From patchwork Thu Jan 11 02:02:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10156675 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EC97D60231 for ; Thu, 11 Jan 2018 02:18:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D9ED22874C for ; Thu, 11 Jan 2018 02:18:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CE4B42874F; Thu, 11 Jan 2018 02:18:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 716082874C for ; Thu, 11 Jan 2018 02:18:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752567AbeAKCDX (ORCPT ); Wed, 10 Jan 2018 21:03:23 -0500 Received: from mail-pg0-f65.google.com ([74.125.83.65]:33596 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752900AbeAKCDU (ORCPT ); Wed, 10 Jan 2018 21:03:20 -0500 Received: by mail-pg0-f65.google.com with SMTP id i196so1621591pgd.0 for ; Wed, 10 Jan 2018 18:03:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=iCW828Iz1H8xnzRGZ37wSq4TwDEyLu2rRR4zRnRxwss=; b=lhzj1EPuqvDfAdQofGsjZtKZwlCJchXzHYLqwsL5uo7YDHxh/ZGnGMf98wNShxugGj yp+Raydi85Ul0i8YwSEd3jlyuZie0z/Loy5gHJlOKM+DS+elXqfb/dITgHwklsiUoQbd KI61+u1FM/lhTSW0vNmDkYFLRwxD+W5jBRvw4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=iCW828Iz1H8xnzRGZ37wSq4TwDEyLu2rRR4zRnRxwss=; b=H0xg9tpQJE8iKlAofr9Yz3NEi1ghgH3siYTp2bOMnx5J24LWf6Veis56Km8UYCe/rG kG0qBlEvkB7eBXGG9D6ussfD/mF+6F/TAffK4SueJ5teFdEu/wFeYGnRfnPT9kJ1h35c OtKdEGcbNHGgdRzizCaw/K78M93au+SLxPVQvQxZnNZ4ENbZfp45dk4+I2eULhHFsnTR 7Fd3BSo9j6he5UaywZ7Icu+MLb8XoDvSIRxjjuXzcWEGSc2AF+Zq6AObn5L++SsGdpWa b0aEcql8/augGjpevkQ/xy+TdJkePo/PEzmKdcZAhlyqJNmuhkQ3CI8jI2dTdt8ZdLeW k82w== X-Gm-Message-State: AKGB3mLHVLdTJVB+VWvKvqhKGWRx19irBVixTqH9rHi1cLCuaqy1rJaZ Nh/mMP5O5bznZ5ecWJuf3+LbnQ== X-Google-Smtp-Source: ACJfBovqm9Fb/VCaejK3gq3qEphGZfzRSgpOEjyGqCTkhUmMS4ysCpr9sX5ajyGE8qXHLk1JoKmSVQ== X-Received: by 10.99.173.79 with SMTP id y15mr16478038pgo.444.1515636200326; Wed, 10 Jan 2018 18:03:20 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id g2sm37626602pfc.130.2018.01.10.18.03.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 18:03:18 -0800 (PST) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Linus Torvalds , David Windsor , Alexander Viro , Andrew Morton , Andy Lutomirski , Christoph Hellwig , Christoph Lameter , "David S. Miller" , Laura Abbott , Mark Rutland , "Martin K. Petersen" , Paolo Bonzini , Christian Borntraeger , Christoffer Dall , Dave Kleikamp , Jan Kara , Luis de Bethencourt , Marc Zyngier , Rik van Riel , Matthew Garrett , linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, netdev@vger.kernel.org, linux-mm@kvack.org, kernel-hardening@lists.openwall.com Subject: [PATCH 04/38] lkdtm/usercopy: Adjust test to include an offset to check reporting Date: Wed, 10 Jan 2018 18:02:36 -0800 Message-Id: <1515636190-24061-5-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515636190-24061-1-git-send-email-keescook@chromium.org> References: <1515636190-24061-1-git-send-email-keescook@chromium.org> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Instead of doubling the size, push the start position up by 16 bytes to still trigger an overflow. This allows to verify that offset reporting is working correctly. Signed-off-by: Kees Cook --- drivers/misc/lkdtm_usercopy.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/misc/lkdtm_usercopy.c b/drivers/misc/lkdtm_usercopy.c index a64372cc148d..9ebbb031e5e3 100644 --- a/drivers/misc/lkdtm_usercopy.c +++ b/drivers/misc/lkdtm_usercopy.c @@ -119,6 +119,8 @@ static void do_usercopy_heap_size(bool to_user) { unsigned long user_addr; unsigned char *one, *two; + void __user *test_user_addr; + void *test_kern_addr; size_t size = unconst + 1024; one = kmalloc(size, GFP_KERNEL); @@ -139,27 +141,30 @@ static void do_usercopy_heap_size(bool to_user) memset(one, 'A', size); memset(two, 'B', size); + test_user_addr = (void __user *)(user_addr + 16); + test_kern_addr = one + 16; + if (to_user) { pr_info("attempting good copy_to_user of correct size\n"); - if (copy_to_user((void __user *)user_addr, one, size)) { + if (copy_to_user(test_user_addr, test_kern_addr, size / 2)) { pr_warn("copy_to_user failed unexpectedly?!\n"); goto free_user; } pr_info("attempting bad copy_to_user of too large size\n"); - if (copy_to_user((void __user *)user_addr, one, 2 * size)) { + if (copy_to_user(test_user_addr, test_kern_addr, size)) { pr_warn("copy_to_user failed, but lacked Oops\n"); goto free_user; } } else { pr_info("attempting good copy_from_user of correct size\n"); - if (copy_from_user(one, (void __user *)user_addr, size)) { + if (copy_from_user(test_kern_addr, test_user_addr, size / 2)) { pr_warn("copy_from_user failed unexpectedly?!\n"); goto free_user; } pr_info("attempting bad copy_from_user of too large size\n"); - if (copy_from_user(one, (void __user *)user_addr, 2 * size)) { + if (copy_from_user(test_kern_addr, test_user_addr, size)) { pr_warn("copy_from_user failed, but lacked Oops\n"); goto free_user; }