#
607289a7 |
|
08-Sep-2022 |
Sami Tolvanen <samitolvanen@google.com> |
treewide: Drop function_nocfi With -fsanitize=kcfi, we no longer need function_nocfi() as the compiler won't change function references to point to a jump table. Remove all implementations and uses of the macro. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220908215504.3686827-14-samitolvanen@google.com
|
#
fc34eec6 |
|
12-May-2022 |
Kees Cook <keescook@chromium.org> |
lkdtm/usercopy: Check vmalloc and >0-order folios Add coverage for the recently added usercopy checks for vmalloc and folios, via USERCOPY_VMALLOC and USERCOPY_FOLIO respectively. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
d2b8060f |
|
11-May-2022 |
Kees Cook <keescook@chromium.org> |
lkdtm/usercopy: Rename "heap" to "slab" To more clearly distinguish between the various heap types, rename the slab tests to "slab". Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Shuah Khan <shuah@kernel.org> Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
73f62e60 |
|
03-Mar-2022 |
Kees Cook <keescook@chromium.org> |
lkdtm: Move crashtype definitions into each category It's long been annoying that to add a new LKDTM test one had to update lkdtm.h and core.c to get it "registered". Switch to a per-category list and update the crashtype walking code in core.c to handle it. This also means that all the lkdtm_* tests themselves can be static now. Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
f387e86d |
|
16-Feb-2022 |
Kees Cook <keescook@chromium.org> |
lkdtm/usercopy: Expand size of "out of frame" object To be sufficiently out of range for the usercopy test to see the lifetime mismatch, expand the size of the "bad" buffer, which will let it be beyond current_stack_pointer regardless of stack growth direction. Paired with the recent addition of stack depth checking under CONFIG_HARDENED_USERCOPY=y, this will correctly start tripping again. Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Link: https://lore.kernel.org/lkml/762faf1b-0443-5ddf-4430-44a20cf2ec4d@collabora.com/ Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
5b777131 |
|
23-Jun-2021 |
Kees Cook <keescook@chromium.org> |
lkdtm: Add CONFIG hints in errors where possible For various failure conditions, try to include some details about where to look for reasons about the failure. Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210623203936.3151093-8-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6c4df54e |
|
08-Apr-2021 |
Sami Tolvanen <samitolvanen@google.com> |
lkdtm: use function_nocfi To ensure we take the actual address of a function in kernel text, use function_nocfi. Otherwise, with CONFIG_CFI_CLANG, the compiler replaces the address with a pointer to the CFI jump table, which is actually in the module when compiled with CONFIG_LKDTM=m. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Acked-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-11-samitolvanen@google.com
|
#
c6f7c753 |
|
03-Sep-2020 |
Christoph Hellwig <hch@lst.de> |
lkdtm: remove set_fs-based tests Once we can't manipulate the address limit, we also can't test what happens when the manipulation is abused. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
464e86b4 |
|
25-Jun-2020 |
Kees Cook <keescook@chromium.org> |
lkdtm: Avoid more compiler optimizations for bad writes It seems at least Clang is able to throw away writes it knows are destined for read-only memory, which makes things like the WRITE_RO test fail, as the write gets elided. Instead, force the variable to be volatile, and make similar changes through-out other tests in an effort to avoid needing to repeat fixing these kinds of problems. Also includes pr_err() calls in failure paths so that kernel logs are more clear in the failure case. Reported-by: Prasad Sodagudi <psodagud@codeaurora.org> Suggested-by: Sami Tolvanen <samitolvanen@google.com> Fixes: 9ae113ce5faf ("lkdtm: add tests for additional page permissions") Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20200625203704.317097-2-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
2bf8496f |
|
06-Apr-2019 |
Kees Cook <keescook@chromium.org> |
lkdtm/usercopy: Moves the KERNEL_DS test to non-canonical The prior implementation of the KERNEL_DS fault checking would work on any unmapped kernel address, but this was narrowed to the non-canonical range instead. This adjusts the LKDTM test to match. Fixes: 00c42373d397 ("x86-64: add warning for non-canonical user access address dereferences") Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
0181cfd9 |
|
05-Aug-2018 |
Parth Y Shah <sparth1292@gmail.com> |
misc: lkdtm: fixed static variable initialization Resolved "ERROR: do not initialise statics to 0" Signed-off-by: Parth Y Shah <sparth1292@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
bef45902 |
|
28-Aug-2018 |
Jann Horn <jannh@google.com> |
lkdtm: Test copy_to_user() on bad kernel pointer under KERNEL_DS Test whether the kernel WARN()s when, under KERNEL_DS, a bad kernel pointer is used as "userspace" pointer. Should normally be used in "DIRECT" mode. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Tested-by: Kees Cook <keescook@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: kernel-hardening@lists.openwall.com Cc: dvyukov@google.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Cc: Borislav Petkov <bp@alien8.de> Link: https://lkml.kernel.org/r/20180828201421.157735-8-jannh@google.com
|
#
039a1c42 |
|
06-Mar-2018 |
Kees Cook <keescook@chromium.org> |
lkdtm: Relocate code to subdirectory The LKDTM modules keep expanding, and it's getting weird to have each file get a prefix. Instead, move to a subdirectory for cleaner handling. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|