tests/sys/arch/amd64: Add a basic ptrace syscall tampering test

shkhln · emaste · commit 96f262dcacdb · 2026-05-13T16:40:16.000-04:00
Signed-off-by: Alex S <iwtcex@gmail.com> Reviewed-by: kib Pull-request: #2190
diff --git a/tests/sys/arch/amd64/Makefile b/tests/sys/arch/amd64/Makefile
@@ -1,6 +1,7 @@
 TESTSDIR=	${TESTSBASE}/sys/arch/amd64
 
 PLAIN_TESTS_C+=	int0x80
+PLAIN_TESTS_C+=	ptrace-sce-tamper
 
 BINDIR=		${TESTSDIR}
 
diff --git a/tests/sys/arch/amd64/ptrace-sce-tamper.c b/tests/sys/arch/amd64/ptrace-sce-tamper.c
@@ -0,0 +1,89 @@
+/*
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2026 Alex S <iwtcex@gmail.com>
+ */
+
+#include <machine/reg.h>
+#include <sys/ptrace.h>
+#include <sys/syscall.h>
+#include <sys/wait.h>
+
+#include <assert.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#ifndef __amd64__
+#error "amd64 only"
+#endif
+
+/*
+ * This test substitutes exit(42) instead of getpid() using ptrace.
+ */
+
+static const int EXPECTED_EXIT_CODE = 42;
+
+static void
+tamper(pid_t pid)
+{
+	struct ptrace_lwpinfo info;
+	struct reg regs;
+
+	if (ptrace(PT_LWPINFO, pid, (caddr_t)&info, sizeof(info)) == -1)
+		err(1, "ptrace(PT_LWPINFO)");
+
+	if ((info.pl_flags & PL_FLAG_SCE) != 0 &&
+	    info.pl_syscall_code == SYS_getpid) {
+		if (ptrace(PT_GETREGS, pid, (caddr_t)&regs, sizeof(regs)) == -1)
+			err(1, "ptrace(PT_GETREGS)");
+
+		regs.r_rax = SYS_exit;
+		regs.r_rdi = EXPECTED_EXIT_CODE;
+
+		if (ptrace(PT_SETREGS, pid, (caddr_t)&regs, sizeof(regs)) == -1)
+			err(1, "ptrace(PT_SETREGS)");
+	}
+}
+
+int
+main(void)
+{
+	pid_t pid;
+	int status;
+
+	pid = fork();
+	if (pid == -1)
+		err(1, "fork");
+
+	if (pid == 0) {
+		(void)ptrace(PT_TRACE_ME, 0, 0, 0);
+		(void)getpid();
+		exit(0);
+	} else {
+		if (ptrace(PT_ATTACH, pid, 0, 0) == -1)
+			err(1, "ptrace(PT_ATTACH)");
+
+		for (;;) {
+			if (wait(&status) == -1)
+				err(1, "wait");
+
+			if (WIFEXITED(status)) {
+				if (WEXITSTATUS(status) == EXPECTED_EXIT_CODE) {
+					printf("exit code changed\n");
+					exit(0);
+				} else {
+					printf("unable to change exit code\n");
+					exit(1);
+				}
+			}
+
+			assert(WIFSTOPPED(status));
+			tamper(pid);
+
+			if (ptrace(PT_TO_SCE, pid, (caddr_t)1, 0) == -1)
+				err(1, "ptrace(PT_TO_SCE)");
+		}
+	}
+}
