mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-01 22:54:01 +00:00
lkdtm: Add REPORT_STACK for checking stack offsets
For validating the stack offset behavior, report the offset from a given process's first seen stack address. Add s script to calculate the results to the LKDTM kselftests. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20210401232347.2791257-7-keescook@chromium.org
This commit is contained in:
parent
fe950f6020
commit
68ef8735d2
6 changed files with 57 additions and 0 deletions
|
@ -134,6 +134,23 @@ noinline void lkdtm_CORRUPT_STACK_STRONG(void)
|
||||||
__lkdtm_CORRUPT_STACK((void *)&data);
|
__lkdtm_CORRUPT_STACK((void *)&data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static pid_t stack_pid;
|
||||||
|
static unsigned long stack_addr;
|
||||||
|
|
||||||
|
void lkdtm_REPORT_STACK(void)
|
||||||
|
{
|
||||||
|
volatile uintptr_t magic;
|
||||||
|
pid_t pid = task_pid_nr(current);
|
||||||
|
|
||||||
|
if (pid != stack_pid) {
|
||||||
|
pr_info("Starting stack offset tracking for pid %d\n", pid);
|
||||||
|
stack_pid = pid;
|
||||||
|
stack_addr = (uintptr_t)&magic;
|
||||||
|
}
|
||||||
|
|
||||||
|
pr_info("Stack offset: %d\n", (int)(stack_addr - (uintptr_t)&magic));
|
||||||
|
}
|
||||||
|
|
||||||
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void)
|
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void)
|
||||||
{
|
{
|
||||||
static u8 data[5] __attribute__((aligned(4))) = {1, 2, 3, 4, 5};
|
static u8 data[5] __attribute__((aligned(4))) = {1, 2, 3, 4, 5};
|
||||||
|
|
|
@ -110,6 +110,7 @@ static const struct crashtype crashtypes[] = {
|
||||||
CRASHTYPE(EXHAUST_STACK),
|
CRASHTYPE(EXHAUST_STACK),
|
||||||
CRASHTYPE(CORRUPT_STACK),
|
CRASHTYPE(CORRUPT_STACK),
|
||||||
CRASHTYPE(CORRUPT_STACK_STRONG),
|
CRASHTYPE(CORRUPT_STACK_STRONG),
|
||||||
|
CRASHTYPE(REPORT_STACK),
|
||||||
CRASHTYPE(CORRUPT_LIST_ADD),
|
CRASHTYPE(CORRUPT_LIST_ADD),
|
||||||
CRASHTYPE(CORRUPT_LIST_DEL),
|
CRASHTYPE(CORRUPT_LIST_DEL),
|
||||||
CRASHTYPE(STACK_GUARD_PAGE_LEADING),
|
CRASHTYPE(STACK_GUARD_PAGE_LEADING),
|
||||||
|
|
|
@ -17,6 +17,7 @@ void lkdtm_LOOP(void);
|
||||||
void lkdtm_EXHAUST_STACK(void);
|
void lkdtm_EXHAUST_STACK(void);
|
||||||
void lkdtm_CORRUPT_STACK(void);
|
void lkdtm_CORRUPT_STACK(void);
|
||||||
void lkdtm_CORRUPT_STACK_STRONG(void);
|
void lkdtm_CORRUPT_STACK_STRONG(void);
|
||||||
|
void lkdtm_REPORT_STACK(void);
|
||||||
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void);
|
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void);
|
||||||
void lkdtm_SOFTLOCKUP(void);
|
void lkdtm_SOFTLOCKUP(void);
|
||||||
void lkdtm_HARDLOCKUP(void);
|
void lkdtm_HARDLOCKUP(void);
|
||||||
|
|
1
tools/testing/selftests/lkdtm/.gitignore
vendored
1
tools/testing/selftests/lkdtm/.gitignore
vendored
|
@ -1,2 +1,3 @@
|
||||||
*.sh
|
*.sh
|
||||||
!run.sh
|
!run.sh
|
||||||
|
!stack-entropy.sh
|
||||||
|
|
|
@ -5,6 +5,7 @@ include ../lib.mk
|
||||||
|
|
||||||
# NOTE: $(OUTPUT) won't get default value if used before lib.mk
|
# NOTE: $(OUTPUT) won't get default value if used before lib.mk
|
||||||
TEST_FILES := tests.txt
|
TEST_FILES := tests.txt
|
||||||
|
TEST_PROGS := stack-entropy.sh
|
||||||
TEST_GEN_PROGS = $(patsubst %,$(OUTPUT)/%.sh,$(shell awk '{print $$1}' tests.txt | sed -e 's/\#//'))
|
TEST_GEN_PROGS = $(patsubst %,$(OUTPUT)/%.sh,$(shell awk '{print $$1}' tests.txt | sed -e 's/\#//'))
|
||||||
all: $(TEST_GEN_PROGS)
|
all: $(TEST_GEN_PROGS)
|
||||||
|
|
||||||
|
|
36
tools/testing/selftests/lkdtm/stack-entropy.sh
Executable file
36
tools/testing/selftests/lkdtm/stack-entropy.sh
Executable file
|
@ -0,0 +1,36 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# SPDX-License-Identifier: GPL-2.0
|
||||||
|
#
|
||||||
|
# Measure kernel stack entropy by sampling via LKDTM's REPORT_STACK test.
|
||||||
|
set -e
|
||||||
|
samples="${1:-1000}"
|
||||||
|
|
||||||
|
# Capture dmesg continuously since it may fill up depending on sample size.
|
||||||
|
log=$(mktemp -t stack-entropy-XXXXXX)
|
||||||
|
dmesg --follow >"$log" & pid=$!
|
||||||
|
report=-1
|
||||||
|
for i in $(seq 1 $samples); do
|
||||||
|
echo "REPORT_STACK" >/sys/kernel/debug/provoke-crash/DIRECT
|
||||||
|
if [ -t 1 ]; then
|
||||||
|
percent=$(( 100 * $i / $samples ))
|
||||||
|
if [ "$percent" -ne "$report" ]; then
|
||||||
|
/bin/echo -en "$percent%\r"
|
||||||
|
report="$percent"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
kill "$pid"
|
||||||
|
|
||||||
|
# Count unique offsets since last run.
|
||||||
|
seen=$(tac "$log" | grep -m1 -B"$samples"0 'Starting stack offset' | \
|
||||||
|
grep 'Stack offset' | awk '{print $NF}' | sort | uniq -c | wc -l)
|
||||||
|
bits=$(echo "obase=2; $seen" | bc | wc -L)
|
||||||
|
echo "Bits of stack entropy: $bits"
|
||||||
|
rm -f "$log"
|
||||||
|
|
||||||
|
# We would expect any functional stack randomization to be at least 5 bits.
|
||||||
|
if [ "$bits" -lt 5 ]; then
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
exit 0
|
||||||
|
fi
|
Loading…
Reference in a new issue