Warning: That file was not part of the compilation database. It may have many parsing errors.

1/*
2 * Copyright (c) 2019 Alexey Dobriyan <adobriyan@gmail.com>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16/*
17 * Fork and exec tiny 1 page executable which precisely controls its VM.
18 * Test /proc/$PID/maps
19 * Test /proc/$PID/smaps
20 * Test /proc/$PID/smaps_rollup
21 * Test /proc/$PID/statm
22 *
23 * FIXME require CONFIG_TMPFS which can be disabled
24 * FIXME test other values from "smaps"
25 * FIXME support other archs
26 */
27#undef NDEBUG
28#include <assert.h>
29#include <errno.h>
30#include <sched.h>
31#include <signal.h>
32#include <stdbool.h>
33#include <stdint.h>
34#include <stdio.h>
35#include <string.h>
36#include <stdlib.h>
37#include <sys/mount.h>
38#include <sys/types.h>
39#include <sys/stat.h>
40#include <sys/wait.h>
41#include <fcntl.h>
42#include <unistd.h>
43#include <sys/syscall.h>
44#include <sys/uio.h>
45#include <linux/kdev_t.h>
46#include <sys/time.h>
47#include <sys/resource.h>
48
49static inline long sys_execveat(int dirfd, const char *pathname, char **argv, char **envp, int flags)
50{
51 return syscall(SYS_execveat, dirfd, pathname, argv, envp, flags);
52}
53
54static void make_private_tmp(void)
55{
56 if (unshare(CLONE_NEWNS) == -1) {
57 if (errno == ENOSYS || errno == EPERM) {
58 exit(4);
59 }
60 exit(1);
61 }
62 if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) == -1) {
63 exit(1);
64 }
65 if (mount(NULL, "/tmp", "tmpfs", 0, NULL) == -1) {
66 exit(1);
67 }
68}
69
70static pid_t pid = -1;
71static void ate(void)
72{
73 if (pid > 0) {
74 kill(pid, SIGTERM);
75 }
76}
77
78struct elf64_hdr {
79 uint8_t e_ident[16];
80 uint16_t e_type;
81 uint16_t e_machine;
82 uint32_t e_version;
83 uint64_t e_entry;
84 uint64_t e_phoff;
85 uint64_t e_shoff;
86 uint32_t e_flags;
87 uint16_t e_ehsize;
88 uint16_t e_phentsize;
89 uint16_t e_phnum;
90 uint16_t e_shentsize;
91 uint16_t e_shnum;
92 uint16_t e_shstrndx;
93};
94
95struct elf64_phdr {
96 uint32_t p_type;
97 uint32_t p_flags;
98 uint64_t p_offset;
99 uint64_t p_vaddr;
100 uint64_t p_paddr;
101 uint64_t p_filesz;
102 uint64_t p_memsz;
103 uint64_t p_align;
104};
105
106#ifdef __x86_64__
107#define PAGE_SIZE 4096
108#define VADDR (1UL << 32)
109#define MAPS_OFFSET 73
110
111#define syscall 0x0f, 0x05
112#define mov_rdi(x) \
113 0x48, 0xbf, \
114 (x)&0xff, ((x)>>8)&0xff, ((x)>>16)&0xff, ((x)>>24)&0xff, \
115 ((x)>>32)&0xff, ((x)>>40)&0xff, ((x)>>48)&0xff, ((x)>>56)&0xff
116
117#define mov_rsi(x) \
118 0x48, 0xbe, \
119 (x)&0xff, ((x)>>8)&0xff, ((x)>>16)&0xff, ((x)>>24)&0xff, \
120 ((x)>>32)&0xff, ((x)>>40)&0xff, ((x)>>48)&0xff, ((x)>>56)&0xff
121
122#define mov_eax(x) \
123 0xb8, (x)&0xff, ((x)>>8)&0xff, ((x)>>16)&0xff, ((x)>>24)&0xff
124
125static const uint8_t payload[] = {
126 /* Casually unmap stack, vDSO and everything else. */
127 /* munmap */
128 mov_rdi(VADDR + 4096),
129 mov_rsi((1ULL << 47) - 4096 - VADDR - 4096),
130 mov_eax(11),
131 syscall,
132
133 /* Ping parent. */
134 /* write(0, &c, 1); */
135 0x31, 0xff, /* xor edi, edi */
136 0x48, 0x8d, 0x35, 0x00, 0x00, 0x00, 0x00, /* lea rsi, [rip] */
137 0xba, 0x01, 0x00, 0x00, 0x00, /* mov edx, 1 */
138 mov_eax(1),
139 syscall,
140
141 /* 1: pause(); */
142 mov_eax(34),
143 syscall,
144
145 0xeb, 0xf7, /* jmp 1b */
146};
147
148static int make_exe(const uint8_t *payload, size_t len)
149{
150 struct elf64_hdr h;
151 struct elf64_phdr ph;
152
153 struct iovec iov[3] = {
154 {&h, sizeof(struct elf64_hdr)},
155 {&ph, sizeof(struct elf64_phdr)},
156 {(void *)payload, len},
157 };
158 int fd, fd1;
159 char buf[64];
160
161 memset(&h, 0, sizeof(h));
162 h.e_ident[0] = 0x7f;
163 h.e_ident[1] = 'E';
164 h.e_ident[2] = 'L';
165 h.e_ident[3] = 'F';
166 h.e_ident[4] = 2;
167 h.e_ident[5] = 1;
168 h.e_ident[6] = 1;
169 h.e_ident[7] = 0;
170 h.e_type = 2;
171 h.e_machine = 0x3e;
172 h.e_version = 1;
173 h.e_entry = VADDR + sizeof(struct elf64_hdr) + sizeof(struct elf64_phdr);
174 h.e_phoff = sizeof(struct elf64_hdr);
175 h.e_shoff = 0;
176 h.e_flags = 0;
177 h.e_ehsize = sizeof(struct elf64_hdr);
178 h.e_phentsize = sizeof(struct elf64_phdr);
179 h.e_phnum = 1;
180 h.e_shentsize = 0;
181 h.e_shnum = 0;
182 h.e_shstrndx = 0;
183
184 memset(&ph, 0, sizeof(ph));
185 ph.p_type = 1;
186 ph.p_flags = (1<<2)|1;
187 ph.p_offset = 0;
188 ph.p_vaddr = VADDR;
189 ph.p_paddr = 0;
190 ph.p_filesz = sizeof(struct elf64_hdr) + sizeof(struct elf64_phdr) + sizeof(payload);
191 ph.p_memsz = sizeof(struct elf64_hdr) + sizeof(struct elf64_phdr) + sizeof(payload);
192 ph.p_align = 4096;
193
194 fd = openat(AT_FDCWD, "/tmp", O_WRONLY|O_EXCL|O_TMPFILE, 0700);
195 if (fd == -1) {
196 exit(1);
197 }
198
199 if (writev(fd, iov, 3) != sizeof(struct elf64_hdr) + sizeof(struct elf64_phdr) + len) {
200 exit(1);
201 }
202
203 /* Avoid ETXTBSY on exec. */
204 snprintf(buf, sizeof(buf), "/proc/self/fd/%u", fd);
205 fd1 = open(buf, O_RDONLY|O_CLOEXEC);
206 close(fd);
207
208 return fd1;
209}
210#endif
211
212static bool g_vsyscall = false;
213
214static const char str_vsyscall[] =
215"ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]\n";
216
217#ifdef __x86_64__
218/*
219 * vsyscall page can't be unmapped, probe it with memory load.
220 */
221static void vsyscall(void)
222{
223 pid_t pid;
224 int wstatus;
225
226 pid = fork();
227 if (pid < 0) {
228 fprintf(stderr, "fork, errno %d\n", errno);
229 exit(1);
230 }
231 if (pid == 0) {
232 struct rlimit rlim = {0, 0};
233 (void)setrlimit(RLIMIT_CORE, &rlim);
234 *(volatile int *)0xffffffffff600000UL;
235 exit(0);
236 }
237 wait(&wstatus);
238 if (WIFEXITED(wstatus)) {
239 g_vsyscall = true;
240 }
241}
242
243int main(void)
244{
245 int pipefd[2];
246 int exec_fd;
247
248 vsyscall();
249
250 atexit(ate);
251
252 make_private_tmp();
253
254 /* Reserve fd 0 for 1-byte pipe ping from child. */
255 close(0);
256 if (open("/", O_RDONLY|O_DIRECTORY|O_PATH) != 0) {
257 return 1;
258 }
259
260 exec_fd = make_exe(payload, sizeof(payload));
261
262 if (pipe(pipefd) == -1) {
263 return 1;
264 }
265 if (dup2(pipefd[1], 0) != 0) {
266 return 1;
267 }
268
269 pid = fork();
270 if (pid == -1) {
271 return 1;
272 }
273 if (pid == 0) {
274 sys_execveat(exec_fd, "", NULL, NULL, AT_EMPTY_PATH);
275 return 1;
276 }
277
278 char _;
279 if (read(pipefd[0], &_, 1) != 1) {
280 return 1;
281 }
282
283 struct stat st;
284 if (fstat(exec_fd, &st) == -1) {
285 return 1;
286 }
287
288 /* Generate "head -n1 /proc/$PID/maps" */
289 char buf0[256];
290 memset(buf0, ' ', sizeof(buf0));
291 int len = snprintf(buf0, sizeof(buf0),
292 "%08lx-%08lx r-xp 00000000 %02lx:%02lx %llu",
293 VADDR, VADDR + PAGE_SIZE,
294 MAJOR(st.st_dev), MINOR(st.st_dev),
295 (unsigned long long)st.st_ino);
296 buf0[len] = ' ';
297 snprintf(buf0 + MAPS_OFFSET, sizeof(buf0) - MAPS_OFFSET,
298 "/tmp/#%llu (deleted)\n", (unsigned long long)st.st_ino);
299
300 /* Test /proc/$PID/maps */
301 {
302 const size_t len = strlen(buf0) + (g_vsyscall ? strlen(str_vsyscall) : 0);
303 char buf[256];
304 ssize_t rv;
305 int fd;
306
307 snprintf(buf, sizeof(buf), "/proc/%u/maps", pid);
308 fd = open(buf, O_RDONLY);
309 if (fd == -1) {
310 return 1;
311 }
312 rv = read(fd, buf, sizeof(buf));
313 assert(rv == len);
314 assert(memcmp(buf, buf0, strlen(buf0)) == 0);
315 if (g_vsyscall) {
316 assert(memcmp(buf + strlen(buf0), str_vsyscall, strlen(str_vsyscall)) == 0);
317 }
318 }
319
320 /* Test /proc/$PID/smaps */
321 {
322 char buf[4096];
323 ssize_t rv;
324 int fd;
325
326 snprintf(buf, sizeof(buf), "/proc/%u/smaps", pid);
327 fd = open(buf, O_RDONLY);
328 if (fd == -1) {
329 return 1;
330 }
331 rv = read(fd, buf, sizeof(buf));
332 assert(0 <= rv && rv <= sizeof(buf));
333
334 assert(rv >= strlen(buf0));
335 assert(memcmp(buf, buf0, strlen(buf0)) == 0);
336
337#define RSS1 "Rss: 4 kB\n"
338#define RSS2 "Rss: 0 kB\n"
339#define PSS1 "Pss: 4 kB\n"
340#define PSS2 "Pss: 0 kB\n"
341 assert(memmem(buf, rv, RSS1, strlen(RSS1)) ||
342 memmem(buf, rv, RSS2, strlen(RSS2)));
343 assert(memmem(buf, rv, PSS1, strlen(PSS1)) ||
344 memmem(buf, rv, PSS2, strlen(PSS2)));
345
346 static const char *S[] = {
347 "Size: 4 kB\n",
348 "KernelPageSize: 4 kB\n",
349 "MMUPageSize: 4 kB\n",
350 "Anonymous: 0 kB\n",
351 "AnonHugePages: 0 kB\n",
352 "Shared_Hugetlb: 0 kB\n",
353 "Private_Hugetlb: 0 kB\n",
354 "Locked: 0 kB\n",
355 };
356 int i;
357
358 for (i = 0; i < sizeof(S)/sizeof(S[0]); i++) {
359 assert(memmem(buf, rv, S[i], strlen(S[i])));
360 }
361
362 if (g_vsyscall) {
363 assert(memmem(buf, rv, str_vsyscall, strlen(str_vsyscall)));
364 }
365 }
366
367 /* Test /proc/$PID/smaps_rollup */
368 {
369 char bufr[256];
370 memset(bufr, ' ', sizeof(bufr));
371 len = snprintf(bufr, sizeof(bufr),
372 "%08lx-%08lx ---p 00000000 00:00 0",
373 VADDR, VADDR + PAGE_SIZE);
374 bufr[len] = ' ';
375 snprintf(bufr + MAPS_OFFSET, sizeof(bufr) - MAPS_OFFSET,
376 "[rollup]\n");
377
378 char buf[1024];
379 ssize_t rv;
380 int fd;
381
382 snprintf(buf, sizeof(buf), "/proc/%u/smaps_rollup", pid);
383 fd = open(buf, O_RDONLY);
384 if (fd == -1) {
385 return 1;
386 }
387 rv = read(fd, buf, sizeof(buf));
388 assert(0 <= rv && rv <= sizeof(buf));
389
390 assert(rv >= strlen(bufr));
391 assert(memcmp(buf, bufr, strlen(bufr)) == 0);
392
393 assert(memmem(buf, rv, RSS1, strlen(RSS1)) ||
394 memmem(buf, rv, RSS2, strlen(RSS2)));
395 assert(memmem(buf, rv, PSS1, strlen(PSS1)) ||
396 memmem(buf, rv, PSS2, strlen(PSS2)));
397
398 static const char *S[] = {
399 "Anonymous: 0 kB\n",
400 "AnonHugePages: 0 kB\n",
401 "Shared_Hugetlb: 0 kB\n",
402 "Private_Hugetlb: 0 kB\n",
403 "Locked: 0 kB\n",
404 };
405 int i;
406
407 for (i = 0; i < sizeof(S)/sizeof(S[0]); i++) {
408 assert(memmem(buf, rv, S[i], strlen(S[i])));
409 }
410 }
411
412 /* Test /proc/$PID/statm */
413 {
414 char buf[64];
415 ssize_t rv;
416 int fd;
417
418 snprintf(buf, sizeof(buf), "/proc/%u/statm", pid);
419 fd = open(buf, O_RDONLY);
420 if (fd == -1) {
421 return 1;
422 }
423 rv = read(fd, buf, sizeof(buf));
424 assert(rv == 7 * 2);
425
426 assert(buf[0] == '1'); /* ->total_vm */
427 assert(buf[1] == ' ');
428 assert(buf[2] == '0' || buf[2] == '1'); /* rss */
429 assert(buf[3] == ' ');
430 assert(buf[4] == '0' || buf[2] == '1'); /* file rss */
431 assert(buf[5] == ' ');
432 assert(buf[6] == '1'); /* ELF executable segments */
433 assert(buf[7] == ' ');
434 assert(buf[8] == '0');
435 assert(buf[9] == ' ');
436 assert(buf[10] == '0'); /* ->data_vm + ->stack_vm */
437 assert(buf[11] == ' ');
438 assert(buf[12] == '0');
439 assert(buf[13] == '\n');
440 }
441
442 return 0;
443}
444#else
445int main(void)
446{
447 return 4;
448}
449#endif
450

Warning: That file was not part of the compilation database. It may have many parsing errors.