From: Christoph Hellwig <hch@lst.de>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Michael Ellerman <mpe@ellerman.id.au>,
x86@kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org
Subject: [PATCH 05/10] lkdtm: disable set_fs-based tests for !CONFIG_SET_FS
Date: Thu, 27 Aug 2020 17:00:25 +0200 [thread overview]
Message-ID: <20200827150030.282762-6-hch@lst.de> (raw)
In-Reply-To: <20200827150030.282762-1-hch@lst.de>
Once we can't manipulate the address limit, we also can't test what
happens when the manipulation is abused.
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
drivers/misc/lkdtm/bugs.c | 4 ++++
drivers/misc/lkdtm/usercopy.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c
index 4dfbfd51bdf774..0d5b93694a0183 100644
--- a/drivers/misc/lkdtm/bugs.c
+++ b/drivers/misc/lkdtm/bugs.c
@@ -315,11 +315,15 @@ void lkdtm_CORRUPT_LIST_DEL(void)
/* Test if unbalanced set_fs(KERNEL_DS)/set_fs(USER_DS) check exists. */
void lkdtm_CORRUPT_USER_DS(void)
{
+#ifdef CONFIG_SET_FS
pr_info("setting bad task size limit\n");
set_fs(KERNEL_DS);
/* Make sure we do not keep running with a KERNEL_DS! */
force_sig(SIGKILL);
+#else
+ pr_err("XFAIL: this requires set_fs()\n");
+#endif
}
/* Test that VMAP_STACK is actually allocating with a leading guard page */
diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c
index b833367a45d053..04d10063835241 100644
--- a/drivers/misc/lkdtm/usercopy.c
+++ b/drivers/misc/lkdtm/usercopy.c
@@ -327,6 +327,7 @@ void lkdtm_USERCOPY_KERNEL(void)
void lkdtm_USERCOPY_KERNEL_DS(void)
{
+#ifdef CONFIG_SET_FS
char __user *user_ptr =
(char __user *)(0xFUL << (sizeof(unsigned long) * 8 - 4));
mm_segment_t old_fs = get_fs();
@@ -338,6 +339,9 @@ void lkdtm_USERCOPY_KERNEL_DS(void)
if (copy_to_user(user_ptr, buf, sizeof(buf)) == 0)
pr_err("copy_to_user() to noncanonical address succeeded!?\n");
set_fs(old_fs);
+#else
+ pr_err("XFAIL: this requires set_fs()\n");
+#endif
}
void __init lkdtm_usercopy_init(void)
--
2.28.0
next prev parent reply other threads:[~2020-08-27 15:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-27 15:00 remove the last set_fs() in common code, and remove it for x86 and powerpc v2 Christoph Hellwig
2020-08-27 15:00 ` [PATCH 01/10] fs: don't allow kernel reads and writes without iter ops Christoph Hellwig
2020-08-27 15:58 ` David Laight
2020-08-29 9:23 ` 'Christoph Hellwig'
2020-09-01 6:48 ` [fs] ef30fb3c60: kernel write not supported for file /sys/kernel/softlockup_panic kernel test robot
2020-09-01 7:08 ` Christoph Hellwig
2020-08-27 15:00 ` [PATCH 02/10] fs: don't allow splice read/write without explicit ops Christoph Hellwig
2020-08-27 15:00 ` [PATCH 03/10] uaccess: add infrastructure for kernel builds with set_fs() Christoph Hellwig
2020-08-27 15:00 ` [PATCH 04/10] test_bitmap: skip user bitmap tests for !CONFIG_SET_FS Christoph Hellwig
2020-08-27 15:00 ` Christoph Hellwig [this message]
2020-08-27 18:06 ` [PATCH 05/10] lkdtm: disable set_fs-based " Linus Torvalds
2020-08-29 9:24 ` Christoph Hellwig
2020-09-01 18:52 ` Kees Cook
2020-09-01 18:57 ` Kees Cook
2020-09-02 8:09 ` Christoph Hellwig
2020-08-27 15:00 ` [PATCH 06/10] x86: move PAGE_OFFSET, TASK_SIZE & friends to page_{32, 64}_types.h Christoph Hellwig
2020-08-27 15:00 ` [PATCH 07/10] x86: make TASK_SIZE_MAX usable from assembly code Christoph Hellwig
2020-08-27 15:00 ` [PATCH 08/10] x86: remove address space overrides using set_fs() Christoph Hellwig
2020-08-27 18:15 ` Linus Torvalds
2020-08-29 9:25 ` Christoph Hellwig
2020-08-27 15:00 ` [PATCH 09/10] powerpc: use non-set_fs based maccess routines Christoph Hellwig
2020-08-27 15:00 ` [PATCH 10/10] powerpc: remove address space overrides using set_fs() Christoph Hellwig
2020-09-02 6:15 ` Christophe Leroy
2020-09-02 12:36 ` Christoph Hellwig
2020-09-02 13:13 ` David Laight
2020-09-02 13:24 ` Christophe Leroy
2020-09-02 13:51 ` David Laight
2020-09-02 14:12 ` Christophe Leroy
2020-09-02 15:02 ` David Laight
2020-09-02 15:17 ` Christophe Leroy
2020-09-02 18:02 ` Linus Torvalds
2020-09-03 7:11 ` Christoph Hellwig
2020-09-03 7:27 ` Christophe Leroy
2020-09-03 8:55 ` Christophe Leroy
2020-09-03 7:20 ` Christophe Leroy
2020-08-27 15:31 ` remove the last set_fs() in common code, and remove it for x86 and powerpc v2 Christoph Hellwig
2020-09-01 17:13 ` Christophe Leroy
2020-09-01 17:25 ` Al Viro
2020-09-01 17:42 ` Matthew Wilcox
2020-09-01 18:39 ` Christophe Leroy
2020-09-01 19:01 ` Christophe Leroy
2020-09-02 8:10 ` Christoph Hellwig
2020-10-27 9:29 ` [PATCH 02/10] fs: don't allow splice read/write without explicit ops David Howells
2020-10-27 9:51 ` David Howells
2020-10-27 9:54 ` Christoph Hellwig
2020-10-27 10:38 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200827150030.282762-6-hch@lst.de \
--to=hch@lst.de \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).