lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 May 2021 23:34:45 -0500 From: "Christopher M. Riedl" <cmr@...ux.ibm.com> To: linuxppc-dev@...ts.ozlabs.org Cc: tglx@...utronix.de, x86@...nel.org, linux-hardening@...r.kernel.org, keescook@...omium.org Subject: [RESEND PATCH v4 04/11] lkdtm/x86_64: Add test to hijack a patch mapping A previous commit implemented an LKDTM test on powerpc to exploit the temporary mapping established when patching code with STRICT_KERNEL_RWX enabled. Extend the test to work on x86_64 as well. Signed-off-by: Christopher M. Riedl <cmr@...ux.ibm.com> --- drivers/misc/lkdtm/perms.c | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index c6f96ebffccfd..55c3bec6d3b72 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -224,7 +224,7 @@ void lkdtm_ACCESS_NULL(void) } #if (IS_BUILTIN(CONFIG_LKDTM) && defined(CONFIG_STRICT_KERNEL_RWX) && \ - defined(CONFIG_PPC)) + (defined(CONFIG_PPC) || defined(CONFIG_X86_64))) /* * This is just a dummy location to patch-over. */ @@ -233,28 +233,51 @@ static void patching_target(void) return; } +#ifdef CONFIG_PPC #include <asm/code-patching.h> struct ppc_inst * const patch_site = (struct ppc_inst *)&patching_target; +#endif + +#ifdef CONFIG_X86_64 +#include <asm/text-patching.h> +u32 * const patch_site = (u32 *)&patching_target; +#endif static inline int lkdtm_do_patch(u32 data) { +#ifdef CONFIG_PPC return patch_instruction(patch_site, ppc_inst(data)); +#endif +#ifdef CONFIG_X86_64 + text_poke(patch_site, &data, sizeof(u32)); + return 0; +#endif } static inline u32 lkdtm_read_patch_site(void) { +#ifdef CONFIG_PPC struct ppc_inst inst = READ_ONCE(*patch_site); return ppc_inst_val(ppc_inst_read(&inst)); +#endif +#ifdef CONFIG_X86_64 + return READ_ONCE(*patch_site); +#endif } /* Returns True if the write succeeds */ static inline bool lkdtm_try_write(u32 data, u32 *addr) { +#ifdef CONFIG_PPC __put_kernel_nofault(addr, &data, u32, err); return true; err: return false; +#endif +#ifdef CONFIG_X86_64 + return !__put_user(data, addr); +#endif } static int lkdtm_patching_cpu(void *data) @@ -347,8 +370,8 @@ void lkdtm_HIJACK_PATCH(void) void lkdtm_HIJACK_PATCH(void) { - if (!IS_ENABLED(CONFIG_PPC)) - pr_err("XFAIL: this test only runs on powerpc\n"); + if (!IS_ENABLED(CONFIG_PPC) && !IS_ENABLED(CONFIG_X86_64)) + pr_err("XFAIL: this test only runs on powerpc and x86_64\n"); if (!IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) pr_err("XFAIL: this test requires CONFIG_STRICT_KERNEL_RWX\n"); if (!IS_BUILTIN(CONFIG_LKDTM)) -- 2.26.1
Powered by blists - more mailing lists