From 692d8a6e54ab10064838de60bd67206c7f1275ec Mon Sep 17 00:00:00 2001 From: Eugene Syromyatnikov Date: Mon, 8 Jan 2018 18:46:32 +0100 Subject: [PATCH] tests: check decoding of modify_ldt with for 4-byte-available user_desc Since there is possibility now that strace read only entry_number field of the user_desc struct, let's check that it doesn't do it with modify_ldt syscall. * tests/modify_ldt.c (main): Add 4-byte-sized tail_alloc'ed variable. Try to provide it as an argument to modify_ldt. --- tests/modify_ldt.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/modify_ldt.c b/tests/modify_ldt.c index fb8d453b..1e26bda4 100644 --- a/tests/modify_ldt.c +++ b/tests/modify_ldt.c @@ -68,6 +68,7 @@ main(void) (kernel_ulong_t) 0xdeadfacefa57beefULL; struct user_desc *us = tail_alloc(sizeof(*us)); + unsigned int *bogus_int = tail_alloc(sizeof(*bogus_int)); long rc; fill_memory(us, sizeof(*us)); @@ -97,6 +98,16 @@ main(void) (int) bogus_func, us + 1, sizeof(*us)); printrc(rc); + /* + * print_user_desc handles entry_number field in a special way for + * get_thread_area syscall, so let's also check here that we don't + * retrieve it accidentally. + */ + rc = syscall(__NR_modify_ldt, bogus_func, bogus_int, sizeof(*us)); + printf("modify_ldt(%d, %p, %zu) = ", + (int) bogus_func, bogus_int, sizeof(*us)); + printrc(rc); + rc = syscall(__NR_modify_ldt, bogus_func, us, sizeof(*us)); printf("modify_ldt(%d, ", (int) bogus_func); print_user_desc(us, NULL); -- 2.40.0