diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2023-10-03 19:18:43 +0300 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2023-10-03 21:00:45 +0200 |
| commit | 802e87cc464613441f9098ebf940b1895fe3f5e5 (patch) | |
| tree | 2e74a489c2382bf02bcd18723a7cd9cf928536e0 /arch/x86 | |
| parent | bfb32e2008e278507bd93bff91662422d9cda9da (diff) | |
selftests/x86/mm: Add new test that userspace stack is in fact NX
Here is how it works:
* fault and fill the stack from RSP with INT3 down until rlimit allows,
* fill upwards with INT3 too, overwrite libc stuff, argv, envp,
* try to exec INT3 on each page and catch it in either SIGSEGV or
SIGTRAP handler.
Note: trying to execute _every_ INT3 on a 8 MiB stack takes 30-40 seconds
even on fast machine which is too much for kernel selftesting
(not for LTP!) so only 1 INT3 per page is tried.
Tested on F37 kernel and on a custom kernel which does:
vm_flags |= VM_EXEC;
to stack VMA.
Report from the buggy kernel:
$ ./nx_stack_32
stack min ff007000
stack max ff807000
FAIL executable page on the stack: eip ff806001
$ ./nx_stack_64
stack min 7ffe65bb0000
stack max 7ffe663b0000
FAIL executable page on the stack: rip 7ffe663af001
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/4cef8266-ad6d-48af-a5f1-fc2b6a8eb422@p183
Diffstat (limited to 'arch/x86')
0 files changed, 0 insertions, 0 deletions