UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/tools
History
Kees Cook 2e53b877dc lkdtm: Add CFI_BACKWARD to test ROP mitigations 
In order to test various backward-edge control flow integrity methods,
add a test that manipulates the return address on the stack. Currently
only arm64 Pointer Authentication and Shadow Call Stack is supported.

 $ echo CFI_BACKWARD | cat >/sys/kernel/debug/provoke-crash/DIRECT

Under SCS, successful test of the mitigation is reported as:

 lkdtm: Performing direct entry CFI_BACKWARD
 lkdtm: Attempting unchecked stack return address redirection ...
 lkdtm: ok: redirected stack return address.
 lkdtm: Attempting checked stack return address redirection ...
 lkdtm: ok: control flow unchanged.

Under PAC, successful test of the mitigation is reported by the PAC
exception handler:

 lkdtm: Performing direct entry CFI_BACKWARD
 lkdtm: Attempting unchecked stack return address redirection ...
 lkdtm: ok: redirected stack return address.
 lkdtm: Attempting checked stack return address redirection ...
 Unable to handle kernel paging request at virtual address bfffffc0088d0514
 Mem abort info:
   ESR = 0x86000004
   EC = 0x21: IABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
   FSC = 0x04: level 0 translation fault
 [bfffffc0088d0514] address between user and kernel address ranges
 ...

If the CONFIGs are missing (or the mitigation isn't working), failure
is reported as:

 lkdtm: Performing direct entry CFI_BACKWARD
 lkdtm: Attempting unchecked stack return address redirection ...
 lkdtm: ok: redirected stack return address.
 lkdtm: Attempting checked stack return address redirection ...
 lkdtm: FAIL: stack return address was redirected!
 lkdtm: This is probably expected, since this kernel was built *without* CONFIG_ARM64_PTR_AUTH_KERNEL=y nor CONFIG_SHADOW_CALL_STACK=y

Co-developed-by: Dan Li <ashimida@linux.alibaba.com>
Signed-off-by: Dan Li <ashimida@linux.alibaba.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/lkml/20220416001103.1524653-1-keescook@chromium.org
 		2022-04-16 13:57:23 -07:00
..
accounting delayacct: track delays from memory compact 2022-01-20 08:52:55 +02:00
arch tools headers arm64: Sync arm64's cputype.h with the kernel sources 2022-04-09 12:34:29 -03:00
bootconfig
bpf Networking fixes for 5.18-rc2, including fixes from bpf and netfilter 2022-04-07 19:01:47 -10:00
build tools build: Filter out options and warnings not supported by clang 2022-04-09 12:34:16 -03:00
cgroup tools/cgroup/slabinfo: update to work with struct slab 2022-02-21 11:34:49 +01:00
counter kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
debugging
edid
firewire
firmware
gpio kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
hv kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
iio Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
include tools include UAPI: Sync linux/vhost.h with the kernel sources 2022-04-09 11:42:33 -03:00
io_uring
kvm/kvm_stat
laptop
leds
lib perf cpumap: More cpu map reuse by merge. 2022-04-01 16:19:35 -03:00
memory-model tools/memory-model: Explain syntactic and semantic dependencies 2022-02-01 17:32:30 -08:00
objtool objtool: Fix SLS validation for kcov tail-call replacement 2022-04-05 10:24:40 +02:00
pci kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
pcmcia
perf perf annotate: Drop objdump stderr to avoid getting stuck waiting for stdout output 2022-04-09 14:21:00 -03:00
power Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
rcu
scripts Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
spi kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
testing lkdtm: Add CFI_BACKWARD to test ROP mitigations 2022-04-16 13:57:23 -07:00
thermal/tmon thermal: tools: tmon: remove unneeded local variable 2021-11-24 17:26:13 +01:00
time
tracing Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
usb kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
virtio tools/virtio: compile with -pthread 2022-03-28 16:52:59 -04:00
vm tools/vm/page_owner_sort.c: remove -c option 2022-04-01 11:46:09 -07:00
wmi
Makefile tools/lib/lockdep: drop liblockdep 2021-11-12 11:07:17 -08:00