From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>
Subject: [PATCH 02/12] lkdtm: drop "alloc_size" parameter
Date: Wed, 6 Jul 2016 15:33:21 -0700 [thread overview]
Message-ID: <1467844411-32373-3-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1467844411-32373-1-git-send-email-keescook@chromium.org>
There is no good reason to have the alloc_size parameter currently. The
compiler-tricking value used to exercise the stack can just use a stack
address instead. Similarly hard-code cache_size.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/misc/lkdtm_core.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
index 23d222a6c77d..80e7a46db178 100644
--- a/drivers/misc/lkdtm_core.c
+++ b/drivers/misc/lkdtm_core.c
@@ -185,8 +185,6 @@ static char* cpoint_name;
static char* cpoint_type;
static int cpoint_count = DEFAULT_COUNT;
static int recur_count = REC_NUM_DEFAULT;
-static int alloc_size = 1024;
-static size_t cache_size;
static enum cname cpoint = CN_INVALID;
static enum ctype cptype = CT_NONE;
@@ -195,6 +193,8 @@ static DEFINE_SPINLOCK(count_lock);
static DEFINE_SPINLOCK(lock_me_up);
static u8 data_area[EXEC_SIZE];
+
+static size_t cache_size = 1024;
static struct kmem_cache *bad_cache;
static const unsigned char test_text[] = "This is a test.\n";
@@ -211,9 +211,6 @@ MODULE_PARM_DESC(cpoint_type, " Crash Point Type, action to be taken on "\
module_param(cpoint_count, int, 0644);
MODULE_PARM_DESC(cpoint_count, " Crash Point Count, number of times the "\
"crash point is to be hit to trigger action");
-module_param(alloc_size, int, 0644);
-MODULE_PARM_DESC(alloc_size, " Size of allocation for user copy tests "\
- "(from 1 to PAGE_SIZE)");
static unsigned int jp_do_irq(unsigned int irq)
{
@@ -442,7 +439,7 @@ static noinline void do_usercopy_stack(bool to_user, bool bad_frame)
/* This is a pointer to outside our current stack frame. */
if (bad_frame) {
- bad_stack = do_usercopy_stack_callee(alloc_size);
+ bad_stack = do_usercopy_stack_callee((uintptr_t)bad_stack);
} else {
/* Put start address just inside stack. */
bad_stack = task_stack_page(current) + THREAD_SIZE;
@@ -531,7 +528,7 @@ static void do_usercopy_heap_size(bool to_user)
{
unsigned long user_addr;
unsigned char *one, *two;
- size_t size = clamp_t(int, alloc_size, 1, PAGE_SIZE);
+ size_t size = 1024;
one = kmalloc(size, GFP_KERNEL);
two = kmalloc(size, GFP_KERNEL);
@@ -565,8 +562,7 @@ static void do_usercopy_heap_size(bool to_user)
}
} else {
pr_info("attempting good copy_from_user of correct size\n");
- if (copy_from_user(one, (void __user *)user_addr,
- size)) {
+ if (copy_from_user(one, (void __user *)user_addr, size)) {
pr_warn("copy_from_user failed unexpectedly?!\n");
goto free_user;
}
@@ -1285,7 +1281,6 @@ static int __init lkdtm_module_init(void)
ro_after_init |= 0xAA;
/* Prepare cache that lacks SLAB_USERCOPY flag. */
- cache_size = clamp_t(int, alloc_size, 1, PAGE_SIZE);
bad_cache = kmem_cache_create("lkdtm-no-usercopy", cache_size, 0,
0, NULL);
--
2.7.4
next prev parent reply other threads:[~2016-07-06 22:36 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-06 22:33 [PATCH 00/12] lkdtm: use struct arrays instead of enums Kees Cook
2016-07-06 22:33 ` [PATCH 01/12] lkdtm: add usercopy test for blocking kernel text Kees Cook
2016-07-06 22:33 ` Kees Cook [this message]
2016-07-06 22:33 ` [PATCH 03/12] lkdtm: split usercopy tests to separate file Kees Cook
2016-07-06 22:33 ` [PATCH 04/12] lkdtm: split memory permissions " Kees Cook
2016-07-06 22:33 ` [PATCH 05/12] lkdtm: split heap corruption " Kees Cook
2016-07-06 22:33 ` [PATCH 06/12] lkdtm: split remaining logic bug " Kees Cook
2016-07-06 22:33 ` [PATCH 07/12] lkdtm: remove intentional off-by-one array access Kees Cook
2016-07-06 22:33 ` [PATCH 08/12] lkdtm: rename "count" to "crash_count" Kees Cook
2016-07-06 22:33 ` [PATCH 09/12] lkdtm: rename globals for clarity Kees Cook
2016-07-06 22:33 ` [PATCH 10/12] lkdtm: reorganize module paramaters Kees Cook
2016-07-06 22:33 ` [PATCH 11/12] lkdtm: move jprobe entry points to start of source Kees Cook
2016-07-06 22:33 ` [PATCH 12/12] lkdtm: use struct arrays instead of enums Kees Cook
2016-07-15 11:35 ` [PATCH] lkdtm: hide unused functions Arnd Bergmann
2016-07-15 22:54 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467844411-32373-3-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).