[PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[Alexander Popov]

Make the stack erasing test more verbose about the errors that it
can detect.

Signed-off-by: Alexander Popov <alex.popov@linux.com>
---
 drivers/misc/lkdtm/stackleak.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/drivers/misc/lkdtm/stackleak.c b/drivers/misc/lkdtm/stackleak.c
index d5a084475abc..d1a5c0705be3 100644
--- a/drivers/misc/lkdtm/stackleak.c
+++ b/drivers/misc/lkdtm/stackleak.c
@@ -16,6 +16,7 @@ void lkdtm_STACKLEAK_ERASING(void)
 	unsigned long *sp, left, found, i;
 	const unsigned long check_depth =
 			STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
+	bool test_failed = false;
 
 	/*
 	 * For the details about the alignment of the poison values, see
@@ -34,7 +35,8 @@ void lkdtm_STACKLEAK_ERASING(void)
 		left--;
 	} else {
 		pr_err("FAIL: not enough stack space for the test\n");
-		return;
+		test_failed = true;
+		goto end;
 	}
 
 	pr_info("checking unused part of the thread stack (%lu bytes)...\n",
@@ -52,22 +54,29 @@ void lkdtm_STACKLEAK_ERASING(void)
 	}
 
 	if (found <= check_depth) {
-		pr_err("FAIL: thread stack is not erased (checked %lu bytes)\n",
+		pr_err("FAIL: the erased part is not found (checked %lu bytes)\n",
 						i * sizeof(unsigned long));
-		return;
+		test_failed = true;
+		goto end;
 	}
 
-	pr_info("first %lu bytes are unpoisoned\n",
+	pr_info("the erased part begins after %lu not poisoned bytes\n",
 				(i - found) * sizeof(unsigned long));
 
 	/* The rest of thread stack should be erased */
 	for (; i < left; i++) {
 		if (*(sp - i) != STACKLEAK_POISON) {
-			pr_err("FAIL: thread stack is NOT properly erased\n");
-			return;
+			pr_err("FAIL: bad value number %lu in the erased part: 0x%lx\n",
+								i, *(sp - i));
+			test_failed = true;
 		}
 	}
 
-	pr_info("OK: the rest of the thread stack is properly erased\n");
-	return;
+end:
+	if (test_failed) {
+		pr_err("FAIL: the thread stack is NOT properly erased\n");
+		dump_stack();
+	} else {
+		pr_info("OK: the rest of the thread stack is properly erased\n");
+	}
 }
-- 
2.23.0

Re: [PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[Alexander Popov]

Hello!

Let me remind of this patch.

Best regards,
Alexander


On 03.01.2020 02:49, Alexander Popov wrote:
> Make the stack erasing test more verbose about the errors that it
> can detect.
> 
> Signed-off-by: Alexander Popov <alex.popov@linux.com>
> ---
>  drivers/misc/lkdtm/stackleak.c | 25 +++++++++++++++++--------
>  1 file changed, 17 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/misc/lkdtm/stackleak.c b/drivers/misc/lkdtm/stackleak.c
> index d5a084475abc..d1a5c0705be3 100644
> --- a/drivers/misc/lkdtm/stackleak.c
> +++ b/drivers/misc/lkdtm/stackleak.c
> @@ -16,6 +16,7 @@ void lkdtm_STACKLEAK_ERASING(void)
>  	unsigned long *sp, left, found, i;
>  	const unsigned long check_depth =
>  			STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
> +	bool test_failed = false;
>  
>  	/*
>  	 * For the details about the alignment of the poison values, see
> @@ -34,7 +35,8 @@ void lkdtm_STACKLEAK_ERASING(void)
>  		left--;
>  	} else {
>  		pr_err("FAIL: not enough stack space for the test\n");
> -		return;
> +		test_failed = true;
> +		goto end;
>  	}
>  
>  	pr_info("checking unused part of the thread stack (%lu bytes)...\n",
> @@ -52,22 +54,29 @@ void lkdtm_STACKLEAK_ERASING(void)
>  	}
>  
>  	if (found <= check_depth) {
> -		pr_err("FAIL: thread stack is not erased (checked %lu bytes)\n",
> +		pr_err("FAIL: the erased part is not found (checked %lu bytes)\n",
>  						i * sizeof(unsigned long));
> -		return;
> +		test_failed = true;
> +		goto end;
>  	}
>  
> -	pr_info("first %lu bytes are unpoisoned\n",
> +	pr_info("the erased part begins after %lu not poisoned bytes\n",
>  				(i - found) * sizeof(unsigned long));
>  
>  	/* The rest of thread stack should be erased */
>  	for (; i < left; i++) {
>  		if (*(sp - i) != STACKLEAK_POISON) {
> -			pr_err("FAIL: thread stack is NOT properly erased\n");
> -			return;
> +			pr_err("FAIL: bad value number %lu in the erased part: 0x%lx\n",
> +								i, *(sp - i));
> +			test_failed = true;
>  		}
>  	}
>  
> -	pr_info("OK: the rest of the thread stack is properly erased\n");
> -	return;
> +end:
> +	if (test_failed) {
> +		pr_err("FAIL: the thread stack is NOT properly erased\n");
> +		dump_stack();
> +	} else {
> +		pr_info("OK: the rest of the thread stack is properly erased\n");
> +	}
>  }
> 

Re: [PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[Alexander Popov]

On 03.01.2020 02:49, Alexander Popov wrote:
> Make the stack erasing test more verbose about the errors that it
> can detect.
> 
> Signed-off-by: Alexander Popov <alex.popov@linux.com>
> ---
>  drivers/misc/lkdtm/stackleak.c | 25 +++++++++++++++++--------
>  1 file changed, 17 insertions(+), 8 deletions(-)

Hello!

Pinging about this version of the patch.

Kees, it uses dump_stack() instead of BUG(), as we negotiated.

Thanks!
Alexander

Re: [PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[Kees Cook]

On Wed, Jan 22, 2020 at 02:58:44PM +0300, Alexander Popov wrote:
> On 03.01.2020 02:49, Alexander Popov wrote:
> > Make the stack erasing test more verbose about the errors that it
> > can detect.
> > 
> > Signed-off-by: Alexander Popov <alex.popov@linux.com>
> > ---
> >  drivers/misc/lkdtm/stackleak.c | 25 +++++++++++++++++--------
> >  1 file changed, 17 insertions(+), 8 deletions(-)
> 
> Hello!
> 
> Pinging about this version of the patch.
> 
> Kees, it uses dump_stack() instead of BUG(), as we negotiated.

Yup, this is in my queue -- I've just gotten back from travelling and
will get to it shortly. :)

Greg, feel free to take this directly if you want, too.

-Kees

-- 
Kees Cook

Re: [PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[Greg Kroah-Hartman]

On Mon, Jan 27, 2020 at 03:15:08PM -0800, Kees Cook wrote:
> On Wed, Jan 22, 2020 at 02:58:44PM +0300, Alexander Popov wrote:
> > On 03.01.2020 02:49, Alexander Popov wrote:
> > > Make the stack erasing test more verbose about the errors that it
> > > can detect.
> > > 
> > > Signed-off-by: Alexander Popov <alex.popov@linux.com>
> > > ---
> > >  drivers/misc/lkdtm/stackleak.c | 25 +++++++++++++++++--------
> > >  1 file changed, 17 insertions(+), 8 deletions(-)
> > 
> > Hello!
> > 
> > Pinging about this version of the patch.
> > 
> > Kees, it uses dump_stack() instead of BUG(), as we negotiated.
> 
> Yup, this is in my queue -- I've just gotten back from travelling and
> will get to it shortly. :)
> 
> Greg, feel free to take this directly if you want, too.

If I were to take it, it would have to wait until after 5.6-rc1, sorry.

thanks,

greg k-h

Re: [PATCH v2 1/1] lkdtm/stackleak: Make the test more verbose

[Kees Cook]

On Tue, Jan 28, 2020 at 08:50:50AM +0100, Greg Kroah-Hartman wrote:
> On Mon, Jan 27, 2020 at 03:15:08PM -0800, Kees Cook wrote:
> > On Wed, Jan 22, 2020 at 02:58:44PM +0300, Alexander Popov wrote:
> > > On 03.01.2020 02:49, Alexander Popov wrote:
> > > > Make the stack erasing test more verbose about the errors that it
> > > > can detect.
> > > > 
> > > > Signed-off-by: Alexander Popov <alex.popov@linux.com>
> > > > ---
> > > >  drivers/misc/lkdtm/stackleak.c | 25 +++++++++++++++++--------
> > > >  1 file changed, 17 insertions(+), 8 deletions(-)
> > > 
> > > Hello!
> > > 
> > > Pinging about this version of the patch.
> > > 
> > > Kees, it uses dump_stack() instead of BUG(), as we negotiated.
> > 
> > Yup, this is in my queue -- I've just gotten back from travelling and
> > will get to it shortly. :)
> > 
> > Greg, feel free to take this directly if you want, too.
> 
> If I were to take it, it would have to wait until after 5.6-rc1, sorry.

Well, it has to go via drivers/misc anyway, so I think timing is no
different. I would consider this a feature patch, not a bug fix, too.

-- 
Kees Cook