From patchwork Fri Oct 28 02:30:28 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 9400871 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 90381605EE for ; Fri, 28 Oct 2016 02:22:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F0CB2A463 for ; Fri, 28 Oct 2016 02:22:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 721012A466; Fri, 28 Oct 2016 02:22:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id BAE762A463 for ; Fri, 28 Oct 2016 02:22:30 +0000 (UTC) Received: (qmail 10080 invoked by uid 550); 28 Oct 2016 02:22:28 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 10059 invoked from network); 28 Oct 2016 02:22:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=WDYpj5Uusbf2iJjf7XMhvr32vDst690floJ+gvoUl6o=; b=D/vn1vIidY1p8TbOauh2BvdgTc+ChG/mbQSwJXX4gQI3Lut2+vEc0nU1XLuVn75GOf JeVfEAJ2UJLxZwjvg6j+Srg/2doSBrQEinN84Lh+6aWHeAS+iYB7J4wMCcv1rWtPh+En bl8JWAAmLVXCuGSjZjNKMzhfeoXMSF+62kNUo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=WDYpj5Uusbf2iJjf7XMhvr32vDst690floJ+gvoUl6o=; b=MqbkWaPmcCT53Nl4elJ3JloxdoA74HoYImE60mHLiOzW9kL5Rgils+bNfncveEzzS3 mEECQGIAOstw887bdI6Js1VnA9YAlGoKucVLyZXF5egHSjobPaxKgvg6yy+OqrUiulwy 2wlFaZajq4csOZqA8gO34/xSW/PFaJki0CW66ydL83psi4+4gNpeLcO35x6rdkrsTIze axsAsONwbAdvm+SepoZU9E/GBUEifCgUSb6K+kAE4po/ynQ8IYQyVn1Y8bNXNujpFSW9 Ya5Zzbs12JTlkpzVSPvevFAdNl4PIQ8M9tL4jLC9la/C0Zv3+ttGpNR4vI8IMzmuaOlK oo2Q== X-Gm-Message-State: ABUngvct2DUF6/K1x2yzn2I+c4ewszWzeIxvQjLSJUV9XHOKz2ZfAveufMTnqJmsR50/C1c7 X-Received: by 10.99.144.65 with SMTP id a62mr16968939pge.103.1477621335083; Thu, 27 Oct 2016 19:22:15 -0700 (PDT) Date: Fri, 28 Oct 2016 11:30:28 +0900 From: AKASHI Takahiro To: kernel-hardening@lists.openwall.com Cc: Kees Cook , Hans Liljestrand , "Reshetova, Elena" , David Windsor Message-ID: <20161028023027.GD19531@linaro.org> References: <20161025204303.GA36052@beast> <2236FBA76BA1254E88B949DDB74E612B41BF8C0A@IRSMSX102.ger.corp.intel.com> <20161027124652.2pys4h7tug5wmqge@thigreal> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [kernel-hardening] Re: [RFC v2 PATCH 13.1/13] lkdtm: add tests for atomic over-/underflow X-Virus-Scanned: ClamAV using ClamSMTP On Thu, Oct 27, 2016 at 02:36:25PM -0700, Kees Cook wrote: > On Thu, Oct 27, 2016 at 5:46 AM, Hans Liljestrand wrote: > > On Wed, Oct 26, 2016 at 01:41:34PM -0700, Kees Cook wrote: > >> On Wed, Oct 26, 2016 at 12:29 AM, Reshetova, Elena > >> wrote: > >> > Thank you Kees! I applied the commit to our hardened_atomic_on_next branch and it will be included into the next rfc. > >> > >> Cool, thanks. I assume this should get atomic64_t and local_t tests as well? > >> > > > > Yes, I'm currently compiling a build with atomic64_t and local_t tests added. > > With the improved lkdtm macros its much easier to add the extra types, thank > > you Kees! > > Sure thing! I may have yet-another patch for this, as I didn't like > repeating the same things in three files whenever a new test was > added. Moar macro magick! It would be nice to expose atomic* variables to userspace via debugfs so that we can confirm that the values will not be changed if overflowed. See the attached patch. We will be able to check the test result: # /bin/echo ATOMIC_ADD_OVERFLOW > /debug/provoke-crash/DIRECT # echo $? # if [ cat /debug/provoke-crash/atomic -eq INT_MAX ]; then # echo PASS ; fi Thanks, -Takahiro AKASHI > > -Kees > > -- > Kees Cook > Nexus Security ===8<=== From c516b50b4764c5c1ba0dd39e3a5022d026e35514 Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Fri, 28 Oct 2016 10:55:50 +0900 Subject: [PATCH] lkdtm: expose atomic variables via debugfs Signed-off-by: AKASHI Takahiro --- drivers/misc/lkdtm.h | 2 ++ drivers/misc/lkdtm_bugs.c | 75 +++++++++++++++++++++++++++++++++++++---------- drivers/misc/lkdtm_core.c | 3 ++ 3 files changed, 64 insertions(+), 16 deletions(-) diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h index 0ef66ff..b4dd231 100644 --- a/drivers/misc/lkdtm.h +++ b/drivers/misc/lkdtm.h @@ -3,10 +3,12 @@ #define pr_fmt(fmt) "lkdtm: " fmt +#include #include /* lkdtm_bugs.c */ void __init lkdtm_bugs_init(int *recur_param); +void __init lkdtm_bugs_init2(struct dentry *parent); void lkdtm_PANIC(void); void lkdtm_BUG(void); void lkdtm_WARNING(void); diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c index 7b4067b..dd5003f 100644 --- a/drivers/misc/lkdtm_bugs.c +++ b/drivers/misc/lkdtm_bugs.c @@ -5,6 +5,8 @@ * test source files. */ #include "lkdtm.h" +#include +#include #include /* @@ -35,6 +37,33 @@ static int recursive_loop(int remaining) return recursive_loop(remaining - 1); } +/* from fs/debugfs/file.c */ +static int debugfs_atomic_long_t_set(void *data, u64 val) +{ + atomic_long_set((atomic_long_t *)data, val); + return 0; +} + +static int debugfs_atomic_long_t_get(void *data, u64 *val) +{ + *val = atomic_long_read((atomic_long_t *)data); + return 0; +} + +DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_long_t, debugfs_atomic_long_t_get, + debugfs_atomic_long_t_set, "%lld\n"); + +static struct dentry *debugfs_create_atomic_long_t(const char *name, + umode_t mode, + struct dentry *parent, atomic_long_t *value) +{ + return debugfs_create_file_unsafe(name, mode, parent, value, + &fops_atomic_long_t); +} + +static atomic_t atomic_var = ATOMIC_INIT(0); +static atomic_long_t atomic_long_var = ATOMIC_LONG_INIT(0); + /* If the depth is negative, use the default, otherwise keep parameter. */ void __init lkdtm_bugs_init(int *recur_param) { @@ -44,6 +73,20 @@ void __init lkdtm_bugs_init(int *recur_param) recur_count = *recur_param; } +void __init lkdtm_bugs_init2(struct dentry *parent) +{ + struct dentry *de; + + de = debugfs_create_atomic_t("atomic", 0644, parent, &atomic_var); + if (de == NULL) + pr_err("could not create atomic dentry under debugfs\n"); + + de = debugfs_create_atomic_long_t("atomic-long", 0644, parent, + &atomic_long_var); + if (de == NULL) + pr_err("could not create atomic-long dentry under debugfs\n"); +} + void lkdtm_PANIC(void) { panic("dumptest"); @@ -125,53 +168,53 @@ void lkdtm_HUNG_TASK(void) #define ATOMIC_LKDTM_MIN(tag,fun) void lkdtm_ATOMIC_##tag(void) \ { \ - atomic_t atomic = ATOMIC_INIT(INT_MIN); \ + atomic_set(&atomic_var, INT_MIN); \ \ pr_info("attempting good atomic_" #fun "\n"); \ - atomic_inc(&atomic); \ - TEST_FUNC(&atomic); \ + atomic_inc(&atomic_var); \ + TEST_FUNC(&atomic_var); \ \ pr_info("attempting bad atomic_" #fun "\n"); \ - TEST_FUNC(&atomic); \ + TEST_FUNC(&atomic_var); \ } #define ATOMIC_LKDTM_MAX(tag,fun,...) \ void lkdtm_ATOMIC_##tag(void) \ { \ - atomic_t atomic = ATOMIC_INIT(INT_MAX); \ + atomic_set(&atomic_var, INT_MAX); \ \ pr_info("attempting good atomic_" #fun "\n"); \ - atomic_dec(&atomic); \ - TEST_FUNC(&atomic); \ + atomic_dec(&atomic_var); \ + TEST_FUNC(&atomic_var); \ \ pr_info("attempting bad atomic_" #fun "\n"); \ - TEST_FUNC(&atomic); \ + TEST_FUNC(&atomic_var); \ } #define ATOMIC_LKDTM_LONG_MIN(tag,fun,...) \ void lkdtm_ATOMIC_LONG_##tag(void) \ { \ - atomic_long_t atomic = ATOMIC_LONG_INIT(LONG_MIN); \ + atomic_long_set(&atomic_long_var, LONG_MIN); \ \ pr_info("attempting good atomic_long_" #fun "\n"); \ - atomic_long_inc(&atomic); \ - TEST_FUNC(&atomic); \ + atomic_long_inc(&atomic_long_var); \ + TEST_FUNC(&atomic_long_var); \ \ pr_info("attempting bad atomic_long_" #fun "\n"); \ - TEST_FUNC(&atomic); \ + TEST_FUNC(&atomic_long_var); \ } #define ATOMIC_LKDTM_LONG_MAX(tag,fun,...) \ void lkdtm_ATOMIC_LONG_##tag(void) \ { \ - atomic_long_t atomic = ATOMIC_LONG_INIT(LONG_MAX); \ + atomic_long_set(&atomic_long_var, LONG_MAX); \ \ pr_info("attempting good atomic_long_" #fun "\n"); \ - atomic_long_dec(&atomic); \ - TEST_FUNC(&atomic); \ + atomic_long_dec(&atomic_long_var); \ + TEST_FUNC(&atomic_long_var); \ \ pr_info("attempting bad atomic_long_" #fun "\n"); \ - TEST_FUNC(&atomic); \ + TEST_FUNC(&atomic_long_var); \ } #define TEST_FUNC(x) atomic_dec(x) diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c index 01d8540..6f5f9c2 100644 --- a/drivers/misc/lkdtm_core.c +++ b/drivers/misc/lkdtm_core.c @@ -536,6 +536,9 @@ static int __init lkdtm_module_init(void) pr_info("No crash points registered, enable through debugfs\n"); } + /* misc setup */ + lkdtm_bugs_init2(lkdtm_debugfs_root); + return 0; out_err: