linux-toradex.git/drivers/misc/lkdtm.c, branch v3.13 Linux kernel for Apalis and Colibri modules lkdtm: add tests for additional page permissions 2013-10-29T23:13:39+00:00 Kees Cook keescook@chromium.org 2013-10-24T16:25:57+00:00 9ae113ce5faf1c74af1ee71b5ef7d04b6b06b063 Testing execution and access of userspace from the kernel is needed for validating things like Intel's SMEP and SMAP protections. Additionally, add an explicit test for validating that RO page permissions have been set for the RO data area. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Testing execution and access of userspace from the kernel is needed for
validating things like Intel's SMEP and SMAP protections. Additionally,
add an explicit test for validating that RO page permissions have been
set for the RO data area.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm: adjust recursion size to avoid warnings 2013-10-29T23:13:39+00:00 Kees Cook keescook@chromium.org 2013-10-24T16:25:39+00:00 7d196ac303652588c60350f0a581d71e2e7b1a50 When CONFIG_FRAME_WARN is set low (e.g. some ARM builds), the hard-coded stack buffer size used for kernel stack over run testing triggers build warnings. Instead, avoid the warning by recalcuating the buffer size and recursion count needed to trigger the test. Also uses the recursion counter indirectly to avoid changing the parameter during the test. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
When CONFIG_FRAME_WARN is set low (e.g. some ARM builds), the hard-coded
stack buffer size used for kernel stack over run testing triggers build
warnings. Instead, avoid the warning by recalcuating the buffer size and
recursion count needed to trigger the test. Also uses the recursion counter
indirectly to avoid changing the parameter during the test.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm: isolate stack corruption test 2013-10-25T05:21:00+00:00 Kees Cook keescook@chromium.org 2013-10-25T01:05:42+00:00 629c66a22c21b692b6e58b9c1d8fa56a60ccb52d When tests were added to lkdtm that grew the stack frame, the stack corruption test stopped working. This isolates the test in its own function, and forces it not to be inlined. Signed-off-by: Kees Cook <keescook@chromium.org> Fixes: cc33c537c12f ("lkdtm: add "EXEC_*" triggers") Cc: stable <stable@vger.kernel.org> # 3.12 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
When tests were added to lkdtm that grew the stack frame, the stack
corruption test stopped working. This isolates the test in its own
function, and forces it not to be inlined.

Signed-off-by: Kees Cook <keescook@chromium.org>
Fixes: cc33c537c12f ("lkdtm: add "EXEC_*" triggers")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm: add "EXEC_*" triggers 2013-07-25T05:47:20+00:00 Kees Cook keescook@chromium.org 2013-07-08T17:01:33+00:00 cc33c537c12f36e9ce753c308999cc2e93195112 Add new crash locations that attempt to execute non-executable memory regions (data segment, stack, kmalloc, vmalloc). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Add new crash locations that attempt to execute non-executable memory
regions (data segment, stack, kmalloc, vmalloc).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm: add "SPINLOCKUP" trigger 2013-07-25T05:47:20+00:00 Kees Cook keescook@chromium.org 2013-07-08T17:01:32+00:00 274a5855c034800b8e9a6ca32bbf81298ae917d8 For additional lockup testing, add "SPINLOCKUP" to trigger a spinlock deadlock when triggered twice. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
For additional lockup testing, add "SPINLOCKUP" to trigger a spinlock
deadlock when triggered twice.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm: add "WARNING" trigger 2013-07-25T05:47:19+00:00 Kees Cook keescook@chromium.org 2013-07-08T17:01:31+00:00 65892723c386d658234ffffa35789e68e0601982 For additional testing, add "WARNING" as a trigger that calls WARN_ON(1). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
For additional testing, add "WARNING" as a trigger that calls WARN_ON(1).

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm: fix stack protector trigger 2013-07-25T05:47:19+00:00 Kees Cook keescook@chromium.org 2013-07-08T17:01:30+00:00 4f198289747f0391bc5a5574279b1791a8ca2d06 The -fstack-protector compiler flag will only build stack protections if a character array is seen. Additionally, the offset to the saved instruction pointer changes based on architecture, so stomp much harder (64 bytes) when corrupting the stack. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
The -fstack-protector compiler flag will only build stack protections if
a character array is seen. Additionally, the offset to the saved
instruction pointer changes based on architecture, so stomp much harder
(64 bytes) when corrupting the stack.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/misc/lkdtm.c: fix missing allocation failure check 2012-07-31T00:25:22+00:00 Alan Cox alan@linux.intel.com 2012-07-30T21:43:24+00:00 086ff4b3a7fb9cdf41e6a5d0ccd99b86d84633a1 Addresses https://bugzilla.kernel.org/show_bug.cgi?id=44691 Reported-by: <rucsoftsec@gmail.com> Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=44691

Reported-by: <rucsoftsec@gmail.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lkdtm: avoid calling lkdtm_do_action() with spinlock held 2012-02-04T00:16:41+00:00 Cong Wang xiyou.wangcong@gmail.com 2012-02-03T23:37:15+00:00 92618184cb92c5b39d4d8573572d576f9ccb3c28 lkdtm_do_action() may call sleeping functions like kmalloc(), so do not call it with spin lock held. Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <greg@kroah.com> Reviewed-by: Dave Young <dyoung@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
lkdtm_do_action() may call sleeping functions like kmalloc(), so do not
call it with spin lock held.

Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Reviewed-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before checking count 2011-06-28T01:00:13+00:00 Josh Hunt johunt@akamai.com 2011-06-27T23:18:08+00:00 aa2c96d6f329e66cc59352b0f12e8f04e6a9593b We observed the crash point count going negative in cases where the crash point is hit multiple times before the check of "count == 0" is done. Because of this we never call lkdtm_do_action(). This patch just adds a spinlock to protect count. Reported-by: Tapan Dhimant <tdhimant@akamai.com> Signed-off-by: Josh Hunt <johunt@akamai.com> Acked-by: Ankita Garg <ankita@in.ibm.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
We observed the crash point count going negative in cases where the
crash point is hit multiple times before the check of "count == 0" is
done.  Because of this we never call lkdtm_do_action().  This patch just
adds a spinlock to protect count.

Reported-by: Tapan Dhimant <tdhimant@akamai.com>
Signed-off-by: Josh Hunt <johunt@akamai.com>
Acked-by: Ankita Garg <ankita@in.ibm.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>