Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2022-09-26T17:13:14+00:00 2022-09-26T17:13:14+00:00 Sami Tolvanen samitolvanen@google.com 2022-09-08T21:54:55+00:00 urn:sha1:607289a7cd7a3ca42b8a6877fcb6072e6eb20c34 With -fsanitize=kcfi, we no longer need function_nocfi() as the compiler won't change function references to point to a jump table. Remove all implementations and uses of the macro. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220908215504.3686827-14-samitolvanen@google.com 2022-05-17T21:35:49+00:00 Kees Cook keescook@chromium.org 2022-05-12T17:19:41+00:00 urn:sha1:fc34eec6869a5882fd339f4e200fad21eb284093 Add coverage for the recently added usercopy checks for vmalloc and folios, via USERCOPY_VMALLOC and USERCOPY_FOLIO respectively. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kees Cook <keescook@chromium.org> 2022-05-12T05:46:09+00:00 Kees Cook keescook@chromium.org 2022-05-12T05:46:09+00:00 urn:sha1:d2b8060f165105a68748a6d98ed548ca112ce4d3 To more clearly distinguish between the various heap types, rename the slab tests to "slab". Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Shuah Khan <shuah@kernel.org> Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> 2022-04-12T23:16:48+00:00 Kees Cook keescook@chromium.org 2022-03-04T00:31:16+00:00 urn:sha1:73f62e60d80c2d74491933ca49006b9e70563738 It's long been annoying that to add a new LKDTM test one had to update lkdtm.h and core.c to get it "registered". Switch to a per-category list and update the crashtype walking code in core.c to handle it. This also means that all the lkdtm_* tests themselves can be static now. Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> 2022-04-12T23:11:50+00:00 Kees Cook keescook@chromium.org 2022-02-16T20:15:03+00:00 urn:sha1:f387e86d3a74407bdd9c5815820ac9d060962840 To be sufficiently out of range for the usercopy test to see the lifetime mismatch, expand the size of the "bad" buffer, which will let it be beyond current_stack_pointer regardless of stack growth direction. Paired with the recent addition of stack depth checking under CONFIG_HARDENED_USERCOPY=y, this will correctly start tripping again. Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Link: https://lore.kernel.org/lkml/762faf1b-0443-5ddf-4430-44a20cf2ec4d@collabora.com/ Signed-off-by: Kees Cook <keescook@chromium.org> 2021-06-24T13:32:08+00:00 Kees Cook keescook@chromium.org 2021-06-23T20:39:34+00:00 urn:sha1:5b777131bd8005acaf7e9d6e7690214155f42890 For various failure conditions, try to include some details about where to look for reasons about the failure. Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210623203936.3151093-8-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-04-08T23:04:22+00:00 Sami Tolvanen samitolvanen@google.com 2021-04-08T18:28:35+00:00 urn:sha1:6c4df54ed293f6383efb97fca0e643b8dcbc3769 To ensure we take the actual address of a function in kernel text, use function_nocfi. Otherwise, with CONFIG_CFI_CLANG, the compiler replaces the address with a pointer to the CFI jump table, which is actually in the module when compiled with CONFIG_LKDTM=m. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Acked-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210408182843.1754385-11-samitolvanen@google.com 2020-09-09T02:21:34+00:00 Christoph Hellwig hch@lst.de 2020-09-03T14:22:37+00:00 urn:sha1:c6f7c753f71cccb21d1a7f0c1127ce7804374c5e Once we can't manipulate the address limit, we also can't test what happens when the manipulation is abused. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2020-06-29T16:41:39+00:00 Kees Cook keescook@chromium.org 2020-06-25T20:37:01+00:00 urn:sha1:464e86b4abadfc490f426954b431e2ec6a9d7bd2 It seems at least Clang is able to throw away writes it knows are destined for read-only memory, which makes things like the WRITE_RO test fail, as the write gets elided. Instead, force the variable to be volatile, and make similar changes through-out other tests in an effort to avoid needing to repeat fixing these kinds of problems. Also includes pr_err() calls in failure paths so that kernel logs are more clear in the failure case. Reported-by: Prasad Sodagudi <psodagud@codeaurora.org> Suggested-by: Sami Tolvanen <samitolvanen@google.com> Fixes: 9ae113ce5faf ("lkdtm: add tests for additional page permissions") Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20200625203704.317097-2-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-04-07T17:38:31+00:00 Kees Cook keescook@chromium.org 2019-04-06T15:52:11+00:00 urn:sha1:2bf8496f6e9b7e9a557f65eb95eab16fea7958c7 The prior implementation of the KERNEL_DS fault checking would work on any unmapped kernel address, but this was narrowed to the non-canonical range instead. This adjusts the LKDTM test to match. Fixes: 00c42373d397 ("x86-64: add warning for non-canonical user access address dereferences") Signed-off-by: Kees Cook <keescook@chromium.org>