This adds CORRUPT_USER_DS to check that the get_fs() test on syscall
return (via __VERIFY_PRE_USERMODE_STATE) still sees USER_DS. Since
trying to deal with values other than USER_DS and KERNEL_DS across all
architectures in a safe way is not sensible, this sets KERNEL_DS, but
since that could be extremely dangerous if the protection is not present,
it also raises SIGKILL for current, so that no matter what, the process
will die. A successful test will be visible with a BUG(), like all the
other LKDTM tests.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When building under CONFIG_DEBUG_LIST, list addition and removal will be
sanity-checked. This validates that the check is working as expected by
setting up classic corruption attacks against list manipulations, available
with the new lkdtm tests CORRUPT_LIST_ADD and CORRUPT_LIST_DEL.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Rik van Riel <riel@redhat.com>
When building under W=1, the lack of lkdtm.h in lkdtm_usercopy.c and
lkdtm_rodata.c was discovered. This fixes the issue and consolidates
the common header and the pr_fmt macro for simplicity and regularity
across each test source file.
Signed-off-by: Kees Cook <keescook@chromium.org>
This splits all the remaining tests from lkdtm_core.c into the new
lkdtm_bugs.c file to help separate things better for readability.
Signed-off-by: Kees Cook <keescook@chromium.org>
This splits the *_AFTER_FREE and related tests into the new lkdtm_heap.c
file to help separate things better for readability.
Signed-off-by: Kees Cook <keescook@chromium.org>
This splits the EXEC_*, WRITE_* and related tests into the new lkdtm_perms.c
file to help separate things better for readability.
Signed-off-by: Kees Cook <keescook@chromium.org>
This splits the USERCOPY_* tests into the new lkdtm_usercopy.c file to
help separate things better for readability.
Signed-off-by: Kees Cook <keescook@chromium.org>
This adds a function that lives in the .rodata section. The section
flags are corrected using objcopy since there is no way with gcc to
declare section flags in an architecture-agnostic way.
Signed-off-by: Kees Cook <keescook@chromium.org>
