Received: by 2002:a25:5b86:0:0:0:0:0 with SMTP id p128csp2084380ybb; Fri, 29 Mar 2019 18:39:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqzLNK38Jry1YVSg6Xd1ErBl8eaBISw8QS1ZoiNxtZ0kpc4tsXyqQQnCmA8Jjon3Q4g4NliO X-Received: by 2002:a17:902:547:: with SMTP id 65mr52575968plf.242.1553909953220; Fri, 29 Mar 2019 18:39:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553909953; cv=none; d=google.com; s=arc-20160816; b=PDDPs1QRc5Z1hqDl77Cp5QxTDj8pHECI4whh2EoTA6dt68lqS5IwCldK6sz1fTt994 5sBkNqi5MkConBmAbdJNCWoPkAxi7KOt0//hwhctBlBJaxyJH1ozXU7WpcruAaAKbfuR Z0TuyLrynOuLx5T3+DhpdHaJCgh0bH0UG8WS2pZ19A1PV1F9Zi8T7d2P/I/RwSiPfrLr o1as9n0Wn2htN10LeuZLgigyPb0rqoeu9qbMPJ6sTXSnajgwXLql9O+bHnOETpUolJik cbhHuzx2ld4/VSJpADFuOFWLBeHBMVtPDePBKOasriRZ4f5gpY+tJzfROWOWA0L0aOJI awGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=AFX2VstFLT1+4mGcFcS1m2mbBWwh2Elk7MzdeBtV2RE=; b=mbANnuETd2HV9Tw0vnqyZ58QiWtAQuNNoVXYbHqwlugw8ud2PbPF6l5ix8eW3pRRB1 eUblvr3ouHpPRmIE/4N8jynpypwsjwqVX3yzgeO7DvdLkFHKG25PLvUbs8zowMk6vHqq mfw59fmQLRCvloYAMIsE4cPDWlH0EoyK6qBYGDKf5spEXobC0t1ixMg7DNWpcOrLzdnZ k4XgjywPIAReOUlzW0QSwGEh7y74rMDZ8SJA8hqoInokvwqedkHc/KmPt5jIKBTLrl8p x5KwSQa8TyoDlqtoaIMWlE1XV2EbPScBaHP2L/vxJ/fiN3Jd4+25B8UFv8KM6yZjvGhh SCxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AqLQoVvA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si2991544pfh.36.2019.03.29.18.38.58; Fri, 29 Mar 2019 18:39:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AqLQoVvA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731729AbfC3BiZ (ORCPT + 99 others); Fri, 29 Mar 2019 21:38:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:37448 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730333AbfC3BaS (ORCPT ); Fri, 29 Mar 2019 21:30:18 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6C29D218A6; Sat, 30 Mar 2019 01:30:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553909418; bh=+mDl56pnovCRf9l6Z6D8C5RXi93XiDdjkUo7wLHnqTg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AqLQoVvAgeKxqzDkVt4xCz6TDRVugY/OBprUDP3nSkzIVJ6Y5gqHVs4iOuQ4uOJ2a ehsy8RbAYJdKKGXEY7h+j32YiAoKbBhqchDEvXLekKGLjC6wI4cy/oIZbzKeD0X7Hd JxnjTjoquWI849HRpOkQPHKgNBFKdZRE6Yvvjldk= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Christophe Leroy , Kees Cook , Sasha Levin Subject: [PATCH AUTOSEL 4.19 43/57] lkdtm: Print real addresses Date: Fri, 29 Mar 2019 21:28:36 -0400 Message-Id: <20190330012854.32212-43-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190330012854.32212-1-sashal@kernel.org> References: <20190330012854.32212-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy [ Upstream commit 4c411157a42f122051ae3469bee0b5cabe89e139 ] Today, when doing a lkdtm test before the readiness of the random generator, (ptrval) is printed instead of the address at which it perform the fault: [ 1597.337030] lkdtm: Performing direct entry EXEC_USERSPACE [ 1597.337142] lkdtm: attempting ok execution at (ptrval) [ 1597.337398] lkdtm: attempting bad execution at (ptrval) [ 1597.337460] kernel tried to execute user page (77858000) -exploit attempt? (uid: 0) [ 1597.344769] Unable to handle kernel paging request for instruction fetch [ 1597.351392] Faulting instruction address: 0x77858000 [ 1597.356312] Oops: Kernel access of bad area, sig: 11 [#1] If the lkdtm test is done later on, it prints an hashed address. In both cases this is pointless. The purpose of the test is to ensure the kernel generates an Oops at the expected address, so real addresses needs to be printed. This patch fixes that. Signed-off-by: Christophe Leroy Signed-off-by: Kees Cook Signed-off-by: Sasha Levin --- drivers/misc/lkdtm/perms.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 53b85c9d16b8..fa54add6375a 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -47,7 +47,7 @@ static noinline void execute_location(void *dst, bool write) { void (*func)(void) = dst; - pr_info("attempting ok execution at %p\n", do_nothing); + pr_info("attempting ok execution at %px\n", do_nothing); do_nothing(); if (write == CODE_WRITE) { @@ -55,7 +55,7 @@ static noinline void execute_location(void *dst, bool write) flush_icache_range((unsigned long)dst, (unsigned long)dst + EXEC_SIZE); } - pr_info("attempting bad execution at %p\n", func); + pr_info("attempting bad execution at %px\n", func); func(); } @@ -66,14 +66,14 @@ static void execute_user_location(void *dst) /* Intentionally crossing kernel/user memory boundary. */ void (*func)(void) = dst; - pr_info("attempting ok execution at %p\n", do_nothing); + pr_info("attempting ok execution at %px\n", do_nothing); do_nothing(); copied = access_process_vm(current, (unsigned long)dst, do_nothing, EXEC_SIZE, FOLL_WRITE); if (copied < EXEC_SIZE) return; - pr_info("attempting bad execution at %p\n", func); + pr_info("attempting bad execution at %px\n", func); func(); } @@ -82,7 +82,7 @@ void lkdtm_WRITE_RO(void) /* Explicitly cast away "const" for the test. */ unsigned long *ptr = (unsigned long *)&rodata; - pr_info("attempting bad rodata write at %p\n", ptr); + pr_info("attempting bad rodata write at %px\n", ptr); *ptr ^= 0xabcd1234; } @@ -100,7 +100,7 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) return; } - pr_info("attempting bad ro_after_init write at %p\n", ptr); + pr_info("attempting bad ro_after_init write at %px\n", ptr); *ptr ^= 0xabcd1234; } @@ -112,7 +112,7 @@ void lkdtm_WRITE_KERN(void) size = (unsigned long)do_overwritten - (unsigned long)do_nothing; ptr = (unsigned char *)do_overwritten; - pr_info("attempting bad %zu byte write at %p\n", size, ptr); + pr_info("attempting bad %zu byte write at %px\n", size, ptr); memcpy(ptr, (unsigned char *)do_nothing, size); flush_icache_range((unsigned long)ptr, (unsigned long)(ptr + size)); @@ -185,11 +185,11 @@ void lkdtm_ACCESS_USERSPACE(void) ptr = (unsigned long *)user_addr; - pr_info("attempting bad read at %p\n", ptr); + pr_info("attempting bad read at %px\n", ptr); tmp = *ptr; tmp += 0xc0dec0de; - pr_info("attempting bad write at %p\n", ptr); + pr_info("attempting bad write at %px\n", ptr); *ptr = tmp; vm_munmap(user_addr, PAGE_SIZE); -- 2.19.1