Commit d4e34999 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge tag 'lkdtm-next' of... 

Merge tag 'lkdtm-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into char-misc-next

Kees writes:

Updates to LKDTM for -next

- split WARNING into two tests: with message and without
- add prototype-granularity forward CFI test

* tag 'lkdtm-next' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  lkdtm: Split WARNING into separate tests
  lkdtm: Add Control Flow Integrity test
parents 3b420aeb 1ee170ea

drivers/misc/lkdtm/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -9,6 +9,7 @@ lkdtm-$(CONFIG_LKDTM) += refcount.o 
lkdtm-$(CONFIG_LKDTM)		+= rodata_objcopy.o

lkdtm-$(CONFIG_LKDTM)		+= usercopy.o

lkdtm-$(CONFIG_LKDTM)		+= stackleak.o

lkdtm-$(CONFIG_LKDTM)		+= cfi.o



KASAN_SANITIZE_stackleak.o	:= n

KCOV_INSTRUMENT_rodata.o	:= n

drivers/misc/lkdtm/bugs.c

+6 −1
Original line number Diff line number Diff line
@@ -75,7 +75,12 @@ static int warn_counter; 


void lkdtm_WARNING(void)

{

	WARN(1, "Warning message trigger count: %d\n", warn_counter++);

	WARN_ON(++warn_counter);

}



void lkdtm_WARNING_MESSAGE(void)

{

	WARN(1, "Warning message trigger count: %d\n", ++warn_counter);

}



void lkdtm_EXCEPTION(void)

drivers/misc/lkdtm/cfi.c

0 → 100644
+42 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

/*

 * This is for all the tests relating directly to Control Flow Integrity.

 */

#include "lkdtm.h"



static int called_count;



/* Function taking one argument, without a return value. */

static noinline void lkdtm_increment_void(int *counter)

{

	(*counter)++;

}



/* Function taking one argument, returning int. */

static noinline int lkdtm_increment_int(int *counter)

{

	(*counter)++;



	return *counter;

}

/*

 * This tries to call an indirect function with a mismatched prototype.

 */

void lkdtm_CFI_FORWARD_PROTO(void)

{

	/*

	 * Matches lkdtm_increment_void()'s prototype, but not

	 * lkdtm_increment_int()'s prototype.

	 */

	void (*func)(int *);



	pr_info("Calling matched prototype ...\n");

	func = lkdtm_increment_void;

	func(&called_count);



	pr_info("Calling mismatched prototype ...\n");

	func = (void *)lkdtm_increment_int;

	func(&called_count);



	pr_info("Fail: survived mismatched prototype function call!\n");

}

drivers/misc/lkdtm/core.c

+2 −0
Original line number Diff line number Diff line
@@ -104,6 +104,7 @@ static const struct crashtype crashtypes[] = { 
	CRASHTYPE(PANIC),

	CRASHTYPE(BUG),

	CRASHTYPE(WARNING),

	CRASHTYPE(WARNING_MESSAGE),

	CRASHTYPE(EXCEPTION),

	CRASHTYPE(LOOP),

	CRASHTYPE(EXHAUST_STACK),
@@ -169,6 +170,7 @@ static const struct crashtype crashtypes[] = { 
	CRASHTYPE(USERCOPY_KERNEL),

	CRASHTYPE(USERCOPY_KERNEL_DS),

	CRASHTYPE(STACKLEAK_ERASING),

	CRASHTYPE(CFI_FORWARD_PROTO),

};

drivers/misc/lkdtm/lkdtm.h

+4 −0
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ void __init lkdtm_bugs_init(int *recur_param); 
void lkdtm_PANIC(void);

void lkdtm_BUG(void);

void lkdtm_WARNING(void);

void lkdtm_WARNING_MESSAGE(void);

void lkdtm_EXCEPTION(void);

void lkdtm_LOOP(void);

void lkdtm_EXHAUST_STACK(void);
@@ -95,4 +96,7 @@ void lkdtm_USERCOPY_KERNEL_DS(void); 
/* lkdtm_stackleak.c */

void lkdtm_STACKLEAK_ERASING(void);



/* cfi.c */

void lkdtm_CFI_FORWARD_PROTO(void);



#endif

CRA Git | Maintained and supported by SUSTech CRA and CCSE