From b54845276a969b72daa2dee1afe379847a639478 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 7 Jun 2016 14:27:02 -0700 Subject: lkdtm: split atomic test into over and underflow Each direction of the atomic wrapping should be individually testable. Signed-off-by: Kees Cook diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c index 3fe4b5d..a595a6f 100644 --- a/drivers/misc/lkdtm_core.c +++ b/drivers/misc/lkdtm_core.c @@ -111,7 +111,8 @@ enum ctype { CT_WRITE_RO, CT_WRITE_RO_AFTER_INIT, CT_WRITE_KERN, - CT_WRAP_ATOMIC, + CT_ATOMIC_UNDERFLOW, + CT_ATOMIC_OVERFLOW, CT_USERCOPY_HEAP_SIZE_TO, CT_USERCOPY_HEAP_SIZE_FROM, CT_USERCOPY_HEAP_FLAG_TO, @@ -161,7 +162,8 @@ static char* cp_type[] = { "WRITE_RO", "WRITE_RO_AFTER_INIT", "WRITE_KERN", - "WRAP_ATOMIC", + "ATOMIC_UNDERFLOW", + "ATOMIC_OVERFLOW", "USERCOPY_HEAP_SIZE_TO", "USERCOPY_HEAP_SIZE_FROM", "USERCOPY_HEAP_FLAG_TO", @@ -911,13 +913,25 @@ static void lkdtm_do_action(enum ctype which) do_overwritten(); break; } - case CT_WRAP_ATOMIC: { + case CT_ATOMIC_UNDERFLOW: { atomic_t under = ATOMIC_INIT(INT_MIN); - atomic_t over = ATOMIC_INIT(INT_MAX); - pr_info("attempting atomic underflow\n"); + pr_info("attempting good atomic increment\n"); + atomic_inc(&under); + atomic_dec(&under); + + pr_info("attempting bad atomic underflow\n"); atomic_dec(&under); - pr_info("attempting atomic overflow\n"); + break; + } + case CT_ATOMIC_OVERFLOW: { + atomic_t over = ATOMIC_INIT(INT_MAX); + + pr_info("attempting good atomic decrement\n"); + atomic_dec(&over); + atomic_inc(&over); + + pr_info("attempting bad atomic overflow\n"); atomic_inc(&over); return; -- cgit v0.10.2