git.maquefel.me Git - linux.git/commit

author	Christophe Leroy <christophe.leroy@csgroup.eu>
	Tue, 15 Feb 2022 12:41:08 +0000 (13:41 +0100)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Wed, 16 Feb 2022 12:25:12 +0000 (23:25 +1100)
commit	5e5a6c5441654d1b9e576ce4ca8a1759e701079e
tree	d99c9937f48ccec679d26db730a591410f1e2297	tree \| snapshot
parent	72a86433049dcfe918886645ac3d19c1eaaa67ab	commit \| diff

lkdtm: Add a test for function descriptors protection

Add WRITE_OPD to check that you can't modify function
descriptors.

Gives the following result when function descriptors are
not protected:

lkdtm: Performing direct entry WRITE_OPD
lkdtm: attempting bad 16 bytes write at c00000000269b358
lkdtm: FAIL: survived bad write
lkdtm: do_nothing was hijacked!

Looks like a standard compiler barrier() is not enough to force
GCC to use the modified function descriptor. Had to add a fake empty
inline assembly to force GCC to reload the function descriptor.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/7eeba50d16a35e9d799820e43304150225f20197.1644928018.git.christophe.leroy@csgroup.eu

drivers/misc/lkdtm/core.c		diff \| blob \| history
drivers/misc/lkdtm/lkdtm.h		diff \| blob \| history
drivers/misc/lkdtm/perms.c		diff \| blob \| history
tools/testing/selftests/lkdtm/tests.txt		diff \| blob \| history