syscall: disable ptrace on iOS

It is forbidden by App Store. Fixes #31628 Change-Id: Ie6d14a524ee55b57af8db685f3a79f474733add5 Reviewed-on: https://go-review.googlesource.com/c/go/+/182297 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org>

syscall: disable ptrace on iOS
It is forbidden by App Store. Fixes #31628 Change-Id: Ie6d14a524ee55b57af8db685f3a79f474733add5 Reviewed-on: https://go-review.googlesource.com/c/go/+/182297 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
06e34e58 · Elias Naur · 8eec3fe8 · 06e34e58 · 06e34e58 · 06e34e58
Commit 06e34e58 authored Jun 13, 2019 by Elias Naur
16 changed files
--- a/src/syscall/exec_darwin.go
+++ b/src/syscall/exec_darwin.go
@@ -80,8 +80,8 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr

 	// Enable tracing if requested.
 	if sys.Ptrace {
-		_, _, err1 = rawSyscall(funcPC(libc_ptrace_trampoline), uintptr(PTRACE_TRACEME), 0, 0)
-		if err1 != 0 {
+		if err := ptrace(PTRACE_TRACEME, 0, 0, 0); err != nil {
+			err1 = err.(Errno)
 			goto childerror
 		}
 	}

--- a/src/syscall/mksyscall.pl
+++ b/src/syscall/mksyscall.pl
@@ -130,6 +130,12 @@ while(<>) {
 	# without reading the header.
 	$text .= "// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT\n\n";

+	if ($darwin && $func eq "ptrace") {
+		# The ptrace function is called from forkAndExecInChild where stack
+		# growth is forbidden.
+		$text .= "//go:nosplit\n"
+	}
+
 	# Go function header.
 	my $out_decl = @out ? sprintf(" (%s)", join(', ', @out)) : "";
 	$text .= sprintf "func %s(%s)%s {\n", $func, join(', ', @in), $out_decl;

--- a/src/syscall/syscall_darwin.go
+++ b/src/syscall/syscall_darwin.go
@@ -87,7 +87,6 @@ func direntNamlen(buf []byte) (uint64, bool) {
 	return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen))
 }

-//sys   ptrace(request int, pid int, addr uintptr, data uintptr) (err error)
 func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) }
 func PtraceDetach(pid int) (err error) { return ptrace(PT_DETACH, pid, 0, 0) }


--- a/src/syscall/syscall_darwin_386.go
+++ b/src/syscall/syscall_darwin_386.go
@@ -21,6 +21,7 @@ func setTimeval(sec, usec int64) Timeval {
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_stat64
 //sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_statfs64
 //sys   fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_fstatat64
+//sys   ptrace(request int, pid int, addr uintptr, data uintptr) (err error)

 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint32(fd)

--- a/src/syscall/syscall_darwin_amd64.go
+++ b/src/syscall/syscall_darwin_amd64.go
@@ -21,6 +21,7 @@ func setTimeval(sec, usec int64) Timeval {
 //sys	Stat(path string, stat *Stat_t) (err error) = SYS_stat64
 //sys	Statfs(path string, stat *Statfs_t) (err error) = SYS_statfs64
 //sys   fstatat(fd int, path string, stat *Stat_t, flags int) (err error) = SYS_fstatat64
+//sys   ptrace(request int, pid int, addr uintptr, data uintptr) (err error)

 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint64(fd)

--- a/src/syscall/syscall_darwin_arm.go
+++ b/src/syscall/syscall_darwin_arm.go
@@ -22,6 +22,13 @@ func setTimeval(sec, usec int64) Timeval {
 //sys	Statfs(path string, stat *Statfs_t) (err error)
 //sys   fstatat(fd int, path string, stat *Stat_t, flags int) (err error)

+// Marked nosplit because it is called from forkAndExecInChild where
+// stack growth is forbidden.
+//go:nosplit
+func ptrace(request int, pid int, addr uintptr, data uintptr) error {
+	return ENOTSUP
+}
+
 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint32(fd)
 	k.Filter = int16(mode)

--- a/src/syscall/syscall_darwin_arm64.go
+++ b/src/syscall/syscall_darwin_arm64.go
@@ -22,6 +22,13 @@ func setTimeval(sec, usec int64) Timeval {
 //sys	Statfs(path string, stat *Statfs_t) (err error)
 //sys   fstatat(fd int, path string, stat *Stat_t, flags int) (err error)

+// Marked nosplit because it is called from forkAndExecInChild where
+// stack growth is forbidden.
+//go:nosplit
+func ptrace(request int, pid int, addr uintptr, data uintptr) error {
+	return ENOTSUP
+}
+
 func SetKevent(k *Kevent_t, fd, mode, flags int) {
 	k.Ident = uint64(fd)
 	k.Filter = int16(mode)

--- a/src/syscall/syscall_ptrace_test.go
+++ b/src/syscall/syscall_ptrace_test.go
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build darwin dragonfly freebsd linux netbsd openbsd
+
+package syscall_test
+
+import (
+	"internal/testenv"
+	"os"
+	"os/exec"
+	"syscall"
+	"testing"
+)
+
+func TestExecPtrace(t *testing.T) {
+	testenv.MustHaveExec(t)
+
+	bin, err := exec.LookPath("sh")
+	if err != nil {
+		t.Skipf("skipped because sh is not available")
+	}
+
+	attr := &os.ProcAttr{
+		Sys: &syscall.SysProcAttr{
+			Ptrace: true,
+		},
+	}
+	proc, err := os.StartProcess(bin, []string{bin}, attr)
+	if err != nil {
+		t.Fatalf("StartProcess with ptrace enabled failed: %v", err)
+	}
+	proc.Kill()
+}
--- a/src/syscall/zsyscall_darwin_386.go
+++ b/src/syscall/zsyscall_darwin_386.go
@@ -350,21 +350,6 @@ func libc_fcntl_trampoline()

 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT

-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func libc_ptrace_trampoline()
-
-//go:linkname libc_ptrace libc_ptrace
-//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe(p *[2]int32) (err error) {
 	_, _, e1 := rawSyscall(funcPC(libc_pipe_trampoline), uintptr(unsafe.Pointer(p)), 0, 0)
 	if e1 != 0 {
@@ -2080,3 +2065,19 @@ func libc_fstatat64_trampoline()

 //go:linkname libc_fstatat64 libc_fstatat64
 //go:cgo_import_dynamic libc_fstatat64 fstatat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+//go:nosplit
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ptrace_trampoline()
+
+//go:linkname libc_ptrace libc_ptrace
+//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
--- a/src/syscall/zsyscall_darwin_386.s
+++ b/src/syscall/zsyscall_darwin_386.s
@@ -53,8 +53,6 @@ TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_futimes(SB)
 TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fcntl(SB)
-TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
-	JMP	libc_ptrace(SB)
 TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_pipe(SB)
 TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0
@@ -251,3 +249,5 @@ TEXT ·libc_statfs64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_statfs64(SB)
 TEXT ·libc_fstatat64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fstatat64(SB)
+TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ptrace(SB)
--- a/src/syscall/zsyscall_darwin_amd64.go
+++ b/src/syscall/zsyscall_darwin_amd64.go
@@ -350,21 +350,6 @@ func libc_fcntl_trampoline()

 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT

-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func libc_ptrace_trampoline()
-
-//go:linkname libc_ptrace libc_ptrace
-//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe(p *[2]int32) (err error) {
 	_, _, e1 := rawSyscall(funcPC(libc_pipe_trampoline), uintptr(unsafe.Pointer(p)), 0, 0)
 	if e1 != 0 {
@@ -2080,3 +2065,19 @@ func libc_fstatat64_trampoline()

 //go:linkname libc_fstatat64 libc_fstatat64
 //go:cgo_import_dynamic libc_fstatat64 fstatat64 "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+//go:nosplit
+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
+	_, _, e1 := syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func libc_ptrace_trampoline()
+
+//go:linkname libc_ptrace libc_ptrace
+//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
--- a/src/syscall/zsyscall_darwin_amd64.s
+++ b/src/syscall/zsyscall_darwin_amd64.s
@@ -53,8 +53,6 @@ TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_futimes(SB)
 TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fcntl(SB)
-TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
-	JMP	libc_ptrace(SB)
 TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_pipe(SB)
 TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0
@@ -251,3 +249,5 @@ TEXT ·libc_statfs64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_statfs64(SB)
 TEXT ·libc_fstatat64_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fstatat64(SB)
+TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
+	JMP	libc_ptrace(SB)
--- a/src/syscall/zsyscall_darwin_arm.go
+++ b/src/syscall/zsyscall_darwin_arm.go
@@ -350,21 +350,6 @@ func libc_fcntl_trampoline()

 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT

-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func libc_ptrace_trampoline()
-
-//go:linkname libc_ptrace libc_ptrace
-//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe(p *[2]int32) (err error) {
 	_, _, e1 := rawSyscall(funcPC(libc_pipe_trampoline), uintptr(unsafe.Pointer(p)), 0, 0)
 	if e1 != 0 {

--- a/src/syscall/zsyscall_darwin_arm.s
+++ b/src/syscall/zsyscall_darwin_arm.s
@@ -53,8 +53,6 @@ TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_futimes(SB)
 TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fcntl(SB)
-TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
-	JMP	libc_ptrace(SB)
 TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_pipe(SB)
 TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0

--- a/src/syscall/zsyscall_darwin_arm64.go
+++ b/src/syscall/zsyscall_darwin_arm64.go
@@ -350,21 +350,6 @@ func libc_fcntl_trampoline()

 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT

-func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) {
-	_, _, e1 := syscall6(funcPC(libc_ptrace_trampoline), uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-func libc_ptrace_trampoline()
-
-//go:linkname libc_ptrace libc_ptrace
-//go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib"
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func pipe(p *[2]int32) (err error) {
 	_, _, e1 := rawSyscall(funcPC(libc_pipe_trampoline), uintptr(unsafe.Pointer(p)), 0, 0)
 	if e1 != 0 {

--- a/src/syscall/zsyscall_darwin_arm64.s
+++ b/src/syscall/zsyscall_darwin_arm64.s
@@ -53,8 +53,6 @@ TEXT ·libc_futimes_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_futimes(SB)
 TEXT ·libc_fcntl_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_fcntl(SB)
-TEXT ·libc_ptrace_trampoline(SB),NOSPLIT,$0-0
-	JMP	libc_ptrace(SB)
 TEXT ·libc_pipe_trampoline(SB),NOSPLIT,$0-0
 	JMP	libc_pipe(SB)
 TEXT ·libc_kill_trampoline(SB),NOSPLIT,$0-0