// SPDX-License-Identifier: GPL-2.0 /* * This is for all the tests related to logic bugs (e.g. bad dereferences, * bad alignment, bad loops, bad locking, bad scheduling, deep stacks, and * lockups) along with other things that don't fit well into existing LKDTM * test source files. */ #include "lkdtm.h" #include <linux/cpu.h> #include <linux/list.h> #include <linux/sched.h> #include <linux/sched/signal.h> #include <linux/sched/task_stack.h> #include <linux/slab.h> #include <linux/stop_machine.h> #include <linux/uaccess.h> #if IS_ENABLED(CONFIG_X86_32) && !IS_ENABLED(CONFIG_UML) #include <asm/desc.h> #endif struct lkdtm_list { … }; /* * Make sure our attempts to over run the kernel stack doesn't trigger * a compiler warning when CONFIG_FRAME_WARN is set. Then make sure we * recurse past the end of THREAD_SIZE by default. */ #if defined(CONFIG_FRAME_WARN) && (CONFIG_FRAME_WARN > 0) #define REC_STACK_SIZE … #else #define REC_STACK_SIZE … #endif #define REC_NUM_DEFAULT … static int recur_count = …; static DEFINE_SPINLOCK(lock_me_up); /* * Make sure compiler does not optimize this function or stack frame away: * - function marked noinline * - stack variables are marked volatile * - stack variables are written (memset()) and read (buf[..] passed as arg) * - function may have external effects (memzero_explicit()) * - no tail recursion possible */ static int noinline recursive_loop(int remaining) { … } /* If the depth is negative, use the default, otherwise keep parameter. */ void __init lkdtm_bugs_init(int *recur_param) { … } static void lkdtm_PANIC(void) { … } static int panic_stop_irqoff_fn(void *arg) { … } static void lkdtm_PANIC_STOP_IRQOFF(void) { … } static void lkdtm_BUG(void) { … } static int warn_counter; static void lkdtm_WARNING(void) { … } static void lkdtm_WARNING_MESSAGE(void) { … } static void lkdtm_EXCEPTION(void) { … } static void lkdtm_LOOP(void) { … } static void lkdtm_EXHAUST_STACK(void) { … } static noinline void __lkdtm_CORRUPT_STACK(void *stack) { … } /* This should trip the stack canary, not corrupt the return address. */ static noinline void lkdtm_CORRUPT_STACK(void) { … } /* Same as above but will only get a canary with -fstack-protector-strong */ static noinline void lkdtm_CORRUPT_STACK_STRONG(void) { … } static pid_t stack_pid; static unsigned long stack_addr; static void lkdtm_REPORT_STACK(void) { … } static pid_t stack_canary_pid; static unsigned long stack_canary; static unsigned long stack_canary_offset; static noinline void __lkdtm_REPORT_STACK_CANARY(void *stack) { … } static void lkdtm_REPORT_STACK_CANARY(void) { … } static void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void) { … } static void lkdtm_SOFTLOCKUP(void) { … } static void lkdtm_HARDLOCKUP(void) { … } static void __lkdtm_SMP_CALL_LOCKUP(void *unused) { … } static void lkdtm_SMP_CALL_LOCKUP(void) { … } static void lkdtm_SPINLOCKUP(void) { … } static void __noreturn lkdtm_HUNG_TASK(void) { … } static volatile unsigned int huge = …; static volatile unsigned int ignored; static void lkdtm_OVERFLOW_SIGNED(void) { … } static void lkdtm_OVERFLOW_UNSIGNED(void) { … } /* Intentionally using unannotated flex array definition. */ struct array_bounds_flex_array { … }; struct array_bounds { … }; static void lkdtm_ARRAY_BOUNDS(void) { … } struct lkdtm_annotated { … }; static volatile int fam_count = …; static void lkdtm_FAM_BOUNDS(void) { … } static void lkdtm_CORRUPT_LIST_ADD(void) { … } static void lkdtm_CORRUPT_LIST_DEL(void) { … } /* Test that VMAP_STACK is actually allocating with a leading guard page */ static void lkdtm_STACK_GUARD_PAGE_LEADING(void) { … } /* Test that VMAP_STACK is actually allocating with a trailing guard page */ static void lkdtm_STACK_GUARD_PAGE_TRAILING(void) { … } static void lkdtm_UNSET_SMEP(void) { … } static void lkdtm_DOUBLE_FAULT(void) { … } #ifdef CONFIG_ARM64 static noinline void change_pac_parameters(void) { if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) { /* Reset the keys of current task */ ptrauth_thread_init_kernel(current); ptrauth_thread_switch_kernel(current); } } #endif static noinline void lkdtm_CORRUPT_PAC(void) { … } static struct crashtype crashtypes[] = …; struct crashtype_category bugs_crashtypes = …;
Codebase Browser
linux