diff options
author | Christophe Leroy <christophe.leroy@c-s.fr> | 2018-12-14 15:26:20 +0000 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2019-01-09 12:00:31 -0800 |
commit | 59a12205d3c32aee4c13ca36889fdf7cfed31126 (patch) | |
tree | f2de1d775529e2e3b4e57edf669356f2cbec6303 /drivers/misc/lkdtm/perms.c | |
parent | lkdtm: Print real addresses (diff) | |
download | linux-dev-59a12205d3c32aee4c13ca36889fdf7cfed31126.tar.xz linux-dev-59a12205d3c32aee4c13ca36889fdf7cfed31126.zip |
lkdtm: Add tests for NULL pointer dereference
Introduce lkdtm tests for NULL pointer dereference: check access or exec
at NULL address, since these errors tend to be reported differently from
the general fault error text. For example from x86:
pr_alert("BUG: unable to handle kernel %s at %px\n",
address < PAGE_SIZE ? "NULL pointer dereference" : "paging request",
(void *)address);
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to '')
-rw-r--r-- | drivers/misc/lkdtm/perms.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index fa54add6375a..62f76d506f04 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -164,6 +164,11 @@ void lkdtm_EXEC_USERSPACE(void) vm_munmap(user_addr, PAGE_SIZE); } +void lkdtm_EXEC_NULL(void) +{ + execute_location(NULL, CODE_AS_IS); +} + void lkdtm_ACCESS_USERSPACE(void) { unsigned long user_addr, tmp = 0; @@ -195,6 +200,19 @@ void lkdtm_ACCESS_USERSPACE(void) vm_munmap(user_addr, PAGE_SIZE); } +void lkdtm_ACCESS_NULL(void) +{ + unsigned long tmp; + unsigned long *ptr = (unsigned long *)NULL; + + pr_info("attempting bad read at %px\n", ptr); + tmp = *ptr; + tmp += 0xc0dec0de; + + pr_info("attempting bad write at %px\n", ptr); + *ptr = tmp; +} + void __init lkdtm_perms_init(void) { /* Make sure we can write to __ro_after_init values during __init */ |