1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2018 Joyent, Inc.
14 */
15
16 #include <stdlib.h>
17 #include <ucontext.h>
18 #include <sys/wait.h>
19 #include <unistd.h>
20 #include <sys/regset.h>
21
22 /*
23 * Load a bunch of bad selectors into the seg regs: this will typically cause
24 * the child process to core dump, but it shouldn't panic the kernel...
25 *
26 * It's especially interesting to run this on CPU0.
27 */
28
29 unsigned short selector;
30
31 static void badds(void)
32 {
33 __asm__ volatile("movw %0, %%ds" : : "r" (selector));
34 }
35
36 static void bades(void)
37 {
38 __asm__ volatile("movw %0, %%es" : : "r" (selector));
39 }
40
100 static void
101 resetgs(void)
102 {
103 return (resetseg(GS));
104 }
105
106 static void
107 resetss(void)
108 {
109 return (resetseg(SS));
110 }
111
112 static void
113 inchild(void (*func)())
114 {
115 pid_t pid;
116
117 switch ((pid = fork())) {
118 case 0:
119 func();
120 exit(0);
121 case -1:
122 exit(1);
123 default:
124 (void) waitpid(pid, NULL, 0);
125 return;
126 }
127
128 }
129
130 int
131 main(int argc, char *argv[])
132 {
133 for (selector = 0; selector < 8194; selector++) {
134 inchild(resetcs);
135 inchild(resetds);
136 inchild(resetes);
137 inchild(resetfs);
138 inchild(resetgs);
139 inchild(resetss);
140 inchild(badds);
141 inchild(bades);
142 inchild(badfs);
143 inchild(badgs);
144 inchild(badss);
145 }
146
147 exit(0);
148 }
|
1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2019 Joyent, Inc.
14 */
15
16 #include <stdlib.h>
17 #include <ucontext.h>
18 #include <sys/wait.h>
19 #include <unistd.h>
20 #include <sys/regset.h>
21 #include <sys/resource.h>
22 #include <err.h>
23
24 /*
25 * Load a bunch of bad selectors into the seg regs: this will typically cause
26 * the child process to core dump, but it shouldn't panic the kernel...
27 *
28 * It's especially interesting to run this on CPU0.
29 */
30
31 unsigned short selector;
32
33 static void badds(void)
34 {
35 __asm__ volatile("movw %0, %%ds" : : "r" (selector));
36 }
37
38 static void bades(void)
39 {
40 __asm__ volatile("movw %0, %%es" : : "r" (selector));
41 }
42
102 static void
103 resetgs(void)
104 {
105 return (resetseg(GS));
106 }
107
108 static void
109 resetss(void)
110 {
111 return (resetseg(SS));
112 }
113
114 static void
115 inchild(void (*func)())
116 {
117 pid_t pid;
118
119 switch ((pid = fork())) {
120 case 0:
121 func();
122 exit(EXIT_SUCCESS);
123 case -1:
124 exit(EXIT_FAILURE);
125 default:
126 (void) waitpid(pid, NULL, 0);
127 return;
128 }
129
130 }
131
132 int
133 main(int argc, char *argv[])
134 {
135 struct rlimit rl = { 0, };
136
137 if (setrlimit(RLIMIT_CORE, &rl) != 0) {
138 err(EXIT_FAILURE, "failed to disable cores");
139 }
140
141 for (selector = 0; selector < 8194; selector++) {
142 inchild(resetcs);
143 inchild(resetds);
144 inchild(resetes);
145 inchild(resetfs);
146 inchild(resetgs);
147 inchild(resetss);
148 inchild(badds);
149 inchild(bades);
150 inchild(badfs);
151 inchild(badgs);
152 inchild(badss);
153 }
154
155 exit(EXIT_SUCCESS);
156 }
|