1 /* $NetBSD: t_sig_backtrace.c,v 1.6 2022/07/25 22:43:01 riastradh Exp $ */ 2 3 /*- 4 * Copyright (c) 2021 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __RCSID("$NetBSD: t_sig_backtrace.c,v 1.6 2022/07/25 22:43:01 riastradh Exp $"); 34 35 #include <sys/mman.h> 36 #include <execinfo.h> 37 #include <setjmp.h> 38 #include <stdbool.h> 39 #include <signal.h> 40 #include <stdio.h> 41 #include <stddef.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <unistd.h> 45 46 #include <atf-c.h> 47 48 stack_t sig_stack; 49 50 char *foo; 51 char *(*bar)(void); 52 53 static int the_loop_deref(int); 54 static int the_loop_jump(int); 55 56 #ifdef NOINLINE_HACK 57 volatile int noinline; 58 #endif 59 60 static int __noinline 61 func1(int i) 62 { 63 if (i > 100) { 64 return the_loop_deref(i); 65 } 66 return i + 1; 67 } 68 69 static int __noinline 70 func2(int i) 71 { 72 return func1(i) << 1; 73 } 74 75 static int __noinline 76 func3(int i) 77 { 78 if (func1(i) < 10) { 79 return func2(i); 80 } else { 81 return func1(i); 82 } 83 } 84 85 static int __noinline 86 the_loop_deref(int i0) 87 { 88 volatile int i = i0; 89 90 while (*foo != 0) { 91 i = func3(i); 92 i = func1(i); 93 i = func2(i); 94 } 95 96 #ifdef NOINLINE_HACK 97 if (noinline) 98 vfork(); 99 #endif 100 101 return i; 102 } 103 104 static int __noinline 105 the_loop_jump(int i0) 106 { 107 volatile int i = i0; 108 109 while ((*bar)() != 0) { 110 i = func3(i); 111 i = func1(i); 112 i = func2(i); 113 } 114 115 #ifdef NOINLINE_HACK 116 if (noinline) 117 vfork(); 118 #endif 119 120 return i; 121 } 122 123 jmp_buf env; 124 125 static void 126 handler(int s) 127 { 128 printf("signal: %d\n", s); 129 130 void *array[10]; 131 size_t size = backtrace(array, 10); 132 ATF_REQUIRE(size != 0); 133 134 printf("Backtrace %zd stack frames.\n", size); 135 backtrace_symbols_fd(array, size, STDOUT_FILENO); 136 137 char **strings = backtrace_symbols_fmt(array, size, "%n"); 138 bool found_handler = false; 139 bool found_sigtramp = false; 140 bool found_the_loop = false; 141 bool found_main = false; 142 size_t i; 143 144 /* 145 * We must find the symbols in the following order: 146 * 147 * handler -> __sigtramp_siginfo_* -> the_loop -> main 148 */ 149 for (i = 0; i < size; i++) { 150 if (!found_handler && 151 strcmp(strings[i], "handler") == 0) { 152 found_handler = true; 153 continue; 154 } 155 if (found_handler && !found_sigtramp && 156 strncmp(strings[i], "__sigtramp_siginfo_", 157 strlen("__sigtramp_siginfo_")) == 0) { 158 found_sigtramp = true; 159 continue; 160 } 161 if (found_sigtramp && !found_the_loop && 162 strncmp(strings[i], "the_loop", strlen("the_loop")) == 0) { 163 found_the_loop = true; 164 continue; 165 } 166 if (found_the_loop && !found_main && 167 strcmp(strings[i], "atf_tp_main") == 0) { 168 found_main = true; 169 break; 170 } 171 } 172 173 ATF_REQUIRE(found_handler); 174 ATF_REQUIRE(found_sigtramp); 175 ATF_REQUIRE(found_the_loop); 176 ATF_REQUIRE(found_main); 177 178 longjmp(env, 1); 179 } 180 181 ATF_TC(sig_backtrace_deref); 182 ATF_TC_HEAD(sig_backtrace_deref, tc) 183 { 184 atf_tc_set_md_var(tc, "descr", 185 "Test backtrace(3) across signal handlers, null pointer deref"); 186 } 187 188 ATF_TC_BODY(sig_backtrace_deref, tc) 189 { 190 sig_stack.ss_sp = mmap(NULL, SIGSTKSZ, PROT_READ | PROT_WRITE, 191 MAP_ANON | MAP_STACK, -1, 0); 192 ATF_REQUIRE(sig_stack.ss_sp != MAP_FAILED); 193 194 sig_stack.ss_size = SIGSTKSZ; 195 sig_stack.ss_flags = 0; 196 ATF_REQUIRE(sigaltstack(&sig_stack, NULL) == 0); 197 198 struct sigaction sa = { 199 .sa_handler = handler, 200 .sa_flags = SA_ONSTACK, 201 }; 202 ATF_REQUIRE(sigaction(SIGSEGV, &sa, NULL) == 0); 203 204 if (setjmp(env) == 0) { 205 printf("%d\n", the_loop_deref(0)); 206 } 207 } 208 209 ATF_TC(sig_backtrace_jump); 210 ATF_TC_HEAD(sig_backtrace_jump, tc) 211 { 212 atf_tc_set_md_var(tc, "descr", 213 "Test backtrace(3) across signal handlers, null pointer jump"); 214 } 215 216 ATF_TC_BODY(sig_backtrace_jump, tc) 217 { 218 sig_stack.ss_sp = mmap(NULL, SIGSTKSZ, PROT_READ | PROT_WRITE, 219 MAP_ANON | MAP_STACK, -1, 0); 220 ATF_REQUIRE(sig_stack.ss_sp != MAP_FAILED); 221 222 sig_stack.ss_size = SIGSTKSZ; 223 sig_stack.ss_flags = 0; 224 ATF_REQUIRE(sigaltstack(&sig_stack, NULL) == 0); 225 226 struct sigaction sa = { 227 .sa_handler = handler, 228 .sa_flags = SA_ONSTACK, 229 }; 230 ATF_REQUIRE(sigaction(SIGSEGV, &sa, NULL) == 0); 231 232 atf_tc_expect_fail("PR lib/56940"); 233 234 if (setjmp(env) == 0) { 235 printf("%d\n", the_loop_jump(0)); 236 } 237 } 238 239 ATF_TP_ADD_TCS(tp) 240 { 241 ATF_TP_ADD_TC(tp, sig_backtrace_deref); 242 ATF_TP_ADD_TC(tp, sig_backtrace_jump); 243 244 return atf_no_error(); 245 } 246