From cf5ea18e0a31126d7590911edff272b228e945bb Mon Sep 17 00:00:00 2001 From: mpi Date: Sun, 13 Aug 2023 09:49:47 +0000 Subject: [PATCH] Regression test for the use-after-free in map insertion --- regress/usr.sbin/btrace/Makefile | 4 ++-- regress/usr.sbin/btrace/mapoverwrite.bt | 23 +++++++++++++++++++++++ regress/usr.sbin/btrace/mapoverwrite.ok | 0 3 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 regress/usr.sbin/btrace/mapoverwrite.bt create mode 100644 regress/usr.sbin/btrace/mapoverwrite.ok diff --git a/regress/usr.sbin/btrace/Makefile b/regress/usr.sbin/btrace/Makefile index 04c322f9e6a..29f90cef4b9 100644 --- a/regress/usr.sbin/btrace/Makefile +++ b/regress/usr.sbin/btrace/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.26 2022/11/12 14:19:08 mpi Exp $ +# $OpenBSD: Makefile,v 1.27 2023/08/13 09:49:47 mpi Exp $ BTRACE?= /usr/sbin/btrace ALLOWDT!= sysctl -n kern.allowdt 2>/dev/null @@ -14,7 +14,7 @@ BT_LANG_SCRIPTS= arithm beginend boolean comments delete exit \ BT_ARG_LANG_SCRIPTS= staticv str # scripts that use kernel probes -BT_KERN_SCRIPTS= filters multiprobe +BT_KERN_SCRIPTS= filters mapoverwrite multiprobe REGRESS_EXPECTED_FAILURES= run-maxoperand diff --git a/regress/usr.sbin/btrace/mapoverwrite.bt b/regress/usr.sbin/btrace/mapoverwrite.bt new file mode 100644 index 00000000000..43fffc97cf5 --- /dev/null +++ b/regress/usr.sbin/btrace/mapoverwrite.bt @@ -0,0 +1,23 @@ +BEGIN +{ + @counter = 0; + + @map[0] = 1; + @map[1] = 2; + @map[3] = 3; +} + +/* + * Overwrite map periodically to ensure there's no double-free. + */ +interval:hz:1 +{ + if (@counter >= 10) + exit(); + + @counter = @counter + 1; + + @map[0] = 11; + @map[1] = 22; + @map[3] = 33; +} diff --git a/regress/usr.sbin/btrace/mapoverwrite.ok b/regress/usr.sbin/btrace/mapoverwrite.ok new file mode 100644 index 00000000000..e69de29bb2d -- 2.20.1