, &new_mask, 0) != -1);
+
+	ATF_REQUIRE(memcmp(&mask, &new_mask, sizeof(sigset_t)) != 0);
+
+	printf("Before resuming the child process where it left off and "
+	    "without signal to be sent\n");
+	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (void *)1, 0) != -1);
+
+	printf("Before calling %s() for the child\n", TWAIT_FNAME);
+	TWAIT_REQUIRE_SUCCESS(wpid = TWAIT_GENERIC(child, &status, 0), child);
+
+	validate_status_exited(status, exitval);
+
+	printf("Before calling %s() for the child\n", TWAIT_FNAME);
+	TWAIT_REQUIRE_FAILURE(ECHILD, wpid = TWAIT_GENERIC(child, &status, 0));
+}
+
+ATF_TC(setsigmask6);
+ATF_TC_HEAD(setsigmask6, tc)
+{
+	atf_tc_set_md_var(tc, "descr",
+	    "Verify that sigmask cannot be set to SIGSTOP");
+}
+
+ATF_TC_BODY(setsigmask6, tc)
+{
+	const int exitval = 5;
+	const int sigval = SIGSTOP;
+	pid_t child, wpid;
+#if defined(TWAIT_HAVE_STATUS)
+	int status;
+#endif
+	sigset_t new_mask;
+	sigset_t mask;
+	ATF_REQUIRE(sigemptyset(&new_mask) == 0);
+	ATF_REQUIRE(sigemptyset(&mask) == 0);
+	ATF_REQUIRE(sigaddset(&mask, SIGSTOP) == 0);
+
+	printf("Before forking process PID=%d\n", getpid());
+	ATF_REQUIRE((child = fork()) != -1);
+	if (child == 0) {
+		printf("Before calling PT_TRACE_ME from child %d\n", getpid());
+		FORKEE_ASSERT(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
+
+		printf("Before raising %s from child\n", strsignal(sigval));
+		FORKEE_ASSERT(raise(sigval) == 0);
+
+		printf("Before exiting of the child process\n");
+		_exit(exitval);
+	}
+	printf("Parent process PID=%d, child's PID=%d\n", getpid(), child);
+
+	printf("Before calling %s() for the child\n", TWAIT_FNAME);
+	TWAIT_REQUIRE_SUCCESS(wpid = TWAIT_GENERIC(child, &status, 0), child);
+
+	validate_status_stopped(status, sigval);
+
+	printf("Before calling PT_SET_SIGMASK for new mask with SIGINT\n");
+	ATF_REQUIRE(ptrace(PT_SET_SIGMASK, child, &mask, 0) != -1);
+
+	printf("Before calling PT_GET_SIGMASK to store it in new_mask\n");
+	ATF_REQUIRE(ptrace(PT_GET_SIGMASK, child, &new_mask, 0) != -1);
+
+	ATF_REQUIRE(memcmp(&mask, &new_mask, sizeof(sigset_t)) != 0);
+
+	printf("Before resuming the child process where it left off and "
+	    "without signal to be sent\n");
+	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (void *)1, 0) != -1);
+
+	printf("Before calling %s() for the child\n", TWAIT_FNAME);
+	TWAIT_REQUIRE_SUCCESS(wpid = TWAIT_GENERIC(child, &status, 0), child);
+
+	validate_status_exited(status, exitval);
+
+	printf("Before calling %s() for the child\n", TWAIT_FNAME);
+	TWAIT_REQUIRE_FAILURE(ECHILD, wpid = TWAIT_GENERIC(child, &status, 0));
+}
+
 static void
 lwp_main_stop(void *arg)
 {
@@ -7404,6 +7526,8 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, setsigmask2);
 	ATF_TP_ADD_TC(tp, setsigmask3);
 	ATF_TP_ADD_TC(tp, setsigmask4);
+	ATF_TP_ADD_TC(tp, setsigmask5);
+	ATF_TP_ADD_TC(tp, setsigmask6);
 
 	return atf_no_error();
 }

CVS commit: src

Reply via email to