Updates to LKDTM for -next
- split WARNING into two tests: with message and without - add prototype-granularity forward CFI test -----BEGIN PGP SIGNATURE----- Comment: Kees Cook <kees@outflux.net> iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl1jCSAWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJp8hD/4tvV3hXGl7tbkM46crbfeAUVNI /9VsNVKgUldT03Wz4Yqcr1a+8uLp2T2ifNFfz0l6RIDLbO0IJZNFJ12h9NQRyhaR p4aM7gNBUrmkhw7Jamiu0b0xuFNYKTtrOexBpLLqXRQe2vUHV0/w8mXbnOI0ciuY livnEG2xwQPB+ez84ro99uyCW37C3wVqchSG1XR6v4/tPoPIBKjPXT0K7fDLCJY0 Jh/4Ix4OvRO+D0+sqW0FS4gHzyFUiC/9qhU6OX/BNK7rb8YXOfwX4BBokS4V1Pim 7/ZVQN1ivATE/dvHzUE+B/+Gyt54RoKyYaDNTidnXEm1b3IPA31JzyefCEWlKRkh 9FWgMNNWcgJWtMB9Gn8LVtvRfIl1AIKjZl6tdMBgfnzMqQNguHsJioK3AlFf/Zb8 /fF//l7lcwGCfByKZRYxf/wpLsjI4FDZSDkK8qsSohNq2KHPoxrboTeWVwbtLLFI pEoyb03H31VrfRDQFui8j+ki5cVW69ciJhLnxL7HpQ4Tt7jYx976SYlf/n/MBg+1 c5xx7p6tSmwNrNS4KnMBmFvTgW7lBRrPxKGlLnhJ5XkkIv7+XLyTrDAioDalqcNS kODGzwxPklpSuu0DEXtmXCky6actCuvQH7RiMAh0emJ0vqXGsWEBF9aesLdrN9U1 9Q3yTq23//qWVq0Hcg== =yJnT -----END PGP SIGNATURE----- Merge tag 'lkdtm-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into char-misc-next Kees writes: Updates to LKDTM for -next - split WARNING into two tests: with message and without - add prototype-granularity forward CFI test * tag 'lkdtm-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: lkdtm: Split WARNING into separate tests lkdtm: Add Control Flow Integrity test
This commit is contained in:
commit
d4e34999a7
|
@ -9,6 +9,7 @@ lkdtm-$(CONFIG_LKDTM) += refcount.o
|
||||||
lkdtm-$(CONFIG_LKDTM) += rodata_objcopy.o
|
lkdtm-$(CONFIG_LKDTM) += rodata_objcopy.o
|
||||||
lkdtm-$(CONFIG_LKDTM) += usercopy.o
|
lkdtm-$(CONFIG_LKDTM) += usercopy.o
|
||||||
lkdtm-$(CONFIG_LKDTM) += stackleak.o
|
lkdtm-$(CONFIG_LKDTM) += stackleak.o
|
||||||
|
lkdtm-$(CONFIG_LKDTM) += cfi.o
|
||||||
|
|
||||||
KASAN_SANITIZE_stackleak.o := n
|
KASAN_SANITIZE_stackleak.o := n
|
||||||
KCOV_INSTRUMENT_rodata.o := n
|
KCOV_INSTRUMENT_rodata.o := n
|
||||||
|
|
|
@ -75,7 +75,12 @@ static int warn_counter;
|
||||||
|
|
||||||
void lkdtm_WARNING(void)
|
void lkdtm_WARNING(void)
|
||||||
{
|
{
|
||||||
WARN(1, "Warning message trigger count: %d\n", warn_counter++);
|
WARN_ON(++warn_counter);
|
||||||
|
}
|
||||||
|
|
||||||
|
void lkdtm_WARNING_MESSAGE(void)
|
||||||
|
{
|
||||||
|
WARN(1, "Warning message trigger count: %d\n", ++warn_counter);
|
||||||
}
|
}
|
||||||
|
|
||||||
void lkdtm_EXCEPTION(void)
|
void lkdtm_EXCEPTION(void)
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
// SPDX-License-Identifier: GPL-2.0
|
||||||
|
/*
|
||||||
|
* This is for all the tests relating directly to Control Flow Integrity.
|
||||||
|
*/
|
||||||
|
#include "lkdtm.h"
|
||||||
|
|
||||||
|
static int called_count;
|
||||||
|
|
||||||
|
/* Function taking one argument, without a return value. */
|
||||||
|
static noinline void lkdtm_increment_void(int *counter)
|
||||||
|
{
|
||||||
|
(*counter)++;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Function taking one argument, returning int. */
|
||||||
|
static noinline int lkdtm_increment_int(int *counter)
|
||||||
|
{
|
||||||
|
(*counter)++;
|
||||||
|
|
||||||
|
return *counter;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* This tries to call an indirect function with a mismatched prototype.
|
||||||
|
*/
|
||||||
|
void lkdtm_CFI_FORWARD_PROTO(void)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Matches lkdtm_increment_void()'s prototype, but not
|
||||||
|
* lkdtm_increment_int()'s prototype.
|
||||||
|
*/
|
||||||
|
void (*func)(int *);
|
||||||
|
|
||||||
|
pr_info("Calling matched prototype ...\n");
|
||||||
|
func = lkdtm_increment_void;
|
||||||
|
func(&called_count);
|
||||||
|
|
||||||
|
pr_info("Calling mismatched prototype ...\n");
|
||||||
|
func = (void *)lkdtm_increment_int;
|
||||||
|
func(&called_count);
|
||||||
|
|
||||||
|
pr_info("Fail: survived mismatched prototype function call!\n");
|
||||||
|
}
|
|
@ -104,6 +104,7 @@ static const struct crashtype crashtypes[] = {
|
||||||
CRASHTYPE(PANIC),
|
CRASHTYPE(PANIC),
|
||||||
CRASHTYPE(BUG),
|
CRASHTYPE(BUG),
|
||||||
CRASHTYPE(WARNING),
|
CRASHTYPE(WARNING),
|
||||||
|
CRASHTYPE(WARNING_MESSAGE),
|
||||||
CRASHTYPE(EXCEPTION),
|
CRASHTYPE(EXCEPTION),
|
||||||
CRASHTYPE(LOOP),
|
CRASHTYPE(LOOP),
|
||||||
CRASHTYPE(EXHAUST_STACK),
|
CRASHTYPE(EXHAUST_STACK),
|
||||||
|
@ -169,6 +170,7 @@ static const struct crashtype crashtypes[] = {
|
||||||
CRASHTYPE(USERCOPY_KERNEL),
|
CRASHTYPE(USERCOPY_KERNEL),
|
||||||
CRASHTYPE(USERCOPY_KERNEL_DS),
|
CRASHTYPE(USERCOPY_KERNEL_DS),
|
||||||
CRASHTYPE(STACKLEAK_ERASING),
|
CRASHTYPE(STACKLEAK_ERASING),
|
||||||
|
CRASHTYPE(CFI_FORWARD_PROTO),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ void __init lkdtm_bugs_init(int *recur_param);
|
||||||
void lkdtm_PANIC(void);
|
void lkdtm_PANIC(void);
|
||||||
void lkdtm_BUG(void);
|
void lkdtm_BUG(void);
|
||||||
void lkdtm_WARNING(void);
|
void lkdtm_WARNING(void);
|
||||||
|
void lkdtm_WARNING_MESSAGE(void);
|
||||||
void lkdtm_EXCEPTION(void);
|
void lkdtm_EXCEPTION(void);
|
||||||
void lkdtm_LOOP(void);
|
void lkdtm_LOOP(void);
|
||||||
void lkdtm_EXHAUST_STACK(void);
|
void lkdtm_EXHAUST_STACK(void);
|
||||||
|
@ -95,4 +96,7 @@ void lkdtm_USERCOPY_KERNEL_DS(void);
|
||||||
/* lkdtm_stackleak.c */
|
/* lkdtm_stackleak.c */
|
||||||
void lkdtm_STACKLEAK_ERASING(void);
|
void lkdtm_STACKLEAK_ERASING(void);
|
||||||
|
|
||||||
|
/* cfi.c */
|
||||||
|
void lkdtm_CFI_FORWARD_PROTO(void);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue