lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2022 17:42:39 -0700 From: joao@...rdrivepizza.com To: linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Cc: joao@...rdrivepizza.com, peterz@...radead.org, jpoimboe@...hat.com, andrew.cooper3@...rix.com, keescook@...omium.org, samitolvanen@...gle.com, mark.rutland@....com, hjl.tools@...il.com, alyssa.milburn@...ux.intel.com, ndesaulniers@...gle.com, gabriel.gomes@...ux.intel.com, rick.p.edgecombe@...el.com Subject: [RFC PATCH 09/11] x86/FineIBT: Add FINEIBT_TEST module From: Joao Moreira <joao@...rdrivepizza.com> Adds a module that on load will call a function directly ensuring that FineIBT fixes for module relocations are working as expected. Next the module invokes another function indirectly, with a wrong hash into R11, causing a violation to be triggered (and the __fineibt_handler to be invoked). Signed-off-by: Joao Moreira <joao@...rdrivepizza.com> --- arch/x86/Kconfig.debug | 5 +++++ arch/x86/kernel/Makefile | 1 + arch/x86/kernel/fineibt_test.c | 39 ++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 arch/x86/kernel/fineibt_test.c diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug index d2463dd912c1..4a5617c2470d 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug @@ -284,3 +284,8 @@ config X86_CET_TEST depends on m depends on X86_KERNEL_IBT tristate "in-kernel CET testing module" + +config X86_FINEIBT_TEST + depends on m + depends on X86_KERNEL_FINEIBT + tristate "in-kernel FineIBT testing module" diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index a82bcd14bd40..5d7f39f3d909 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -150,6 +150,7 @@ obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o obj-$(CONFIG_X86_KERNEL_FINEIBT) += fineibt.o obj-$(CONFIG_X86_CET_TEST) += cet_test.o +obj-$(CONFIG_X86_FINEIBT_TEST) += fineibt_test.o ### # 64 bit specific files diff --git a/arch/x86/kernel/fineibt_test.c b/arch/x86/kernel/fineibt_test.c new file mode 100644 index 000000000000..c8cbff6208f8 --- /dev/null +++ b/arch/x86/kernel/fineibt_test.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include <linux/module.h> + +void __fineibt_debug(void); + +void fineibt_foo(void) { + pr_info("FineIBT: dmesg should show a FineIBT violation message.\n"); +} + +void fineibt_bar(void) { + pr_info("FineIBT: this first one should run smoothly.\n"); +} + +static int fineibt_test_init(void) +{ + pr_info("FineIBT test\n"); + + __fineibt_debug(); + + asm volatile( + "call fineibt_bar\n" + "lea fineibt_foo(%%rip), %%rax\n" + "mov $0xdeadbeef, %%r11\n" + "call *%%rax\n" + /* this should trigger the handler because the hash is wrong */ + ::: "rax" + ); + return 0; +} + +static void fineibt_test_exit(void) +{ +} + +module_init(fineibt_test_init); +module_exit(fineibt_test_exit); + +MODULE_LICENSE("GPL v2"); -- 2.35.1
Powered by blists - more mailing lists