TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2e53b877dc
twx-linux/drivers
History
Kees Cook 2e53b877dc lkdtm: Add CFI_BACKWARD to test ROP mitigations 
In order to test various backward-edge control flow integrity methods,
add a test that manipulates the return address on the stack. Currently
only arm64 Pointer Authentication and Shadow Call Stack is supported.

 $ echo CFI_BACKWARD | cat >/sys/kernel/debug/provoke-crash/DIRECT

Under SCS, successful test of the mitigation is reported as:

 lkdtm: Performing direct entry CFI_BACKWARD
 lkdtm: Attempting unchecked stack return address redirection ...
 lkdtm: ok: redirected stack return address.
 lkdtm: Attempting checked stack return address redirection ...
 lkdtm: ok: control flow unchanged.

Under PAC, successful test of the mitigation is reported by the PAC
exception handler:

 lkdtm: Performing direct entry CFI_BACKWARD
 lkdtm: Attempting unchecked stack return address redirection ...
 lkdtm: ok: redirected stack return address.
 lkdtm: Attempting checked stack return address redirection ...
 Unable to handle kernel paging request at virtual address bfffffc0088d0514
 Mem abort info:
   ESR = 0x86000004
   EC = 0x21: IABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
   FSC = 0x04: level 0 translation fault
 [bfffffc0088d0514] address between user and kernel address ranges
 ...

If the CONFIGs are missing (or the mitigation isn't working), failure
is reported as:

 lkdtm: Performing direct entry CFI_BACKWARD
 lkdtm: Attempting unchecked stack return address redirection ...
 lkdtm: ok: redirected stack return address.
 lkdtm: Attempting checked stack return address redirection ...
 lkdtm: FAIL: stack return address was redirected!
 lkdtm: This is probably expected, since this kernel was built *without* CONFIG_ARM64_PTR_AUTH_KERNEL=y nor CONFIG_SHADOW_CALL_STACK=y

Co-developed-by: Dan Li <ashimida@linux.alibaba.com>
Signed-off-by: Dan Li <ashimida@linux.alibaba.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/lkml/20220416001103.1524653-1-keescook@chromium.org
2022-04-16 13:57:23 -07:00
..
accessibility
acpi Merge branch 'acpi-bus' 2022-04-08 19:50:44 +02:00
amba
android
ata ata: ahci: Rename CONFIG_SATA_LPM_POLICY configuration item back 2022-04-06 11:08:04 +09:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
auxdisplay auxdisplay: lcd2s: Use array size explicitly in lcd2s_gotoxy() 2022-03-18 20:31:14 +01:00
base Device properties code update for 5.18-rc1 2022-03-29 11:30:12 -07:00
bcma Core MTD changes: 2022-03-25 13:35:34 -07:00
block drbd: set QUEUE_FLAG_STABLE_WRITES 2022-04-06 13:07:53 -06:00
bluetooth Bluetooth: ath3k: remove superfluous header files 2022-03-18 17:12:09 +01:00
bus Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cdrom cdrom: remove unused variable 2022-04-06 08:47:52 -06:00
char random: check for signals every PAGE_SIZE chunk of /dev/[u]random 2022-04-07 01:36:37 +02:00
clk A single revert to fix a boot regression seen when clk_put() started 2022-04-03 12:21:14 -07:00
clocksource asm-generic updates for 5.18 2022-03-23 18:03:08 -07:00
comedi
connector
counter Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cpufreq Merge branch 'cpufreq/arm/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm 2022-03-22 12:15:47 +01:00
cpuidle RISC-V CPU Idle Support 2022-03-30 16:17:54 -07:00
crypto virtio: features, fixes 2022-03-31 13:57:15 -07:00
cxl cxl/pci: Drop shadowed variable 2022-04-08 12:59:43 -07:00
dax dax for 5.18 2022-03-24 18:12:09 -07:00
dca
devfreq
dio
dma dmaengine updates for v5.18-rc1 2022-03-30 10:54:49 -07:00
dma-buf dma-buf: handle empty dma_fence_arrays gracefully 2022-03-29 09:14:30 +02:00
edac Merge branch 'edac-amd64' into edac-updates-for-v5.18 2022-03-21 10:34:57 +01:00
eisa
extcon
firewire
firmware Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
fpga
fsi
gnss
gpio gpio: Restrict usage of GPIO chip irq members before initialization 2022-04-04 14:41:34 +02:00
gpu drm-misc-fixes for v5.18-rc2: 2022-04-08 09:22:16 +10:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2022-04-01 10:14:32 -07:00
hsi
hv hyperv-fixes for 5.18-rc2 2022-04-07 06:35:34 -10:00
hwmon Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
hwspinlock hwspinlock: sprd: Use struct_size() helper in devm_kzalloc() 2022-03-11 14:56:57 -06:00
hwtracing Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
i2c Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2022-03-26 12:46:08 -07:00
i3c
idle cpuidle: intel_idle: Drop redundant backslash at line end 2022-03-17 14:32:59 +01:00
iio Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
infiniband RDMA/hfi1: Fix use-after-free bug for mm struct 2022-04-08 15:40:06 -03:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2022-04-01 10:14:32 -07:00
interconnect
iommu iommu/omap: Fix regression in probe for NULL pointer dereference 2022-04-08 11:16:29 +02:00
ipack
irqchip irqchip/gic, gic-v3: Prevent GSI to SGI translations 2022-04-05 16:33:47 +01:00
isdn mISDN: fix typo "frame to short" -> "frame too short" 2022-03-21 13:26:38 +00:00
leds LED updates for 5.18-rc1. Nothing major here, there are two drivers 2022-03-27 14:09:48 -07:00
macintosh
mailbox mailbox: ti-msgmgr: Operate mailbox in polled mode during system suspend 2022-03-12 19:33:30 -06:00
mcb
md - Fix DM integrity shrink crash due to journal entry not being marked 2022-04-01 15:57:27 -07:00
media drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
memory ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
memstick
message scsi: message: fusion: Remove redundant variable dmp 2022-04-06 22:28:07 -04:00
mfd - New Drivers 2022-03-25 13:56:18 -07:00
misc lkdtm: Add CFI_BACKWARD to test ROP mitigations 2022-04-16 13:57:23 -07:00
mmc mmc: core: improve API to make clear mmc_hw_reset is for cards 2022-04-08 11:00:08 +02:00
most
mtd This pull request contains fixes for JFFS2, UBI and UBIFS 2022-03-31 16:09:41 -07:00
mux
net MMC core: 2022-04-08 06:37:11 -10:00
nfc spi: Updates for v5.18 2022-03-21 18:33:57 -07:00
ntb
nubus
nvdimm libnvdimm for 5.18 2022-03-30 10:04:11 -07:00
nvme for-5.18/drivers-2022-04-01 2022-04-01 16:26:57 -07:00
nvmem nvmem: brcm_nvram: parse NVRAM content into NVMEM cells 2022-03-18 14:08:36 +01:00
of Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
opp
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-03-29 21:37:12 +02:00
parport parport_pc: Also enable driver for PCI systems 2022-03-18 14:01:41 +01:00
pci hyperv-fixes for 5.18-rc2 2022-04-07 06:35:34 -10:00
pcmcia
peci
perf perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant 2022-04-08 14:17:57 +01:00
phy phy: PHY_FSL_LYNX_28G should depend on ARCH_LAYERSCAPE 2022-03-29 08:45:16 -07:00
pinctrl Pin control bulk changes for the v5.18 kernel cycle 2022-03-28 11:52:53 -07:00
platform chrome platform changes for 5.18 2022-04-02 10:44:18 -07:00
pnp PNP update for 5.18-rc1 2022-03-21 14:46:01 -07:00
power Driver core changes for 5.18-rc1 2022-03-28 12:41:28 -07:00
powercap
pps pps: generators: pps_gen_parport: Switch to use module_parport_driver() 2022-03-18 14:01:19 +01:00
ps3
ptp ptp: ocp: handle error from nvmem_device_find 2022-03-30 12:08:11 -07:00
pwm
rapidio
ras
regulator regulator: atc260x: Fix missing active_discharge_on setting 2022-04-04 08:59:43 +01:00
remoteproc remoteproc updates for v5.18 2022-03-30 10:50:48 -07:00
reset
rpmsg rpmsg: ctrl: Introduce new RPMSG_CREATE/RELEASE_DEV_IOCTL controls 2022-03-13 11:49:53 -05:00
rtc RTC for 5.18 2022-04-01 09:37:18 -07:00
s390 s390: cleanup timer API use 2022-03-27 22:18:39 +02:00
sbus
scsi scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan 2022-04-06 22:58:17 -04:00
sh
siox
slimbus
soc Networking changes for 5.18. 2022-03-24 13:13:26 -07:00
soundwire Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
spi ACPI updates for 5.18-rc2 2022-04-08 18:23:02 -10:00
spmi
ssb
staging staging: r8188eu: Fix PPPoE tag insertion on little endian systems 2022-04-04 16:35:20 +02:00
target Merge branch '5.18/scsi-queue' into 5.18/scsi-fixes 2022-04-06 21:46:54 -04:00
tc
tee ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
thermal Merge branch 'thermal-hfi' 2022-03-18 19:00:26 +01:00
thunderbolt Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
tty tty: serial: mpc52xx_uart: make rx/tx hooks return unsigned, part II. 2022-04-04 10:33:02 +02:00
uio
usb xen: branch for v5.18-rc1 2022-03-28 14:32:39 -07:00
vdpa virtio: fixes, cleanups 2022-04-05 10:40:52 -07:00
vfio hisi_acc_vfio_pci: Use its own PCI reset_done error handler 2022-03-15 11:41:32 -06:00
vhost virtio: features, fixes 2022-03-31 13:57:15 -07:00
video fbdev: Fix unregistering of framebuffers without device 2022-04-06 21:12:28 +02:00
virt Random number generator fixes for Linux 5.18-rc1. 2022-03-31 14:51:34 -07:00
virtio virtio: fixes, cleanups 2022-04-05 10:40:52 -07:00
visorbus
vlynq
vme
w1 w1: w1_therm: Add support for Maxim MAX31850 thermoelement IF. 2022-03-18 14:07:09 +01:00
watchdog linux-watchdog 5.18-rc1 tag 2022-03-31 14:14:03 -07:00
xen xen: don't hang when resuming PCI device 2022-03-25 14:22:15 -05:00
zorro
Kconfig
Makefile