lkdtm: Add tests for NULL pointer dereference (14c328b4) · Commits · e / devices / android_kernel_teracube_2e

drivers/misc/lkdtm.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -40,7 +40,9 @@ void lkdtm_EXEC_KMALLOC(void);
		void lkdtm_EXEC_VMALLOC(void);
		void lkdtm_EXEC_RODATA(void);
		void lkdtm_EXEC_USERSPACE(void);
		void lkdtm_EXEC_NULL(void);
		void lkdtm_ACCESS_USERSPACE(void);
		void lkdtm_ACCESS_NULL(void);

		/* lkdtm_rodata.c */
		void lkdtm_rodata_do_nothing(void);

+2 −0

Original line number	Diff line number	Diff line
		@@ -214,7 +214,9 @@ struct crashtype crashtypes[] = {
		CRASHTYPE(EXEC_VMALLOC),
		CRASHTYPE(EXEC_RODATA),
		CRASHTYPE(EXEC_USERSPACE),
		CRASHTYPE(EXEC_NULL),
		CRASHTYPE(ACCESS_USERSPACE),
		CRASHTYPE(ACCESS_NULL),
		CRASHTYPE(WRITE_RO),
		CRASHTYPE(WRITE_RO_AFTER_INIT),
		CRASHTYPE(WRITE_KERN),

+18 −0

Original line number	Diff line number	Diff line
		@@ -160,6 +160,11 @@ void lkdtm_EXEC_USERSPACE(void)
		vm_munmap(user_addr, PAGE_SIZE);
		}

		void lkdtm_EXEC_NULL(void)
		{
		execute_location(NULL, CODE_AS_IS);
		}

		void lkdtm_ACCESS_USERSPACE(void)
		{
		unsigned long user_addr, tmp = 0;
		@@ -191,6 +196,19 @@ void lkdtm_ACCESS_USERSPACE(void)
		vm_munmap(user_addr, PAGE_SIZE);
		}

		void lkdtm_ACCESS_NULL(void)
		{
		unsigned long tmp;
		unsigned long ptr = (unsigned long )NULL;

		pr_info("attempting bad read at %px\n", ptr);
		tmp = *ptr;
		tmp += 0xc0dec0de;

		pr_info("attempting bad write at %px\n", ptr);
		*ptr = tmp;
		}

		void __init lkdtm_perms_init(void)
		{
		/* Make sure we can write to __ro_after_init values during __init */