kernel/tools/testing/selftests/lkdtm/tests.txt, branch linux-6.2.y

lkdtm: Update tests for memcpy() run-time warnings

2022-09-07T23:37:27Z

Clarify the LKDTM FORTIFY tests, and add tests for the mem*() family of functions, now that run-time checking is distinct. Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Shuah Khan Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook

lkdtm/usercopy: Rename "heap" to "slab"

2022-05-12T05:46:09Z

To more clearly distinguish between the various heap types, rename the slab tests to "slab". Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Shuah Khan Cc: linux-kselftest@vger.kernel.org Signed-off-by: Kees Cook

lkdtm: Add CFI_BACKWARD to test ROP mitigations

2022-04-16T20:57:23Z

In order to test various backward-edge control flow integrity methods, add a test that manipulates the return address on the stack. Currently only arm64 Pointer Authentication and Shadow Call Stack is supported. $ echo CFI_BACKWARD | cat >/sys/kernel/debug/provoke-crash/DIRECT Under SCS, successful test of the mitigation is reported as: lkdtm: Performing direct entry CFI_BACKWARD lkdtm: Attempting unchecked stack return address redirection ... lkdtm: ok: redirected stack return address. lkdtm: Attempting checked stack return address redirection ... lkdtm: ok: control flow unchanged. Under PAC, successful test of the mitigation is reported by the PAC exception handler: lkdtm: Performing direct entry CFI_BACKWARD lkdtm: Attempting unchecked stack return address redirection ... lkdtm: ok: redirected stack return address. lkdtm: Attempting checked stack return address redirection ... Unable to handle kernel paging request at virtual address bfffffc0088d0514 Mem abort info: ESR = 0x86000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault [bfffffc0088d0514] address between user and kernel address ranges ... If the CONFIGs are missing (or the mitigation isn't working), failure is reported as: lkdtm: Performing direct entry CFI_BACKWARD lkdtm: Attempting unchecked stack return address redirection ... lkdtm: ok: redirected stack return address. lkdtm: Attempting checked stack return address redirection ... lkdtm: FAIL: stack return address was redirected! lkdtm: This is probably expected, since this kernel was built *without* CONFIG_ARM64_PTR_AUTH_KERNEL=y nor CONFIG_SHADOW_CALL_STACK=y Co-developed-by: Dan Li Signed-off-by: Dan Li Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Signed-off-by: Kees Cook Link: https://lore.kernel.org/lkml/20220416001103.1524653-1-keescook@chromium.org

lkdtm: Add a test for function descriptors protection

2022-02-16T12:25:12Z

Add WRITE_OPD to check that you can't modify function descriptors. Gives the following result when function descriptors are not protected: lkdtm: Performing direct entry WRITE_OPD lkdtm: attempting bad 16 bytes write at c00000000269b358 lkdtm: FAIL: survived bad write lkdtm: do_nothing was hijacked! Looks like a standard compiler barrier() is not enough to force GCC to use the modified function descriptor. Had to add a fake empty inline assembly to force GCC to reload the function descriptor. Signed-off-by: Christophe Leroy Acked-by: Kees Cook Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/7eeba50d16a35e9d799820e43304150225f20197.1644928018.git.christophe.leroy@csgroup.eu

lkdtm/bugs: Check that a per-task stack canary exists

2021-10-25T07:13:46Z

Introduce REPORT_STACK_CANARY to check for differing stack canaries between two processes (i.e. that an architecture is correctly implementing per-task stack canaries), using the task_struct canary as the hint to locate in the stack. Requires that one of the processes being tested not be pid 1. Cc: Ard Biesheuvel Cc: Greg Kroah-Hartman Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20211022223826.330653-3-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman

lkdtm/fortify: Consolidate FORTIFY_SOURCE tests

2021-08-18T20:28:51Z

The FORTIFY_SOURCE tests were split between bugs.c and fortify.c. Move tests into fortify.c, standardize their naming, add CONFIG hints, and add them to the lkdtm selftests. Cc: Arnd Bergmann Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20210818174855.2307828-3-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman

lkdtm/bugs: Add ARRAY_BOUNDS to selftests

2021-08-18T20:28:51Z

Add CONFIG hints about why the ARRAY_BOUNDS test might fail, and similarly include the CONFIGs needed to pass the ARRAY_BOUNDS test via the selftests, and add to selftests. Cc: kernelci@groups.io Suggested-by: Guillaume Tucker Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20210818174855.2307828-2-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman

lkdtm/heap: Add init_on_alloc tests

2021-06-24T13:32:08Z

Add SLAB and page allocator tests for init_on_alloc. Testing for init_on_free was already happening via the poisoning tests. Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20210623203936.3151093-10-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman

lkdtm/heap: Add vmalloc linear overflow test

2021-06-24T13:32:07Z

Similar to the existing slab overflow and stack exhaustion tests, add VMALLOC_LINEAR_OVERFLOW (and rename the slab test SLAB_LINEAR_OVERFLOW). Additionally unmarks the test as destructive. (It should be safe in the face of misbehavior.) Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20210623203936.3151093-6-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman

selftests/lkdtm: Fix expected text for free poison

2021-06-24T13:32:07Z

Freed memory poisoning can be tested a few ways, so update the expected text to reflect the non-Oopsing alternative. Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20210623203936.3151093-4-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman