commit 91ec3e9e7115bef4ecfd3b45fa6c8d725fefcd41
author Scott Graham <scottmg@google.com> Tue Oct 15 18:04:30 2019 +0000
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Oct 15 18:04:30 2019 +0000
tree 8eedec1279ad63548af1e149c445a36b7a3c4620
parent 22b585827e6ef73f187c1bf498ca920fc45daf05

[syscalls] Disable various syscalls when kernel.enable-debugging-syscalls=false

This disables:
- zx_debug_send_command()
- zx_ktrace_read()
- zx_ktrace_control()
- zx_ktrace_write()
- zx_mtrace_control()

zx_debug_read() and zx_debug_write() from kernel/syscalls/debug.cc
aren't disabled in this CL as they're used by src/tests infrastructure,
so they'll need a more involved procedure.

Bug: 38409
Change-Id: Ib34810189069126c9eb918b9eed0af505ffb6a65

src/tests/disable_syscalls/disable_syscalls_test.go

diff --git a/src/tests/disable_syscalls/disable_syscalls_test.go b/src/tests/disable_syscalls/disable_syscalls_test.go
index 2c87b8eb..ac73e58 100644
--- a/src/tests/disable_syscalls/disable_syscalls_test.go
+++ b/src/tests/disable_syscalls/disable_syscalls_test.go
@@ -47,6 +47,11 @@
 
 	// Check status of syscalls by doing a test call, and ensure disabled.
 	i.RunCommand("/boot/bin/syscall-check")
+	i.WaitForLogMessage("zx_debug_send_command: disabled")
+	i.WaitForLogMessage("zx_ktrace_control: disabled")
+	i.WaitForLogMessage("zx_ktrace_read: disabled")
+	i.WaitForLogMessage("zx_ktrace_write: disabled")
+	i.WaitForLogMessage("zx_mtrace_control: disabled")
 	i.WaitForLogMessage("zx_process_write_memory: disabled")
 }
 
@@ -78,5 +83,10 @@
 
 	// Check status of syscalls by doing a test call, and ensure enabled.
 	i.RunCommand("/boot/bin/syscall-check")
+	i.WaitForLogMessage("zx_debug_send_command: enabled")
+	i.WaitForLogMessage("zx_ktrace_control: enabled")
+	i.WaitForLogMessage("zx_ktrace_read: enabled")
+	i.WaitForLogMessage("zx_ktrace_write: enabled")
+	i.WaitForLogMessage("zx_mtrace_control: enabled")
 	i.WaitForLogMessage("zx_process_write_memory: enabled")
 }

zircon/kernel/syscalls/debug.cc

diff --git a/zircon/kernel/syscalls/debug.cc b/zircon/kernel/syscalls/debug.cc
index 58fab14..9343311 100644
--- a/zircon/kernel/syscalls/debug.cc
+++ b/zircon/kernel/syscalls/debug.cc
@@ -85,6 +85,10 @@
 zx_status_t sys_debug_send_command(zx_handle_t handle, user_in_ptr<const char> ptr, size_t len) {
   LTRACEF("ptr %p, len %zu\n", ptr.get(), len);
 
+  if (!DebuggingSyscallsEnabled()) {
+    return ZX_ERR_NOT_SUPPORTED;
+  }
+
   // TODO(ZX-971): finer grained validation
   zx_status_t status;
   if ((status = validate_resource(handle, ZX_RSRC_KIND_ROOT)) < 0) {
@@ -106,6 +110,10 @@
 // zx_status_t zx_ktrace_read
 zx_status_t sys_ktrace_read(zx_handle_t handle, user_out_ptr<void> _data, uint32_t offset,
                             size_t len, user_out_ptr<size_t> _actual) {
+  if (!DebuggingSyscallsEnabled()) {
+    return ZX_ERR_NOT_SUPPORTED;
+  }
+
   // TODO(ZX-971): finer grained validation
   zx_status_t status;
   if ((status = validate_resource(handle, ZX_RSRC_KIND_ROOT)) < 0) {
@@ -122,6 +130,10 @@
 // zx_status_t zx_ktrace_control
 zx_status_t sys_ktrace_control(zx_handle_t handle, uint32_t action, uint32_t options,
                                user_inout_ptr<void> _ptr) {
+  if (!DebuggingSyscallsEnabled()) {
+    return ZX_ERR_NOT_SUPPORTED;
+  }
+
   // TODO(ZX-971): finer grained validation
   zx_status_t status;
   if ((status = validate_resource(handle, ZX_RSRC_KIND_ROOT)) < 0) {
@@ -143,6 +155,10 @@
 
 // zx_status_t zx_ktrace_write
 zx_status_t sys_ktrace_write(zx_handle_t handle, uint32_t event_id, uint32_t arg0, uint32_t arg1) {
+  if (!DebuggingSyscallsEnabled()) {
+    return ZX_ERR_NOT_SUPPORTED;
+  }
+
   // TODO(ZX-971): finer grained validation
   zx_status_t status;
   if ((status = validate_resource(handle, ZX_RSRC_KIND_ROOT)) < 0) {
@@ -167,6 +183,10 @@
 // zx_status_t zx_mtrace_control
 zx_status_t sys_mtrace_control(zx_handle_t handle, uint32_t kind, uint32_t action, uint32_t options,
                                user_inout_ptr<void> ptr, size_t size) {
+  if (!DebuggingSyscallsEnabled()) {
+    return ZX_ERR_NOT_SUPPORTED;
+  }
+
   // TODO(ZX-971): finer grained validation
   zx_status_t status;
   if ((status = validate_resource(handle, ZX_RSRC_KIND_ROOT)) < 0) {

zircon/system/uapp/syscall-check/main.cc

diff --git a/zircon/system/uapp/syscall-check/main.cc b/zircon/system/uapp/syscall-check/main.cc
index 7ced296..b300b2d 100644
--- a/zircon/system/uapp/syscall-check/main.cc
+++ b/zircon/system/uapp/syscall-check/main.cc
@@ -19,7 +19,12 @@
   // TODO(scottmg): Add an output backend to kazoo to emit a full list of stub
   // calls to include here.
   size_t actual;
-  SYSCALL_STATUS(zx_process_write_memory, (ZX_HANDLE_INVALID, 0, NULL, 0, &actual));
+  SYSCALL_STATUS(zx_debug_send_command, (ZX_HANDLE_INVALID, nullptr, 0));
+  SYSCALL_STATUS(zx_ktrace_control, (ZX_HANDLE_INVALID, 0, 0, nullptr));
+  SYSCALL_STATUS(zx_ktrace_read, (ZX_HANDLE_INVALID, nullptr, 0, 0, &actual));
+  SYSCALL_STATUS(zx_ktrace_write, (ZX_HANDLE_INVALID, 0, 0, 0));
+  SYSCALL_STATUS(zx_mtrace_control, (ZX_HANDLE_INVALID, 0, 0, 0, nullptr, 0));
+  SYSCALL_STATUS(zx_process_write_memory, (ZX_HANDLE_INVALID, 0, nullptr, 0, &actual));
 
 #undef SYSCALL_STATUS