On Thu, Jun 13, 2019 at 12:13:25PM +0100, Cristian Marussi wrote:
> Added a simple mangle testcase which messes with the ucontext_t
> from within the sig_handler, trying to badly modify and misalign the SP.
> Expects SIGBUS on test PASS.
>
> Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx>
> ---
> .../arm64/signal/testcases/.gitignore | 1 +
> .../signal/testcases/mangle_sp_misaligned.c | 24 +++++++++++++++++++
> 2 files changed, 25 insertions(+)
> create mode 100644 tools/testing/selftests/arm64/signal/testcases/.gitignore
> create mode 100644 tools/testing/selftests/arm64/signal/testcases/mangle_sp_misaligned.c
>
> diff --git a/tools/testing/selftests/arm64/signal/testcases/.gitignore b/tools/testing/selftests/arm64/signal/testcases/.gitignore
> new file mode 100644
> index 000000000000..7f7414d241f2
> --- /dev/null
> +++ b/tools/testing/selftests/arm64/signal/testcases/.gitignore
> @@ -0,0 +1 @@
> +mangle_sp_misaligned
> diff --git a/tools/testing/selftests/arm64/signal/testcases/mangle_sp_misaligned.c b/tools/testing/selftests/arm64/signal/testcases/mangle_sp_misaligned.c
> new file mode 100644
> index 000000000000..41bd27312e54
> --- /dev/null
> +++ b/tools/testing/selftests/arm64/signal/testcases/mangle_sp_misaligned.c
> @@ -0,0 +1,24 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/* Copyright (C) 2019 ARM Limited */
> +
> +#include "test_signals_utils.h"
> +#include "testcases.h"
> +
> +static int mangle_misaligned_sp_run(struct tdescr *td, siginfo_t *si,
> + ucontext_t *uc)
> +{
> + ASSERT_GOOD_CONTEXT(uc);
> +
> + uc->uc_mcontext.sp += 3;
What are we testing here?
It is archietcturally permitted (if unusual) to have a misaligned sp in
userspace.
So are we just getting a SIGBUS after the sigreturn, when the thread
tries to dereference sp? If so, we aren't really testing anything about
sigreturn here -- I don't see any check in the kernel when restoring sp
in sigreturn.
Even if there were no SIGBUS, the thread stack is now corrupt (due to
wrong sp), so the interrupted code is unlikely to continue running
successfully.
Am I missing something?
[...]
Cheers
---Dave
