Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp902137yba; Thu, 18 Apr 2019 11:29:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqwVy+yoYLEyal3aYJ/31bAeMwWgeiplF4Mnv/TXq//FobWms5+nx069Bmh+fy6ywG7yQV8i X-Received: by 2002:a17:902:2865:: with SMTP id e92mr75817121plb.269.1555612194485; Thu, 18 Apr 2019 11:29:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555612194; cv=none; d=google.com; s=arc-20160816; b=Jps7dURu/FZCiaqsAtJw9iC0oFXTDUvvYpKZGGc5oxen9XP/0gwn6TBsR/xjxyextq z1XGnWnQ8Jx9e+1PNyH+QheRW9zP0MOVxXobLJqRxl1XqctbOaYbHClIyStDCIdktBBO J33EsD0pXw5tIHMKgqjGBev9tno5E2E6vAcBMFGENnMbVs+lL4S3LeEZTw+WfNKLIojw pi/NWCOdi0YUNZnzi1sqpJLkAonmzl1ITWoifA7VayqMyN3v/vTsshCwuN4auysfG+SV KOchR5+vHNc8BVQeX8hrJT5tyWl6BqbNZ2IbSEsWt8gMIrLIpu0vYBhXUOAH3BDzFnik RF9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=4whcw4Sutder0/Pa/WjG3O5JDaIi303RSHFUTnJIIzY=; b=Q8A3ITfweLxXGzH6D2dIZHwyqv+5FqnzR5NRMd9OGP2JMTasShhfaWLwRhGfCOeCFX AH0Fo0cNyUUMvFLZL0atc7CwvoSdEtX9kejeM7lnZ8yxPiFuxvoU/1fLQYrK/c8QUYbP wesYzl6bGJpqIaWjWpS4WWa/7sm8O1TO0tRsYyTG9OQ+Mz5QX2xP5mxKs6CckI9++oKH 90plX3Uk3jx5pElYzsLtJu7ynYlb3flSfB+OJMleydUg7lCDnQaNdsm1NJ0SL7mfJT1y L6olrlUfc5c/5wQ6UNYCmvAZc3fAD13mQmG/Hh4R6FK2esA8DU5U6EK4AfaRdF25HRct vk3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=g6lFcOkO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t16si2403134pgi.518.2019.04.18.11.29.39; Thu, 18 Apr 2019 11:29:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=g6lFcOkO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390862AbfDRSDF (ORCPT + 99 others); Thu, 18 Apr 2019 14:03:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:59490 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390857AbfDRSDD (ORCPT ); Thu, 18 Apr 2019 14:03:03 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3087F21871; Thu, 18 Apr 2019 18:03:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555610582; bh=xF0TOWc7e2J8vc50T1ggSAbby129Zq08vr5bk8ecc7A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g6lFcOkOm14oCkVfNi5CGJ1195to+Vsgu08Vh2gk53ZrzRzZVIeqr/yc6oSi/VdJn co4Bzj2BLGryLXlDnuHk1TwbZ9idGtQsxyx3amjaNzy5/iDNc2kX93WWs+Xq9dZ941 Ejk9v24yCbjDCMZ2CZrIa7goSkyaSTXsRfW3AA60= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christophe Leroy , Kees Cook , Sasha Levin Subject: [PATCH 4.19 091/110] lkdtm: Print real addresses Date: Thu, 18 Apr 2019 19:57:20 +0200 Message-Id: <20190418160446.521619972@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190418160437.484158340@linuxfoundation.org> References: <20190418160437.484158340@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 4c411157a42f122051ae3469bee0b5cabe89e139 ] Today, when doing a lkdtm test before the readiness of the random generator, (ptrval) is printed instead of the address at which it perform the fault: [ 1597.337030] lkdtm: Performing direct entry EXEC_USERSPACE [ 1597.337142] lkdtm: attempting ok execution at (ptrval) [ 1597.337398] lkdtm: attempting bad execution at (ptrval) [ 1597.337460] kernel tried to execute user page (77858000) -exploit attempt? (uid: 0) [ 1597.344769] Unable to handle kernel paging request for instruction fetch [ 1597.351392] Faulting instruction address: 0x77858000 [ 1597.356312] Oops: Kernel access of bad area, sig: 11 [#1] If the lkdtm test is done later on, it prints an hashed address. In both cases this is pointless. The purpose of the test is to ensure the kernel generates an Oops at the expected address, so real addresses needs to be printed. This patch fixes that. Signed-off-by: Christophe Leroy Signed-off-by: Kees Cook Signed-off-by: Sasha Levin --- drivers/misc/lkdtm/perms.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 53b85c9d16b8..fa54add6375a 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -47,7 +47,7 @@ static noinline void execute_location(void *dst, bool write) { void (*func)(void) = dst; - pr_info("attempting ok execution at %p\n", do_nothing); + pr_info("attempting ok execution at %px\n", do_nothing); do_nothing(); if (write == CODE_WRITE) { @@ -55,7 +55,7 @@ static noinline void execute_location(void *dst, bool write) flush_icache_range((unsigned long)dst, (unsigned long)dst + EXEC_SIZE); } - pr_info("attempting bad execution at %p\n", func); + pr_info("attempting bad execution at %px\n", func); func(); } @@ -66,14 +66,14 @@ static void execute_user_location(void *dst) /* Intentionally crossing kernel/user memory boundary. */ void (*func)(void) = dst; - pr_info("attempting ok execution at %p\n", do_nothing); + pr_info("attempting ok execution at %px\n", do_nothing); do_nothing(); copied = access_process_vm(current, (unsigned long)dst, do_nothing, EXEC_SIZE, FOLL_WRITE); if (copied < EXEC_SIZE) return; - pr_info("attempting bad execution at %p\n", func); + pr_info("attempting bad execution at %px\n", func); func(); } @@ -82,7 +82,7 @@ void lkdtm_WRITE_RO(void) /* Explicitly cast away "const" for the test. */ unsigned long *ptr = (unsigned long *)&rodata; - pr_info("attempting bad rodata write at %p\n", ptr); + pr_info("attempting bad rodata write at %px\n", ptr); *ptr ^= 0xabcd1234; } @@ -100,7 +100,7 @@ void lkdtm_WRITE_RO_AFTER_INIT(void) return; } - pr_info("attempting bad ro_after_init write at %p\n", ptr); + pr_info("attempting bad ro_after_init write at %px\n", ptr); *ptr ^= 0xabcd1234; } @@ -112,7 +112,7 @@ void lkdtm_WRITE_KERN(void) size = (unsigned long)do_overwritten - (unsigned long)do_nothing; ptr = (unsigned char *)do_overwritten; - pr_info("attempting bad %zu byte write at %p\n", size, ptr); + pr_info("attempting bad %zu byte write at %px\n", size, ptr); memcpy(ptr, (unsigned char *)do_nothing, size); flush_icache_range((unsigned long)ptr, (unsigned long)(ptr + size)); @@ -185,11 +185,11 @@ void lkdtm_ACCESS_USERSPACE(void) ptr = (unsigned long *)user_addr; - pr_info("attempting bad read at %p\n", ptr); + pr_info("attempting bad read at %px\n", ptr); tmp = *ptr; tmp += 0xc0dec0de; - pr_info("attempting bad write at %p\n", ptr); + pr_info("attempting bad write at %px\n", ptr); *ptr = tmp; vm_munmap(user_addr, PAGE_SIZE); -- 2.19.1