From nobody Wed May 13 20:40:36 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gG52K2yhYz6d0wc
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Wed, 13 May 2026 20:40:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gG52K22QNz3n6r
	for <dev-commits-src-all@FreeBSD.org>; Wed, 13 May 2026 20:40:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1778704841;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=l3knK7iRgcuDKCwYbJPYnFzLtisUjU8I1rJcGyaFS0s=;
	b=ARUhLVkkoWzotNmhxcqPd6Z9uIAgpoB7zWnYC82amfvcZEd97shmPJOoimCqmcb+QbAqlQ
	5iqfAwNnBbDdx/jE3l6Byb9iHTkmBmiR3SIXtOsDbH4EeCrZFX5CPp2oN6GRRNIOJ07h92
	lKLGFmscDsIwfydUoO9Y5tSJre1do4iP30Gz24MSG3cC+xQLO2bpakTMQyLvGqnyvUA/41
	i6lKMZhKTAqc8WUZs15d45s/QJC4m3phDe5f7N3FrkNQYOJp6MSOj8uDwozYtoKijGUQB8
	ujq45p1WpRshwe/qCWYMF5UCY30fXqWNeMXeHFJY+7jsiuqzASbvB4EWhWLYnQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1778704841; a=rsa-sha256; cv=none;
	b=CyuiJhUjNFaHck83UD7UqF8L+y6i8m+Bmp+W4C33qnO000K6swFdVAQ+Z1uir/t5TAYL01
	DQF91A1erszoPejnVJe4b5qxbSnPBC+SRP9/QmRRH80dDnFGcF0bKCMKIEH2+V9/DGewcE
	VLdgc8rvJwKSrZNfJ9VSrgoYSFqY+pttU5jIMA5tlcrLVdRen+oNMG2hSxvUmSl/+umiAI
	96DOs1EkhH73y0/9SeDkR/lcsLIE9dXeVjjT5c69v198Kj+IKlNOucLfX28rbpLoZYW64e
	vP0zBnMtQ9afZaYQUYIcEYj3oc5kvuIBtzgviRY/kqmlKSE1m76cTTH+NWA2YQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1778704841;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=l3knK7iRgcuDKCwYbJPYnFzLtisUjU8I1rJcGyaFS0s=;
	b=lud7IV5bXorhlujkUJ0+OAmySXl4LMX5A8TGhR+hYxhxsu9uw83YPJRy8WvnQAcgxjM+Dm
	Q1E9n7ElJyAegyCMY5hUAy4bsYjjlN+ODhFuHKSYXllaeKuycL9uVsccVYDhO6GzQdH2Iq
	lmGCKU5oYuTAsLHsS25M0NODluVkpOobAWby4O0ubjjIcv+aY4ux+kKgbaHmSDVh/Rgftc
	scW/n2y6Le1BciB7d6jNAxOI9YCRT2xUOUSrwbcqYHhjln6m6dn30sAcQDVUAZYPQDS4/J
	KS1/glfJcBsNsEfQmH4+/LPiiG2+kgAqgk2DRXENUmCn7YUaK+5hcSagHdhntw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gG52K1bgYz15l5
	for <dev-commits-src-all@FreeBSD.org>; Wed, 13 May 2026 20:40:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 38cc7
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Wed, 13 May 2026 20:40:36 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Cc: Alex S <iwtcex@gmail.com>
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: 96f262dcacdb - main - tests/sys/arch/amd64: Add a basic ptrace syscall tampering test
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 96f262dcacdbfb56e94c60985b07f9f8ee2d046b
Auto-Submitted: auto-generated
Date: Wed, 13 May 2026 20:40:36 +0000
Message-Id: <6a04e1c4.38cc7.3dade40b@gitrepo.freebsd.org>

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=96f262dcacdbfb56e94c60985b07f9f8ee2d046b

commit 96f262dcacdbfb56e94c60985b07f9f8ee2d046b
Author:     Alex S <iwtcex@gmail.com>
AuthorDate: 2026-05-11 23:52:20 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-05-13 20:40:16 +0000

    tests/sys/arch/amd64: Add a basic ptrace syscall tampering test
    
    Signed-off-by: Alex S <iwtcex@gmail.com>
    Reviewed-by: kib
    Pull-request: https://github.com/freebsd/freebsd-src/pull/2190
---
 tests/sys/arch/amd64/Makefile            |  1 +
 tests/sys/arch/amd64/ptrace-sce-tamper.c | 89 ++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)

diff --git a/tests/sys/arch/amd64/Makefile b/tests/sys/arch/amd64/Makefile
index 34f3c90c4082..d4cf00237f9b 100644
--- a/tests/sys/arch/amd64/Makefile
+++ b/tests/sys/arch/amd64/Makefile
@@ -1,6 +1,7 @@
 TESTSDIR=	${TESTSBASE}/sys/arch/amd64
 
 PLAIN_TESTS_C+=	int0x80
+PLAIN_TESTS_C+=	ptrace-sce-tamper
 
 BINDIR=		${TESTSDIR}
 
diff --git a/tests/sys/arch/amd64/ptrace-sce-tamper.c b/tests/sys/arch/amd64/ptrace-sce-tamper.c
new file mode 100644
index 000000000000..0645f62a7e9b
--- /dev/null
+++ b/tests/sys/arch/amd64/ptrace-sce-tamper.c
@@ -0,0 +1,89 @@
+/*
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2026 Alex S <iwtcex@gmail.com>
+ */
+
+#include <machine/reg.h>
+#include <sys/ptrace.h>
+#include <sys/syscall.h>
+#include <sys/wait.h>
+
+#include <assert.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#ifndef __amd64__
+#error "amd64 only"
+#endif
+
+/*
+ * This test substitutes exit(42) instead of getpid() using ptrace.
+ */
+
+static const int EXPECTED_EXIT_CODE = 42;
+
+static void
+tamper(pid_t pid)
+{
+	struct ptrace_lwpinfo info;
+	struct reg regs;
+
+	if (ptrace(PT_LWPINFO, pid, (caddr_t)&info, sizeof(info)) == -1)
+		err(1, "ptrace(PT_LWPINFO)");
+
+	if ((info.pl_flags & PL_FLAG_SCE) != 0 &&
+	    info.pl_syscall_code == SYS_getpid) {
+		if (ptrace(PT_GETREGS, pid, (caddr_t)&regs, sizeof(regs)) == -1)
+			err(1, "ptrace(PT_GETREGS)");
+
+		regs.r_rax = SYS_exit;
+		regs.r_rdi = EXPECTED_EXIT_CODE;
+
+		if (ptrace(PT_SETREGS, pid, (caddr_t)&regs, sizeof(regs)) == -1)
+			err(1, "ptrace(PT_SETREGS)");
+	}
+}
+
+int
+main(void)
+{
+	pid_t pid;
+	int status;
+
+	pid = fork();
+	if (pid == -1)
+		err(1, "fork");
+
+	if (pid == 0) {
+		(void)ptrace(PT_TRACE_ME, 0, 0, 0);
+		(void)getpid();
+		exit(0);
+	} else {
+		if (ptrace(PT_ATTACH, pid, 0, 0) == -1)
+			err(1, "ptrace(PT_ATTACH)");
+
+		for (;;) {
+			if (wait(&status) == -1)
+				err(1, "wait");
+
+			if (WIFEXITED(status)) {
+				if (WEXITSTATUS(status) == EXPECTED_EXIT_CODE) {
+					printf("exit code changed\n");
+					exit(0);
+				} else {
+					printf("unable to change exit code\n");
+					exit(1);
+				}
+			}
+
+			assert(WIFSTOPPED(status));
+			tamper(pid);
+
+			if (ptrace(PT_TO_SCE, pid, (caddr_t)1, 0) == -1)
+				err(1, "ptrace(PT_TO_SCE)");
+		}
+	}
+}