compel parasite sys_open return -1 always

[duguhaotian]

Description

i want to test compel to open many files in victim process.

Steps to reproduce the issue:

change code in compel/test/infect

int parasite_daemon_cmd(int cmd, void *args)
{
    int v;
    int ret = 0;

    switch (cmd) {
    case PARASITE_CMD_INC:
        v = (*(int *)args) + 1;
        ret = sys_open("/etc/resolv.conf", O_RDWR, 0);  // add this line and return ret
        break;
    case PARASITE_CMD_DEC:
        v = (*(int *)args) - 1;
        break;
    default:
        v = -1;
        break;
    }

    sys_write(1, &v, sizeof(int));
    return ret;
}

Describe the results you received:

1. all sys_open return -1;
2. first open can add a fd into victim, but return -1;

Checking the victim alive
1, want 1
42, want 42
Infecting the victim
Stopping task
Preparing parasite ctl
        LC4: Preparing seqsk for 3543604
Configuring contexts
Infecting
        LC3: Set up parasite blob using memfd
        LC3: Putting parasite blob into 0x7f3efa241000->0x7f6c13c7d000
        LC3: Dumping general registers for 3543604 in native mode
        LC4: cpu: x86_family 6 x86_vendor_id GenuineIntel x86_model_id Intel(R) Xeon(R) CPU E5-2690 v3 @ 2.60GHz
        LC4: cpu: fpu: xfeatures_mask 0x5 xsave_size 832 xsave_size_max 832 xsaves_size 0
        LC4: cpu: fpu: x87 floating point registers     xstate_offsets      0 / 0      xstate_sizes    160 / 160   
        LC4: cpu: fpu: AVX registers                    xstate_offsets    576 / 576    xstate_sizes    256 / 256   
        LC3: Dumping GP/FPU registers for 3543604
        LC3: Putting tsock into pid 3543604
        LC3: Wait for parasite being daemonized...
        LC4: Wait for ack 2 on daemon socket
pie: 3543604: Running daemon thread leader
pie: 3543604: __sent ack msg: 2 2 0
pie: 3543604: Daemon waits for command
        LC4: Fetched ack: 2 2 0
        LC3: Parasite 3543604 has been switched to daemon mode
Running cmd 1
        LC4: Sent msg to daemon 64 0 0
        LC4: Wait for ack 64 on daemon socket
pie: 3543604: __fetched msg: 64 0 0
pie: 3543604: __sent ack msg: 64 64 6
pie: 3543604: Close the control socket for writing
        LC4: Fetched ack: 64 64 6
pie: 3543604: Daemon waits for command
        LC1: Error (compel/src/lib/infect-rpc.c:68): Command 64 for daemon failed with 6
call inc cmd ret: -1
        LC4: Sent msg to daemon 64 0 0
        LC4: Wait for ack 64 on daemon socket
pie: 3543604: __fetched msg: 64 0 0
        LC1: Error (compel/src/lib/infect-rpc.c:44): Message reply from daemon is trimmed (12/0)
pie: 3543604: Command rejected
call inc cmd ret: -1
pie: 3543604: Daemon waits for command
        LC4: Sent msg to daemon 64 0 0
pie: 3543604: __fetched msg: 64 0 0
        LC4: Wait for ack 64 on daemon socket
pie: 3543604: Command rejected
        LC1: Error (compel/src/lib/infect-rpc.c:44): Message reply from daemon is trimmed (12/0)
pie: 3543604: Daemon waits for command
call inc cmd ret: -1
Running cmd 2

Describe the results you expected:

open three file success

[duguhaotian]

/proc/fd like below

 $ ls -l /proc/3543604/fd
total 0
lr-x------. 1 root root 64 May 23 09:16 0 -> 'pipe:[22250976]'
l-wx------. 1 root root 64 May 23 09:16 1 -> 'pipe:[22250977]'
l-wx------. 1 root root 64 May 23 09:16 2 -> 'pipe:[22250978]'
lrwx------. 1 root root 64 May 23 09:16 20 -> /dev/ptmx
lrwx------. 1 root root 64 May 23 09:16 21 -> /dev/ptmx
lrwx------. 1 root root 64 May 23 09:16 4 -> 'socket:[22247676]'
lrwx------. 1 root root 64 May 23 09:16 5 -> /dev/pts/9
lrwx------. 1 root root 64 May 23 09:16 6 -> /run/systemd/resolve/stub-resolv.conf  // this is new fd add by parasite

[jake11-oho]

Same problem seemed to happent to me before, can anyone have a look at it? Other syscalls such as sys_close have the valid return value, but sys_open always returns -1?

[duguhaotian]

i found reason, never return non-zero in parasite_daemon_cmd if nedd return open fd, we should use args return