Commit Graph

5 Commits

Author SHA1 Message Date
Arnd Bergmann
4deaa6fd00 usercopy: ARM NOMMU has no 64-bit get_user
On a NOMMU ARM kernel, we get this link error:

ERROR: "__get_user_bad" [lib/test_user_copy.ko] undefined!

The problem is that the extended get_user/put_user definitions
were only added for the normal (MMU based) case.

We could add it for NOMMU as well, but it seems easier to just not
call it, since no other code needs it.

Fixes: 4c5d7bc637 ("usercopy: Add tests for all get_user() sizes")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-02-22 11:24:08 -08:00
Kees Cook
4c5d7bc637 usercopy: Add tests for all get_user() sizes
The existing test was only exercising native unsigned long size
get_user(). For completeness, we should check all sizes. But we
must skip some 32-bit architectures that don't implement a 64-bit
get_user().

These new tests actually uncovered a bug in ARM's 64-bit get_user()
zeroing.

Signed-off-by: Kees Cook <keescook@chromium.org>
2017-02-21 11:59:38 -08:00
Kees Cook
f5f893c57e usercopy: Adjust tests to deal with SMAP/PAN
Under SMAP/PAN/etc, we cannot write directly to userspace memory, so
this rearranges the test bytes to get written through copy_to_user().
Additionally drops the bad copy_from_user() test that would trigger a
memcpy() against userspace on failure.

Signed-off-by: Kees Cook <keescook@chromium.org>
2017-02-16 16:34:59 -08:00
Hoeun Ryu
4fbfeb8bd6 usercopy: add testcases to check zeroing on failure
During usercopy the destination buffer will be zeroed if copy_from_user()
or get_user() fails. This patch adds testcases for it. The destination
buffer is set with non-zero value before illegal copy_from_user() or
get_user() is executed and the buffer is compared to zero after usercopy
is done.

Signed-off-by: Hoeun Ryu <hoeun.ryu@gmail.com>
[kees: clarified commit log, dropped second kmalloc]
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-02-16 16:34:59 -08:00
Kees Cook
3e2a4c183a test: check copy_to/from_user boundary validation
To help avoid an architecture failing to correctly check kernel/user
boundaries when handling copy_to_user, copy_from_user, put_user, or
get_user, perform some simple tests and fail to load if any of them
behave unexpectedly.

Specifically, this is to make sure there is a way to notice if things
like what was fixed in commit 8404663f81 ("ARM: 7527/1: uaccess:
explicitly check __user pointer when !CPU_USE_DOMAINS") ever regresses
again, for any architecture.

Additionally, adds new "user" selftest target, which loads this module.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-01-23 16:36:57 -08:00