Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / bf7ef8f2d57cd1f5f1846dd58ff9309efad58252 / . / drivers / misc / lkdtm_bugs.c
blob: 182ae1894b328861323c42767aadd5f2588318b9 [file] [log] [blame]
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]1/*
2 * This is for all the tests related to logic bugs (e.g. bad dereferences,
3 * bad alignment, bad loops, bad locking, bad scheduling, deep stacks, and
4 * lockups) along with other things that don't fit well into existing LKDTM
5 * test source files.
6 */
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]7#include "lkdtm.h"
Kees Cook6d2e91a2016-07-15 16:04:39 -0700[diff] [blame]8#include <linux/sched.h>
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]9
10/*
11 * Make sure our attempts to over run the kernel stack doesn't trigger
12 * a compiler warning when CONFIG_FRAME_WARN is set. Then make sure we
13 * recurse past the end of THREAD_SIZE by default.
14 */
15#if defined(CONFIG_FRAME_WARN) && (CONFIG_FRAME_WARN > 0)
16#define REC_STACK_SIZE (CONFIG_FRAME_WARN / 2)
17#else
18#define REC_STACK_SIZE (THREAD_SIZE / 8)
19#endif
20#define REC_NUM_DEFAULT ((THREAD_SIZE / REC_STACK_SIZE) * 2)
21
22static int recur_count = REC_NUM_DEFAULT;
23
24static DEFINE_SPINLOCK(lock_me_up);
25
26static int recursive_loop(int remaining)
27{
28 char buf[REC_STACK_SIZE];
29
30 /* Make sure compiler does not optimize this away. */
31 memset(buf, (remaining & 0xff) | 0x1, REC_STACK_SIZE);
32 if (!remaining)
33 return 0;
34 else
35 return recursive_loop(remaining - 1);
36}
37
38/* If the depth is negative, use the default, otherwise keep parameter. */
39void __init lkdtm_bugs_init(int *recur_param)
40{
41 if (*recur_param < 0)
42 *recur_param = recur_count;
43 else
44 recur_count = *recur_param;
45}
46
47void lkdtm_PANIC(void)
48{
49 panic("dumptest");
50}
51
52void lkdtm_BUG(void)
53{
54 BUG();
55}
56
57void lkdtm_WARNING(void)
58{
59 WARN_ON(1);
60}
61
62void lkdtm_EXCEPTION(void)
63{
64 *((int *) 0) = 0;
65}
66
67void lkdtm_LOOP(void)
68{
69 for (;;)
70 ;
71}
72
73void lkdtm_OVERFLOW(void)
74{
75 (void) recursive_loop(recur_count);
76}
77
78noinline void lkdtm_CORRUPT_STACK(void)
79{
80 /* Use default char array length that triggers stack protection. */
81 char data[8];
82
83 memset((void *)data, 0, 64);
84}
85
86void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void)
87{
88 static u8 data[5] __attribute__((aligned(4))) = {1, 2, 3, 4, 5};
89 u32 *p;
90 u32 val = 0x12345678;
91
92 p = (u32 *)(data + 1);
93 if (*p == 0)
94 val = 0x87654321;
95 *p = val;
96}
97
98void lkdtm_SOFTLOCKUP(void)
99{
100 preempt_disable();
101 for (;;)
102 cpu_relax();
103}
104
105void lkdtm_HARDLOCKUP(void)
106{
107 local_irq_disable();
108 for (;;)
109 cpu_relax();
110}
111
112void lkdtm_SPINLOCKUP(void)
113{
114 /* Must be called twice to trigger. */
115 spin_lock(&lock_me_up);
116 /* Let sparse know we intended to exit holding the lock. */
117 __release(&lock_me_up);
118}
119
120void lkdtm_HUNG_TASK(void)
121{
122 set_current_state(TASK_UNINTERRUPTIBLE);
123 schedule();
124}
125
126void lkdtm_ATOMIC_UNDERFLOW(void)
127{
128 atomic_t under = ATOMIC_INIT(INT_MIN);
129
130 pr_info("attempting good atomic increment\n");
131 atomic_inc(&under);
132 atomic_dec(&under);
133
134 pr_info("attempting bad atomic underflow\n");
135 atomic_dec(&under);
136}
137
138void lkdtm_ATOMIC_OVERFLOW(void)
139{
140 atomic_t over = ATOMIC_INIT(INT_MAX);
141
142 pr_info("attempting good atomic decrement\n");
143 atomic_dec(&over);
144 atomic_inc(&over);
145
146 pr_info("attempting bad atomic overflow\n");
147 atomic_inc(&over);
148}