^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * This code tests that the current task stack is properly erased (filled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * with STACKLEAK_POISON).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Alexander Popov <alex.popov@linux.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Tycho Andersen <tycho@tycho.ws>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include "lkdtm.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/stackleak.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) void lkdtm_STACKLEAK_ERASING(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) unsigned long *sp, left, found, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) const unsigned long check_depth =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) bool test_failed = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * For the details about the alignment of the poison values, see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) * the comment in stackleak_track_stack().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) sp = PTR_ALIGN(&i, sizeof(unsigned long));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) left = ((unsigned long)sp & (THREAD_SIZE - 1)) / sizeof(unsigned long);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) sp--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) * One 'long int' at the bottom of the thread stack is reserved
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) * and not poisoned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) if (left > 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) left--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) pr_err("FAIL: not enough stack space for the test\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) test_failed = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) goto end;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) pr_info("checking unused part of the thread stack (%lu bytes)...\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) left * sizeof(unsigned long));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * Search for 'check_depth' poison values in a row (just like
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * stackleak_erase() does).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) for (i = 0, found = 0; i < left && found <= check_depth; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) if (*(sp - i) == STACKLEAK_POISON)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) found++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) found = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) if (found <= check_depth) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) pr_err("FAIL: the erased part is not found (checked %lu bytes)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) i * sizeof(unsigned long));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) test_failed = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) goto end;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) pr_info("the erased part begins after %lu not poisoned bytes\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) (i - found) * sizeof(unsigned long));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) /* The rest of thread stack should be erased */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) for (; i < left; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) if (*(sp - i) != STACKLEAK_POISON) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) pr_err("FAIL: bad value number %lu in the erased part: 0x%lx\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) i, *(sp - i));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) test_failed = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) end:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) if (test_failed) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) pr_err("FAIL: the thread stack is NOT properly erased\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) dump_stack();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) pr_info("OK: the rest of the thread stack is properly erased\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags