diff options
| author |   mortimer <mortimer@openbsd.org> | 2018-04-09 01:17:46 +0000 |
|---|---|---|
| committer | mortimer <mortimer@openbsd.org> | 2018-04-09 01:17:46 +0000 |
| commit | 1659892692948750c9f9f7076693a02717f947d6 (patch) | |
| tree | 2b30a9844d2552c3614f7f883610185e56f67bda | |
| parent | Move slaacd from ramdisk to bsd.rd, found out the hard way. (diff) | |
| download | wireguard-openbsd-1659892692948750c9f9f7076693a02717f947d6.tar.xz wireguard-openbsd-1659892692948750c9f9f7076693a02717f947d6.zip | |
Add regress test for stack pivot mitigation
ok @deraadt
| -rw-r--r-- | regress/sys/kern/stackpivot/Makefile | 18 | ||||
| -rw-r--r-- | regress/sys/kern/stackpivot/stackpivot.c | 39 |
2 files changed, 57 insertions, 0 deletions
diff --git a/regress/sys/kern/stackpivot/Makefile b/regress/sys/kern/stackpivot/Makefile new file mode 100644 index 00000000000..f09897c049f --- /dev/null +++ b/regress/sys/kern/stackpivot/Makefile @@ -0,0 +1,18 @@ + +PROG= stackpivot + +run-regress-${PROG}: ${PROG} + rm -f ./${PROG}.core + if ./${PROG}; then false; else true; fi + if [ ! -e ./${PROG}.core ]; then echo "No coredump"; false; fi + +.if ${MACHINE} != "amd64" && \ + ${MACHINE} != "i386" +REGRESS_TARGETS=run-regress-skiparch +run-regress-skiparch: + # Need stack pivot asm for this arch + @echo SKIPPED +.endif + + +.include <bsd.regress.mk> diff --git a/regress/sys/kern/stackpivot/stackpivot.c b/regress/sys/kern/stackpivot/stackpivot.c new file mode 100644 index 00000000000..a5fae8c8321 --- /dev/null +++ b/regress/sys/kern/stackpivot/stackpivot.c @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2018 Todd Mortimer <mortimer@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdio.h> +#include <stdlib.h> + +void pivot(size_t *newstack) { +#if defined(__amd64__) + asm("mov %0, %%rsp; retq;" ::"r"(newstack)); +#elif defined(__i386__) + asm("mov %0, %%esp; retl;" ::"r"(newstack)); +#endif +} + +void doexit() { + exit(0); +} + +int main() { + size_t *newstack = calloc(10, sizeof(size_t)); + /* set up a basic alt stack on the heap that just calls doexit */ + newstack[0] = (size_t)doexit; + /* program should be killed in this function call */ + pivot(newstack); + return 0; +} |