lkdtm: Add read/write after free tests for buddy memory
The current tests for read/write after free work on slab
allocated memory. Memory straight from the buddy allocator
may behave slightly differently and have a different set
of parameters to test. Add tests for those cases as well.
On a basic x86 boot:
# echo WRITE_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 22.291950] lkdtm: Performing direct entry WRITE_BUDDY_AFTER_FREE
[ 22.292983] lkdtm: Writing to the buddy page before free
[ 22.293950] lkdtm: Attempting bad write to the buddy page after free
# echo READ_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 32.375601] lkdtm: Performing direct entry READ_BUDDY_AFTER_FREE
[ 32.379896] lkdtm: Value in memory before free:
12345678
[ 32.383854] lkdtm: Attempting to read from freed memory
[ 32.389309] lkdtm: Buddy page was not poisoned
On x86 with CONFIG_DEBUG_PAGEALLOC and debug_pagealloc=on:
# echo WRITE_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 17.475533] lkdtm: Performing direct entry WRITE_BUDDY_AFTER_FREE
[ 17.477360] lkdtm: Writing to the buddy page before free
[ 17.479089] lkdtm: Attempting bad write to the buddy page after free
[ 17.480904] BUG: unable to handle kernel paging request at
ffff88000ebd8000
# echo READ_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 14.606433] lkdtm: Performing direct entry READ_BUDDY_AFTER_FREE
[ 14.607447] lkdtm: Value in memory before free:
12345678
[ 14.608161] lkdtm: Attempting to read from freed memory
[ 14.608860] BUG: unable to handle kernel paging request at
ffff88000eba3000
Note that arches without ARCH_SUPPORTS_DEBUG_PAGEALLOC may not
produce the same crash.
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
projects / cascardo / linux.git / commit