1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later
2f08c3bdfSopenharmony_ci/*
3f08c3bdfSopenharmony_ci * Copyright (C) 2020 Cyril Hrubis <chrbis@suse.cz>
4f08c3bdfSopenharmony_ci *
5f08c3bdfSopenharmony_ci * After fix for CVE-2018-1000199 (see ptrace08.c) subsequent calls to POKEUSER
6f08c3bdfSopenharmony_ci * for x86 debug registers were ignored silently.
7f08c3bdfSopenharmony_ci *
8f08c3bdfSopenharmony_ci * This is a regression test for commit:
9f08c3bdfSopenharmony_ci *
10f08c3bdfSopenharmony_ci * commit bd14406b78e6daa1ea3c1673bda1ffc9efdeead0
11f08c3bdfSopenharmony_ci * Author: Jiri Olsa <jolsa@kernel.org>
12f08c3bdfSopenharmony_ci * Date:   Mon Aug 27 11:12:25 2018 +0200
13f08c3bdfSopenharmony_ci *
14f08c3bdfSopenharmony_ci *     perf/hw_breakpoint: Modify breakpoint even if the new attr has disabled set
15f08c3bdfSopenharmony_ci */
16f08c3bdfSopenharmony_ci
17f08c3bdfSopenharmony_ci#include <stdlib.h>
18f08c3bdfSopenharmony_ci#include <stdio.h>
19f08c3bdfSopenharmony_ci#include <stddef.h>
20f08c3bdfSopenharmony_ci#include <sys/ptrace.h>
21f08c3bdfSopenharmony_ci#include <sys/user.h>
22f08c3bdfSopenharmony_ci#include <signal.h>
23f08c3bdfSopenharmony_ci#include "tst_test.h"
24f08c3bdfSopenharmony_ci
25f08c3bdfSopenharmony_cistatic pid_t child_pid;
26f08c3bdfSopenharmony_ci
27f08c3bdfSopenharmony_cistatic void child_main(void)
28f08c3bdfSopenharmony_ci{
29f08c3bdfSopenharmony_ci	raise(SIGSTOP);
30f08c3bdfSopenharmony_ci	exit(0);
31f08c3bdfSopenharmony_ci}
32f08c3bdfSopenharmony_ci
33f08c3bdfSopenharmony_cistatic void run(void)
34f08c3bdfSopenharmony_ci{
35f08c3bdfSopenharmony_ci	int status;
36f08c3bdfSopenharmony_ci	unsigned long addr;
37f08c3bdfSopenharmony_ci
38f08c3bdfSopenharmony_ci	child_pid = SAFE_FORK();
39f08c3bdfSopenharmony_ci
40f08c3bdfSopenharmony_ci	if (!child_pid)
41f08c3bdfSopenharmony_ci		child_main();
42f08c3bdfSopenharmony_ci
43f08c3bdfSopenharmony_ci	if (SAFE_WAITPID(child_pid, &status, WUNTRACED) != child_pid)
44f08c3bdfSopenharmony_ci		tst_brk(TBROK, "Received event from unexpected PID");
45f08c3bdfSopenharmony_ci
46f08c3bdfSopenharmony_ci#if defined(__i386__) || defined(__x86_64__)
47f08c3bdfSopenharmony_ci	SAFE_PTRACE(PTRACE_ATTACH, child_pid, NULL, NULL);
48f08c3bdfSopenharmony_ci	SAFE_PTRACE(PTRACE_POKEUSER, child_pid,
49f08c3bdfSopenharmony_ci		(void *)offsetof(struct user, u_debugreg[0]), (void *)1);
50f08c3bdfSopenharmony_ci	SAFE_PTRACE(PTRACE_POKEUSER, child_pid,
51f08c3bdfSopenharmony_ci		(void *)offsetof(struct user, u_debugreg[0]), (void *)2);
52f08c3bdfSopenharmony_ci
53f08c3bdfSopenharmony_ci	addr = ptrace(PTRACE_PEEKUSER, child_pid,
54f08c3bdfSopenharmony_ci	              (void*)offsetof(struct user, u_debugreg[0]), NULL);
55f08c3bdfSopenharmony_ci#endif
56f08c3bdfSopenharmony_ci
57f08c3bdfSopenharmony_ci	if (addr == 2)
58f08c3bdfSopenharmony_ci		tst_res(TPASS, "The rd0 was set on second PTRACE_POKEUSR");
59f08c3bdfSopenharmony_ci	else
60f08c3bdfSopenharmony_ci		tst_res(TFAIL, "The rd0 wasn't set on second PTRACE_POKEUSER");
61f08c3bdfSopenharmony_ci
62f08c3bdfSopenharmony_ci	SAFE_PTRACE(PTRACE_DETACH, child_pid, NULL, NULL);
63f08c3bdfSopenharmony_ci	SAFE_KILL(child_pid, SIGCONT);
64f08c3bdfSopenharmony_ci	child_pid = 0;
65f08c3bdfSopenharmony_ci	tst_reap_children();
66f08c3bdfSopenharmony_ci}
67f08c3bdfSopenharmony_ci
68f08c3bdfSopenharmony_cistatic void cleanup(void)
69f08c3bdfSopenharmony_ci{
70f08c3bdfSopenharmony_ci	/* Main process terminated by tst_brk() with child still paused */
71f08c3bdfSopenharmony_ci	if (child_pid)
72f08c3bdfSopenharmony_ci		SAFE_KILL(child_pid, SIGKILL);
73f08c3bdfSopenharmony_ci}
74f08c3bdfSopenharmony_ci
75f08c3bdfSopenharmony_cistatic struct tst_test test = {
76f08c3bdfSopenharmony_ci	.test_all = run,
77f08c3bdfSopenharmony_ci	.cleanup = cleanup,
78f08c3bdfSopenharmony_ci	.forks_child = 1,
79f08c3bdfSopenharmony_ci	.supported_archs = (const char *const []) {
80f08c3bdfSopenharmony_ci		"x86",
81f08c3bdfSopenharmony_ci		"x86_64",
82f08c3bdfSopenharmony_ci		NULL
83f08c3bdfSopenharmony_ci	},
84f08c3bdfSopenharmony_ci	.tags = (const struct tst_tag[]) {
85f08c3bdfSopenharmony_ci		{"linux-git", "bd14406b78e6"},
86f08c3bdfSopenharmony_ci		{}
87f08c3bdfSopenharmony_ci	}
88f08c3bdfSopenharmony_ci};
89