The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=96f262dcacdbfb56e94c60985b07f9f8ee2d046b
commit 96f262dcacdbfb56e94c60985b07f9f8ee2d046b Author: Alex S <[email protected]> AuthorDate: 2026-05-11 23:52:20 +0000 Commit: Ed Maste <[email protected]> CommitDate: 2026-05-13 20:40:16 +0000 tests/sys/arch/amd64: Add a basic ptrace syscall tampering test Signed-off-by: Alex S <[email protected]> Reviewed-by: kib Pull-request: https://github.com/freebsd/freebsd-src/pull/2190 --- tests/sys/arch/amd64/Makefile | 1 + tests/sys/arch/amd64/ptrace-sce-tamper.c | 89 ++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/tests/sys/arch/amd64/Makefile b/tests/sys/arch/amd64/Makefile index 34f3c90c4082..d4cf00237f9b 100644 --- a/tests/sys/arch/amd64/Makefile +++ b/tests/sys/arch/amd64/Makefile @@ -1,6 +1,7 @@ TESTSDIR= ${TESTSBASE}/sys/arch/amd64 PLAIN_TESTS_C+= int0x80 +PLAIN_TESTS_C+= ptrace-sce-tamper BINDIR= ${TESTSDIR} diff --git a/tests/sys/arch/amd64/ptrace-sce-tamper.c b/tests/sys/arch/amd64/ptrace-sce-tamper.c new file mode 100644 index 000000000000..0645f62a7e9b --- /dev/null +++ b/tests/sys/arch/amd64/ptrace-sce-tamper.c @@ -0,0 +1,89 @@ +/* + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2026 Alex S <[email protected]> + */ + +#include <machine/reg.h> +#include <sys/ptrace.h> +#include <sys/syscall.h> +#include <sys/wait.h> + +#include <assert.h> +#include <err.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +#ifndef __amd64__ +#error "amd64 only" +#endif + +/* + * This test substitutes exit(42) instead of getpid() using ptrace. + */ + +static const int EXPECTED_EXIT_CODE = 42; + +static void +tamper(pid_t pid) +{ + struct ptrace_lwpinfo info; + struct reg regs; + + if (ptrace(PT_LWPINFO, pid, (caddr_t)&info, sizeof(info)) == -1) + err(1, "ptrace(PT_LWPINFO)"); + + if ((info.pl_flags & PL_FLAG_SCE) != 0 && + info.pl_syscall_code == SYS_getpid) { + if (ptrace(PT_GETREGS, pid, (caddr_t)®s, sizeof(regs)) == -1) + err(1, "ptrace(PT_GETREGS)"); + + regs.r_rax = SYS_exit; + regs.r_rdi = EXPECTED_EXIT_CODE; + + if (ptrace(PT_SETREGS, pid, (caddr_t)®s, sizeof(regs)) == -1) + err(1, "ptrace(PT_SETREGS)"); + } +} + +int +main(void) +{ + pid_t pid; + int status; + + pid = fork(); + if (pid == -1) + err(1, "fork"); + + if (pid == 0) { + (void)ptrace(PT_TRACE_ME, 0, 0, 0); + (void)getpid(); + exit(0); + } else { + if (ptrace(PT_ATTACH, pid, 0, 0) == -1) + err(1, "ptrace(PT_ATTACH)"); + + for (;;) { + if (wait(&status) == -1) + err(1, "wait"); + + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) == EXPECTED_EXIT_CODE) { + printf("exit code changed\n"); + exit(0); + } else { + printf("unable to change exit code\n"); + exit(1); + } + } + + assert(WIFSTOPPED(status)); + tamper(pid); + + if (ptrace(PT_TO_SCE, pid, (caddr_t)1, 0) == -1) + err(1, "ptrace(PT_TO_SCE)"); + } + } +}
