mirror of
https://github.com/RGBCube/serenity
synced 2025-05-30 22:28:12 +00:00
f598bbbb1d
All threads were running with iomapbase=0 in their TSS, which the CPU interprets as "there's an I/O permission bitmap starting at offset 0 into my TSS". Because of that, any bits that were 1 inside the TSS would allow the thread to execute I/O instructions on the port with that bit index. Fix this by always setting the iomapbase to sizeof(TSS32), and also setting the TSS descriptor's limit to sizeof(TSS32), effectively making the I/O permissions bitmap zero-length. This should make it no longer possible to do I/O from userspace. :^)
1.5 KiB
1.5 KiB
Name
crash - intentionally perform an illegal operation
Synopsis
$ crash [options]
Description
This program is used to test how the Serenity kernel handles userspace crashes, and can be used to simulate many different kinds of crashes.
Options
-A: Test that all of the following crashes crash as intended.-s: Perform a segmentation violation by dereferencing an invalid pointer.-d: Perform a division by zero.-i: Execute an illegal CPU instruction.-a: Callabort().-m: Read a pointer from uninitialized memory, then read from it.-f: Read a pointer from memory freed usingfree(), then read from it.-M: Read a pointer from uninitialized memory, then write to it.-F: Read a pointer from memory freed usingfree(), then write to it.-r: Write to read-only memory.-T: Make a syscall while using an invalid stack pointer.-t: Trigger a page fault while using an invalid stack pointer.-S: Make a syscall from writeable memory.-x: Read from recently freed memory. (Tests an opportunistic malloc guard.)-y: Write to recently freed memory. (Tests an opportunistic malloc guard.)-X: Attempt to execute non-executable memory. (Not mapped with PROT_EXEC.)-U: Attempt to trigger an x86 User Mode Instruction Prevention fault.-I: Use an x86 I/O instruction in userspace.
Examples
$ crash -F
Testing: "Write to freed memory"
Shell: crash(33) exitied due to signal "Segmentation violation"