Commit f90d1e0c authored by Alexander Popov's avatar Alexander Popov Committed by Kees Cook

lkdtm: Add a test for STACKLEAK

Introduce an lkdtm test for the STACKLEAK feature: check that the
current task stack is properly erased (filled with STACKLEAK_POISON).
Signed-off-by: default avatarAlexander Popov <alex.popov@linux.com>
Signed-off-by: default avatarTycho Andersen <tycho@tycho.ws>
Tested-by: default avatarLaura Abbott <labbott@redhat.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent 10e9ae9f
......@@ -8,7 +8,9 @@ lkdtm-$(CONFIG_LKDTM) += perms.o
lkdtm-$(CONFIG_LKDTM) += refcount.o
lkdtm-$(CONFIG_LKDTM) += rodata_objcopy.o
lkdtm-$(CONFIG_LKDTM) += usercopy.o
lkdtm-$(CONFIG_LKDTM) += stackleak.o
KASAN_SANITIZE_stackleak.o := n
KCOV_INSTRUMENT_rodata.o := n
OBJCOPYFLAGS :=
......
......@@ -183,6 +183,7 @@ static const struct crashtype crashtypes[] = {
CRASHTYPE(USERCOPY_STACK_FRAME_FROM),
CRASHTYPE(USERCOPY_STACK_BEYOND),
CRASHTYPE(USERCOPY_KERNEL),
CRASHTYPE(STACKLEAK_ERASING),
};
......
......@@ -83,4 +83,7 @@ void lkdtm_USERCOPY_STACK_FRAME_FROM(void);
void lkdtm_USERCOPY_STACK_BEYOND(void);
void lkdtm_USERCOPY_KERNEL(void);
/* lkdtm_stackleak.c */
void lkdtm_STACKLEAK_ERASING(void);
#endif
// SPDX-License-Identifier: GPL-2.0
/*
* This code tests that the current task stack is properly erased (filled
* with STACKLEAK_POISON).
*
* Authors:
* Alexander Popov <alex.popov@linux.com>
* Tycho Andersen <tycho@tycho.ws>
*/
#include "lkdtm.h"
#include <linux/stackleak.h>
void lkdtm_STACKLEAK_ERASING(void)
{
unsigned long *sp, left, found, i;
const unsigned long check_depth =
STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
/*
* For the details about the alignment of the poison values, see
* the comment in stackleak_track_stack().
*/
sp = PTR_ALIGN(&i, sizeof(unsigned long));
left = ((unsigned long)sp & (THREAD_SIZE - 1)) / sizeof(unsigned long);
sp--;
/*
* One 'long int' at the bottom of the thread stack is reserved
* and not poisoned.
*/
if (left > 1) {
left--;
} else {
pr_err("FAIL: not enough stack space for the test\n");
return;
}
pr_info("checking unused part of the thread stack (%lu bytes)...\n",
left * sizeof(unsigned long));
/*
* Search for 'check_depth' poison values in a row (just like
* stackleak_erase() does).
*/
for (i = 0, found = 0; i < left && found <= check_depth; i++) {
if (*(sp - i) == STACKLEAK_POISON)
found++;
else
found = 0;
}
if (found <= check_depth) {
pr_err("FAIL: thread stack is not erased (checked %lu bytes)\n",
i * sizeof(unsigned long));
return;
}
pr_info("first %lu bytes are unpoisoned\n",
(i - found) * sizeof(unsigned long));
/* The rest of thread stack should be erased */
for (; i < left; i++) {
if (*(sp - i) != STACKLEAK_POISON) {
pr_err("FAIL: thread stack is NOT properly erased\n");
return;
}
}
pr_info("OK: the rest of the thread stack is properly erased\n");
return;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment