fix(test/drivers): properly account for pagesize that can differ from…

… 4096 on execve related tests. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
falcosecurity · May 9, 2024 · 096f629 · 096f629
1 parent baafd76
commit 096f629
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 14 deletions.
diff --git a/test/drivers/test_suites/syscall_exit_suite/execve_x.cpp b/test/drivers/test_suites/syscall_exit_suite/execve_x.cpp
@@ -51,6 +51,15 @@ TEST(SyscallExit, execveX_failure)
 	std::string truncated_too_long_env (4096 - (strlen("IN_TEST=yes")+1) - (strlen("3_ARGUMENT=yes")+1) - 1, 'x');
 	const char *expected_newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", truncated_too_long_env.c_str(), NULL};
 
+	bool expect_truncated = true;
+	if(evt_test->is_kmod_engine() && getpagesize() > 4096)
+	{
+		// for kmod, the size limit is actually PAGE_SIZE;
+		// see STR_STORAGE_SIZE macro definition in driver/capture_macro.h.
+		// In case PAGE_SIZE is < 4096, expect NON-truncated args/envs
+		expect_truncated = false;
+	}
+
 	assert_syscall_state(SYSCALL_FAILURE, "execve", syscall(__NR_execve, pathname, newargv, newenviron));
 	int64_t errno_value = -errno;
 
@@ -79,7 +88,14 @@ TEST(SyscallExit, execveX_failure)
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
-	evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	if (expect_truncated)
+	{
+		evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(3, &newargv[1]);
+	}
 
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)pid);
@@ -121,8 +137,15 @@ TEST(SyscallExit, execveX_failure)
 	/* Parameter 15: cgroups (type: PT_CHARBUFARRAY) */
 	evt_test->assert_cgroup_param(15);
 
-	/* Parameter 16: env (type: PT_CHARBUFARRAY) */	
-	evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	/* Parameter 16: env (type: PT_CHARBUFARRAY) */
+	if (expect_truncated)
+	{
+		evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(16, &newenviron[0]);
+	}
 
 	/* Parameter 17: tty (type: PT_UINT32) */
 	evt_test->assert_numeric_param(17, (uint32_t)info.tty);
@@ -285,6 +308,15 @@ TEST(SyscallExit, execveX_success)
 	std::string truncated_too_long_env (4096 - (strlen("IN_TEST=yes")+1) - (strlen("3_ARGUMENT=yes")+1) - 1, 'x');
 	const char *expected_newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", truncated_too_long_env.c_str(), NULL};
 
+	bool expect_truncated = true;
+	if(evt_test->is_kmod_engine() && getpagesize() > 4096)
+	{
+		// for kmod, the size limit is actually PAGE_SIZE;
+		// see STR_STORAGE_SIZE macro definition in driver/capture_macro.h.
+		// In case PAGE_SIZE is < 4096, expect NON-truncated args/envs
+		expect_truncated = false;
+	}
+
 	/* We need to use `SIGCHLD` otherwise the parent won't receive any signal
 	 * when the child terminates.
 	 */
@@ -338,7 +370,14 @@ TEST(SyscallExit, execveX_success)
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
-	evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	if (expect_truncated)
+	{
+		evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(3, &newargv[1]);
+	}
 
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)ret_pid);
@@ -361,7 +400,14 @@ TEST(SyscallExit, execveX_success)
 	evt_test->assert_cgroup_param(15);
 
 	/* Parameter 16: env (type: PT_CHARBUFARRAY) */
-	evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	if (expect_truncated)
+	{
+		evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(16, &newenviron[0]);
+	}
 
 	/* PPM_EXE_WRITABLE is set when the user that executed a process can also write to the executable
 	 * file that is used to spawn it or is its owner or otherwise capable.

diff --git a/test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp b/test/drivers/test_suites/syscall_exit_suite/execveat_x.cpp
@@ -50,7 +50,16 @@ TEST(SyscallExit, execveatX_failure)
 	const char *newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", too_long_arg.c_str(), "2_ARGUMENT=no", NULL};
 	std::string truncated_too_long_env (4096 - (strlen("IN_TEST=yes")+1) - (strlen("3_ARGUMENT=yes")+1) - 1, 'x');
 	const char *expected_newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", truncated_too_long_env.c_str(), NULL};
-
+
+	bool expect_truncated = true;
+	if(evt_test->is_kmod_engine() && getpagesize() > 4096)
+	{
+		// for kmod, the size limit is actually PAGE_SIZE;
+		// see STR_STORAGE_SIZE macro definition in driver/capture_macro.h.
+		// In case PAGE_SIZE is < 4096, expect NON-truncated args/envs
+		expect_truncated = false;
+	}
+
 	int flags = AT_SYMLINK_NOFOLLOW;
 	assert_syscall_state(SYSCALL_FAILURE, "execveat", syscall(__NR_execveat, dirfd, pathname, newargv, newenviron, flags));
 	int64_t errno_value = -errno;
@@ -80,7 +89,14 @@ TEST(SyscallExit, execveatX_failure)
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
-	evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	if (expect_truncated)
+	{
+		evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(3, &newargv[1]);
+	}
 
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)pid);
@@ -123,7 +139,14 @@ TEST(SyscallExit, execveatX_failure)
 	evt_test->assert_cgroup_param(15);
 
 	/* Parameter 16: env (type: PT_CHARBUFARRAY) */
-	evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	if (expect_truncated)
+	{
+		evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(16, &newenviron[0]);
+	}
 
 	/* Parameter 17: tty (type: PT_UINT32) */
 	evt_test->assert_numeric_param(17, (uint32_t)info.tty);
@@ -190,6 +213,15 @@ TEST(SyscallExit, execveatX_correct_exit)
 	const char *newargv[] = {pathname, "", "first_argv", "", too_long_arg.c_str(), "second_argv", NULL};
 	const char *newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", too_long_arg.c_str(), "2_ARGUMENT=no", NULL};
 
+	bool expect_truncated = true;
+	if(evt_test->is_kmod_engine() && getpagesize() > 4096)
+	{
+		// for kmod, the size limit is actually PAGE_SIZE;
+		// see STR_STORAGE_SIZE macro definition in driver/capture_macro.h.
+		// In case PAGE_SIZE is < 4096, expect NON-truncated args/envs
+		expect_truncated = false;
+	}
+
 	int flags = 0;
 
 	/* We need to use `SIGCHLD` otherwise the parent won't receive any signal
@@ -248,9 +280,17 @@ TEST(SyscallExit, execveatX_correct_exit)
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
-	std::string truncated_too_long_arg (4096 - (strlen(pathname)+1) - (strlen("first_argv")+1) - 2*(strlen("")+1) - 1, 'x');
-	const char *expected_newargv[] = {pathname, "", "first_argv", "", truncated_too_long_arg.c_str(), NULL};
-	evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	if (expect_truncated)
+	{
+		std::string truncated_too_long_arg(
+			4096 - (strlen(pathname) + 1) - (strlen("first_argv") + 1) - 2 * (strlen("") + 1) - 1, 'x');
+		const char *expected_newargv[] = {pathname, "", "first_argv", "", truncated_too_long_arg.c_str(), NULL};
+		evt_test->assert_charbuf_array_param(3, &expected_newargv[1]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(3, &newargv[1]);
+	}
 
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)ret_pid);
@@ -273,9 +313,18 @@ TEST(SyscallExit, execveatX_correct_exit)
 	evt_test->assert_cgroup_param(15);
 
 	/* Parameter 16: env (type: PT_CHARBUFARRAY) */
-	std::string truncated_too_long_env (4096 - (strlen("IN_TEST=yes")+1) - (strlen("3_ARGUMENT=yes")+1) - 1, 'x');
-	const char *expected_newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", truncated_too_long_env.c_str(), NULL};	
-	evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	if (expect_truncated)
+	{
+		std::string truncated_too_long_env(
+			4096 - (strlen("IN_TEST=yes") + 1) - (strlen("3_ARGUMENT=yes") + 1) - 1, 'x');
+		const char *expected_newenviron[] = {"IN_TEST=yes", "3_ARGUMENT=yes", truncated_too_long_env.c_str(),
+						     NULL};
+		evt_test->assert_charbuf_array_param(16, &expected_newenviron[0]);
+	}
+	else
+	{
+		evt_test->assert_charbuf_array_param(16, &newenviron[0]);
+	}
 
 	/* PPM_EXE_WRITABLE is set when the user that executed a process can also write to the executable
 	 * file that is used to spawn it or is its owner or otherwise capable.