| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jun 2024 17:54:03 +0530
From: Dev Jain <dev.jain@....com>
To: shuah@...nel.org,
linux-arm-kernel@...ts.infradead.org,
linux-kselftest@...r.kernel.org,
Catalin.Marinas@....com,
will@...nel.org
Cc: broonie@...nel.org,
ryan.roberts@....com,
rob.herring@....com,
mark.rutland@....com,
linux@...linux.org.uk,
suzuki.poulose@....com,
Anshuman.Khandual@....com,
aneesh.kumar@...nel.org,
linux-kernel@...r.kernel.org,
Dev Jain <dev.jain@....com>
Subject: [PATCH v3 4/9] selftests/arm: Add signal tests
This patch introduces two signal tests, and generic test wrappers similar
to selftests/arm64/signal directory, along with the mangling testcases
found therein. arm_cpsr, dumped by the kernel to user space in the ucontext
structure to the signal handler, is mangled with. The kernel must spot this
illegal attempt and the testcases are expected to terminate via SEGV.
Signed-off-by: Dev Jain <dev.jain@....com>
---
.../testcases/mangle_cpsr_invalid_aif_bits.c | 33 +++++++++++++++++++
.../mangle_cpsr_invalid_compat_toggle.c | 29 ++++++++++++++++
2 files changed, 62 insertions(+)
create mode 100644 tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_aif_bits.c
create mode 100644 tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_compat_toggle.c
diff --git a/tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_aif_bits.c b/tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_aif_bits.c
new file mode 100644
index 000000000000..ea73a96fb229
--- /dev/null
+++ b/tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_aif_bits.c
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2024 ARM Limited
+ *
+ * Try to mangle the ucontext from inside a signal handler, mangling the
+ * AIF bits in an illegal manner: this attempt must be spotted by Kernel
+ * and the test case is expected to be terminated via SEGV.
+ *
+ */
+
+#include "test_signals_utils.h"
+
+static int mangle_invalid_cpsr_run(struct tdescr *td, siginfo_t *si,
+ ucontext_t *uc)
+{
+
+ /*
+ * This config should trigger a SIGSEGV by Kernel when it checks
+ * the sigframe consistency in valid_user_regs() routine.
+ */
+ uc->uc_mcontext.arm_cpsr |= PSR_A_BIT | PSR_I_BIT | PSR_F_BIT;
+
+ return 1;
+}
+
+struct tdescr tde = {
+ .sanity_disabled = true,
+ .name = "MANGLE_CPSR_INVALID_AIF_BITS",
+ .descr = "Mangling uc_mcontext with INVALID AIF_BITS",
+ .sig_trig = SIGUSR1,
+ .sig_ok = SIGSEGV,
+ .run = mangle_invalid_cpsr_run,
+};
diff --git a/tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_compat_toggle.c b/tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_compat_toggle.c
new file mode 100644
index 000000000000..f7ccbccb24e5
--- /dev/null
+++ b/tools/testing/selftests/arm/signal/testcases/mangle_cpsr_invalid_compat_toggle.c
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2024 ARM Limited
+ *
+ * Try to mangle the ucontext from inside a signal handler, toggling
+ * the execution state bit: this attempt must be spotted by Kernel and
+ * the test case is expected to be terminated via SEGV.
+ */
+
+#include "test_signals_utils.h"
+
+static int mangle_invalid_cpsr_run(struct tdescr *td, siginfo_t *si,
+ ucontext_t *uc)
+{
+
+ /* This config should trigger a SIGSEGV by Kernel */
+ uc->uc_mcontext.arm_cpsr ^= MODE32_BIT;
+
+ return 1;
+}
+
+struct tdescr tde = {
+ .sanity_disabled = true,
+ .name = "MANGLE_CPSR_INVALID_STATE_TOGGLE",
+ .descr = "Mangling uc_mcontext with INVALID STATE_TOGGLE",
+ .sig_trig = SIGUSR1,
+ .sig_ok = SIGSEGV,
+ .run = mangle_invalid_cpsr_run,
+};
--
2.39.2
Powered by blists - more mailing lists