From 402e7b56053312f4e96737ee7cd82395c998f00f Mon Sep 17 00:00:00 2001
From: Robert Morris <rtm@csail.mit.edu>
Date: Fri, 20 Sep 2019 09:41:03 -0400
Subject: fix a potential kernel crash add a regression test for it

---
 user/usertests.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'user')

diff --git a/user/usertests.c b/user/usertests.c
index 0042fe7..7da62d1 100644
--- a/user/usertests.c
+++ b/user/usertests.c
@@ -1908,6 +1908,18 @@ stacktest(char *s)
     exit(xstatus);
 }
 
+// copyinstr() used to cast the virtual page address to uint,
+// which (with certain wild system call arguments) could
+// result in a kernel page fault.
+void
+pgbug(char *s)
+{
+  char *argv[1];
+  argv[0] = 0;
+  exec((char*)0xeaeb0b5b00002f5e, argv);
+  exit(0);
+}
+
 // run each test in its own process. run returns 1 if child's exit()
 // indicates success.
 int
@@ -1945,6 +1957,7 @@ main(int argc, char *argv[])
     void (*f)(char *);
     char *s;
   } tests[] = {
+    {pgbug, "pgbug" },
     {reparent, "reparent" },
     {twochildren, "twochildren"},
     {forkfork, "forkfork"},
-- 
cgit v1.2.3