cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

stackleak.c (4958B)


      1// SPDX-License-Identifier: GPL-2.0
      2/*
      3 * This code tests that the current task stack is properly erased (filled
      4 * with STACKLEAK_POISON).
      5 *
      6 * Authors:
      7 *   Alexander Popov <alex.popov@linux.com>
      8 *   Tycho Andersen <tycho@tycho.ws>
      9 */
     10
     11#include "lkdtm.h"
     12#include <linux/stackleak.h>
     13
     14#if defined(CONFIG_GCC_PLUGIN_STACKLEAK)
     15/*
     16 * Check that stackleak tracks the lowest stack pointer and erases the stack
     17 * below this as expected.
     18 *
     19 * To prevent the lowest stack pointer changing during the test, IRQs are
     20 * masked and instrumentation of this function is disabled. We assume that the
     21 * compiler will create a fixed-size stack frame for this function.
     22 *
     23 * Any non-inlined function may make further use of the stack, altering the
     24 * lowest stack pointer and/or clobbering poison values. To avoid spurious
     25 * failures we must avoid printing until the end of the test or have already
     26 * encountered a failure condition.
     27 */
     28static void noinstr check_stackleak_irqoff(void)
     29{
     30	const unsigned long task_stack_base = (unsigned long)task_stack_page(current);
     31	const unsigned long task_stack_low = stackleak_task_low_bound(current);
     32	const unsigned long task_stack_high = stackleak_task_high_bound(current);
     33	const unsigned long current_sp = current_stack_pointer;
     34	const unsigned long lowest_sp = current->lowest_stack;
     35	unsigned long untracked_high;
     36	unsigned long poison_high, poison_low;
     37	bool test_failed = false;
     38
     39	/*
     40	 * Check that the current and lowest recorded stack pointer values fall
     41	 * within the expected task stack boundaries. These tests should never
     42	 * fail unless the boundaries are incorrect or we're clobbering the
     43	 * STACK_END_MAGIC, and in either casee something is seriously wrong.
     44	 */
     45	if (current_sp < task_stack_low || current_sp >= task_stack_high) {
     46		pr_err("FAIL: current_stack_pointer (0x%lx) outside of task stack bounds [0x%lx..0x%lx]\n",
     47		       current_sp, task_stack_low, task_stack_high - 1);
     48		test_failed = true;
     49		goto out;
     50	}
     51	if (lowest_sp < task_stack_low || lowest_sp >= task_stack_high) {
     52		pr_err("FAIL: current->lowest_stack (0x%lx) outside of task stack bounds [0x%lx..0x%lx]\n",
     53		       lowest_sp, task_stack_low, task_stack_high - 1);
     54		test_failed = true;
     55		goto out;
     56	}
     57
     58	/*
     59	 * Depending on what has run prior to this test, the lowest recorded
     60	 * stack pointer could be above or below the current stack pointer.
     61	 * Start from the lowest of the two.
     62	 *
     63	 * Poison values are naturally-aligned unsigned longs. As the current
     64	 * stack pointer might not be sufficiently aligned, we must align
     65	 * downwards to find the lowest known stack pointer value. This is the
     66	 * high boundary for a portion of the stack which may have been used
     67	 * without being tracked, and has to be scanned for poison.
     68	 */
     69	untracked_high = min(current_sp, lowest_sp);
     70	untracked_high = ALIGN_DOWN(untracked_high, sizeof(unsigned long));
     71
     72	/*
     73	 * Find the top of the poison in the same way as the erasing code.
     74	 */
     75	poison_high = stackleak_find_top_of_poison(task_stack_low, untracked_high);
     76
     77	/*
     78	 * Check whether the poisoned portion of the stack (if any) consists
     79	 * entirely of poison. This verifies the entries that
     80	 * stackleak_find_top_of_poison() should have checked.
     81	 */
     82	poison_low = poison_high;
     83	while (poison_low > task_stack_low) {
     84		poison_low -= sizeof(unsigned long);
     85
     86		if (*(unsigned long *)poison_low == STACKLEAK_POISON)
     87			continue;
     88
     89		pr_err("FAIL: non-poison value %lu bytes below poison boundary: 0x%lx\n",
     90		       poison_high - poison_low, *(unsigned long *)poison_low);
     91		test_failed = true;
     92	}
     93
     94	pr_info("stackleak stack usage:\n"
     95		"  high offset: %lu bytes\n"
     96		"  current:     %lu bytes\n"
     97		"  lowest:      %lu bytes\n"
     98		"  tracked:     %lu bytes\n"
     99		"  untracked:   %lu bytes\n"
    100		"  poisoned:    %lu bytes\n"
    101		"  low offset:  %lu bytes\n",
    102		task_stack_base + THREAD_SIZE - task_stack_high,
    103		task_stack_high - current_sp,
    104		task_stack_high - lowest_sp,
    105		task_stack_high - untracked_high,
    106		untracked_high - poison_high,
    107		poison_high - task_stack_low,
    108		task_stack_low - task_stack_base);
    109
    110out:
    111	if (test_failed) {
    112		pr_err("FAIL: the thread stack is NOT properly erased!\n");
    113	} else {
    114		pr_info("OK: the rest of the thread stack is properly erased\n");
    115	}
    116}
    117
    118static void lkdtm_STACKLEAK_ERASING(void)
    119{
    120	unsigned long flags;
    121
    122	local_irq_save(flags);
    123	check_stackleak_irqoff();
    124	local_irq_restore(flags);
    125}
    126#else /* defined(CONFIG_GCC_PLUGIN_STACKLEAK) */
    127static void lkdtm_STACKLEAK_ERASING(void)
    128{
    129	if (IS_ENABLED(CONFIG_HAVE_ARCH_STACKLEAK)) {
    130		pr_err("XFAIL: stackleak is not enabled (CONFIG_GCC_PLUGIN_STACKLEAK=n)\n");
    131	} else {
    132		pr_err("XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n)\n");
    133	}
    134}
    135#endif /* defined(CONFIG_GCC_PLUGIN_STACKLEAK) */
    136
    137static struct crashtype crashtypes[] = {
    138	CRASHTYPE(STACKLEAK_ERASING),
    139};
    140
    141struct crashtype_category stackleak_crashtypes = {
    142	.crashtypes = crashtypes,
    143	.len	    = ARRAY_SIZE(crashtypes),
    144};