Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / c55d240003ae253d3057dcf93510c9bd64bb7a09 / . / drivers / misc / lkdtm_bugs.c
blob: 30e62dd7e7ca2dd6d565957bb5f0e72b3e1a9cd8 [file] [log] [blame]
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]1/*
2 * This is for all the tests related to logic bugs (e.g. bad dereferences,
3 * bad alignment, bad loops, bad locking, bad scheduling, deep stacks, and
4 * lockups) along with other things that don't fit well into existing LKDTM
5 * test source files.
6 */
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]7#include "lkdtm.h"
Kees Cook6d2e91a2016-07-15 16:04:39 -0700[diff] [blame]8#include <linux/sched.h>
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]9
10/*
11 * Make sure our attempts to over run the kernel stack doesn't trigger
12 * a compiler warning when CONFIG_FRAME_WARN is set. Then make sure we
13 * recurse past the end of THREAD_SIZE by default.
14 */
15#if defined(CONFIG_FRAME_WARN) && (CONFIG_FRAME_WARN > 0)
16#define REC_STACK_SIZE (CONFIG_FRAME_WARN / 2)
17#else
18#define REC_STACK_SIZE (THREAD_SIZE / 8)
19#endif
20#define REC_NUM_DEFAULT ((THREAD_SIZE / REC_STACK_SIZE) * 2)
21
22static int recur_count = REC_NUM_DEFAULT;
23
24static DEFINE_SPINLOCK(lock_me_up);
25
26static int recursive_loop(int remaining)
27{
28 char buf[REC_STACK_SIZE];
29
30 /* Make sure compiler does not optimize this away. */
31 memset(buf, (remaining & 0xff) | 0x1, REC_STACK_SIZE);
32 if (!remaining)
33 return 0;
34 else
35 return recursive_loop(remaining - 1);
36}
37
38/* If the depth is negative, use the default, otherwise keep parameter. */
39void __init lkdtm_bugs_init(int *recur_param)
40{
41 if (*recur_param < 0)
42 *recur_param = recur_count;
43 else
44 recur_count = *recur_param;
45}
46
47void lkdtm_PANIC(void)
48{
49 panic("dumptest");
50}
51
52void lkdtm_BUG(void)
53{
54 BUG();
55}
56
57void lkdtm_WARNING(void)
58{
59 WARN_ON(1);
60}
61
62void lkdtm_EXCEPTION(void)
63{
64 *((int *) 0) = 0;
65}
66
67void lkdtm_LOOP(void)
68{
69 for (;;)
70 ;
71}
72
73void lkdtm_OVERFLOW(void)
74{
75 (void) recursive_loop(recur_count);
76}
77
78noinline void lkdtm_CORRUPT_STACK(void)
79{
80 /* Use default char array length that triggers stack protection. */
81 char data[8];
82
Michael Ellermanc55d2402016-11-15 18:02:32 +1100[diff] [blame^]83 memset((void *)data, 'a', 64);
84 pr_info("Corrupted stack with '%16s'...\n", data);
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]85}
86
87void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void)
88{
89 static u8 data[5] __attribute__((aligned(4))) = {1, 2, 3, 4, 5};
90 u32 *p;
91 u32 val = 0x12345678;
92
93 p = (u32 *)(data + 1);
94 if (*p == 0)
95 val = 0x87654321;
96 *p = val;
97}
98
99void lkdtm_SOFTLOCKUP(void)
100{
101 preempt_disable();
102 for (;;)
103 cpu_relax();
104}
105
106void lkdtm_HARDLOCKUP(void)
107{
108 local_irq_disable();
109 for (;;)
110 cpu_relax();
111}
112
113void lkdtm_SPINLOCKUP(void)
114{
115 /* Must be called twice to trigger. */
116 spin_lock(&lock_me_up);
117 /* Let sparse know we intended to exit holding the lock. */
118 __release(&lock_me_up);
119}
120
121void lkdtm_HUNG_TASK(void)
122{
123 set_current_state(TASK_UNINTERRUPTIBLE);
124 schedule();
125}
126
127void lkdtm_ATOMIC_UNDERFLOW(void)
128{
129 atomic_t under = ATOMIC_INIT(INT_MIN);
130
131 pr_info("attempting good atomic increment\n");
132 atomic_inc(&under);
133 atomic_dec(&under);
134
135 pr_info("attempting bad atomic underflow\n");
136 atomic_dec(&under);
137}
138
139void lkdtm_ATOMIC_OVERFLOW(void)
140{
141 atomic_t over = ATOMIC_INIT(INT_MAX);
142
143 pr_info("attempting good atomic decrement\n");
144 atomic_dec(&over);
145 atomic_inc(&over);
146
147 pr_info("attempting bad atomic overflow\n");
148 atomic_inc(&over);
149}