xref: /openbsd-src/regress/sys/kern/stackpivot/pagefault/stackpivot.c (revision d1df930ffab53da22f3324c32bed7ac5709915e6) 
1 /*
2  * Copyright (c) 2018 Todd Mortimer <mortimer@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <stdint.h>
20 
21 #include "../pivot.h"
22 
23 static size_t *realstack;
24 static char *scan;
25 static size_t scansize = UINT16_MAX;
26 
27 /* scan some memory crossing a page boundary */
28 size_t dowork() {
29     size_t b = 0;
30     size_t i;
31     for (i = 0; i < scansize; ++i)
32         b += *scan++;
33     return b;
34 }
35 
36 void doexit() {
37     exit(0);
38 }
39 
40 void unpivot() {
41     pivot(realstack);
42 }
43 
44 int main() {
45 
46     /* allocate some memory to scan */
47     scan = malloc(scansize);
48 
49     /* set up a rop chain on the real stack for syscalls */
50     size_t stack[10];
51     stack[0] = (size_t)doexit;
52     realstack = stack;
53 
54     /* set up a basic alt stack on the heap that does some work */
55     size_t *newstack = calloc(10, sizeof(size_t));
56     newstack[0] = (size_t)dowork;
57     newstack[1] = (size_t)unpivot;
58     pivot(newstack);
59     return 0;
60 }
61