LXR linux/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_bad

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * Copyright (C) 2019 ARM Limited
   4 *
   5 * Place a fake sigframe on the stack including a bad record overflowing
   6 * the __reserved space: on sigreturn Kernel must spot this attempt and
   7 * the test case is expected to be terminated via SEGV.
   8 */
   9
  10#include <signal.h>
  11#include <ucontext.h>
  12
  13#include "test_signals_utils.h"
  14#include "testcases.h"
  15
  16struct fake_sigframe sf;
  17
  18#define MIN_SZ_ALIGN    16
  19
  20static int fake_sigreturn_bad_size_run(struct tdescr *td,
  21                                       siginfo_t *si, ucontext_t *uc)
  22{
  23        size_t resv_sz, need_sz, offset;
  24        struct _aarch64_ctx *shead = GET_SF_RESV_HEAD(sf), *head;
  25
  26        /* just to fill the ucontext_t with something real */
  27        if (!get_current_context(td, &sf.uc))
  28                return 1;
  29
  30        resv_sz = GET_SF_RESV_SIZE(sf);
  31        /* at least HDR_SZ + bad sized esr_context needed */
  32        need_sz = sizeof(struct esr_context) + HDR_SZ;
  33        head = get_starting_head(shead, need_sz, resv_sz, &offset);
  34        if (!head)
  35                return 0;
  36
  37        /*
  38         * Use an esr_context to build a fake header with a
  39         * size greater then the free __reserved area minus HDR_SZ;
  40         * using ESR_MAGIC here since it is not checked for size nor
  41         * is limited to one instance.
  42         *
  43         * At first inject an additional normal esr_context
  44         */
  45        head->magic = ESR_MAGIC;
  46        head->size = sizeof(struct esr_context);
  47        /* and terminate properly */
  48        write_terminator_record(GET_RESV_NEXT_HEAD(head));
  49        ASSERT_GOOD_CONTEXT(&sf.uc);
  50
  51        /*
  52         * now mess with fake esr_context size: leaving less space than
  53         * needed while keeping size value 16-aligned
  54         *
  55         * It must trigger a SEGV from Kernel on:
  56         *
  57         *      resv_sz - offset < sizeof(*head)
  58         */
  59        /* at first set the maximum good 16-aligned size */
  60        head->size = (resv_sz - offset - need_sz + MIN_SZ_ALIGN) & ~0xfUL;
  61        /* plus a bit more of 16-aligned sized stuff */
  62        head->size += MIN_SZ_ALIGN;
  63        /* and terminate properly */
  64        write_terminator_record(GET_RESV_NEXT_HEAD(head));
  65        ASSERT_BAD_CONTEXT(&sf.uc);
  66        fake_sigreturn(&sf, sizeof(sf), 0);
  67
  68        return 1;
  69}
  70
  71struct tdescr tde = {
  72                .name = "FAKE_SIGRETURN_BAD_SIZE",
  73                .descr = "Triggers a sigreturn with a overrun __reserved area",
  74                .sig_ok = SIGSEGV,
  75                .timeout = 3,
  76                .run = fake_sigreturn_bad_size_run,
  77};
  78