summaryrefslogtreecommitdiffstats
path: root/drivers/misc/lkdtm.c
Commit message (Collapse)AuthorAgeFilesLines
* Add MODULE_DESCRIPTION to dummy-irq.c and lkdtm.c in drivers/miscTerry Chia2014-07-091-0/+1
| | | | | | | | This starts to address https://bugzilla.kernel.org/show_bug.cgi?id=10770 Signed-off-by: Terry Chia <terrycwk1994@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: include cacheflush.hKees Cook2014-02-141-0/+1
| | | | | | | | | | | | | Some architectures need cacheflush.h explicitly included (mips) for use of flush_icache_range(): config: make ARCH=mips allmodconfig All error/warnings: >> ERROR: "flush_icache_range" undefined! Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: add "WRITE_KERN" testKees Cook2014-02-141-0/+25
| | | | | | | | Add "WRITE_KERN" crash target to validate that kernel executable memory is not writable. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: flush icache and report actionsKees Cook2014-02-141-0/+16
| | | | | | | | | | Some CPUs explicitly need to have their icache flushed after making executable code copies for the memory region execution tests. Additionally, report the specific address targets being used so that debugging non-crash failures is easier. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: convert to using pr_* for reportsKees Cook2014-02-141-17/+15
| | | | | | | Move to using pr_* calls instead of printk calls for reporting. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* drivers: misc: Mark function jp_generic_ide_ioctl() as static in lkdtm.cRashika Kheria2013-12-181-1/+1
| | | | | | | | | | | | This patch marks the function jp_generic_ide_ioctl() as static in lkdtm.c because it is not used outside this file. Thus, it also eliminates the following warnings in lkdtm.c: drivers/misc/lkdtm.c:227:5: warning: no previous prototype for ‘jp_generic_ide_ioctl’ [-Wmissing-prototypes] Signed-off-by: Rashika Kheria <rashika.kheria@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: clean up sparse warningsKees Cook2013-12-081-1/+4
| | | | | | | | | | | Since lkdtm intentionally does "bad" things, we need to convince sparse that we're doing these things on purpose. This adds an explicit cast to the call to copy_to_user() and marks the spin lock as expecting to dead-lock. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: add tests for additional page permissionsKees Cook2013-10-291-0/+61
| | | | | | | | | | Testing execution and access of userspace from the kernel is needed for validating things like Intel's SMEP and SMAP protections. Additionally, add an explicit test for validating that RO page permissions have been set for the RO data area. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: adjust recursion size to avoid warningsKees Cook2013-10-291-10/+20
| | | | | | | | | | | When CONFIG_FRAME_WARN is set low (e.g. some ARM builds), the hard-coded stack buffer size used for kernel stack over run testing triggers build warnings. Instead, avoid the warning by recalcuating the buffer size and recursion count needed to trigger the test. Also uses the recursion counter indirectly to avoid changing the parameter during the test. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: isolate stack corruption testKees Cook2013-10-251-6/+10
| | | | | | | | | | | When tests were added to lkdtm that grew the stack frame, the stack corruption test stopped working. This isolates the test in its own function, and forces it not to be inlined. Signed-off-by: Kees Cook <keescook@chromium.org> Fixes: cc33c537c12f ("lkdtm: add "EXEC_*" triggers") Cc: stable <stable@vger.kernel.org> # 3.12 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: add "EXEC_*" triggersKees Cook2013-07-241-0/+45
| | | | | | | | Add new crash locations that attempt to execute non-executable memory regions (data segment, stack, kmalloc, vmalloc). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: add "SPINLOCKUP" triggerKees Cook2013-07-241-0/+7
| | | | | | | | For additional lockup testing, add "SPINLOCKUP" to trigger a spinlock deadlock when triggered twice. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: add "WARNING" triggerKees Cook2013-07-241-0/+5
| | | | | | | For additional testing, add "WARNING" as a trigger that calls WARN_ON(1). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* lkdtm: fix stack protector triggerKees Cook2013-07-241-3/+3
| | | | | | | | | | The -fstack-protector compiler flag will only build stack protections if a character array is seen. Additionally, the offset to the saved instruction pointer changes based on architecture, so stomp much harder (64 bytes) when corrupting the stack. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* drivers/misc/lkdtm.c: fix missing allocation failure checkAlan Cox2012-07-301-0/+2
| | | | | | | | | Addresses https://bugzilla.kernel.org/show_bug.cgi?id=44691 Reported-by: <rucsoftsec@gmail.com> Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* lkdtm: avoid calling lkdtm_do_action() with spinlock heldCong Wang2012-02-031-1/+5
| | | | | | | | | | | | | lkdtm_do_action() may call sleeping functions like kmalloc(), so do not call it with spin lock held. Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <greg@kroah.com> Reviewed-by: Dave Young <dyoung@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* drivers/misc/lkdtm.c: fix race when crashpoint is hit multiple times before ↵Josh Hunt2011-06-271-0/+8
| | | | | | | | | | | | | | | | checking count We observed the crash point count going negative in cases where the crash point is hit multiple times before the check of "count == 0" is done. Because of this we never call lkdtm_do_action(). This patch just adds a spinlock to protect count. Reported-by: Tapan Dhimant <tdhimant@akamai.com> Signed-off-by: Josh Hunt <johunt@akamai.com> Acked-by: Ankita Garg <ankita@in.ibm.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* lkdtm: prefix enum constantsNamhyung Kim2010-10-261-64/+64
| | | | | | | | | | | Prefix cname and ctype constants with CN/CT_. This is especially for the conflict on BUG which causes a build break if arch defines it as a inline function, i.e. MIPS. Signed-off-by: Namhyung Kim <namhyung@gmail.com> Cc: Ankita Garg <ankita@in.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* lkdtm: use generic_file_llseek in debugfsArnd Bergmann2010-09-161-0/+9
| | | | | | | | | | | | | When the default llseek behavior gets changed to not allowing seek, all file operations that rely on the current behaviour need to use an explicit .llseek operation. The files that lkdtm uses in debugfs are regular files and they get read using simple_read_from_buffer, so generic_file_llseek is the right operation. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
* param: remove unnecessary writable charpRusty Russell2010-08-111-2/+2
| | | | | | | | | | | | | | | | | | | | sysfs-writable charp arguments need to be locked against modification (since the old ones may be kfreed underneath us). String arguments are much simpler, so use them for small strings (eg. IFNAMSIZ). lkdtm only uses the parameters at module initialization time, so there's not much point making them writable. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Takashi Iwai <tiwai@suse.de> Tested-by: Phil Carmody <ext-phil.2.carmody@nokia.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: M. Mohan Kumar <mohan@in.ibm.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Cc: Jeff Mahoney <jeffm@suse.com> Cc: Julia Lawall <julia@diku.dk> Cc: devel@driverdev.osuosl.org
* lktdm: add support for hardlockup, softlockup and hung task crashesFrederic Weisbecker2010-05-271-0/+20
| | | | | | | | | | | | | | | | | This adds three new types of kernel "crashes" in the lkdtm driver to trigger hardlockups, softlockups and task hung states at will. The first two are useful to test the new generic lockup detector and check its further regressions. The latter one is a bonus to check the hung task detector regressions even though it's not currently in rework. Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com> Cc: Simon Kagstrom <simon.kagstrom@netinsight.net> Cc: Ingo Molnar <mingo@elte.hu> Cc: Don Zickus <dzickus@redhat.com> Cc: Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* include cleanup: Update gfp.h and slab.h includes to prepare for breaking ↵Tejun Heo2010-03-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo <tj@kernel.org> Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
* lkdtm: add debugfs access and loosen KPROBE tiesSimon Kagstrom2010-03-061-82/+390
| | | | | | | | | | | | | | | | | | | | | | | Add adds a debugfs interface and additional failure modes to LKDTM to provide similar functionality to the provoke-crash driver submitted here: http://lwn.net/Articles/371208/ Crashes can now be induced either through module parameters (as before) or through the debugfs interface as in provoke-crash. The patch also provides a new "direct" interface, where KPROBES are not used, i.e., the crash is invoked directly upon write to the debugfs file. When built without KPROBES configured, only this mode is available. Signed-off-by: Simon Kagstrom <simon.kagstrom@netinsight.net> Cc: M. Mohan Kumar <mohan@in.ibm.com> Cc: Americo Wang <xiyou.wangcong@gmail.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: "Eric W. Biederman" <ebiederm@xmission.com>, Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* kprobes: use do_IRQ() in lkdtmM. Mohan Kumar2009-09-231-1/+1
| | | | | | | | | | | | | | | | Current lkdtm code puts a probe on __do_IRQ for some of the kdump test cases. Since __do_IRQ is deprecated, change lkdtm code to use do_IRQ function. Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com> Cc: Ankita Garg <ankita@in.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Masami Hiramatsu <mhiramat@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* NULL noise: drivers/miscAl Viro2008-03-301-1/+1
| | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* drivers/misc/lkdtm.c: cleanupsAdrian Bunk2008-02-061-11/+13
| | | | | | | | | | - make needlessly global functions static - make lkdtm_module_{init,exit}() as __{init,exit} Signed-off-by: Adrian Bunk <bunk@kernel.org> Cc: Ankita Garg <ankita@in.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [PATCH] assigning enum constant to char * is vile, even if it happens to be 0Al Viro2007-02-091-2/+2
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [PATCH] Fix for LKDTM MEM_SWAPOUT crashpointAnkita Garg2006-11-061-4/+4
| | | | | | | | | | | The MEM_SWAPOUT crashpoint in LKDTM could be broken as some compilers inline the call to shrink_page_list() and symbol lookup for this function name fails. Replacing it with the function shrink_inactive_list(), which is the only function calling shrink_page_list(). Signed-off-by: Ankita Garg <ankita@in.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] lkdtm: cleanup headers and module_param/MODULE_PARM_DESCRandy Dunlap2006-11-031-11/+13
| | | | | | | | | | | | | | | | | | Fix module_param/sysfs file permission typo. Clean up MODULE_PARM_DESC strings to avoid fancy (and incorrect) formatting. Fix header includes for lkdtm; add some needed ones, remove unused ones; and fix this gcc warning: drivers/misc/lkdtm.c:150: warning: 'struct buffer_head' declared inside parameter list drivers/misc/lkdtm.c:150: warning: its scope is only this definition or declaration, which is probably not what you want Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Ankita Garg <ankita@in.ibm.com> Cc: Vivek Goyal <vgoyal@in.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* IRQ: Maintain regs pointer globally rather than passing to IRQ handlersDavid Howells2006-10-051-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintain a per-CPU global "struct pt_regs *" variable which can be used instead of passing regs around manually through all ~1800 interrupt handlers in the Linux kernel. The regs pointer is used in few places, but it potentially costs both stack space and code to pass it around. On the FRV arch, removing the regs parameter from all the genirq function results in a 20% speed up of the IRQ exit path (ie: from leaving timer_interrupt() to leaving do_IRQ()). Where appropriate, an arch may override the generic storage facility and do something different with the variable. On FRV, for instance, the address is maintained in GR28 at all times inside the kernel as part of general exception handling. Having looked over the code, it appears that the parameter may be handed down through up to twenty or so layers of functions. Consider a USB character device attached to a USB hub, attached to a USB controller that posts its interrupts through a cascaded auxiliary interrupt controller. A character device driver may want to pass regs to the sysrq handler through the input layer which adds another few layers of parameter passing. I've build this code with allyesconfig for x86_64 and i386. I've runtested the main part of the code on FRV and i386, though I can't test most of the drivers. I've also done partial conversion for powerpc and MIPS - these at least compile with minimal configurations. This will affect all archs. Mostly the changes should be relatively easy. Take do_IRQ(), store the regs pointer at the beginning, saving the old one: struct pt_regs *old_regs = set_irq_regs(regs); And put the old one back at the end: set_irq_regs(old_regs); Don't pass regs through to generic_handle_irq() or __do_IRQ(). In timer_interrupt(), this sort of change will be necessary: - update_process_times(user_mode(regs)); - profile_tick(CPU_PROFILING, regs); + update_process_times(user_mode(get_irq_regs())); + profile_tick(CPU_PROFILING); I'd like to move update_process_times()'s use of get_irq_regs() into itself, except that i386, alone of the archs, uses something other than user_mode(). Some notes on the interrupt handling in the drivers: (*) input_dev() is now gone entirely. The regs pointer is no longer stored in the input_dev struct. (*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does something different depending on whether it's been supplied with a regs pointer or not. (*) Various IRQ handler function pointers have been moved to type irq_handler_t. Signed-Off-By: David Howells <dhowells@redhat.com> (cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)
* [PATCH] Linux Kernel Dump Test ModuleAnkita Garg2006-10-021-0/+342
A simple module to test Linux Kernel Dump mechanism. This module uses jprobes to install/activate pre-defined crash points. At different crash points, various types of crashing scenarios are created like a BUG(), panic(), exception, recursive loop and stack overflow. The user can activate a crash point with specific type by providing parameters at the time of module insertion. Please see the file header for usage information. The module is based on the Linux Kernel Dump Test Tool by Fernando <http://lkdtt.sourceforge.net>. This module could be merged with mainline. Jprobes is used here so that the context in which crash point is hit, could be maintained. This implements all the crash points as done by LKDTT except the one in the middle of tasklet_action(). Signed-off-by: Ankita Garg <ankita@in.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
OpenPOWER on IntegriCloud