[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jJyQSfkN3LTbCL9+dH4QX2VGdE36kwe75j2McEiZekv+Q@mail.gmail.com>
Date: Fri, 28 Oct 2016 10:21:52 -0700
From: Kees Cook <keescook@...omium.org>
To: AKASHI Takahiro <takahiro.akashi@...aro.org>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
Hans Liljestrand <ishkamiel@...il.com>, "Reshetova, Elena" <elena.reshetova@...el.com>,
David Windsor <dwindsor@...il.com>
Subject: Re: Re: [RFC v2 PATCH 13.1/13] lkdtm: add tests
for atomic over-/underflow
On Thu, Oct 27, 2016 at 7:30 PM, AKASHI Takahiro
<takahiro.akashi@...aro.org> wrote:
> On Thu, Oct 27, 2016 at 02:36:25PM -0700, Kees Cook wrote:
>> On Thu, Oct 27, 2016 at 5:46 AM, Hans Liljestrand <ishkamiel@...il.com> wrote:
>> > On Wed, Oct 26, 2016 at 01:41:34PM -0700, Kees Cook wrote:
>> >> On Wed, Oct 26, 2016 at 12:29 AM, Reshetova, Elena
>> >> <elena.reshetova@...el.com> wrote:
>> >> > Thank you Kees! I applied the commit to our hardened_atomic_on_next branch and it will be included into the next rfc.
>> >>
>> >> Cool, thanks. I assume this should get atomic64_t and local_t tests as well?
>> >>
>> >
>> > Yes, I'm currently compiling a build with atomic64_t and local_t tests added.
>> > With the improved lkdtm macros its much easier to add the extra types, thank
>> > you Kees!
>>
>> Sure thing! I may have yet-another patch for this, as I didn't like
>> repeating the same things in three files whenever a new test was
>> added. Moar macro magick!
>
> It would be nice to expose atomic* variables to userspace via debugfs
> so that we can confirm that the values will not be changed if overflowed.
> See the attached patch.
>
> We will be able to check the test result:
>
> # /bin/echo ATOMIC_ADD_OVERFLOW > /debug/provoke-crash/DIRECT
> # echo $?
> # if [ cat /debug/provoke-crash/atomic -eq INT_MAX ]; then
> # echo PASS ; fi
>
> Thanks,
> -Takahiro AKASHI
>
>>
>> -Kees
>>
>> --
>> Kees Cook
>> Nexus Security
> ===8<===
> From c516b50b4764c5c1ba0dd39e3a5022d026e35514 Mon Sep 17 00:00:00 2001
> From: AKASHI Takahiro <takahiro.akashi@...aro.org>
> Date: Fri, 28 Oct 2016 10:55:50 +0900
> Subject: [PATCH] lkdtm: expose atomic variables via debugfs
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@...aro.org>
> ---
> drivers/misc/lkdtm.h | 2 ++
> drivers/misc/lkdtm_bugs.c | 75 +++++++++++++++++++++++++++++++++++++----------
> drivers/misc/lkdtm_core.c | 3 ++
> 3 files changed, 64 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h
> index 0ef66ff..b4dd231 100644
> --- a/drivers/misc/lkdtm.h
> +++ b/drivers/misc/lkdtm.h
> @@ -3,10 +3,12 @@
>
> #define pr_fmt(fmt) "lkdtm: " fmt
>
> +#include <linux/fs.h>
> #include <linux/kernel.h>
>
> /* lkdtm_bugs.c */
> void __init lkdtm_bugs_init(int *recur_param);
> +void __init lkdtm_bugs_init2(struct dentry *parent);
> void lkdtm_PANIC(void);
> void lkdtm_BUG(void);
> void lkdtm_WARNING(void);
> diff --git a/drivers/misc/lkdtm_bugs.c b/drivers/misc/lkdtm_bugs.c
> index 7b4067b..dd5003f 100644
> --- a/drivers/misc/lkdtm_bugs.c
> +++ b/drivers/misc/lkdtm_bugs.c
> @@ -5,6 +5,8 @@
> * test source files.
> */
> #include "lkdtm.h"
> +#include <linux/debugfs.h>
> +#include <linux/fs.h>
> #include <linux/sched.h>
>
> /*
> @@ -35,6 +37,33 @@ static int recursive_loop(int remaining)
> return recursive_loop(remaining - 1);
> }
>
> +/* from fs/debugfs/file.c */
> +static int debugfs_atomic_long_t_set(void *data, u64 val)
> +{
> + atomic_long_set((atomic_long_t *)data, val);
> + return 0;
> +}
Ah yes! Thanks; I had been pondering how to correctly validate that
the values were correct after the protection triggered. Thanks!
I'll get a version of this into my hyper-macro-ized version of the
lkdtm patch and get it sent to Hans. :)
-Kees
--
Kees Cook
Nexus Security
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
