19 Apr, 2017

1 commit

• 9e18308a5   misc: lkdtm: Add volatile to intentional NULL pointer reference ... Browse Code »

  Add a volatile qualifier where a NULL pointer is deliberately
  dereferenced to trigger a panic.

  Without the volatile qualifier clang will issue the following warning:
  "indirection of non-volatile null pointer will be deleted,
  not trap [-Wnull-dereference]" and replace the pointer reference
  with a __builtin_trap() (which generates a ud2 instruction on x86_64).

  Signed-off-by: Michael Davidson
  Signed-off-by: Matthias Kaehlcke
  Acked-by: Kees Cook
  Signed-off-by: Greg Kroah-Hartman

  Michael Davidson

  2017-04-19 00:03:42 +0800  

08 Apr, 2017

1 commit

• e22aa9d78   lkdtm: add bad USER_DS test ... Browse Code »

  This adds CORRUPT_USER_DS to check that the get_fs() test on syscall
  return (via __VERIFY_PRE_USERMODE_STATE) still sees USER_DS. Since
  trying to deal with values other than USER_DS and KERNEL_DS across all
  architectures in a safe way is not sensible, this sets KERNEL_DS, but
  since that could be extremely dangerous if the protection is not present,
  it also raises SIGKILL for current, so that no matter what, the process
  will die. A successful test will be visible with a BUG(), like all the
  other LKDTM tests.

  Signed-off-by: Kees Cook
  Signed-off-by: Greg Kroah-Hartman

  Kees Cook

  2017-04-08 23:56:02 +0800  

23 Feb, 2017

1 commit

• e30aee9e1   Merge tag 'char-misc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc ... Browse Code »

  Pull char/misc driver updates from Greg KH:
  "Here is the big char/misc driver patchset for 4.11-rc1.

  Lots of different driver subsystems updated here: rework for the
  hyperv subsystem to handle new platforms better, mei and w1 and extcon
  driver updates, as well as a number of other "minor" driver updates.

  All of these have been in linux-next for a while with no reported
  issues"

  * tag 'char-misc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (169 commits)
  goldfish: Sanitize the broken interrupt handler
  x86/platform/goldfish: Prevent unconditional loading
  vmbus: replace modulus operation with subtraction
  vmbus: constify parameters where possible
  vmbus: expose hv_begin/end_read
  vmbus: remove conditional locking of vmbus_write
  vmbus: add direct isr callback mode
  vmbus: change to per channel tasklet
  vmbus: put related per-cpu variable together
  vmbus: callback is in softirq not workqueue
  binder: Add support for file-descriptor arrays
  binder: Add support for scatter-gather
  binder: Add extra size to allocator
  binder: Refactor binder_transact()
  binder: Support multiple /dev instances
  binder: Deal with contexts in debugfs
  binder: Support multiple context managers
  binder: Split flat_binder_object
  auxdisplay: ht16k33: remove private workqueue
  auxdisplay: ht16k33: rework input device initialization
  ...

  Linus Torvalds

  2017-02-23 03:38:22 +0800  

10 Feb, 2017

1 commit

• ff86b3001   lkdtm: Convert to refcount_t testing ... Browse Code »

  Since we'll be using refcount_t instead of atomic_t for refcounting,
  change the LKDTM tests to reflect the new interface and test conditions.

  Signed-off-by: Kees Cook
  Signed-off-by: Peter Zijlstra (Intel)
  Cc: Hans Liljestrand
  Cc: Linus Torvalds
  Cc: Peter Zijlstra
  Cc: Thomas Gleixner
  Cc: arnd@arndb.de
  Cc: dhowells@redhat.com
  Cc: dwindsor@gmail.com
  Cc: elena.reshetova@intel.com
  Cc: gregkh@linuxfoundation.org
  Cc: h.peter.anvin@intel.com
  Cc: kernel-hardening@lists.openwall.com
  Cc: will.deacon@arm.com
  Link: http://lkml.kernel.org/r/1486164412-7338-3-git-send-email-keescook@chromium.org
  Signed-off-by: Ingo Molnar

  Kees Cook

  2017-02-10 16:04:20 +0800  

19 Jan, 2017

1 commit

• 7a11a1d1b   lkdtm: hide stack overflow warning for corrupt-stack test ... Browse Code »

  After the latest change to make sure the compiler actually does a memset,
  it is now smart enough to flag the stack overflow at compile time,
  at least with gcc-7.0:

  drivers/misc/lkdtm_bugs.c: In function 'lkdtm_CORRUPT_STACK':
  drivers/misc/lkdtm_bugs.c:88:144: warning: 'memset' writing 64 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=]

  To outsmart the compiler again, this moves the memset into a noinline
  function where (for now) it doesn't see that we intentionally write
  broken code here.

  Fixes: c55d240003ae ("lkdtm: Prevent the compiler from optimising lkdtm_CORRUPT_STACK()")
  Signed-off-by: Arnd Bergmann
  Acked-by: Kees Cook
  Signed-off-by: Greg Kroah-Hartman

  Arnd Bergmann

  2017-01-19 19:42:25 +0800  

14 Dec, 2016

1 commit

• b78b499a6   Merge tag 'char-misc-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc ... Browse Code »

  Pull char/misc driver updates from Greg KH:
  "Here's the big char/misc driver patches for 4.10-rc1. Lots of tiny
  changes over lots of "minor" driver subsystems, the largest being some
  new FPGA drivers. Other than that, a few other new drivers, but no new
  driver subsystems added for this kernel cycle, a nice change.

  All of these have been in linux-next with no reported issues"

  * tag 'char-misc-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (107 commits)
  uio-hv-generic: store physical addresses instead of virtual
  Tools: hv: kvp: configurable external scripts path
  uio-hv-generic: new userspace i/o driver for VMBus
  vmbus: add support for dynamic device id's
  hv: change clockevents unbind tactics
  hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels()
  hyperv: Fix spelling of HV_UNKOWN
  mei: bus: enable non-blocking RX
  mei: fix the back to back interrupt handling
  mei: synchronize irq before initiating a reset.
  VME: Remove shutdown entry from vme_driver
  auxdisplay: ht16k33: select framebuffer helper modules
  MAINTAINERS: add git url for fpga
  fpga: Clarify how write_init works streaming modes
  fpga zynq: Fix incorrect ISR state on bootup
  fpga zynq: Remove priv->dev
  fpga zynq: Add missing \n to messages
  fpga: Add COMPILE_TEST to all drivers
  uio: pruss: add clk_disable()
  char/pcmcia: add some error checking in scr24x_read()
  ...

  Linus Torvalds

  2016-12-14 04:11:01 +0800  

16 Nov, 2016

1 commit

• c55d24000   lkdtm: Prevent the compiler from optimising lkdtm_CORRUPT_STACK() ... Browse Code »

  At least on powerpc with GCC 6, the compiler is smart enough to optimise
  lkdtm_CORRUPT_STACK() into an empty function that just returns.

  If we print the buffer after we've written to it that prevents the
  compiler from optimising away data and the memset().

  Signed-off-by: Michael Ellerman
  Acked-by: Kees Cook
  Signed-off-by: Greg Kroah-Hartman

  Michael Ellerman

  2016-11-16 02:26:06 +0800  

01 Nov, 2016

1 commit

• 6819d101d   lkdtm: Add tests for struct list corruption ... Browse Code »

  When building under CONFIG_DEBUG_LIST, list addition and removal will be
  sanity-checked. This validates that the check is working as expected by
  setting up classic corruption attacks against list manipulations, available
  with the new lkdtm tests CORRUPT_LIST_ADD and CORRUPT_LIST_DEL.

  Signed-off-by: Kees Cook
  Acked-by: Steven Rostedt
  Signed-off-by: Paul E. McKenney
  Acked-by: Rik van Riel

  Kees Cook

  2016-11-01 04:01:58 +0800  

16 Jul, 2016

1 commit

• 6d2e91a66   lkdtm: silence warnings about function declarations ... Browse Code »

  When building under W=1, the lack of lkdtm.h in lkdtm_usercopy.c and
  lkdtm_rodata.c was discovered. This fixes the issue and consolidates
  the common header and the pr_fmt macro for simplicity and regularity
  across each test source file.

  Signed-off-by: Kees Cook

  Kees Cook

  2016-07-16 07:14:45 +0800  

08 Jul, 2016

1 commit

• 00f496c41   lkdtm: split remaining logic bug tests to separate file ... Browse Code »

  This splits all the remaining tests from lkdtm_core.c into the new
  lkdtm_bugs.c file to help separate things better for readability.

  Signed-off-by: Kees Cook

  Kees Cook

  2016-07-08 02:09:22 +0800