Message ID | 20180223144807.1180-7-igor.stoppa@huawei.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Hi Igor, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.16-rc2] [cannot apply to next-20180223] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Igor-Stoppa/genalloc-track-beginning-of-allocations/20180225-081601 config: x86_64-rhel (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): >> ERROR: "pmalloc" [drivers/misc/lkdtm.ko] undefined! >> ERROR: "pmalloc_create_pool" [drivers/misc/lkdtm.ko] undefined! >> ERROR: "pmalloc_destroy_pool" [drivers/misc/lkdtm.ko] undefined! >> ERROR: "pmalloc_protect_pool" [drivers/misc/lkdtm.ko] undefined! --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
> > +#ifdef CONFIG_PROTECTABLE_MEMORY > +void lkdtm_WRITE_RO_PMALLOC(void) > +{ > + struct gen_pool *pool; > + int *i; > + > + pool = pmalloc_create_pool("pool", 0); > + if (unlikely(!pool)) { > + pr_info("Failed preparing pool for pmalloc test."); > + return; > + } > + > + i = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL); > + if (unlikely(!i)) { > + pr_info("Failed allocating memory for pmalloc test."); > + pmalloc_destroy_pool(pool); > + return; > + } > + > + *i = INT_MAX; > + pmalloc_protect_pool(pool); > + > + pr_info("attempting bad pmalloc write at %p\n", i); > + *i = 0; Seems harmless, but I don't get why *i local variable needs to be set to 0 at the end of this function. Otherwise, Reviewed-by: Jay Freyensee <why2jjj.linux@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 3/6/18 9:05 AM, J Freyensee wrote: > >> +#ifdef CONFIG_PROTECTABLE_MEMORY >> +void lkdtm_WRITE_RO_PMALLOC(void) >> +{ >> + struct gen_pool *pool; >> + int *i; >> + >> + pool = pmalloc_create_pool("pool", 0); >> + if (unlikely(!pool)) { >> + pr_info("Failed preparing pool for pmalloc test."); >> + return; >> + } >> + >> + i = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL); >> + if (unlikely(!i)) { >> + pr_info("Failed allocating memory for pmalloc test."); >> + pmalloc_destroy_pool(pool); >> + return; >> + } >> + >> + *i = INT_MAX; >> + pmalloc_protect_pool(pool); >> + >> + pr_info("attempting bad pmalloc write at %p\n", i); >> + *i = 0; > Opps, disregard this, this is the last series of this patch series, not the most recent one :-(. > Seems harmless, but I don't get why *i local variable needs to be set > to 0 at the end of this function. > > > Otherwise, > > Reviewed-by: Jay Freyensee <why2jjj.linux@gmail.com> > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h index 9e513dcfd809..dcda3ae76ceb 100644 --- a/drivers/misc/lkdtm.h +++ b/drivers/misc/lkdtm.h @@ -38,6 +38,7 @@ void lkdtm_READ_BUDDY_AFTER_FREE(void); void __init lkdtm_perms_init(void); void lkdtm_WRITE_RO(void); void lkdtm_WRITE_RO_AFTER_INIT(void); +void lkdtm_WRITE_RO_PMALLOC(void); void lkdtm_WRITE_KERN(void); void lkdtm_EXEC_DATA(void); void lkdtm_EXEC_STACK(void); diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c index 2154d1bfd18b..c9fd42bda6ee 100644 --- a/drivers/misc/lkdtm_core.c +++ b/drivers/misc/lkdtm_core.c @@ -155,6 +155,9 @@ static const struct crashtype crashtypes[] = { CRASHTYPE(ACCESS_USERSPACE), CRASHTYPE(WRITE_RO), CRASHTYPE(WRITE_RO_AFTER_INIT), +#ifdef CONFIG_PROTECTABLE_MEMORY + CRASHTYPE(WRITE_RO_PMALLOC), +#endif CRASHTYPE(WRITE_KERN), CRASHTYPE(REFCOUNT_INC_OVERFLOW), CRASHTYPE(REFCOUNT_ADD_OVERFLOW), diff --git a/drivers/misc/lkdtm_perms.c b/drivers/misc/lkdtm_perms.c index 53b85c9d16b8..0ac9023fd2b0 100644 --- a/drivers/misc/lkdtm_perms.c +++ b/drivers/misc/lkdtm_perms.c @@ -9,6 +9,7 @@ #include <linux/vmalloc.h> #include <linux/mman.h> #include <linux/uaccess.h> +#include <linux/pmalloc.h> #include <asm/cacheflush.h> /* Whether or not to fill the target memory area with do_nothing(). */ @@ -104,6 +105,33 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) *ptr ^= 0xabcd1234; } +#ifdef CONFIG_PROTECTABLE_MEMORY +void lkdtm_WRITE_RO_PMALLOC(void) +{ + struct gen_pool *pool; + int *i; + + pool = pmalloc_create_pool("pool", 0); + if (unlikely(!pool)) { + pr_info("Failed preparing pool for pmalloc test."); + return; + } + + i = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL); + if (unlikely(!i)) { + pr_info("Failed allocating memory for pmalloc test."); + pmalloc_destroy_pool(pool); + return; + } + + *i = INT_MAX; + pmalloc_protect_pool(pool); + + pr_info("attempting bad pmalloc write at %p\n", i); + *i = 0; +} +#endif + void lkdtm_WRITE_KERN(void) { size_t size;
Verify that pmalloc read-only protection is in place: trying to overwrite a protected variable will crash the kernel. Signed-off-by: Igor Stoppa <igor.stoppa@huawei.com> --- drivers/misc/lkdtm.h | 1 + drivers/misc/lkdtm_core.c | 3 +++ drivers/misc/lkdtm_perms.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+)