Skip to content

Commit 5d207e8

Browse files
keeskees
committed
lkdtm: Add FAM_BOUNDS test for __counted_by
Add new CONFIG_UBSAN_BOUNDS test for __counted_by attribute. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kees Cook <keescook@chromium.org>
1 parent c8248fa commit 5d207e8

1 file changed

Lines changed: 44 additions & 3 deletions

File tree

drivers/misc/lkdtm/bugs.c

Lines changed: 44 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -273,8 +273,8 @@ static void lkdtm_HUNG_TASK(void)
273273
schedule();
274274
}
275275

276-
volatile unsigned int huge = INT_MAX - 2;
277-
volatile unsigned int ignored;
276+
static volatile unsigned int huge = INT_MAX - 2;
277+
static volatile unsigned int ignored;
278278

279279
static void lkdtm_OVERFLOW_SIGNED(void)
280280
{
@@ -305,7 +305,7 @@ static void lkdtm_OVERFLOW_UNSIGNED(void)
305305
ignored = value;
306306
}
307307

308-
/* Intentionally using old-style flex array definition of 1 byte. */
308+
/* Intentionally using unannotated flex array definition. */
309309
struct array_bounds_flex_array {
310310
int one;
311311
int two;
@@ -357,6 +357,46 @@ static void lkdtm_ARRAY_BOUNDS(void)
357357
pr_expected_config(CONFIG_UBSAN_BOUNDS);
358358
}
359359

360+
struct lkdtm_annotated {
361+
unsigned long flags;
362+
int count;
363+
int array[] __counted_by(count);
364+
};
365+
366+
static volatile int fam_count = 4;
367+
368+
static void lkdtm_FAM_BOUNDS(void)
369+
{
370+
struct lkdtm_annotated *inst;
371+
372+
inst = kzalloc(struct_size(inst, array, fam_count + 1), GFP_KERNEL);
373+
if (!inst) {
374+
pr_err("FAIL: could not allocate test struct!\n");
375+
return;
376+
}
377+
378+
inst->count = fam_count;
379+
pr_info("Array access within bounds ...\n");
380+
inst->array[1] = fam_count;
381+
ignored = inst->array[1];
382+
383+
pr_info("Array access beyond bounds ...\n");
384+
inst->array[fam_count] = fam_count;
385+
ignored = inst->array[fam_count];
386+
387+
kfree(inst);
388+
389+
pr_err("FAIL: survived access of invalid flexible array member index!\n");
390+
391+
if (!__has_attribute(__counted_by__))
392+
pr_warn("This is expected since this %s was built a compiler supporting __counted_by\n",
393+
lkdtm_kernel_info);
394+
else if (IS_ENABLED(CONFIG_UBSAN_BOUNDS))
395+
pr_expected_config(CONFIG_UBSAN_TRAP);
396+
else
397+
pr_expected_config(CONFIG_UBSAN_BOUNDS);
398+
}
399+
360400
static void lkdtm_CORRUPT_LIST_ADD(void)
361401
{
362402
/*
@@ -616,6 +656,7 @@ static struct crashtype crashtypes[] = {
616656
CRASHTYPE(OVERFLOW_SIGNED),
617657
CRASHTYPE(OVERFLOW_UNSIGNED),
618658
CRASHTYPE(ARRAY_BOUNDS),
659+
CRASHTYPE(FAM_BOUNDS),
619660
CRASHTYPE(CORRUPT_LIST_ADD),
620661
CRASHTYPE(CORRUPT_LIST_DEL),
621662
CRASHTYPE(STACK_GUARD_PAGE_LEADING),

0 commit comments

Comments
 (0)