Add --fail-path

sleirsgoevy · sleirsgoevy · commit 6ccaf1ce117e · 2020-04-10T18:11:44.000+03:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -21,3 +21,4 @@ anyhow = "1.0.14"
 rstack = {version = "0.3.1", default-features = false, features = ["unwind"]}
 rustc-demangle = "0.1.16"
 cpp_demangle = "0.2.13"
+rand = ""
diff --git a/src/lib.rs b/src/lib.rs
@@ -11,9 +11,11 @@ use magic::Magic;
 use serde::{Deserialize, Serialize};
 use std::{mem, os::unix::io::RawFd};
 use tiny_nix_ipc::Socket;
+use std::path::PathBuf;
 
 pub struct Settings {
     pub capture_backtrace: bool,
+    pub fail_path: Option<PathBuf>,
 }
 
 #[repr(C)]
@@ -22,6 +24,7 @@ pub struct RawSyscall {
     pub syscall_id: u64,
     pub args: [u64; 6],
     pub ret: u64,
+    pub is_spoiled: bool,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
diff --git a/src/main.rs b/src/main.rs
@@ -187,6 +187,9 @@ struct Opt {
     /// Child will inherit all environment vars visible to lxtrace
     #[structopt(long)]
     inherit_env: bool,
+    /// Accesses to this path will fail with some probability
+    #[structopt(long)]
+    fail_path: Option<PathBuf>,
 }
 
 fn main() -> anyhow::Result<()> {
@@ -196,6 +199,10 @@ fn main() -> anyhow::Result<()> {
         eprintln!("executable not provided");
         exit(1);
     }
+    opt.fail_path = match opt.fail_path {
+        Some(path) => std::fs::canonicalize(path).ok(),
+        None => None
+    };
     if opt.inherit_env {
         // TODO: probably this doesn't interact well with --env
         for (k, v) in std::env::vars_os() {
@@ -233,6 +240,7 @@ fn main() -> anyhow::Result<()> {
                 let payload = lxtrace::Payload::Cmd(cmd_args);
                 let settings = lxtrace::Settings {
                     capture_backtrace: opt.backtrace,
+                    fail_path: opt.fail_path,
                 };
 
                 if let Err(e) = lxtrace::run(payload, settings, sender) {
diff --git a/src/tracer.rs b/src/tracer.rs
@@ -12,29 +12,46 @@ use nix::{
     unistd::Pid,
 };
 use std::collections::HashMap;
+use std::path::PathBuf;
 use tiny_nix_ipc::Socket;
+use rand::Rng;
 
 struct ChildInfo {
     in_syscall: bool,
 }
 
-fn decode_syscall_args(regs: libc::user_regs_struct) -> RawSyscall {
+fn decode_syscall_args(regs: &libc::user_regs_struct) -> RawSyscall {
     let mut out = RawSyscall {
         syscall_id: 0,
         args: [0; 6],
         ret: 0,
+        is_spoiled: false
     };
     out.ret = regs.rax;
-    out.syscall_id = regs.orig_rax;
+    out.syscall_id = regs.orig_rax & 0xffffffu64;
     out.args[0] = regs.rdi;
     out.args[1] = regs.rsi;
     out.args[2] = regs.rdx;
     out.args[3] = regs.r10;
     out.args[4] = regs.r8;
     out.args[5] = regs.r9;
+    out.is_spoiled = (regs.orig_rax & 0x1000000u64) != 0;
     out
 }
 
+fn spoil(pid: Pid, regs: libc::user_regs_struct) -> Result<(), nix::Error> {
+    let mut regs = regs;
+    regs.rax = regs.orig_rax | 0x1000000u64;
+    regs.orig_rax = regs.rax;
+    nix::sys::ptrace::setregs(pid, regs)
+}
+
+fn return_eio(pid: Pid, regs: libc::user_regs_struct) -> Result<(), nix::Error> {
+    let mut regs = regs;
+    regs.rax = -(nix::errno::Errno::EIO as i32 as i64) as u64;
+    nix::sys::ptrace::setregs(pid, regs)
+}
+
 fn process_syscall(
     raw: &RawSyscall,
     proc: Pid,
@@ -154,13 +171,30 @@ pub(crate) unsafe fn parent(
                 children.insert(pid, new_info);
                 let regs = nix::sys::ptrace::getregs(Pid::from_raw(pid as i32))
                     .context("ptrace getregs failed")?;
-                let params = decode_syscall_args(regs);
+                let params = decode_syscall_args(&regs);
                 let def = magic.lookup_syscall_by_id(SyscallId(params.syscall_id as u32));
                 let child_pid = Pid::from_raw(pid as i32);
                 let mut decoded_params = match def {
                     Some(def) => process_syscall(&params, child_pid, magic, def),
                     None => None,
                 };
+                if decoded_params.is_some() && (params.syscall_id == 2 /*open*/ || params.syscall_id == 257 /*openat*/) { //TODO: x86_64 only
+                    let decoded_params = decoded_params.as_ref().unwrap();
+                    let arg_id = if params.syscall_id == 2 {0} else {1};
+                    let path: PathBuf = match &decoded_params.args[arg_id] {
+                        crate::magic::ty::Value::String(s) => s,
+                        _ => panic!("open/openat with non-string argument")
+                    }.into();
+                    if started_syscall {
+                        if settings.fail_path.is_some() && path.starts_with(settings.fail_path.as_ref().unwrap()) && rand::thread_rng().gen_range(0, 100) == 0 {
+                            spoil(Pid::from_raw(pid as i32), regs).context("spoil failed")?;
+                        }
+                    } else {
+                        if params.is_spoiled {
+                            return_eio(Pid::from_raw(pid as i32), regs).context("return -EIO failed")?;
+                        }
+                    }
+                }
                 decoded_params.as_mut().map(|p| {
                     // attach backtrace if requested
                     if settings.capture_backtrace {
