lkdtm: Add a test for function descriptors protection
Add WRITE_OPD to check that you can't modify function descriptors. Gives the following result when function descriptors are not protected: lkdtm: Performing direct entry WRITE_OPD lkdtm: attempting bad 16 bytes write at c00000000269b358 lkdtm: FAIL: survived bad write lkdtm: do_nothing was hijacked! Looks like a standard compiler barrier() is not enough to force GCC to use the modified function descriptor. Had to add a fake empty inline assembly to force GCC to reload the function descriptor. Signed-off-by:Christophe Leroy <christophe.leroy@csgroup.eu> Acked-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/7eeba50d16a35e9d799820e43304150225f20197.1644928018.git.christophe.leroy@csgroup.eu
Showing
- drivers/misc/lkdtm/core.c 1 addition, 0 deletionsdrivers/misc/lkdtm/core.c
- drivers/misc/lkdtm/lkdtm.h 1 addition, 0 deletionsdrivers/misc/lkdtm/lkdtm.h
- drivers/misc/lkdtm/perms.c 22 additions, 0 deletionsdrivers/misc/lkdtm/perms.c
- tools/testing/selftests/lkdtm/tests.txt 1 addition, 0 deletionstools/testing/selftests/lkdtm/tests.txt
Please register or sign in to comment