mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-26 02:39:48 +00:00
6f9b5ed8ca
Here is the large set of char, misc, and other driver subsystem updates for 5.19-rc1. The merge request for this has been delayed as I wanted to get lots of linux-next testing due to some late arrivals of changes for the habannalabs driver. Highlights of this merge are: - habanalabs driver updates for new hardware types and fixes and other updates - IIO driver tree merge which includes loads of new IIO drivers and cleanups and additions - PHY driver tree merge with new drivers and small updates to existing ones - interconnect driver tree merge with fixes and updates - soundwire driver tree merge with some small fixes - coresight driver tree merge with small fixes and updates - mhi bus driver tree merge with lots of updates and new device support - firmware driver updates - fpga driver updates - lkdtm driver updates (with a merge conflict, more on that below) - extcon driver tree merge with small updates - lots of other tiny driver updates and fixes and cleanups, full details in the shortlog. All of these have been in linux-next for almost 2 weeks with no reported problems. Note, there are 3 merge conflicts when merging this with your tree: - MAINTAINERS, should be easy to resolve - drivers/slimbus/qcom-ctrl.c, should be straightforward resolution - drivers/misc/lkdtm/stackleak.c, not an easy resolution. This has been noted in the linux-next tree for a while, and resolved there, here's a link to the resolution that Stephen came up with and that Kees says is correct: https://lore.kernel.org/r/20220509185344.3fe1a354@canb.auug.org.au I will be glad to provide a merge point that contains these resolutions if that makes things any easier for you. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYpnkbA8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ylOrgCggbbAFwESBY9o2YfpG+2VOLpc0GAAoJgY1XN8 P/gumbLEpFvoBZ5xLIW8 =KCgk -----END PGP SIGNATURE----- Merge tag 'char-misc-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char / misc / other smaller driver subsystem updates from Greg KH: "Here is the large set of char, misc, and other driver subsystem updates for 5.19-rc1. The merge request for this has been delayed as I wanted to get lots of linux-next testing due to some late arrivals of changes for the habannalabs driver. Highlights of this merge are: - habanalabs driver updates for new hardware types and fixes and other updates - IIO driver tree merge which includes loads of new IIO drivers and cleanups and additions - PHY driver tree merge with new drivers and small updates to existing ones - interconnect driver tree merge with fixes and updates - soundwire driver tree merge with some small fixes - coresight driver tree merge with small fixes and updates - mhi bus driver tree merge with lots of updates and new device support - firmware driver updates - fpga driver updates - lkdtm driver updates (with a merge conflict, more on that below) - extcon driver tree merge with small updates - lots of other tiny driver updates and fixes and cleanups, full details in the shortlog. All of these have been in linux-next for almost 2 weeks with no reported problems" * tag 'char-misc-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (387 commits) habanalabs: use separate structure info for each error collect data habanalabs: fix missing handle shift during mmap habanalabs: remove hdev from hl_ctx_get args habanalabs: do MMU prefetch as deferred work habanalabs: order memory manager messages habanalabs: return -EFAULT on copy_to_user error habanalabs: use NULL for eventfd habanalabs: update firmware header habanalabs: add support for notification via eventfd habanalabs: add topic to memory manager buffer habanalabs: handle race in driver fini habanalabs: add device memory scrub ability through debugfs habanalabs: use unified memory manager for CB flow habanalabs: unified memory manager new code for CB flow habanalabs/gaudi: set arbitration timeout to a high value habanalabs: add put by handle method to memory manager habanalabs: hide memory manager page shift habanalabs: Add separate poll interval value for protocol habanalabs: use get_task_pid() to take PID habanalabs: add prefetch flag to the MAP operation ...
144 lines
4.8 KiB
C
144 lines
4.8 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* This code tests that the current task stack is properly erased (filled
|
|
* with STACKLEAK_POISON).
|
|
*
|
|
* Authors:
|
|
* Alexander Popov <alex.popov@linux.com>
|
|
* Tycho Andersen <tycho@tycho.ws>
|
|
*/
|
|
|
|
#include "lkdtm.h"
|
|
#include <linux/stackleak.h>
|
|
|
|
#if defined(CONFIG_GCC_PLUGIN_STACKLEAK)
|
|
/*
|
|
* Check that stackleak tracks the lowest stack pointer and erases the stack
|
|
* below this as expected.
|
|
*
|
|
* To prevent the lowest stack pointer changing during the test, IRQs are
|
|
* masked and instrumentation of this function is disabled. We assume that the
|
|
* compiler will create a fixed-size stack frame for this function.
|
|
*
|
|
* Any non-inlined function may make further use of the stack, altering the
|
|
* lowest stack pointer and/or clobbering poison values. To avoid spurious
|
|
* failures we must avoid printing until the end of the test or have already
|
|
* encountered a failure condition.
|
|
*/
|
|
static void noinstr check_stackleak_irqoff(void)
|
|
{
|
|
const unsigned long task_stack_base = (unsigned long)task_stack_page(current);
|
|
const unsigned long task_stack_low = stackleak_task_low_bound(current);
|
|
const unsigned long task_stack_high = stackleak_task_high_bound(current);
|
|
const unsigned long current_sp = current_stack_pointer;
|
|
const unsigned long lowest_sp = current->lowest_stack;
|
|
unsigned long untracked_high;
|
|
unsigned long poison_high, poison_low;
|
|
bool test_failed = false;
|
|
|
|
/*
|
|
* Check that the current and lowest recorded stack pointer values fall
|
|
* within the expected task stack boundaries. These tests should never
|
|
* fail unless the boundaries are incorrect or we're clobbering the
|
|
* STACK_END_MAGIC, and in either casee something is seriously wrong.
|
|
*/
|
|
if (current_sp < task_stack_low || current_sp >= task_stack_high) {
|
|
pr_err("FAIL: current_stack_pointer (0x%lx) outside of task stack bounds [0x%lx..0x%lx]\n",
|
|
current_sp, task_stack_low, task_stack_high - 1);
|
|
test_failed = true;
|
|
goto out;
|
|
}
|
|
if (lowest_sp < task_stack_low || lowest_sp >= task_stack_high) {
|
|
pr_err("FAIL: current->lowest_stack (0x%lx) outside of task stack bounds [0x%lx..0x%lx]\n",
|
|
lowest_sp, task_stack_low, task_stack_high - 1);
|
|
test_failed = true;
|
|
goto out;
|
|
}
|
|
|
|
/*
|
|
* Depending on what has run prior to this test, the lowest recorded
|
|
* stack pointer could be above or below the current stack pointer.
|
|
* Start from the lowest of the two.
|
|
*
|
|
* Poison values are naturally-aligned unsigned longs. As the current
|
|
* stack pointer might not be sufficiently aligned, we must align
|
|
* downwards to find the lowest known stack pointer value. This is the
|
|
* high boundary for a portion of the stack which may have been used
|
|
* without being tracked, and has to be scanned for poison.
|
|
*/
|
|
untracked_high = min(current_sp, lowest_sp);
|
|
untracked_high = ALIGN_DOWN(untracked_high, sizeof(unsigned long));
|
|
|
|
/*
|
|
* Find the top of the poison in the same way as the erasing code.
|
|
*/
|
|
poison_high = stackleak_find_top_of_poison(task_stack_low, untracked_high);
|
|
|
|
/*
|
|
* Check whether the poisoned portion of the stack (if any) consists
|
|
* entirely of poison. This verifies the entries that
|
|
* stackleak_find_top_of_poison() should have checked.
|
|
*/
|
|
poison_low = poison_high;
|
|
while (poison_low > task_stack_low) {
|
|
poison_low -= sizeof(unsigned long);
|
|
|
|
if (*(unsigned long *)poison_low == STACKLEAK_POISON)
|
|
continue;
|
|
|
|
pr_err("FAIL: non-poison value %lu bytes below poison boundary: 0x%lx\n",
|
|
poison_high - poison_low, *(unsigned long *)poison_low);
|
|
test_failed = true;
|
|
}
|
|
|
|
pr_info("stackleak stack usage:\n"
|
|
" high offset: %lu bytes\n"
|
|
" current: %lu bytes\n"
|
|
" lowest: %lu bytes\n"
|
|
" tracked: %lu bytes\n"
|
|
" untracked: %lu bytes\n"
|
|
" poisoned: %lu bytes\n"
|
|
" low offset: %lu bytes\n",
|
|
task_stack_base + THREAD_SIZE - task_stack_high,
|
|
task_stack_high - current_sp,
|
|
task_stack_high - lowest_sp,
|
|
task_stack_high - untracked_high,
|
|
untracked_high - poison_high,
|
|
poison_high - task_stack_low,
|
|
task_stack_low - task_stack_base);
|
|
|
|
out:
|
|
if (test_failed) {
|
|
pr_err("FAIL: the thread stack is NOT properly erased!\n");
|
|
} else {
|
|
pr_info("OK: the rest of the thread stack is properly erased\n");
|
|
}
|
|
}
|
|
|
|
static void lkdtm_STACKLEAK_ERASING(void)
|
|
{
|
|
unsigned long flags;
|
|
|
|
local_irq_save(flags);
|
|
check_stackleak_irqoff();
|
|
local_irq_restore(flags);
|
|
}
|
|
#else /* defined(CONFIG_GCC_PLUGIN_STACKLEAK) */
|
|
static void lkdtm_STACKLEAK_ERASING(void)
|
|
{
|
|
if (IS_ENABLED(CONFIG_HAVE_ARCH_STACKLEAK)) {
|
|
pr_err("XFAIL: stackleak is not enabled (CONFIG_GCC_PLUGIN_STACKLEAK=n)\n");
|
|
} else {
|
|
pr_err("XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n)\n");
|
|
}
|
|
}
|
|
#endif /* defined(CONFIG_GCC_PLUGIN_STACKLEAK) */
|
|
|
|
static struct crashtype crashtypes[] = {
|
|
CRASHTYPE(STACKLEAK_ERASING),
|
|
};
|
|
|
|
struct crashtype_category stackleak_crashtypes = {
|
|
.crashtypes = crashtypes,
|
|
.len = ARRAY_SIZE(crashtypes),
|
|
};
|