linux-toradex.git/lib/test_user_copy.c, branch v4.13-rc7 Linux kernel for Apalis and Colibri modules lib: remove check for AVR32 arch in test_user_copy 2017-05-01T07:36:30+00:00 Hans-Christian Noren Egtvedt egtvedt@samfundet.no 2017-05-01T07:33:20+00:00 cddbfbd448344dbfa0581307b0c4705e940b0743 The AVR32 architecture support has been removed from the Linux kernel, hence remove all the check for this architecture in test_user_copy.c. Signed-off-by: Hans-Christian Noren Egtvedt <egtvedt@samfundet.no> 
The AVR32 architecture support has been removed from the Linux kernel,
hence remove all the check for this architecture in test_user_copy.c.

Signed-off-by: Hans-Christian Noren Egtvedt <egtvedt@samfundet.no>
usercopy: ARM NOMMU has no 64-bit get_user 2017-02-22T19:24:08+00:00 Arnd Bergmann arnd@arndb.de 2017-02-22T19:21:22+00:00 4deaa6fd00be2bf408dd06cdf0c40a1b59237879 On a NOMMU ARM kernel, we get this link error: ERROR: "__get_user_bad" [lib/test_user_copy.ko] undefined! The problem is that the extended get_user/put_user definitions were only added for the normal (MMU based) case. We could add it for NOMMU as well, but it seems easier to just not call it, since no other code needs it. Fixes: 4c5d7bc63775 ("usercopy: Add tests for all get_user() sizes") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kees Cook <keescook@chromium.org> 
On a NOMMU ARM kernel, we get this link error:

ERROR: "__get_user_bad" [lib/test_user_copy.ko] undefined!

The problem is that the extended get_user/put_user definitions
were only added for the normal (MMU based) case.

We could add it for NOMMU as well, but it seems easier to just not
call it, since no other code needs it.

Fixes: 4c5d7bc63775 ("usercopy: Add tests for all get_user() sizes")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
usercopy: Add tests for all get_user() sizes 2017-02-21T19:59:38+00:00 Kees Cook keescook@chromium.org 2017-02-14T20:38:07+00:00 4c5d7bc63775b40631b75f6c59a3a3005455262d The existing test was only exercising native unsigned long size get_user(). For completeness, we should check all sizes. But we must skip some 32-bit architectures that don't implement a 64-bit get_user(). These new tests actually uncovered a bug in ARM's 64-bit get_user() zeroing. Signed-off-by: Kees Cook <keescook@chromium.org> 
The existing test was only exercising native unsigned long size
get_user(). For completeness, we should check all sizes. But we
must skip some 32-bit architectures that don't implement a 64-bit
get_user().

These new tests actually uncovered a bug in ARM's 64-bit get_user()
zeroing.

Signed-off-by: Kees Cook <keescook@chromium.org>
usercopy: Adjust tests to deal with SMAP/PAN 2017-02-17T00:34:59+00:00 Kees Cook keescook@chromium.org 2017-02-13T19:25:26+00:00 f5f893c57e37ca730808cb2eee3820abd05e7507 Under SMAP/PAN/etc, we cannot write directly to userspace memory, so this rearranges the test bytes to get written through copy_to_user(). Additionally drops the bad copy_from_user() test that would trigger a memcpy() against userspace on failure. Signed-off-by: Kees Cook <keescook@chromium.org> 
Under SMAP/PAN/etc, we cannot write directly to userspace memory, so
this rearranges the test bytes to get written through copy_to_user().
Additionally drops the bad copy_from_user() test that would trigger a
memcpy() against userspace on failure.

Signed-off-by: Kees Cook <keescook@chromium.org>
usercopy: add testcases to check zeroing on failure 2017-02-17T00:34:59+00:00 Hoeun Ryu hoeun.ryu@gmail.com 2017-02-12T06:13:33+00:00 4fbfeb8bd684d564bddeff1e3723d3d9f99aa5de During usercopy the destination buffer will be zeroed if copy_from_user() or get_user() fails. This patch adds testcases for it. The destination buffer is set with non-zero value before illegal copy_from_user() or get_user() is executed and the buffer is compared to zero after usercopy is done. Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com> [kees: clarified commit log, dropped second kmalloc] Signed-off-by: Kees Cook <keescook@chromium.org> 
During usercopy the destination buffer will be zeroed if copy_from_user()
or get_user() fails. This patch adds testcases for it. The destination
buffer is set with non-zero value before illegal copy_from_user() or
get_user() is executed and the buffer is compared to zero after usercopy
is done.

Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
[kees: clarified commit log, dropped second kmalloc]
Signed-off-by: Kees Cook <keescook@chromium.org>
test: check copy_to/from_user boundary validation 2014-01-24T00:36:57+00:00 Kees Cook keescook@chromium.org 2014-01-23T23:54:38+00:00 3e2a4c183ace8708c69f589505fb82bb63010ade To help avoid an architecture failing to correctly check kernel/user boundaries when handling copy_to_user, copy_from_user, put_user, or get_user, perform some simple tests and fail to load if any of them behave unexpectedly. Specifically, this is to make sure there is a way to notice if things like what was fixed in commit 8404663f81d2 ("ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS") ever regresses again, for any architecture. Additionally, adds new "user" selftest target, which loads this module. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
To help avoid an architecture failing to correctly check kernel/user
boundaries when handling copy_to_user, copy_from_user, put_user, or
get_user, perform some simple tests and fail to load if any of them
behave unexpectedly.

Specifically, this is to make sure there is a way to notice if things
like what was fixed in commit 8404663f81d2 ("ARM: 7527/1: uaccess:
explicitly check __user pointer when !CPU_USE_DOMAINS") ever regresses
again, for any architecture.

Additionally, adds new "user" selftest target, which loads this module.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>