linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Arnd Bergmann <arnd@arndb.de>
Subject: [PATCH 02/12] lkdtm: drop "alloc_size" parameter
Date: Wed,  6 Jul 2016 15:33:21 -0700	[thread overview]
Message-ID: <1467844411-32373-3-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1467844411-32373-1-git-send-email-keescook@chromium.org>

There is no good reason to have the alloc_size parameter currently. The
compiler-tricking value used to exercise the stack can just use a stack
address instead. Similarly hard-code cache_size.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/misc/lkdtm_core.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
index 23d222a6c77d..80e7a46db178 100644
--- a/drivers/misc/lkdtm_core.c
+++ b/drivers/misc/lkdtm_core.c
@@ -185,8 +185,6 @@ static char* cpoint_name;
 static char* cpoint_type;
 static int cpoint_count = DEFAULT_COUNT;
 static int recur_count = REC_NUM_DEFAULT;
-static int alloc_size = 1024;
-static size_t cache_size;
 
 static enum cname cpoint = CN_INVALID;
 static enum ctype cptype = CT_NONE;
@@ -195,6 +193,8 @@ static DEFINE_SPINLOCK(count_lock);
 static DEFINE_SPINLOCK(lock_me_up);
 
 static u8 data_area[EXEC_SIZE];
+
+static size_t cache_size = 1024;
 static struct kmem_cache *bad_cache;
 
 static const unsigned char test_text[] = "This is a test.\n";
@@ -211,9 +211,6 @@ MODULE_PARM_DESC(cpoint_type, " Crash Point Type, action to be taken on "\
 module_param(cpoint_count, int, 0644);
 MODULE_PARM_DESC(cpoint_count, " Crash Point Count, number of times the "\
 				"crash point is to be hit to trigger action");
-module_param(alloc_size, int, 0644);
-MODULE_PARM_DESC(alloc_size, " Size of allocation for user copy tests "\
-			     "(from 1 to PAGE_SIZE)");
 
 static unsigned int jp_do_irq(unsigned int irq)
 {
@@ -442,7 +439,7 @@ static noinline void do_usercopy_stack(bool to_user, bool bad_frame)
 
 	/* This is a pointer to outside our current stack frame. */
 	if (bad_frame) {
-		bad_stack = do_usercopy_stack_callee(alloc_size);
+		bad_stack = do_usercopy_stack_callee((uintptr_t)bad_stack);
 	} else {
 		/* Put start address just inside stack. */
 		bad_stack = task_stack_page(current) + THREAD_SIZE;
@@ -531,7 +528,7 @@ static void do_usercopy_heap_size(bool to_user)
 {
 	unsigned long user_addr;
 	unsigned char *one, *two;
-	size_t size = clamp_t(int, alloc_size, 1, PAGE_SIZE);
+	size_t size = 1024;
 
 	one = kmalloc(size, GFP_KERNEL);
 	two = kmalloc(size, GFP_KERNEL);
@@ -565,8 +562,7 @@ static void do_usercopy_heap_size(bool to_user)
 		}
 	} else {
 		pr_info("attempting good copy_from_user of correct size\n");
-		if (copy_from_user(one, (void __user *)user_addr,
-				   size)) {
+		if (copy_from_user(one, (void __user *)user_addr, size)) {
 			pr_warn("copy_from_user failed unexpectedly?!\n");
 			goto free_user;
 		}
@@ -1285,7 +1281,6 @@ static int __init lkdtm_module_init(void)
 	ro_after_init |= 0xAA;
 
 	/* Prepare cache that lacks SLAB_USERCOPY flag. */
-	cache_size = clamp_t(int, alloc_size, 1, PAGE_SIZE);
 	bad_cache = kmem_cache_create("lkdtm-no-usercopy", cache_size, 0,
 				      0, NULL);
 
-- 
2.7.4

  parent reply	other threads:[~2016-07-06 22:36 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-06 22:33 [PATCH 00/12] lkdtm: use struct arrays instead of enums Kees Cook
2016-07-06 22:33 ` [PATCH 01/12] lkdtm: add usercopy test for blocking kernel text Kees Cook
2016-07-06 22:33 ` Kees Cook [this message]
2016-07-06 22:33 ` [PATCH 03/12] lkdtm: split usercopy tests to separate file Kees Cook
2016-07-06 22:33 ` [PATCH 04/12] lkdtm: split memory permissions " Kees Cook
2016-07-06 22:33 ` [PATCH 05/12] lkdtm: split heap corruption " Kees Cook
2016-07-06 22:33 ` [PATCH 06/12] lkdtm: split remaining logic bug " Kees Cook
2016-07-06 22:33 ` [PATCH 07/12] lkdtm: remove intentional off-by-one array access Kees Cook
2016-07-06 22:33 ` [PATCH 08/12] lkdtm: rename "count" to "crash_count" Kees Cook
2016-07-06 22:33 ` [PATCH 09/12] lkdtm: rename globals for clarity Kees Cook
2016-07-06 22:33 ` [PATCH 10/12] lkdtm: reorganize module paramaters Kees Cook
2016-07-06 22:33 ` [PATCH 11/12] lkdtm: move jprobe entry points to start of source Kees Cook
2016-07-06 22:33 ` [PATCH 12/12] lkdtm: use struct arrays instead of enums Kees Cook
2016-07-15 11:35   ` [PATCH] lkdtm: hide unused functions Arnd Bergmann
2016-07-15 22:54     ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1467844411-32373-3-git-send-email-keescook@chromium.org \
    --to=keescook@chromium.org \
    --cc=arnd@arndb.de \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).