aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-02-21 20:53:23 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2017-02-21 20:53:23 -0500
commit4a0853bf88c8f56e1c01eda02e6625aed09d55d9 (patch)
tree767b2d9cd3da81e2c21adcc63ce9fadec7008bf3
parent6d1dd93ea0d0f0fb61b5450a2668896028ce3f75 (diff)
parent4c5d7bc63775b40631b75f6c59a3a3005455262d (diff)
Merge tag 'usercopy-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull usercopy test updates from Kees Cook: "This improves the usercopy tests: - check zeroing on failed copy_from_user()/get_user() (caught bug on ARM) - adjust tests for SMAP/PAN (can't zero userspace memory on failure)" * tag 'usercopy-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: usercopy: Add tests for all get_user() sizes usercopy: Adjust tests to deal with SMAP/PAN usercopy: add testcases to check zeroing on failure
-rw-r--r--lib/test_user_copy.c117
1 files changed, 103 insertions, 14 deletions
diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c
index 0ecef3e4690e..6f335a3d4ae2 100644
--- a/lib/test_user_copy.c
+++ b/lib/test_user_copy.c
@@ -25,6 +25,23 @@
25#include <linux/uaccess.h> 25#include <linux/uaccess.h>
26#include <linux/vmalloc.h> 26#include <linux/vmalloc.h>
27 27
28/*
29 * Several 32-bit architectures support 64-bit {get,put}_user() calls.
30 * As there doesn't appear to be anything that can safely determine
31 * their capability at compile-time, we just have to opt-out certain archs.
32 */
33#if BITS_PER_LONG == 64 || (!defined(CONFIG_AVR32) && \
34 !defined(CONFIG_BLACKFIN) && \
35 !defined(CONFIG_M32R) && \
36 !defined(CONFIG_M68K) && \
37 !defined(CONFIG_MICROBLAZE) && \
38 !defined(CONFIG_MN10300) && \
39 !defined(CONFIG_NIOS2) && \
40 !defined(CONFIG_PPC32) && \
41 !defined(CONFIG_SUPERH))
42# define TEST_U64
43#endif
44
28#define test(condition, msg) \ 45#define test(condition, msg) \
29({ \ 46({ \
30 int cond = (condition); \ 47 int cond = (condition); \
@@ -40,7 +57,12 @@ static int __init test_user_copy_init(void)
40 char __user *usermem; 57 char __user *usermem;
41 char *bad_usermem; 58 char *bad_usermem;
42 unsigned long user_addr; 59 unsigned long user_addr;
43 unsigned long value = 0x5A; 60 u8 val_u8;
61 u16 val_u16;
62 u32 val_u32;
63#ifdef TEST_U64
64 u64 val_u64;
65#endif
44 66
45 kmem = kmalloc(PAGE_SIZE * 2, GFP_KERNEL); 67 kmem = kmalloc(PAGE_SIZE * 2, GFP_KERNEL);
46 if (!kmem) 68 if (!kmem)
@@ -58,33 +80,100 @@ static int __init test_user_copy_init(void)
58 usermem = (char __user *)user_addr; 80 usermem = (char __user *)user_addr;
59 bad_usermem = (char *)user_addr; 81 bad_usermem = (char *)user_addr;
60 82
61 /* Legitimate usage: none of these should fail. */ 83 /*
62 ret |= test(copy_from_user(kmem, usermem, PAGE_SIZE), 84 * Legitimate usage: none of these copies should fail.
63 "legitimate copy_from_user failed"); 85 */
86 memset(kmem, 0x3a, PAGE_SIZE * 2);
64 ret |= test(copy_to_user(usermem, kmem, PAGE_SIZE), 87 ret |= test(copy_to_user(usermem, kmem, PAGE_SIZE),
65 "legitimate copy_to_user failed"); 88 "legitimate copy_to_user failed");
66 ret |= test(get_user(value, (unsigned long __user *)usermem), 89 memset(kmem, 0x0, PAGE_SIZE);
67 "legitimate get_user failed"); 90 ret |= test(copy_from_user(kmem, usermem, PAGE_SIZE),
68 ret |= test(put_user(value, (unsigned long __user *)usermem), 91 "legitimate copy_from_user failed");
69 "legitimate put_user failed"); 92 ret |= test(memcmp(kmem, kmem + PAGE_SIZE, PAGE_SIZE),
70 93 "legitimate usercopy failed to copy data");
71 /* Invalid usage: none of these should succeed. */ 94
95#define test_legit(size, check) \
96 do { \
97 val_##size = check; \
98 ret |= test(put_user(val_##size, (size __user *)usermem), \
99 "legitimate put_user (" #size ") failed"); \
100 val_##size = 0; \
101 ret |= test(get_user(val_##size, (size __user *)usermem), \
102 "legitimate get_user (" #size ") failed"); \
103 ret |= test(val_##size != check, \
104 "legitimate get_user (" #size ") failed to do copy"); \
105 if (val_##size != check) { \
106 pr_info("0x%llx != 0x%llx\n", \
107 (unsigned long long)val_##size, \
108 (unsigned long long)check); \
109 } \
110 } while (0)
111
112 test_legit(u8, 0x5a);
113 test_legit(u16, 0x5a5b);
114 test_legit(u32, 0x5a5b5c5d);
115#ifdef TEST_U64
116 test_legit(u64, 0x5a5b5c5d6a6b6c6d);
117#endif
118#undef test_legit
119
120 /*
121 * Invalid usage: none of these copies should succeed.
122 */
123
124 /* Prepare kernel memory with check values. */
125 memset(kmem, 0x5a, PAGE_SIZE);
126 memset(kmem + PAGE_SIZE, 0, PAGE_SIZE);
127
128 /* Reject kernel-to-kernel copies through copy_from_user(). */
72 ret |= test(!copy_from_user(kmem, (char __user *)(kmem + PAGE_SIZE), 129 ret |= test(!copy_from_user(kmem, (char __user *)(kmem + PAGE_SIZE),
73 PAGE_SIZE), 130 PAGE_SIZE),
74 "illegal all-kernel copy_from_user passed"); 131 "illegal all-kernel copy_from_user passed");
132
133 /* Destination half of buffer should have been zeroed. */
134 ret |= test(memcmp(kmem + PAGE_SIZE, kmem, PAGE_SIZE),
135 "zeroing failure for illegal all-kernel copy_from_user");
136
137#if 0
138 /*
139 * When running with SMAP/PAN/etc, this will Oops the kernel
140 * due to the zeroing of userspace memory on failure. This needs
141 * to be tested in LKDTM instead, since this test module does not
142 * expect to explode.
143 */
75 ret |= test(!copy_from_user(bad_usermem, (char __user *)kmem, 144 ret |= test(!copy_from_user(bad_usermem, (char __user *)kmem,
76 PAGE_SIZE), 145 PAGE_SIZE),
77 "illegal reversed copy_from_user passed"); 146 "illegal reversed copy_from_user passed");
147#endif
78 ret |= test(!copy_to_user((char __user *)kmem, kmem + PAGE_SIZE, 148 ret |= test(!copy_to_user((char __user *)kmem, kmem + PAGE_SIZE,
79 PAGE_SIZE), 149 PAGE_SIZE),
80 "illegal all-kernel copy_to_user passed"); 150 "illegal all-kernel copy_to_user passed");
81 ret |= test(!copy_to_user((char __user *)kmem, bad_usermem, 151 ret |= test(!copy_to_user((char __user *)kmem, bad_usermem,
82 PAGE_SIZE), 152 PAGE_SIZE),
83 "illegal reversed copy_to_user passed"); 153 "illegal reversed copy_to_user passed");
84 ret |= test(!get_user(value, (unsigned long __user *)kmem), 154
85 "illegal get_user passed"); 155#define test_illegal(size, check) \
86 ret |= test(!put_user(value, (unsigned long __user *)kmem), 156 do { \
87 "illegal put_user passed"); 157 val_##size = (check); \
158 ret |= test(!get_user(val_##size, (size __user *)kmem), \
159 "illegal get_user (" #size ") passed"); \
160 ret |= test(val_##size != (size)0, \
161 "zeroing failure for illegal get_user (" #size ")"); \
162 if (val_##size != (size)0) { \
163 pr_info("0x%llx != 0\n", \
164 (unsigned long long)val_##size); \
165 } \
166 ret |= test(!put_user(val_##size, (size __user *)kmem), \
167 "illegal put_user (" #size ") passed"); \
168 } while (0)
169
170 test_illegal(u8, 0x5a);
171 test_illegal(u16, 0x5a5b);
172 test_illegal(u32, 0x5a5b5c5d);
173#ifdef TEST_U64
174 test_illegal(u64, 0x5a5b5c5d6a6b6c6d);
175#endif
176#undef test_illegal
88 177
89 vm_munmap(user_addr, PAGE_SIZE * 2); 178 vm_munmap(user_addr, PAGE_SIZE * 2);
90 kfree(kmem); 179 kfree(kmem);