Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp176914imu; Tue, 8 Jan 2019 17:16:19 -0800 (PST) X-Google-Smtp-Source: ALg8bN6qdBkT2//LoI7Asagi7TZaOLXt3yBiAeQqZXoC4tEX4MmgjWaLCNEtu9HkJv/BjMCLlX9I X-Received: by 2002:a17:902:690c:: with SMTP id j12mr3996184plk.206.1546996579269; Tue, 08 Jan 2019 17:16:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546996579; cv=none; d=google.com; s=arc-20160816; b=n/hi/OdXkeE2GHV0VfRap7O9ByZ2OyJdr6cT1zxfZLd0ptvvCw++DltidJyHvLOhOk AhR2jFIObA2UMeCvv8qsvLPXOKFtiEC/7KwvrpqJ+qoX2LV0GCucwd+hdS6H7gWQ+NMp Z+vAOwQVYsg51hqW17WECz7eTJYsg1KQmZPrps1y7xPeP+V7LLmyF0hTbH4ApMRXAasD 2/Lo0Z95iyhKD4t07EiXKanrxaSc+CdqFvzqz/tiKwer1aGer7xjZk+xK9lHN7O6paNb CaUV2GZspjeAqJZgF5VMzQOswzcq4qbgvmycvPE3h/xVUj3/4Ybvn3BiUuEdylyGcZlJ +vkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=2A/fwvQAV6lsXaJ6k3wt6YiW60CG0GvpiajItkhBSKM=; b=oEsVS8rAdS0trUcXmQVUB50S+JeCnc1Zic2RYt3g5YnibktyX7RtU3/LKzvkvQpR7I gZnXYmaifNnBWaEW7wDT3/UD4BvZ22W7pJEAexg+AUL7AtVC9WVfLgjdkAWYjmxGX/04 QyK9lG0CxUtFdyLZyfzIZ9gYeu0skE0RraBMnDXIjXvIXQXstK/S/eV2sI2W80crlvFc qNd59Mx2m0aVP9NXvr+61BJ09wpZqXIfKSW00oQIUg4xm+5E0ZcThB0xN9Ky4YsbjSRO tylxPOx8tDCnaW+EdTWwM1U73t/xhheP8sBY5/NDsUnkTI2KosIxPi1shEvTzbVtsYBg FCWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=n8oWMglI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e6si65114755pgk.201.2019.01.08.17.16.04; Tue, 08 Jan 2019 17:16:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=n8oWMglI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729168AbfAIBOw (ORCPT + 99 others); Tue, 8 Jan 2019 20:14:52 -0500 Received: from mail-vs1-f68.google.com ([209.85.217.68]:43311 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728348AbfAIBOw (ORCPT ); Tue, 8 Jan 2019 20:14:52 -0500 Received: by mail-vs1-f68.google.com with SMTP id x1so3729669vsc.10 for ; Tue, 08 Jan 2019 17:14:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2A/fwvQAV6lsXaJ6k3wt6YiW60CG0GvpiajItkhBSKM=; b=n8oWMglITuixTL1tZ9wTM2CGYxHozKdsRA5lE8adSfWGH4WWtOUV5ObEIZnZhA2oi1 pnoDbf0G5Bc1gM97+cqY8nkA2OsL8uerocE7ZMJNIXWVT5rO4zyazNiPmAi+KHBTHwo7 4Cgo+YWbK1/DZXziu1DQhgZ4Dx0r2iIvHRd4I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2A/fwvQAV6lsXaJ6k3wt6YiW60CG0GvpiajItkhBSKM=; b=AFmuXvEyPYq/p6/Rmg2wdVccZ1ElMJNgJ+YK7ixILLlCSyH00byQAkQ7VN6MqjsWBr qQ6Z/QWGpaR/w0xmkDjvwhudBTzKGB5wLLzISQ+YfXy5aRW5HkEkoEx+eQdNRHK6FuoC Gj6bhByKT56yjI3uiPSNeNCvuSCaMIE57wPbUN3QXKlXVFALMInjCiwch6R3izlNqPFj +K9lQm6h5rvox6AbAy9Qt+ePRZRPhU5eAIvPAPsvnzYZJ4dAPdWPChIrIClDjOXy7inS Izlsj/uBRRX7xlCajjxTKLfPfuu4N/Jqc+vcAyx7a2RT7cozFg/bq2TXUvHdBMflhxcA wL2w== X-Gm-Message-State: AJcUukfj2JoRnLPA17HSrLigTW+DV87NpgVt2sMGgH7V21TitMUHiprL Ww8h3M7I6NQyuyiU2UNMIBNpfD7dCBU= X-Received: by 2002:a67:820f:: with SMTP id e15mr1682051vsd.156.1546996490720; Tue, 08 Jan 2019 17:14:50 -0800 (PST) Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com. [209.85.217.45]) by smtp.gmail.com with ESMTPSA id j25sm25780869uag.8.2019.01.08.17.14.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Jan 2019 17:14:49 -0800 (PST) Received: by mail-vs1-f45.google.com with SMTP id e7so3760596vsc.2 for ; Tue, 08 Jan 2019 17:14:49 -0800 (PST) X-Received: by 2002:a67:e199:: with SMTP id e25mr1681649vsl.188.1546996488909; Tue, 08 Jan 2019 17:14:48 -0800 (PST) MIME-Version: 1.0 References: <8593f7faf89812a9987d44d9ae615d64dca4d77f.1544800744.git.christophe.leroy@c-s.fr> In-Reply-To: <8593f7faf89812a9987d44d9ae615d64dca4d77f.1544800744.git.christophe.leroy@c-s.fr> From: Kees Cook Date: Tue, 8 Jan 2019 17:14:36 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] lkdtm: Add a tests for NULL pointer dereference To: Christophe Leroy Cc: Arnd Bergmann , Greg Kroah-Hartman , LKML , PowerPC Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 14, 2018 at 7:26 AM Christophe Leroy wrote: > > Introduce lkdtm tests for NULL pointer dereference: check > access or exec at NULL address. Why is this not already covered by the existing tests? (Is there something special about NULL that is being missed?) I'd expect SMAP and SMEP to cover NULL as well. -Kees > > Signed-off-by: Christophe Leroy > --- > drivers/misc/lkdtm/core.c | 2 ++ > drivers/misc/lkdtm/lkdtm.h | 2 ++ > drivers/misc/lkdtm/perms.c | 18 ++++++++++++++++++ > 3 files changed, 22 insertions(+) > > diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c > index bc76756b7eda..36910e1d5c09 100644 > --- a/drivers/misc/lkdtm/core.c > +++ b/drivers/misc/lkdtm/core.c > @@ -157,7 +157,9 @@ static const struct crashtype crashtypes[] = { > CRASHTYPE(EXEC_VMALLOC), > CRASHTYPE(EXEC_RODATA), > CRASHTYPE(EXEC_USERSPACE), > + CRASHTYPE(EXEC_NULL), > CRASHTYPE(ACCESS_USERSPACE), > + CRASHTYPE(ACCESS_NULL), > CRASHTYPE(WRITE_RO), > CRASHTYPE(WRITE_RO_AFTER_INIT), > CRASHTYPE(WRITE_KERN), > diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h > index 3c6fd327e166..b69ee004a3f7 100644 > --- a/drivers/misc/lkdtm/lkdtm.h > +++ b/drivers/misc/lkdtm/lkdtm.h > @@ -45,7 +45,9 @@ void lkdtm_EXEC_KMALLOC(void); > void lkdtm_EXEC_VMALLOC(void); > void lkdtm_EXEC_RODATA(void); > void lkdtm_EXEC_USERSPACE(void); > +void lkdtm_EXEC_NULL(void); > void lkdtm_ACCESS_USERSPACE(void); > +void lkdtm_ACCESS_NULL(void); > > /* lkdtm_refcount.c */ > void lkdtm_REFCOUNT_INC_OVERFLOW(void); > diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c > index fa54add6375a..62f76d506f04 100644 > --- a/drivers/misc/lkdtm/perms.c > +++ b/drivers/misc/lkdtm/perms.c > @@ -164,6 +164,11 @@ void lkdtm_EXEC_USERSPACE(void) > vm_munmap(user_addr, PAGE_SIZE); > } > > +void lkdtm_EXEC_NULL(void) > +{ > + execute_location(NULL, CODE_AS_IS); > +} > + > void lkdtm_ACCESS_USERSPACE(void) > { > unsigned long user_addr, tmp = 0; > @@ -195,6 +200,19 @@ void lkdtm_ACCESS_USERSPACE(void) > vm_munmap(user_addr, PAGE_SIZE); > } > > +void lkdtm_ACCESS_NULL(void) > +{ > + unsigned long tmp; > + unsigned long *ptr = (unsigned long *)NULL; > + > + pr_info("attempting bad read at %px\n", ptr); > + tmp = *ptr; > + tmp += 0xc0dec0de; > + > + pr_info("attempting bad write at %px\n", ptr); > + *ptr = tmp; > +} > + > void __init lkdtm_perms_init(void) > { > /* Make sure we can write to __ro_after_init values during __init */ > -- > 2.13.3 > -- Kees Cook