Cleanup smc-shared, add remap, segfault, smc-fd

2025-02-17 04:59:15 +00:00 · 2022-04-04 20:02:01 +03:00 · 2022-04-04 20:02:01 +03:00 · 52d479380d
commit 52d479380d
parent f0c4d71088
11 changed files with 207 additions and 15 deletions
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/src/build.sh
+++ b/src/build.sh
@ -3,6 +3,9 @@ gcc smc.cpp -g -o ../smc-static -DEXECSTACK -DOMAGIC -static -Wl,--omagic -z exe
 gcc smc-2.cpp -g -o ../smc-2
 gcc smc-mt.cpp -g -o ../smc-mt -lpthread
 gcc smc-mt-2.cpp -g -o ../smc-mt-2 -lpthread
-gcc smc-shared.cpp -g -o ../smc-shared
-gcc smc-shared-2.cpp -g -o ../smc-shared-2
+gcc smc-shared.cpp -g -o ../smc-shared -lrt
+gcc smc-shared-2.cpp -g -o ../smc-shared-2 -lrt
 gcc shmid.cpp -g -o ../shmid
+gcc segfault.cpp -g -o ../segfault
+gcc mremap.cpp -g -o ../mremap
+gcc smc-fd.cpp -g -o ../smc-fd
--- a/src/mremap.cpp
+++ b/src/mremap.cpp
@ -0,0 +1,75 @@
+#include <sys/mman.h>
+#include <cstdio>
+#include <cstdint>
+#include <sys/shm.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <sys/wait.h>
+
+void test(char* code, char* codeexec, const char* name) {
+	assert(code != codeexec);
+	code[0] = 0xB8;
+	code[1] = 0xAA;
+	code[2] = 0xBB;
+	code[3] = 0xCC;
+	code[4] = 0xDD;
+
+	code[5] = 0xC3;
+
+	auto fn = (int(*)())codeexec;
+	auto e1 = fn();
+	code[3]=0xFE;
+	auto e2 = fn();
+
+	printf("%s-1: %X, %s\n", name, e1, e1 != 0xDDCCBBAA? "FAIL" : "PASS");
+	printf("%s-2: %X, %s\n", name, e2, e2 != 0xDDFEBBAA? "FAIL" : "PASS");
+}
+
+int main() {
+
+	{
+		// mremap of existing mapping needs continious map
+		auto code = (char*) mmap(0, 8192, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_ANON, 0, 0);
+		munmap(code+4096, 4096);
+		mmap(code+4096, 4096, PROT_NONE, MAP_PRIVATE | MAP_ANON, 0, 0);
+
+		auto code2 = (char*) mremap(code, 8192, 8192*2, MREMAP_MAYMOVE);
+		printf("mmap+mmap + resize: %p, %p, pass: %d\n", code, code2, code != MAP_FAILED && code2 == MAP_FAILED);
+	}
+
+	{
+		// mremap of existing mapping needs continious map
+		auto code = (char*) mmap(0, 8192, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_ANON, 0, 0);
+		mprotect(code+4096, 4096, PROT_READ);
+
+		auto code2 = (char*) mremap(code, 8192, 8192*2, MREMAP_MAYMOVE);
+		printf("mmap+mprotect + resize: %p, %p, pass: %d\n", code, code2, code != MAP_FAILED && code2 == MAP_FAILED);
+	}
+	{
+		// mremap of existing mapping needs continious map
+		auto code = (char*) mmap(0, 8192, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_ANON, 0, 0);
+		mprotect(code+4096, 4096, PROT_READ);
+		mprotect(code+4096, 4096, PROT_READ | PROT_WRITE | PROT_EXEC);
+
+		auto code2 = (char*) mremap(code, 8192, 8192*2, MREMAP_MAYMOVE);
+		printf("mmap+mprotect+mprotect + resize: %p, %p, pass: %d\n", code, code2, code != MAP_FAILED && code2 != MAP_FAILED);
+	}
+
+	{
+		// mremap with mirror uses first page only
+		auto code = (char*) mmap(0, 8192, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_ANON, 0, 0);
+		munmap(code+4096, 4096);
+		mmap(code+4096, 4096, PROT_READ, MAP_PRIVATE | MAP_ANON, 0, 0);
+
+		auto code2 = (char*) mremap(code, 0, 8192*2, MREMAP_MAYMOVE);
+		code[0] = 192;
+		code2[4096]=193;
+		bool ok = code[0] == code2[0] && code[4096] != code2[4096];
+		printf("mmap+mmap + mirror: %p, %p, pass: %d\n", code, code2, code != MAP_FAILED && code2 != MAP_FAILED && ok);
+	}
+
+	getchar();
+	return 0;
+}
--- a/src/segfault.cpp
+++ b/src/segfault.cpp
@ -0,0 +1,27 @@
+#include <sys/mman.h>
+#include <cstdio>
+#include <cstdint>
+#include <signal.h>
+#include <string.h>
+
+void sighandler(int signum, siginfo_t *siginfo, void *context)
+{
+	printf("SIG: %d, si_addr: %p\n", signum, siginfo->si_addr);
+	mprotect(siginfo->si_addr, 4096, PROT_READ | PROT_WRITE);
+}
+
+int main() {
+
+	struct sigaction sa;
+	memset(&sa, 0x00, sizeof(sa));
+
+	sa.sa_flags = SA_SIGINFO;
+	sa.sa_sigaction = sighandler;
+	sigaction(SIGSEGV, &sa, NULL);
+
+	auto data = (char*) mmap(0, 8192, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANON, 0, 0);
+	printf("page one: %p, page two: %p\n", data, data+4096);
+	mprotect(data + 4096, 4096, PROT_NONE);
+	*(int*)(data + 4094) = 0x12345678;
+	return 0;
+}
--- a/src/smc-fd.cpp
+++ b/src/smc-fd.cpp
@ -0,0 +1,67 @@
+#include <sys/mman.h>
+#include <cstdio>
+#include <cstdint>
+#include <sys/shm.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <sys/wait.h>
+
+void test(char* codeexec, int fd, const char* name) {
+	char code[6];
+	code[0] = 0xB8;
+	code[1] = 0xAA;
+	code[2] = 0xBB;
+	code[3] = 0xCC;
+	code[4] = 0xDD;
+
+	code[5] = 0xC3;
+
+	write(fd, code, 6);
+
+	auto fn = (int(*)())codeexec;
+	auto e1 = fn();
+	lseek(fd, 3, SEEK_SET);
+	code[0]=0xFE;
+	write(fd, code, 1);
+	auto e2 = fn();
+
+	printf("%s-1: %X, %s\n", name, e1, e1 != 0xDDCCBBAA? "FAIL" : "PASS");
+	printf("%s-2: %X, %s\n", name, e2, e2 != 0xDDFEBBAA? "FAIL" : "PASS");
+}
+
+int main() {
+	{
+		char file[] = "smc-tests.XXXXXXXX";
+		int fd = mkstemp(file);
+		unlink(file);
+		ftruncate(fd, 4096);
+
+		auto code = (char*) mmap(0, 4096, PROT_READ | PROT_EXEC, MAP_SHARED, fd, 0);
+		test(code, fd, "mmap_shared+fd");
+	}
+
+	{
+		char file[] = "smc-tests.XXXXXXXX";
+		int fd = mkstemp(file);
+		unlink(file);
+		ftruncate(fd, 4096);
+
+		auto code = (char*) mmap(0, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, fd, 0);
+		test(code, fd, "mmap_private+fd");
+	}
+
+	{
+                char file[] = "smc-tests.XXXXXXXX";
+                int fd = mkstemp(file);
+                int fd2 = open(file, O_RDONLY);
+                unlink(file);
+                ftruncate(fd, 4096);
+
+                auto code = (char*) mmap(0, 4096, PROT_READ | PROT_EXEC, MAP_SHARED, fd2, 0);
+		close(fd2);
+                test(code, fd, "mmap_shared+fd2");
+	}
+	return 0;
+}
--- a/src/smc-shared-2.cpp
+++ b/src/smc-shared-2.cpp
@ -7,6 +7,25 @@
 #include <sys/wait.h>

 void test(char* code, char* codeexec, const char* name) {
+        code[0] = 0xB8;
+        code[1] = 0xAA;
+        code[2] = 0xBB;
+        code[3] = 0xCC;
+        code[4] = 0xDD;
+
+        code[5] = 0xC3;
+
+        auto fn = (int(*)())codeexec;
+        auto e1 = fn();
+        code[3]=0xFE;
+        auto e2 = fn();
+
+        printf("%s-1: %X, %s\n", name, e1, e1 != 0xDDCCBBAA? "FAIL" : "PASS");
+        printf("%s-2: %X, %s\n", name, e2, e2 != 0xDDFEBBAA? "FAIL" : "PASS");
+}
+
+
+void test2(char* code, char* codeexec, const char* name) {
 	code[0] = 0xB8;
 	code[1] = 0xAA;
 	code[2] = 0xBB;
@ -62,14 +81,26 @@ int main() {
 	{
 		auto code = (char*) mmap(0, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_ANON, 0, 0);

-		test(code, code, "mmap+fork");
+		test2(code, code, "mmap+fork");
 	}

 	{
 		auto shm = shmget(IPC_PRIVATE, 4096, IPC_CREAT | 0777);
 		auto code = (char*)shmat(shm, nullptr, SHM_EXEC);
-		test(code, code, "shmat+fork");
+		test2(code, code, "shmat+fork");
 	}

+        {
+                auto shm = shmget(IPC_PRIVATE, 4096, IPC_CREAT | 0777);
+                auto code3 = (char*)shmat(shm, nullptr, 0);
+                if (fork() == 0) {
+                        auto code4 = (char*)shmat(shm, nullptr, SHM_EXEC);
+                        test(code3, code4, "fork+shmat (same shmid)");
+                } else {
+                        wait(NULL);
+                }
+        }
+
+
 	return 0;
 }
--- a/src/smc-shared.cpp
+++ b/src/smc-shared.cpp
@ -116,16 +116,5 @@ int main() {
 		test(code7, code8, "shm_open+mmap+mmap (fd, fd2)");
 	}

-	{
-		auto shm = shmget(IPC_PRIVATE, 4096, IPC_CREAT | 0777);
-		auto code3 = (char*)shmat(shm, nullptr, 0);
-		if (fork() == 0) {
-			auto code4 = (char*)shmat(shm, nullptr, SHM_EXEC);
-			test(code3, code4, "fork+shmat (same shmid)");
-		} else {
-			wait(NULL);
-		}
-	}
-
 	return 0;
 }