lkdtm/stackleak: check stack boundaries

The stackleak code relies upon the current SP and lowest recorded SP
falling within expected task stack boundaries.

Check this at the start of the test.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Popov <alex.popov@linux.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220427173128.2603085-12-mark.rutland@arm.com

diff --git a/drivers/misc/lkdtm/stackleak.c b/drivers/misc/lkdtm/stackleak.c
index 46c60761a05ea69906095440ac428fe386673c65..52800583fd051653940bb59525458ff742b945cb 100644 (file)
--- a/drivers/misc/lkdtm/stackleak.c
+++ b/drivers/misc/lkdtm/stackleak.c
@@ -35,6 +35,25 @@ static void noinstr check_stackleak_irqoff(void)
        unsigned long poison_high, poison_low;
        bool test_failed = false;
 
+       /*
+        * Check that the current and lowest recorded stack pointer values fall
+        * within the expected task stack boundaries. These tests should never
+        * fail unless the boundaries are incorrect or we're clobbering the
+        * STACK_END_MAGIC, and in either casee something is seriously wrong.
+        */
+       if (current_sp < task_stack_low || current_sp >= task_stack_high) {
+               pr_err("FAIL: current_stack_pointer (0x%lx) outside of task stack bounds [0x%lx..0x%lx]\n",
+                      current_sp, task_stack_low, task_stack_high - 1);
+               test_failed = true;
+               goto out;
+       }
+       if (lowest_sp < task_stack_low || lowest_sp >= task_stack_high) {
+               pr_err("FAIL: current->lowest_stack (0x%lx) outside of task stack bounds [0x%lx..0x%lx]\n",
+                      lowest_sp, task_stack_low, task_stack_high - 1);
+               test_failed = true;
+               goto out;
+       }
+
        /*
         * Depending on what has run prior to this test, the lowest recorded
         * stack pointer could be above or below the current stack pointer.
@@ -87,6 +106,7 @@ static void noinstr check_stackleak_irqoff(void)
                poison_high - task_stack_low,
                task_stack_low - task_stack_base);
 
+out:
        if (test_failed) {
                pr_err("FAIL: the thread stack is NOT properly erased!\n");
                pr_expected_config(CONFIG_GCC_PLUGIN_STACKLEAK);