From: tip-bot for Kees Cook <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: torvalds@linux-foundation.org, ishkamiel@gmail.com,
tglx@linutronix.de, keescook@chromium.org,
linux-kernel@vger.kernel.org, mingo@kernel.org, hpa@zytor.com,
peterz@infradead.org
Subject: [tip:locking/core] lkdtm: Convert to refcount_t testing
Date: Fri, 10 Feb 2017 00:32:20 -0800 [thread overview]
Message-ID: <tip-ff86b30010eee8249dc244ce1868b886bbee6449@git.kernel.org> (raw)
In-Reply-To: <1486164412-7338-3-git-send-email-keescook@chromium.org>
Commit-ID: ff86b30010eee8249dc244ce1868b886bbee6449
Gitweb: http://git.kernel.org/tip/ff86b30010eee8249dc244ce1868b886bbee6449
Author: Kees Cook <keescook@chromium.org>
AuthorDate: Fri, 3 Feb 2017 15:26:50 -0800
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 10 Feb 2017 09:04:20 +0100
lkdtm: Convert to refcount_t testing
Since we'll be using refcount_t instead of atomic_t for refcounting,
change the LKDTM tests to reflect the new interface and test conditions.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Hans Liljestrand <ishkamiel@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: arnd@arndb.de
Cc: dhowells@redhat.com
Cc: dwindsor@gmail.com
Cc: elena.reshetova@intel.com
Cc: gregkh@linuxfoundation.org
Cc: h.peter.anvin@intel.com
Cc: kernel-hardening@lists.openwall.com
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1486164412-7338-3-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
drivers/misc/lkdtm.h | 8 +++--
drivers/misc/lkdtm_bugs.c | 87 +++++++++++++++++++++++++++++++++++++++--------
drivers/misc/lkdtm_core.c | 8 +++--
3 files changed, 85 insertions(+), 18 deletions(-)
diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h
index cfa1039..67d27be 100644
--- a/drivers/misc/lkdtm.h
+++ b/drivers/misc/lkdtm.h
@@ -19,8 +19,12 @@ void lkdtm_SOFTLOCKUP(void);
void lkdtm_HARDLOCKUP(void);
void lkdtm_SPINLOCKUP(void);
void lkdtm_HUNG_TASK(void);
-void lkdtm_ATOMIC_UNDERFLOW(void);
-void lkdtm_ATOMIC_OVERFLOW(void);
+void lkdtm_REFCOUNT_SATURATE_INC(void);
+void lkdtm_REFCOUNT_SATURATE_ADD(void);
+void lkdtm_REFCOUNT_ZERO_DEC(void);
+void lkdtm_REFCOUNT_ZERO_INC(void);
+void lkdtm_REFCOUNT_ZERO_SUB(void);
+void lkdtm_REFCOUNT_ZERO_ADD(void);
void lkdtm_CORRUPT_LIST_ADD(void);
void lkdtm_CORRUPT_LIST_DEL(void);
diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c
index 91edd0b..cba0837 100644
--- a/drivers/misc/lkdtm_bugs.c
+++ b/drivers/misc/lkdtm_bugs.c
@@ -6,6 +6,7 @@
*/
#include "lkdtm.h"
#include <linux/list.h>
+#include <linux/refcount.h>
#include <linux/sched.h>
struct lkdtm_list {
@@ -129,28 +130,86 @@ void lkdtm_HUNG_TASK(void)
schedule();
}
-void lkdtm_ATOMIC_UNDERFLOW(void)
+void lkdtm_REFCOUNT_SATURATE_INC(void)
{
- atomic_t under = ATOMIC_INIT(INT_MIN);
+ refcount_t over = REFCOUNT_INIT(UINT_MAX - 1);
- pr_info("attempting good atomic increment\n");
- atomic_inc(&under);
- atomic_dec(&under);
+ pr_info("attempting good refcount decrement\n");
+ refcount_dec(&over);
+ refcount_inc(&over);
- pr_info("attempting bad atomic underflow\n");
- atomic_dec(&under);
+ pr_info("attempting bad refcount inc overflow\n");
+ refcount_inc(&over);
+ refcount_inc(&over);
+ if (refcount_read(&over) == UINT_MAX)
+ pr_err("Correctly stayed saturated, but no BUG?!\n");
+ else
+ pr_err("Fail: refcount wrapped\n");
+}
+
+void lkdtm_REFCOUNT_SATURATE_ADD(void)
+{
+ refcount_t over = REFCOUNT_INIT(UINT_MAX - 1);
+
+ pr_info("attempting good refcount decrement\n");
+ refcount_dec(&over);
+ refcount_inc(&over);
+
+ pr_info("attempting bad refcount add overflow\n");
+ refcount_add(2, &over);
+ if (refcount_read(&over) == UINT_MAX)
+ pr_err("Correctly stayed saturated, but no BUG?!\n");
+ else
+ pr_err("Fail: refcount wrapped\n");
+}
+
+void lkdtm_REFCOUNT_ZERO_DEC(void)
+{
+ refcount_t zero = REFCOUNT_INIT(1);
+
+ pr_info("attempting bad refcount decrement to zero\n");
+ refcount_dec(&zero);
+ if (refcount_read(&zero) == 0)
+ pr_err("Stayed at zero, but no BUG?!\n");
+ else
+ pr_err("Fail: refcount went crazy\n");
}
-void lkdtm_ATOMIC_OVERFLOW(void)
+void lkdtm_REFCOUNT_ZERO_SUB(void)
{
- atomic_t over = ATOMIC_INIT(INT_MAX);
+ refcount_t zero = REFCOUNT_INIT(1);
+
+ pr_info("attempting bad refcount subtract past zero\n");
+ if (!refcount_sub_and_test(2, &zero))
+ pr_info("wrap attempt was noticed\n");
+ if (refcount_read(&zero) == 1)
+ pr_err("Correctly stayed above 0, but no BUG?!\n");
+ else
+ pr_err("Fail: refcount wrapped\n");
+}
- pr_info("attempting good atomic decrement\n");
- atomic_dec(&over);
- atomic_inc(&over);
+void lkdtm_REFCOUNT_ZERO_INC(void)
+{
+ refcount_t zero = REFCOUNT_INIT(0);
- pr_info("attempting bad atomic overflow\n");
- atomic_inc(&over);
+ pr_info("attempting bad refcount increment from zero\n");
+ refcount_inc(&zero);
+ if (refcount_read(&zero) == 0)
+ pr_err("Stayed at zero, but no BUG?!\n");
+ else
+ pr_err("Fail: refcount went past zero\n");
+}
+
+void lkdtm_REFCOUNT_ZERO_ADD(void)
+{
+ refcount_t zero = REFCOUNT_INIT(0);
+
+ pr_info("attempting bad refcount addition from zero\n");
+ refcount_add(2, &zero);
+ if (refcount_read(&zero) == 0)
+ pr_err("Stayed at zero, but no BUG?!\n");
+ else
+ pr_err("Fail: refcount went past zero\n");
}
void lkdtm_CORRUPT_LIST_ADD(void)
diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
index 7eeb71a..16e4cf1 100644
--- a/drivers/misc/lkdtm_core.c
+++ b/drivers/misc/lkdtm_core.c
@@ -220,8 +220,12 @@ struct crashtype crashtypes[] = {
CRASHTYPE(WRITE_RO),
CRASHTYPE(WRITE_RO_AFTER_INIT),
CRASHTYPE(WRITE_KERN),
- CRASHTYPE(ATOMIC_UNDERFLOW),
- CRASHTYPE(ATOMIC_OVERFLOW),
+ CRASHTYPE(REFCOUNT_SATURATE_INC),
+ CRASHTYPE(REFCOUNT_SATURATE_ADD),
+ CRASHTYPE(REFCOUNT_ZERO_DEC),
+ CRASHTYPE(REFCOUNT_ZERO_INC),
+ CRASHTYPE(REFCOUNT_ZERO_SUB),
+ CRASHTYPE(REFCOUNT_ZERO_ADD),
CRASHTYPE(USERCOPY_HEAP_SIZE_TO),
CRASHTYPE(USERCOPY_HEAP_SIZE_FROM),
CRASHTYPE(USERCOPY_HEAP_FLAG_TO),
next prev parent reply other threads:[~2017-02-10 8:43 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-03 23:26 [PATCH 0/4] refcount_t followups Kees Cook
2017-02-03 23:26 ` [kernel-hardening] " Kees Cook
2017-02-03 23:26 ` [PATCH 1/4] refcount_t: fix Kconfig help Kees Cook
2017-02-03 23:26 ` [kernel-hardening] " Kees Cook
2017-02-03 23:26 ` [PATCH 2/4] lkdtm: convert to refcount_t testing Kees Cook
2017-02-03 23:26 ` [kernel-hardening] " Kees Cook
2017-02-10 8:32 ` tip-bot for Kees Cook [this message]
2017-02-03 23:26 ` [PATCH 3/4] bug: Switch data corruption check to __must_check Kees Cook
2017-02-03 23:26 ` [kernel-hardening] " Kees Cook
2017-02-03 23:26 ` [PATCH 4/4] refcount: Report failures through CHECK_DATA_CORRUPTION Kees Cook
2017-02-03 23:26 ` [kernel-hardening] " Kees Cook
2017-02-05 15:40 ` Peter Zijlstra
2017-02-05 15:40 ` [kernel-hardening] " Peter Zijlstra
2017-02-05 23:33 ` Kees Cook
2017-02-05 23:33 ` [kernel-hardening] " Kees Cook
2017-02-06 8:57 ` Peter Zijlstra
2017-02-06 8:57 ` [kernel-hardening] " Peter Zijlstra
2017-02-06 16:54 ` Kees Cook
2017-02-06 16:54 ` [kernel-hardening] " Kees Cook
2017-02-07 8:34 ` Peter Zijlstra
2017-02-07 8:34 ` [kernel-hardening] " Peter Zijlstra
2017-02-07 11:10 ` Mark Rutland
2017-02-07 11:10 ` Mark Rutland
2017-02-07 12:36 ` Peter Zijlstra
2017-02-07 12:36 ` Peter Zijlstra
2017-02-07 13:50 ` Mark Rutland
2017-02-07 13:50 ` Mark Rutland
2017-02-07 15:07 ` Peter Zijlstra
2017-02-07 15:07 ` Peter Zijlstra
2017-02-07 16:03 ` Mark Rutland
2017-02-07 16:03 ` Mark Rutland
2017-02-07 17:30 ` Peter Zijlstra
2017-02-07 17:30 ` Peter Zijlstra
2017-02-07 17:55 ` Mark Rutland
2017-02-07 17:55 ` Mark Rutland
2017-02-08 9:12 ` Peter Zijlstra
2017-02-08 9:12 ` Peter Zijlstra
2017-02-08 9:43 ` Peter Zijlstra
2017-02-08 9:43 ` Peter Zijlstra
2017-02-08 14:10 ` Mark Rutland
2017-02-08 14:10 ` Mark Rutland
2017-02-08 21:20 ` Kees Cook
2017-02-08 21:20 ` Kees Cook
2017-02-09 10:27 ` Peter Zijlstra
2017-02-09 10:27 ` Peter Zijlstra
2017-02-10 23:39 ` Kees Cook
2017-02-10 23:39 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-ff86b30010eee8249dc244ce1868b886bbee6449@git.kernel.org \
--to=tipbot@zytor.com \
--cc=hpa@zytor.com \
--cc=ishkamiel@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.