Test program demonstrating sys_clone() is broken on i386

Test program demonstrating sys_clone() is broken on i386

[Chuck Ebbert]

This program demonstrates sys_clone() is broken on i386 when
using vsyscall to enter the kernel.

Stock 2.6.15:

        $ gcc -o test_clone2.ex test_clone2.c ; ./test_clone2.ex
        SIGSEGV accessing 0x00000000 from EIP 0x00000000
        cloned; ret = 772

After applying kernel patch:

        $ gcc -o test_clone2.ex test_clone2.c ; ./test_clone2.ex
        cloned; ret = 0
        cloned; ret = 676

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>

#ifdef INT80
#  define SYSCALL_STR "int $0x80\n\t"
#else
#  define SYSCALL_STR "call 0xffffe400\n\t"
#endif

#define CLONE	120
#define FLAGS	0

unsigned long child_stack[4096] __attribute__((__aligned__(4096)));
unsigned long *child_stack_ptr = &child_stack[2047];
struct sigaction sa;
int ret;

static void handler(int nr, siginfo_t *si, void *vuc)
{
	struct ucontext *uc = (struct ucontext *)vuc;
	struct sigcontext *sc = (struct sigcontext *)&uc->uc_mcontext;

	printf("SIGSEGV accessing 0x%08x from EIP 0x%08x\n",
	       (unsigned long)si->si_addr, sc->eip);

	sa.sa_handler = SIG_DFL;
	sa.sa_flags = 0;
	sigaction(SIGSEGV, &sa, NULL);
}

int main(int argc, char * const argv[])
{
	sa.sa_sigaction = handler;
	sa.sa_flags = SA_SIGINFO;
	sigaction(SIGSEGV, &sa, NULL);

	asm volatile(
		SYSCALL_STR
		: "=a"(ret)
		: "a"(CLONE), "b"(FLAGS), "c"(child_stack_ptr)
		: "memory"
	);

	printf("cloned; ret = %d\n", ret);
	_exit(0);
}
-- 
Chuck
Currently reading: _The Atrocity Archives_ by Charles Stross