From cef1b57d4a97f15e9858804e368f7928b579b88e Mon Sep 17 00:00:00 2001 From: Frans Kaashoek Date: Mon, 15 Aug 2022 19:02:19 -0400 Subject: Compile user binary to map text without W and data without X Use the flags in elf header to set vm permissions Modify pgbug() so that usertests text segment is without W Add test to check app cannot write text segment --- user/usertests.c | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'user/usertests.c') diff --git a/user/usertests.c b/user/usertests.c index aec19dd..0a84ef9 100644 --- a/user/usertests.c +++ b/user/usertests.c @@ -2508,17 +2508,40 @@ stacktest(char *s) exit(xstatus); } +// check that writes to text segment fault +void +texttest(char *s) +{ + int pid; + int xstatus; + + pid = fork(); + if(pid == 0) { + volatile int *addr = (int *) 0; + *addr = 10; + exit(1); + } else if(pid < 0){ + printf("%s: fork failed\n", s); + exit(1); + } + wait(&xstatus); + if(xstatus == -1) // kernel killed child? + exit(0); + else + exit(xstatus); +} + // regression test. copyin(), copyout(), and copyinstr() used to cast // the virtual page address to uint, which (with certain wild system // call arguments) resulted in a kernel page faults. +void *big = (void*) 0xeaeb0b5b00002f5e; void pgbug(char *s) { char *argv[1]; argv[0] = 0; - exec((char*)0xeaeb0b5b00002f5e, argv); - - pipe((int*)0xeaeb0b5b00002f5e); + exec(big, argv); + pipe(big); exit(0); } @@ -2607,6 +2630,7 @@ sbrklast(char *s) exit(1); } + // does sbrk handle signed int32 wrap-around with // negative arguments? void @@ -2617,6 +2641,7 @@ sbrk8000(char *s) *(top-1) = *(top-1) + 1; } + // regression test. does write() with an invalid buffer pointer cause // a block to be allocated for a file that is then not freed when the // file is deleted? if the kernel has this bug, it will panic: balloc: -- cgit v1.2.3