mirror of https://gitee.com/openkylin/linux.git
lkdtm: Add a test for STACKLEAK
Introduce an lkdtm test for the STACKLEAK feature: check that the current task stack is properly erased (filled with STACKLEAK_POISON). Signed-off-by: Alexander Popov <alex.popov@linux.com> Signed-off-by: Tycho Andersen <tycho@tycho.ws> Tested-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
10e9ae9fab
commit
f90d1e0c78
|
@ -8,7 +8,9 @@ lkdtm-$(CONFIG_LKDTM) += perms.o
|
|||
lkdtm-$(CONFIG_LKDTM) += refcount.o
|
||||
lkdtm-$(CONFIG_LKDTM) += rodata_objcopy.o
|
||||
lkdtm-$(CONFIG_LKDTM) += usercopy.o
|
||||
lkdtm-$(CONFIG_LKDTM) += stackleak.o
|
||||
|
||||
KASAN_SANITIZE_stackleak.o := n
|
||||
KCOV_INSTRUMENT_rodata.o := n
|
||||
|
||||
OBJCOPYFLAGS :=
|
||||
|
|
|
@ -183,6 +183,7 @@ static const struct crashtype crashtypes[] = {
|
|||
CRASHTYPE(USERCOPY_STACK_FRAME_FROM),
|
||||
CRASHTYPE(USERCOPY_STACK_BEYOND),
|
||||
CRASHTYPE(USERCOPY_KERNEL),
|
||||
CRASHTYPE(STACKLEAK_ERASING),
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -83,4 +83,7 @@ void lkdtm_USERCOPY_STACK_FRAME_FROM(void);
|
|||
void lkdtm_USERCOPY_STACK_BEYOND(void);
|
||||
void lkdtm_USERCOPY_KERNEL(void);
|
||||
|
||||
/* lkdtm_stackleak.c */
|
||||
void lkdtm_STACKLEAK_ERASING(void);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* This code tests that the current task stack is properly erased (filled
|
||||
* with STACKLEAK_POISON).
|
||||
*
|
||||
* Authors:
|
||||
* Alexander Popov <alex.popov@linux.com>
|
||||
* Tycho Andersen <tycho@tycho.ws>
|
||||
*/
|
||||
|
||||
#include "lkdtm.h"
|
||||
#include <linux/stackleak.h>
|
||||
|
||||
void lkdtm_STACKLEAK_ERASING(void)
|
||||
{
|
||||
unsigned long *sp, left, found, i;
|
||||
const unsigned long check_depth =
|
||||
STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
|
||||
|
||||
/*
|
||||
* For the details about the alignment of the poison values, see
|
||||
* the comment in stackleak_track_stack().
|
||||
*/
|
||||
sp = PTR_ALIGN(&i, sizeof(unsigned long));
|
||||
|
||||
left = ((unsigned long)sp & (THREAD_SIZE - 1)) / sizeof(unsigned long);
|
||||
sp--;
|
||||
|
||||
/*
|
||||
* One 'long int' at the bottom of the thread stack is reserved
|
||||
* and not poisoned.
|
||||
*/
|
||||
if (left > 1) {
|
||||
left--;
|
||||
} else {
|
||||
pr_err("FAIL: not enough stack space for the test\n");
|
||||
return;
|
||||
}
|
||||
|
||||
pr_info("checking unused part of the thread stack (%lu bytes)...\n",
|
||||
left * sizeof(unsigned long));
|
||||
|
||||
/*
|
||||
* Search for 'check_depth' poison values in a row (just like
|
||||
* stackleak_erase() does).
|
||||
*/
|
||||
for (i = 0, found = 0; i < left && found <= check_depth; i++) {
|
||||
if (*(sp - i) == STACKLEAK_POISON)
|
||||
found++;
|
||||
else
|
||||
found = 0;
|
||||
}
|
||||
|
||||
if (found <= check_depth) {
|
||||
pr_err("FAIL: thread stack is not erased (checked %lu bytes)\n",
|
||||
i * sizeof(unsigned long));
|
||||
return;
|
||||
}
|
||||
|
||||
pr_info("first %lu bytes are unpoisoned\n",
|
||||
(i - found) * sizeof(unsigned long));
|
||||
|
||||
/* The rest of thread stack should be erased */
|
||||
for (; i < left; i++) {
|
||||
if (*(sp - i) != STACKLEAK_POISON) {
|
||||
pr_err("FAIL: thread stack is NOT properly erased\n");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
pr_info("OK: the rest of the thread stack is properly erased\n");
|
||||
return;
|
||||
}
|
Loading…
Reference in New Issue