git: a94eacb13977 - stable/14 - tests: Add ktrace regression test for shm_open

From: Jake Freeland <jfree_at_FreeBSD.org>
Date: Sun, 12 May 2024 00:08:37 UTC
The branch stable/14 has been updated by jfree:

URL: https://cgit.FreeBSD.org/src/commit/?id=a94eacb139772114a68030ca8987d6bd8e67a4ab

commit a94eacb139772114a68030ca8987d6bd8e67a4ab
Author:     Jake Freeland <jfree@FreeBSD.org>
AuthorDate: 2024-04-10 02:18:11 +0000
Commit:     Jake Freeland <jfree@FreeBSD.org>
CommitDate: 2024-05-11 23:57:44 +0000

    tests: Add ktrace regression test for shm_open
    
    Verify that a capability violation is recorded when shm_open(2) is called
    with a non-anonymous path.
    
    Approved by:    markj (mentor)
    Reviewed by:    markj
    MFC after:      1 month
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D44733
    
    (cherry picked from commit 054a4720591f0c98579bccef2751fd458ee4f71f)
---
 tests/sys/kern/ktrace_test.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/sys/kern/ktrace_test.c b/tests/sys/kern/ktrace_test.c
index 49e2ed05fed9..21868441c687 100644
--- a/tests/sys/kern/ktrace_test.c
+++ b/tests/sys/kern/ktrace_test.c
@@ -31,6 +31,7 @@
 #include <sys/capsicum.h>
 #include <sys/cpuset.h>
 #include <sys/ktrace.h>
+#include <sys/mman.h>
 #include <sys/socket.h>
 #include <sys/sysent.h>
 #include <sys/time.h>
@@ -474,6 +475,38 @@ ATF_TC_BODY(ktrace__cap_cpuset, tc)
 	    "cpuset_setaffinity");
 }
 
+ATF_TC_WITHOUT_HEAD(ktrace__cap_shm_open);
+ATF_TC_BODY(ktrace__cap_shm_open, tc)
+{
+	struct ktr_cap_fail violation;
+	sigset_t set = { };
+	pid_t pid;
+	int error;
+
+	/* Block SIGUSR1 so child does not terminate. */
+	ATF_REQUIRE(sigaddset(&set, SIGUSR1) != -1);
+	ATF_REQUIRE(sigprocmask(SIG_BLOCK, &set, NULL) != -1);
+
+	ATF_REQUIRE((pid = fork()) != -1);
+	if (pid == 0) {
+		/* Wait until ktrace has started. */
+		CHILD_REQUIRE(sigwait(&set, &error) != -1);
+		CHILD_REQUIRE_EQ(error, SIGUSR1);
+
+		CHILD_REQUIRE(shm_open("/ktrace_shm", O_RDWR | O_CREAT,
+		    0600) != -1);
+		CHILD_REQUIRE(shm_unlink("/ktrace_shm") != -1);
+		exit(0);
+	}
+
+	cap_trace_child(pid, &violation, 1);
+	ATF_REQUIRE_EQ(violation.cap_type, CAPFAIL_NAMEI);
+	error = syscallabi(violation.cap_svflags);
+	ATF_REQUIRE_STREQ(sysdecode_syscallname(error, violation.cap_code),
+	    "shm_open2");
+	ATF_REQUIRE_STREQ(violation.cap_data.cap_path, "/ktrace_shm");
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 	ATF_TP_ADD_TC(tp, ktrace__cap_not_capable);
@@ -484,5 +517,6 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, ktrace__cap_sockaddr);
 	ATF_TP_ADD_TC(tp, ktrace__cap_namei);
 	ATF_TP_ADD_TC(tp, ktrace__cap_cpuset);
+	ATF_TP_ADD_TC(tp, ktrace__cap_shm_open);
 	return (atf_no_error());
 }