sigreturn: Explicitly test #SS from a non-espfix stack

Signed-off-by: Andy Lutomirski <luto@amacapital.net>

1 files changed, 26 insertions, 2 deletions

diff --git a/sigreturn.c b/sigreturn.c
index 89ede32..9979764 100644
--- a/sigreturn.c
+++ b/sigreturn.c
@@ -25,7 +25,7 @@ struct selectors {
 
 static bool has_code16, has_data16, has_npcode32, has_npdata32;
 
-static int gdt_data16_idx;
+static int gdt_data16_idx, gdt_npdata32_idx;
 
 static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *),
 		       int flags)
@@ -151,6 +151,26 @@ static void setup_ldt(void)
 	} else {
 		printf("[OK]\tset_thread_area refused 16-bit data\n");
 	}
+
+	struct user_desc gdt_npdata32_desc = {
+		.entry_number    = -1,
+		.base_addr       = (unsigned long)stack16,
+		.limit           = 0xffff,
+		.seg_32bit       = 1,
+		.contents        = 0, /* Data, grow-up */
+		.read_exec_only  = 0,
+		.limit_in_pages  = 0,
+		.seg_not_present = 1,
+		.useable         = 0
+	};
+
+	if (syscall(SYS_set_thread_area, &gdt_npdata32_desc) == 0) {
+		printf("[WARN]\tset_thread_area allocated npdata32 at index %d\n",
+		       gdt_npdata32_desc.entry_number);
+		gdt_npdata32_idx = gdt_npdata32_desc.entry_number;
+	} else {
+		printf("[OK]\tset_thread_area refused 16-bit data\n");
+	}
 }
 
 static gregset_t initial_regs, requested_regs, resulting_regs;
@@ -487,8 +507,12 @@ int main()
 	/* IRET will fail with #NP */
 	test_bad_iret(32, my_ss, (3 << 3) | 7);
 
-	/* IRET will fail with #SS */
+	/* IRET will fail with #SS on the espfix stack */
 	test_bad_iret(32, (4 << 3) | 7, -1);
 
+	/* IRET will fail with #SS on the normal stack */
+	if (gdt_npdata32_idx)
+		test_bad_iret(32, (gdt_npdata32_idx << 3) | 3, -1);
+
 	return total_nerrs ? 1 : 0;
 }