mirror of https://gitee.com/openkylin/linux.git
lkdtm/bugs: Adjust recursion test to avoid elision
While I was able to trick gcc into keeping a pathological recursion, Clang was not so easily fooled. Instead, switch to using "volatile" and side-effects to keep the stack variable allocated and to run the function. Additionally renames "OVERFLOW" to "EXHAUST_STACK" to better describe the test. Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
2bf8496f6e
commit
24cccab42c
|
@ -32,12 +32,20 @@ static int recur_count = REC_NUM_DEFAULT;
|
||||||
|
|
||||||
static DEFINE_SPINLOCK(lock_me_up);
|
static DEFINE_SPINLOCK(lock_me_up);
|
||||||
|
|
||||||
static int recursive_loop(int remaining)
|
/*
|
||||||
|
* Make sure compiler does not optimize this function or stack frame away:
|
||||||
|
* - function marked noinline
|
||||||
|
* - stack variables are marked volatile
|
||||||
|
* - stack variables are written (memset()) and read (pr_info())
|
||||||
|
* - function has external effects (pr_info())
|
||||||
|
* */
|
||||||
|
static int noinline recursive_loop(int remaining)
|
||||||
{
|
{
|
||||||
char buf[REC_STACK_SIZE];
|
volatile char buf[REC_STACK_SIZE];
|
||||||
|
|
||||||
/* Make sure compiler does not optimize this away. */
|
memset((void *)buf, remaining & 0xFF, sizeof(buf));
|
||||||
memset(buf, (remaining & 0xff) | 0x1, REC_STACK_SIZE);
|
pr_info("loop %d/%d ...\n", (int)buf[remaining % sizeof(buf)],
|
||||||
|
recur_count);
|
||||||
if (!remaining)
|
if (!remaining)
|
||||||
return 0;
|
return 0;
|
||||||
else
|
else
|
||||||
|
@ -81,9 +89,12 @@ void lkdtm_LOOP(void)
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
void lkdtm_OVERFLOW(void)
|
void lkdtm_EXHAUST_STACK(void)
|
||||||
{
|
{
|
||||||
(void) recursive_loop(recur_count);
|
pr_info("Calling function with %d frame size to depth %d ...\n",
|
||||||
|
REC_STACK_SIZE, recur_count);
|
||||||
|
recursive_loop(recur_count);
|
||||||
|
pr_info("FAIL: survived without exhausting stack?!\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
static noinline void __lkdtm_CORRUPT_STACK(void *stack)
|
static noinline void __lkdtm_CORRUPT_STACK(void *stack)
|
||||||
|
|
|
@ -119,12 +119,12 @@ static const struct crashtype crashtypes[] = {
|
||||||
CRASHTYPE(WARNING),
|
CRASHTYPE(WARNING),
|
||||||
CRASHTYPE(EXCEPTION),
|
CRASHTYPE(EXCEPTION),
|
||||||
CRASHTYPE(LOOP),
|
CRASHTYPE(LOOP),
|
||||||
CRASHTYPE(OVERFLOW),
|
CRASHTYPE(EXHAUST_STACK),
|
||||||
|
CRASHTYPE(CORRUPT_STACK),
|
||||||
|
CRASHTYPE(CORRUPT_STACK_STRONG),
|
||||||
CRASHTYPE(CORRUPT_LIST_ADD),
|
CRASHTYPE(CORRUPT_LIST_ADD),
|
||||||
CRASHTYPE(CORRUPT_LIST_DEL),
|
CRASHTYPE(CORRUPT_LIST_DEL),
|
||||||
CRASHTYPE(CORRUPT_USER_DS),
|
CRASHTYPE(CORRUPT_USER_DS),
|
||||||
CRASHTYPE(CORRUPT_STACK),
|
|
||||||
CRASHTYPE(CORRUPT_STACK_STRONG),
|
|
||||||
CRASHTYPE(STACK_GUARD_PAGE_LEADING),
|
CRASHTYPE(STACK_GUARD_PAGE_LEADING),
|
||||||
CRASHTYPE(STACK_GUARD_PAGE_TRAILING),
|
CRASHTYPE(STACK_GUARD_PAGE_TRAILING),
|
||||||
CRASHTYPE(UNALIGNED_LOAD_STORE_WRITE),
|
CRASHTYPE(UNALIGNED_LOAD_STORE_WRITE),
|
||||||
|
|
|
@ -13,7 +13,7 @@ void lkdtm_BUG(void);
|
||||||
void lkdtm_WARNING(void);
|
void lkdtm_WARNING(void);
|
||||||
void lkdtm_EXCEPTION(void);
|
void lkdtm_EXCEPTION(void);
|
||||||
void lkdtm_LOOP(void);
|
void lkdtm_LOOP(void);
|
||||||
void lkdtm_OVERFLOW(void);
|
void lkdtm_EXHAUST_STACK(void);
|
||||||
void lkdtm_CORRUPT_STACK(void);
|
void lkdtm_CORRUPT_STACK(void);
|
||||||
void lkdtm_CORRUPT_STACK_STRONG(void);
|
void lkdtm_CORRUPT_STACK_STRONG(void);
|
||||||
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void);
|
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void);
|
||||||
|
|
Loading…
Reference in New Issue