diff options
| author |   mortimer <mortimer@openbsd.org> | 2018-04-13 20:05:04 +0000 |
|---|---|---|
| committer | mortimer <mortimer@openbsd.org> | 2018-04-13 20:05:04 +0000 |
| commit | 897fc685943471cf985a0fe38ba076ea6fe74fa5 (patch) | |
| tree | 2ec905ca066ebe4823fd4681fa444fee66d251a8 /regress/sys/kern/stackpivot/pagefault/stackpivot.c | |
| parent | Use TIOCGWINSZ to reduce the default -Owidth during interactive use (diff) | |
| download | wireguard-openbsd-897fc685943471cf985a0fe38ba076ea6fe74fa5.tar.xz wireguard-openbsd-897fc685943471cf985a0fe38ba076ea6fe74fa5.zip | |
Add a test for stack pivots that trigger page faults.
"Regress is always open for commits" @deraadt
Diffstat (limited to 'regress/sys/kern/stackpivot/pagefault/stackpivot.c')
| -rw-r--r-- | regress/sys/kern/stackpivot/pagefault/stackpivot.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/regress/sys/kern/stackpivot/pagefault/stackpivot.c b/regress/sys/kern/stackpivot/pagefault/stackpivot.c new file mode 100644 index 00000000000..0d31e43f840 --- /dev/null +++ b/regress/sys/kern/stackpivot/pagefault/stackpivot.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2018 Todd Mortimer <mortimer@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> + +#include "../pivot.h" + +static size_t *realstack; +static char *scan; +static size_t scansize = UINT16_MAX; + +/* scan some memory crossing a page boundary */ +size_t dowork() { + size_t b = 0; + size_t i; + for (i = 0; i < scansize; ++i) + b += *scan++; + return b; +} + +void doexit() { + exit(0); +} + +void unpivot() { + pivot(realstack); +} + +int main() { + + /* allocate some memory to scan */ + scan = malloc(scansize); + + /* set up a rop chain on the real stack for syscalls */ + size_t stack[10]; + stack[0] = (size_t)doexit; + realstack = stack; + + /* set up a basic alt stack on the heap that does some work */ + size_t *newstack = calloc(10, sizeof(size_t)); + newstack[0] = (size_t)dowork; + newstack[1] = (size_t)unpivot; + pivot(newstack); + return 0; +} |