| Message ID | 20180228200620.30026-7-igor.stoppa@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 2/28/18 12:06 PM, Igor Stoppa wrote: > Verify that pmalloc read-only protection is in place: trying to > overwrite a protected variable will crash the kernel. > > Signed-off-by: Igor Stoppa <igor.stoppa@huawei.com> > --- > drivers/misc/lkdtm.h | 1 + > drivers/misc/lkdtm_core.c | 3 +++ > drivers/misc/lkdtm_perms.c | 28 ++++++++++++++++++++++++++++ > 3 files changed, 32 insertions(+) > > diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h > index 9e513dcfd809..dcda3ae76ceb 100644 > --- a/drivers/misc/lkdtm.h > +++ b/drivers/misc/lkdtm.h > @@ -38,6 +38,7 @@ void lkdtm_READ_BUDDY_AFTER_FREE(void); > void __init lkdtm_perms_init(void); > void lkdtm_WRITE_RO(void); > void lkdtm_WRITE_RO_AFTER_INIT(void); > +void lkdtm_WRITE_RO_PMALLOC(void); Does this need some sort of #ifdef too? > void lkdtm_WRITE_KERN(void); > void lkdtm_EXEC_DATA(void); > void lkdtm_EXEC_STACK(void); > diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c > index 2154d1bfd18b..c9fd42bda6ee 100644 > --- a/drivers/misc/lkdtm_core.c > +++ b/drivers/misc/lkdtm_core.c > @@ -155,6 +155,9 @@ static const struct crashtype crashtypes[] = { > CRASHTYPE(ACCESS_USERSPACE), > CRASHTYPE(WRITE_RO), > CRASHTYPE(WRITE_RO_AFTER_INIT), > +#ifdef CONFIG_PROTECTABLE_MEMORY > + CRASHTYPE(WRITE_RO_PMALLOC), > +#endif > CRASHTYPE(WRITE_KERN), > CRASHTYPE(REFCOUNT_INC_OVERFLOW), > CRASHTYPE(REFCOUNT_ADD_OVERFLOW), > diff --git a/drivers/misc/lkdtm_perms.c b/drivers/misc/lkdtm_perms.c > index 53b85c9d16b8..0ac9023fd2b0 100644 > --- a/drivers/misc/lkdtm_perms.c > +++ b/drivers/misc/lkdtm_perms.c > @@ -9,6 +9,7 @@ > #include <linux/vmalloc.h> > #include <linux/mman.h> > #include <linux/uaccess.h> > +#include <linux/pmalloc.h> > #include <asm/cacheflush.h> > > /* Whether or not to fill the target memory area with do_nothing(). */ > @@ -104,6 +105,33 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) > *ptr ^= 0xabcd1234; > } > > +#ifdef CONFIG_PROTECTABLE_MEMORY > +void lkdtm_WRITE_RO_PMALLOC(void) > +{ > + struct gen_pool *pool; > + int *i; > + > + pool = pmalloc_create_pool("pool", 0); > + if (unlikely(!pool)) { > + pr_info("Failed preparing pool for pmalloc test."); > + return; > + } > + > + i = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL); > + if (unlikely(!i)) { > + pr_info("Failed allocating memory for pmalloc test."); > + pmalloc_destroy_pool(pool); > + return; > + } > + > + *i = INT_MAX; > + pmalloc_protect_pool(pool); > + > + pr_info("attempting bad pmalloc write at %p\n", i); > + *i = 0; OK, now I'm on the right version of this patch series, same comment applies. I don't get the local *i assignment at the end of the function, but seems harmless. Except the two minor comments, otherwise, Reviewed-by: Jay Freyensee <why2jjj.linux@gmail.com> > +} > +#endif > + > void lkdtm_WRITE_KERN(void) > { > size_t size;
On 06/03/18 19:20, J Freyensee wrote: > On 2/28/18 12:06 PM, Igor Stoppa wrote: [...] >> void __init lkdtm_perms_init(void); >> void lkdtm_WRITE_RO(void); >> void lkdtm_WRITE_RO_AFTER_INIT(void); >> +void lkdtm_WRITE_RO_PMALLOC(void); > > Does this need some sort of #ifdef too? Not strictly. It's just a function declaration. As long as it is not used, the linker will not complain. The #ifdef placed around the use and definition is sufficient, from a correctness perspective. But it's a different question if there is any standard in linux about hiding also the declaration. I am not very fond of #ifdefs, so when I can I try to avoid them. >> + pr_info("attempting bad pmalloc write at %p\n", i); >> + *i = 0; > > OK, now I'm on the right version of this patch series, same comment > applies. I don't get the local *i assignment at the end of the > function, but seems harmless. Because that's the whole point of the function: prove that pmalloc protection works (see the message in the pr_info one line above). The function is supposed to do: * create a pool * allocate memory from it * protect it * try to alter it (and crash) *i = 0; performs the last step -- igor
On 3/7/18 5:18 AM, Igor Stoppa wrote: > > On 06/03/18 19:20, J Freyensee wrote: > >> On 2/28/18 12:06 PM, Igor Stoppa wrote: > [...] > >>> void __init lkdtm_perms_init(void); >>> void lkdtm_WRITE_RO(void); >>> void lkdtm_WRITE_RO_AFTER_INIT(void); >>> +void lkdtm_WRITE_RO_PMALLOC(void); >> Does this need some sort of #ifdef too? > Not strictly. It's just a function declaration. > As long as it is not used, the linker will not complain. > The #ifdef placed around the use and definition is sufficient, from a > correctness perspective. > > But it's a different question if there is any standard in linux about > hiding also the declaration. I'd prefer hiding it if it's contents are being ifdef'ed out, but I really think it's more of a maintainer preference question. > > I am not very fond of #ifdefs, so when I can I try to avoid them. > >
diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h index 9e513dcfd809..dcda3ae76ceb 100644 --- a/drivers/misc/lkdtm.h +++ b/drivers/misc/lkdtm.h @@ -38,6 +38,7 @@ void lkdtm_READ_BUDDY_AFTER_FREE(void); void __init lkdtm_perms_init(void); void lkdtm_WRITE_RO(void); void lkdtm_WRITE_RO_AFTER_INIT(void); +void lkdtm_WRITE_RO_PMALLOC(void); void lkdtm_WRITE_KERN(void); void lkdtm_EXEC_DATA(void); void lkdtm_EXEC_STACK(void); diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c index 2154d1bfd18b..c9fd42bda6ee 100644 --- a/drivers/misc/lkdtm_core.c +++ b/drivers/misc/lkdtm_core.c @@ -155,6 +155,9 @@ static const struct crashtype crashtypes[] = { CRASHTYPE(ACCESS_USERSPACE), CRASHTYPE(WRITE_RO), CRASHTYPE(WRITE_RO_AFTER_INIT), +#ifdef CONFIG_PROTECTABLE_MEMORY + CRASHTYPE(WRITE_RO_PMALLOC), +#endif CRASHTYPE(WRITE_KERN), CRASHTYPE(REFCOUNT_INC_OVERFLOW), CRASHTYPE(REFCOUNT_ADD_OVERFLOW), diff --git a/drivers/misc/lkdtm_perms.c b/drivers/misc/lkdtm_perms.c index 53b85c9d16b8..0ac9023fd2b0 100644 --- a/drivers/misc/lkdtm_perms.c +++ b/drivers/misc/lkdtm_perms.c @@ -9,6 +9,7 @@ #include <linux/vmalloc.h> #include <linux/mman.h> #include <linux/uaccess.h> +#include <linux/pmalloc.h> #include <asm/cacheflush.h> /* Whether or not to fill the target memory area with do_nothing(). */ @@ -104,6 +105,33 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) *ptr ^= 0xabcd1234; } +#ifdef CONFIG_PROTECTABLE_MEMORY +void lkdtm_WRITE_RO_PMALLOC(void) +{ + struct gen_pool *pool; + int *i; + + pool = pmalloc_create_pool("pool", 0); + if (unlikely(!pool)) { + pr_info("Failed preparing pool for pmalloc test."); + return; + } + + i = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL); + if (unlikely(!i)) { + pr_info("Failed allocating memory for pmalloc test."); + pmalloc_destroy_pool(pool); + return; + } + + *i = INT_MAX; + pmalloc_protect_pool(pool); + + pr_info("attempting bad pmalloc write at %p\n", i); + *i = 0; +} +#endif + void lkdtm_WRITE_KERN(void) { size_t size;
Verify that pmalloc read-only protection is in place: trying to overwrite a protected variable will crash the kernel. Signed-off-by: Igor Stoppa <igor.stoppa@huawei.com> --- drivers/misc/lkdtm.h | 1 + drivers/misc/lkdtm_core.c | 3 +++ drivers/misc/lkdtm_perms.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+)