tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lkdtm: flush icache and report actions
Some CPUs explicitly need to have their icache flushed after making
executable code copies for the memory region execution tests.
Additionally, report the specific address targets being used so that
debugging non-crash failures is easier.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
authored by
Kees Cook
and committed by
Greg Kroah-Hartman
aac416fc
feac6e21
+16
+16
drivers/misc/lkdtm.c
+16
drivers/misc/lkdtm.c
···
329
329
{
330
330
void (*func)(void) = dst;
331
331
332
+
pr_info("attempting ok execution at %p\n", do_nothing);
333
+
do_nothing();
334
+
332
335
memcpy(dst, do_nothing, EXEC_SIZE);
336
+
flush_icache_range((unsigned long)dst, (unsigned long)dst + EXEC_SIZE);
337
+
pr_info("attempting bad execution at %p\n", func);
333
338
func();
334
339
}
335
340
···
343
338
/* Intentionally crossing kernel/user memory boundary. */
344
339
void (*func)(void) = dst;
345
340
341
+
pr_info("attempting ok execution at %p\n", do_nothing);
342
+
do_nothing();
343
+
346
344
if (copy_to_user((void __user *)dst, do_nothing, EXEC_SIZE))
347
345
return;
346
+
flush_icache_range((unsigned long)dst, (unsigned long)dst + EXEC_SIZE);
347
+
pr_info("attempting bad execution at %p\n", func);
348
348
func();
349
349
}
350
350
···
474
464
}
475
465
476
466
ptr = (unsigned long *)user_addr;
467
+
468
+
pr_info("attempting bad read at %p\n", ptr);
477
469
tmp = *ptr;
478
470
tmp += 0xc0dec0de;
471
+
472
+
pr_info("attempting bad write at %p\n", ptr);
479
473
*ptr = tmp;
480
474
481
475
vm_munmap(user_addr, PAGE_SIZE);
···
490
476
unsigned long *ptr;
491
477
492
478
ptr = (unsigned long *)&rodata;
479
+
480
+
pr_info("attempting bad write at %p\n", ptr);
493
481
*ptr ^= 0xabcd1234;
494
482
495
483
break;