Add new cc and c++ tests to check whether UBSan works.
These tests are prepared for GCC (in base) and Clang (with external patches).
Enable these tests for all ports by default, just verify whether we are
using GCC/Clang or a compatible compiler.
Add five equivalent C and C++ tests:
- Integer addition overflow
- Integer divide by zero
- Integer negation overflow
- Integer subtraction overflow
- VLA out of bounds
All tests pass on NetBSD/amd64.
Patch submitted by <Harry Pantazis>
Minor cleanup by <myself>
Add support for tracing vfork(2) events in the context of ptrace(2).
This API covers other frontends to fork1(9) like posix_spawn(2) or clone(2),
if they cause parent to wait for exec(2) or exit(2) of the child.
Changes:
- Add new argument to sigswitch() determining whether we need to acquire
the proc_lock or whether it's already held.
- Refactor fork1(9) for fork(2) and vfork(2)-like events.
Call sigswitch() from fork(1) for forking or vforking parent, instead of
emitting kpsignal(9). We need to emit the signal and suspend the parent,
returning to user and relock proc_lock.
- Add missing prototype for proc_stop_done() in kern_sig.c.
- Make sigswitch a public function accessible from other kernel code
including <sys/signalvar.h>.
- Remove an entry about unimplemented PTRACE_VFORK in the ptrace(2) man page.
- Permin PTRACE_VFORK in the ptrace(2) frontend for userland.
- Remove expected failure for unimplemented PTRACE_VFORK tests in the ATF
ptrace(2) test-suite.
- Relax signal routing constraints under a debugger for a vfork(2)ed child.
This intended to protect from signaling a parent of a vfork(2)ed child that
called PT_TRACE_ME, but wrongly misrouted other signals in vfork(2)
use-cases.
Add XXX comments about still existing problems and future enhancements:
- correct vfork(2) + PT_TRACE_ME handling.
- fork1(2) handling of scenarios when a process is collected in valid but
rare cases.
All ATF ptrace(2) fork[1-8] and vfork[1-8] tests pass.
Fix PR kern/51630 by Kamil Rytarowski (myself).
Sponsored by <The NetBSD Foundation>
Added:
- traceme_pid1_parent
Assert that a process cannot mark its parent a debugger twice
- traceme_twice
Verify that PT_TRACE_ME is not allowed when our parent is PID1
All tests pass.
Sponsored by <The NetBSD Foundation>
This test checks raise(SIGKILL). If we enter the kernel with this signal
we report a signaled child in a debugger, not stopped with an option to
make an action.
FreeBSD behaves differently and allows intercepting this event in a tracer.
Follow the Linux behavior.
If we really want to prevent raise(SIGKILL) from signaling the tracee, we
still can breakpoint raise(3) and alter the syscall arguments (or use
the PT_SYSCALL mode). If we are already in the kernel, SIGKILL always means
killing the process, whether or not traced and the source of SIGKILL.
This tests passes on NetBSD without kernel changes.
Sponsored by <The NetBSD Foundation>
Replace traceme3 with new ATF tests using diverse signals:
- traceme_signal_nohandler1 SIGKILL
- traceme_signal_nohandler2 SIGSTOP (temporarily disabled)
- traceme_signal_nohandler3 SIGABRT (emits core dump)
- traceme_signal_nohandler4 SIGHUP
- traceme_signal_nohandler5 SIGCONT
These SIGSTOP test does not work properly right now as it unstops the
traccee.
Sponsored by <The NetBSD Foundation>
Replace traceme2 with 3 tests:
- traceme_sighandler_catch1
- traceme_sighandler_catch2
- traceme_sighandler_catch3
These tests are verified with PT_TRACE_ME for: SIGHUP, SIGCONT and SIGABRT.
We don't want tests all signals (this is a domain for a fuzzer), but we want
to cover tests with signals from different groups.
All tests pass.
Sponsored by <The NetBSD Foundation>
Use common bode for these tests and a macro 1-liner to define a new test.
Test the same scenarios for 5 signals:
- SIGKILL (temporarily disabled)
- SIGSTOP
- SIGABRT
- SIGHUP
- SIGCONT
These tests call: raise(sig). It's actually important to assert their
behavior for tests that are from different kinds.
The SIGKILL test is work in progress. It can be caught by a debugger on the
FreeBSD kernel, but it's causing a signaled event in a debugger on Linux.
NetBSD is right now in one of the camps, but research whether this is a bug
or feature is in progress.
Sponsored by <The NetBSD Foundation>
Currently this test case will fail, a fix is coming soon (not worth
marking this as an expected failure.)
This test case and the initial bug report comes from
Martijn Dekker's modernish (shell/test set).
Add CPP syntax sugare to define each fork-like test within a single line
of code with less than 80 columns.
This is a preparation for new fork-like scenarios where we detach either
child and/or parent with PT_DETACH.
The code could be still reduced to smaller number of columns, instead of:
FORK_TEST(fork1, DSCR(fork,0,0,0,0,0), fork, F, F, F, F, F)
we could perhaps need 50% of it, as the data is duplicated.
On the other hand the line is already short and taking only a single line.
No functional change intended.
Sponsored by <The NetBSD Foundation>
Add new tests:
- tests/usr.bin/cc/t_asan_poison.sh
- tests/usr.bin/c++/t_asan_poison.sh
These tests verify the following build options:
- regular
- profile
- pic
- pie
- compat32
- (static unsupported)
These tests verify whether ASan code can include compiler and sanitizer
specific header: <sanitizer/asan_interface.h>. The testing code checks
the ASAN_POISON_MEMORY_REGION() functionality, poisoning valid memory and
asserting that it triggers expected failure.
Patch submitted by <Siddharth Muralee>
Use a shared common body for all the tests: fork1..fork8, vfork1..vfork8.
Merge vforkdone1 and vforkdone2 into vfork* tests.
All the (v?)fork[1-8] tests cover:
- calling either fork(2) or vfork(2)
- tracking either enabled or disabled FORK, VFORK or VFORK_DONE
All the PTRACE_VFORK tests are marked as expected failure.
Sponsored by <The NetBSD Foundation>
Merge vforkdone1 and vforkdone2 into other fork tests and reuse the same
function body fork_test().
There is an implicit enhancement in vforkdone2 that it was skipping
PTRACE_VFORK check. This test is now marked as expected failure.
PR kern/51630
Sponsored by <The NetBSD Foundation>
Introduce a new function can_we_set_dbregs() in the ATF ptrace(2) tests.
It uses lazy-bool evaluation whether a process can call PT_SETDBREGS.
In case of not being able to do so, print a message and mark a test
as skipped:
Either run this test as root or set sysctl(3)
security.models.extensions.user_set_dbregs to 1
No functional change intended to the code flow of the existing tested
scenarios.
Sponsored by <The NetBSD Foundation>
Add new C and C++ tests:
- t_asan_double_free
- t_asan_global_buffer_overflow
- t_asan_heap_overflow
- t_asan_off_by_one
- t_asan_uaf
Each tests checks:
- regular build
- 32-bit
- PIC
- PIE
- profile
These tests require paxctl(8) to disable ASLR in order to work in a
predictable way. This is especially true for all !regular builds with
additional compiler flags.
There are no static variations of these tests as this mode is not supported
in upstream ASan.
Enable these tests on amd64 and i386.
This is part two patch, adding the remaining C++ changes.
Patch submitted by <Siddharth Muralee>
Additional polishing by myself.
Add new C and C++ tests:
- t_asan_double_free
- t_asan_global_buffer_overflow
- t_asan_heap_overflow
- t_asan_off_by_one
- t_asan_uaf
Each tests checks:
- regular build
- 32-bit
- PIC
- PIE
- profile
These tests require paxctl(8) to disable ASLR in order to work in a
predictable way. This is especially true for all !regular builds with
additional compiler flags.
There are no static variations of these tests as this mode is not supported
in upstream ASan.
Enable these tests on amd64 and i386.
Patch submitted by <Siddharth Muralee>
Additional polishing by myself.
If we do so, there will remain one route that is of a preceding address, but
that behavior is not documented and may be changed in the future. Tests
shouldn't rely on such a unstable behavior.
New tests attempting to kill, stop, drop or revive a zombie:
- signal1 (SIGKILL)
- signal2 (SIGSTOP)
- signal3 (SIGABRT)
- signal4 (SIGHUP)
- signal5 (SIGCONT)
New test race1 verifying whether there are any kernel races when processing
signals to zombies, executing in a loop for 5 seconds.
These tests were inspired by a kernel unexpected behavior when a lookup
of a dying process could result in two detected entities once as an alive
process and once as a zombie.
race1 is similar to t_ptrace_wait* race1, however without ptrace(2) involved.
Sponsored by <The NetBSD Foundation>
Reuse the attach1's test body for race1.
Add a new test race1:
Assert that await_zombie() in attach1 always finds a single
process and no other error is reported
race1 requires HAVE_PID in wait(2)-like function.
This test is executed in a loop for 5 seconds (16k iterations on Intel i7).
A buggy kernel was asserting an error within this timeframe almost always.
The bug in the kernel is now gone and this test is expected to pass
correctly.
Sponsored by <The NetBSD Foundation>
Add await_zombie_raw() that is the same as await_zombie(), whith an
addition of additional "useconds_t ms" parameter indicating delays between
new polling for a zombie process.
This new function will be used for testing a race condition that has been
observed occassionally crashing a test case -- returning duplicate entries
for KERN_PROC_PID.
Sponsored by <The NetBSD Foundation>
joerg