Tests/UserspaceEmulator/ue-write-oob.cpp at master

jcs.org / serenity
fork atom
Serenity Operating System
fork atom
serenity / Tests / UserspaceEmulator / ue-write-oob.cpp
at master 79 lines 2.7 kB view raw
wrap content
Ben Wiederhake Everywhere: Remove unused includes of LibC/stdlib.h 3y ago
6b7ce191
 1/*
 2 * Copyright (c) 2021, Ben Wiederhake <BenWiederhake.GitHub@gmx.de>
 3 *
 4 * SPDX-License-Identifier: BSD-2-Clause
 5 */
 6
 7#include <AK/Assertions.h>
 8#include <LibCore/ArgsParser.h>
 9#include <stdint.h>
10#include <stdio.h>
11#include <sys/mman.h>
12
13static void write8(void* ptr) { *(uint8_t volatile*)ptr = 1; }
14static void write16(void* ptr) { *(uint16_t volatile*)ptr = 1; }
15static void write32(void* ptr) { *(uint32_t volatile*)ptr = 1; }
16static void write64(void* ptr) { *(double volatile*)ptr = 1.0; }
17// A u64 write might be translated by the compiler as a 32-then-32-bit write:
18// static void write64_bad(void* ptr) { *(volatile uint64_t*)ptr = 1.0; }
19// Let's hope this won't be translated like that.
20// Godbolt says yes: https://godbolt.org/z/1b9WGo
21
22static void run_test(void* region, ssize_t offset, size_t bits)
23{
24    void* ptr = (char*)region + offset;
25    printf("Writing to %p\n", ptr);
26    switch (bits) {
27    case 8:
28        write8(ptr);
29        break;
30    case 16:
31        write16(ptr);
32        break;
33    case 32:
34        write32(ptr);
35        break;
36    case 64:
37        write64(ptr);
38        break;
39    default:
40        VERIFY_NOT_REACHED();
41    }
42}
43
44int main(int argc, char** argv)
45{
46    bool do_static = false;
47    int size = 10 * PAGE_SIZE;
48    int offset = 10 * PAGE_SIZE - 1;
49    int bits = 16;
50
51    auto args_parser = Core::ArgsParser();
52    args_parser.set_general_help(
53        "Access out of bounds memory; a great testcase for UserEmulator.");
54    args_parser.add_option(do_static, "Use a static region instead of an mmap'ed region. Fixes 'size' to 10*PAGESIZE = 40960. (Default: false)", "static", 'S');
55    args_parser.add_option(size, "The size of the region to allocate. (Default: 10*PAGESIZE = 40960)", "size", 's', "size");
56    args_parser.add_option(offset, "The signed offset at which to start writing. (Default: 10*PAGESIZE-1 = 40959)", "offset", 'o', "offset");
57    args_parser.add_option(bits, "Amount of bits to write in a single instruction. (Default: 16)", "bits", 'b', "bits");
58    args_parser.parse(argc, argv);
59
60    if (do_static)
61        size = 10 * PAGE_SIZE;
62
63    printf("Writing %d bits to %s region of size %d at offset %d.\n",
64        bits, do_static ? "static" : "MMAP", size, offset);
65
66    if (do_static) {
67        // Let's just hope the linker puts nothing after it!
68        static unsigned char region[PAGE_SIZE * 10] = { 0 };
69
70        run_test(region, offset, 64);
71    } else {
72        void* region = mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
73        VERIFY(region);
74        run_test(region, offset, bits);
75    }
76
77    printf("FAIL (should have caused SIGSEGV)\n");
78    return 1;
79}