Re: [PATCH 12/13] kselftest: arm64: fake_sigreturn_bad_size_for_magic0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

On 6/21/19 11:36 AM, Dave Martin wrote:
On Thu, Jun 13, 2019 at 12:13:34PM +0100, Cristian Marussi wrote:
Added a simple fake_sigreturn testcase which builds a ucontext_t
with a badly sized magic0 header and place it onto the stack.
Expects a SIGSEGV on test PASS.

Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx>
---
  .../arm64/signal/testcases/.gitignore         |  1 +
  .../fake_sigreturn_bad_size_for_magic0.c      | 44 +++++++++++++++++++
  2 files changed, 45 insertions(+)
  create mode 100644 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_bad_size_for_magic0.c

diff --git a/tools/testing/selftests/arm64/signal/testcases/.gitignore b/tools/testing/selftests/arm64/signal/testcases/.gitignore
index 9ad1735e0018..66ba865b3b7e 100644
--- a/tools/testing/selftests/arm64/signal/testcases/.gitignore
+++ b/tools/testing/selftests/arm64/signal/testcases/.gitignore
@@ -9,3 +9,4 @@ mangle_pstate_ssbs_regs
  fake_sigreturn_misaligned
  fake_sigreturn_bad_magic
  fake_sigreturn_bad_size
+fake_sigreturn_bad_size_for_magic0
diff --git a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_bad_size_for_magic0.c b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_bad_size_for_magic0.c
new file mode 100644
index 000000000000..703909959473
--- /dev/null
+++ b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_bad_size_for_magic0.c
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* Copyright (C) 2019 ARM Limited */
+
+#include <asm/sigcontext.h>
+#include <ucontext.h>
+#include <stdio.h>
+
+#include "test_signals_utils.h"
+#include "testcases.h"
+
+struct a_sigframe sf;
+
+static int fake_sigreturn_bad_size_for_magic0_run(struct tdescr *td,
+						  siginfo_t *si, ucontext_t *uc)
+{
+	struct _aarch64_ctx *head = GET_SF_RESV_HEAD(sf);
+
+	/* just to fill the ucontext_t with something real */
+	if (!get_current_context(td, &sf.uc))
+		return 1;
+
+	/*
+	 * Jump to the free slot...we must preserve existing
+	 * magics like fpsimd in order no to SEGV anyway
+	 */
+	head = get_terminator(head, GET_SF_RESV_SIZE(sf), NULL);
+	if (head) {
+		head->magic = 0;
+		head->size = 256;

What if this overruns the signal frame?  We want to know that the kernel
is rejecting the terminator because its size is wrong, not because the
size overruns the frame or is invalid is some other way.

For example, if the kernel code were refactored to check that the record
fits in the frame first, before looking at the magic, then this test
could pass for the wrong reason.


Right. Fixed in V2 to account of available space and avoding overrun (throwing away EXTRA if neeeded): moreover bad size is now 16 aligned to avoid crashing out in size % 16 chcecks

Thanks

Cristian

[...]

Cheers
---Dave




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux