| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220420004241.2093-10-joao@overdrivepizza.com>
Date: Tue, 19 Apr 2022 17:42:39 -0700
From: joao@...rdrivepizza.com
To: linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Cc: joao@...rdrivepizza.com, peterz@...radead.org, jpoimboe@...hat.com,
andrew.cooper3@...rix.com, keescook@...omium.org,
samitolvanen@...gle.com, mark.rutland@....com, hjl.tools@...il.com,
alyssa.milburn@...ux.intel.com, ndesaulniers@...gle.com,
gabriel.gomes@...ux.intel.com, rick.p.edgecombe@...el.com
Subject: [RFC PATCH 09/11] x86/FineIBT: Add FINEIBT_TEST module
From: Joao Moreira <joao@...rdrivepizza.com>
Adds a module that on load will call a function directly ensuring that
FineIBT fixes for module relocations are working as expected. Next the
module invokes another function indirectly, with a wrong hash into R11,
causing a violation to be triggered (and the __fineibt_handler to be
invoked).
Signed-off-by: Joao Moreira <joao@...rdrivepizza.com>
---
arch/x86/Kconfig.debug | 5 +++++
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/fineibt_test.c | 39 ++++++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+)
create mode 100644 arch/x86/kernel/fineibt_test.c
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index d2463dd912c1..4a5617c2470d 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -284,3 +284,8 @@ config X86_CET_TEST
depends on m
depends on X86_KERNEL_IBT
tristate "in-kernel CET testing module"
+
+config X86_FINEIBT_TEST
+ depends on m
+ depends on X86_KERNEL_FINEIBT
+ tristate "in-kernel FineIBT testing module"
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index a82bcd14bd40..5d7f39f3d909 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -150,6 +150,7 @@ obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o
obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o
obj-$(CONFIG_X86_KERNEL_FINEIBT) += fineibt.o
obj-$(CONFIG_X86_CET_TEST) += cet_test.o
+obj-$(CONFIG_X86_FINEIBT_TEST) += fineibt_test.o
###
# 64 bit specific files
diff --git a/arch/x86/kernel/fineibt_test.c b/arch/x86/kernel/fineibt_test.c
new file mode 100644
index 000000000000..c8cbff6208f8
--- /dev/null
+++ b/arch/x86/kernel/fineibt_test.c
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include <linux/module.h>
+
+void __fineibt_debug(void);
+
+void fineibt_foo(void) {
+ pr_info("FineIBT: dmesg should show a FineIBT violation message.\n");
+}
+
+void fineibt_bar(void) {
+ pr_info("FineIBT: this first one should run smoothly.\n");
+}
+
+static int fineibt_test_init(void)
+{
+ pr_info("FineIBT test\n");
+
+ __fineibt_debug();
+
+ asm volatile(
+ "call fineibt_bar\n"
+ "lea fineibt_foo(%%rip), %%rax\n"
+ "mov $0xdeadbeef, %%r11\n"
+ "call *%%rax\n"
+ /* this should trigger the handler because the hash is wrong */
+ ::: "rax"
+ );
+ return 0;
+}
+
+static void fineibt_test_exit(void)
+{
+}
+
+module_init(fineibt_test_init);
+module_exit(fineibt_test_exit);
+
+MODULE_LICENSE("GPL v2");
--
2.35.1
Powered by blists - more mailing lists