summaryrefslogtreecommitdiffhomepage
path: root/test/syscalls/linux/ptrace.cc
AgeCommit message (Collapse)Author
2021-04-28Remove side effect from test casesFabricio Voznika
Restore capabilities for tests that need to change them. PiperOrigin-RevId: 371007047
2021-04-13Remove _NoRandomSave tests.Adin Scannell
We do not currently run random save tests. PiperOrigin-RevId: 368309921
2021-02-24Add YAMA security module restrictions on ptrace(2).Dean Deng
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723
2020-10-30Separate kernel.Task.AsCopyContext() into CopyContext() and OwnCopyContext().Jamie Liu
kernel.copyContext{t} cannot be used outside of t's task goroutine, for three reasons: - t.CopyScratchBuffer() is task-goroutine-local. - Calling t.MemoryManager() without running on t's task goroutine or locking t.mu violates t.MemoryManager()'s preconditions. - kernel.copyContext passes t as context.Context to MM IO methods, which is illegal outside of t's task goroutine (cf. kernel.Task.Value()). Fix this by splitting AsCopyContext() into CopyContext() (which takes an explicit context.Context and is usable outside of the task goroutine) and OwnCopyContext() (which uses t as context.Context, but is only usable by t's task goroutine). PiperOrigin-RevId: 339933809
2020-04-10Enable syscall ptrace test on arm64.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I5bb8fa7d580d173b1438d6465e1adb442216c8fa
2020-04-03Add missing newlineTamir Duberstein
PiperOrigin-RevId: 304659346
2020-02-19Add basic microbenchmarks.Adin Scannell
PiperOrigin-RevId: 296104390
2020-01-27Create platform_util for tests.Adin Scannell
PiperOrigin-RevId: 291869423
2020-01-27Fix header ordering and format all C++ code.Adin Scannell
PiperOrigin-RevId: 291844200
2020-01-21Change to standard types.Adin Scannell
PiperOrigin-RevId: 290846481
2020-01-21Merge pull request #1492 from majek:err_typo_in_netstack_testsgVisor bot
PiperOrigin-RevId: 290840370
2019-09-16Migrate from gflags to absl flagsMichael Pratt
absl flags are more modern and we can easily depend on them directly. The repo now successfully builds with --incompatible_load_cc_rules_from_bzl. PiperOrigin-RevId: 269387081
2019-05-24Extract SleepSafe from test_utilTamir Duberstein
Allows socket tests that rely on test_util to compile on Fuchsia. PiperOrigin-RevId: 249884084 Change-Id: I17617e3f1baaba4c85c689f40db4a42a8de1597e
2019-04-29Change copyright notice to "The gVisor Authors"Michael Pratt
Based on the guidelines at https://opensource.google.com/docs/releasing/authors/. 1. $ rg -l "Google LLC" | xargs sed -i 's/Google LLC.*/The gVisor Authors./' 2. Manual fixup of "Google Inc" references. 3. Add AUTHORS file. Authors may request to be added to this file. 4. Point netstack AUTHORS to gVisor AUTHORS. Drop CONTRIBUTORS. Fixes #209 PiperOrigin-RevId: 245823212 Change-Id: I64530b24ad021a7d683137459cafc510f5ee1de9
2019-04-29Allow and document bug ids in gVisor codebase.Nicolas Lacasse
PiperOrigin-RevId: 245818639 Change-Id: I03703ef0fb9b6675955637b9fe2776204c545789
2019-04-29Appease googletest deprecationTamir Duberstein
PiperOrigin-RevId: 245788366 Change-Id: I17bbecf8493132dbe95564c34c45b838194bfabb
2019-04-26Remove syscall tests' dependency on glogTamir Duberstein
PiperOrigin-RevId: 245469859 Change-Id: I0610e477cc3a884275852e83028ecfb501f2c039
2019-04-05Deflake PtraceTest.SeizeSetOptions.Jamie Liu
PiperOrigin-RevId: 242226319 Change-Id: Iefc78656841315f6b7d48bd85db451486850264d
2019-04-02Set options on the correct Task in PTRACE_SEIZE.Jamie Liu
$ docker run --rm --runtime=runsc -it --cap-add=SYS_PTRACE debian bash -c "apt-get update && apt-get install strace && strace ls" ... Setting up strace (4.15-2) ... execve("/bin/ls", ["ls"], [/* 6 vars */]) = 0 brk(NULL) = 0x5646d8c1e000 uname({sysname="Linux", nodename="114ef93d2db3", ...}) = 0 ... PiperOrigin-RevId: 241643321 Change-Id: Ie4bce27a7fb147eef07bbae5895c6ef3f529e177
2019-03-22Implement PTRACE_SEIZE, PTRACE_INTERRUPT, and PTRACE_LISTEN.Jamie Liu
PiperOrigin-RevId: 239803092 Change-Id: I42d612ed6a889e011e8474538958c6de90c6fcab
2019-02-11gvisor: check that ptrace properly handles int3Andrei Vagin
PiperOrigin-RevId: 233516412 Change-Id: I7a0f1443de7eeebb5d8ad59e4759ca2e036a3c4d
2019-01-11Clean up some uses of fork() in tests.Jamie Liu
- Fix a few cases where async-signal-unsafe code is executed in a forked process pre-execve. - Ensure that the return value of fork() is always checked. PiperOrigin-RevId: 228949310 Change-Id: I3096cb7d7394b8d9ab81b0e0245f2060713ef589
2018-12-10Open source system call tests.Brian Geffon
PiperOrigin-RevId: 224886231 Change-Id: I0fccb4d994601739d8b16b1d4e6b31f40297fb22
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 14:53:45 +0000