stack-entropy.sh (1396B)
1#!/bin/sh 2# SPDX-License-Identifier: GPL-2.0 3# 4# Measure kernel stack entropy by sampling via LKDTM's REPORT_STACK test. 5set -e 6samples="${1:-1000}" 7TRIGGER=/sys/kernel/debug/provoke-crash/DIRECT 8KSELFTEST_SKIP_TEST=4 9 10# Verify we have LKDTM available in the kernel. 11if [ ! -r $TRIGGER ] ; then 12 /sbin/modprobe -q lkdtm || true 13 if [ ! -r $TRIGGER ] ; then 14 echo "Cannot find $TRIGGER (missing CONFIG_LKDTM?)" 15 else 16 echo "Cannot write $TRIGGER (need to run as root?)" 17 fi 18 # Skip this test 19 exit $KSELFTEST_SKIP_TEST 20fi 21 22# Capture dmesg continuously since it may fill up depending on sample size. 23log=$(mktemp -t stack-entropy-XXXXXX) 24dmesg --follow >"$log" & pid=$! 25report=-1 26for i in $(seq 1 $samples); do 27 echo "REPORT_STACK" > $TRIGGER 28 if [ -t 1 ]; then 29 percent=$(( 100 * $i / $samples )) 30 if [ "$percent" -ne "$report" ]; then 31 /bin/echo -en "$percent%\r" 32 report="$percent" 33 fi 34 fi 35done 36kill "$pid" 37 38# Count unique offsets since last run. 39seen=$(tac "$log" | grep -m1 -B"$samples"0 'Starting stack offset' | \ 40 grep 'Stack offset' | awk '{print $NF}' | sort | uniq -c | wc -l) 41bits=$(echo "obase=2; $seen" | bc | wc -L) 42echo "Bits of stack entropy: $bits" 43rm -f "$log" 44 45# We would expect any functional stack randomization to be at least 5 bits. 46if [ "$bits" -lt 5 ]; then 47 echo "Stack entropy is low! Booted without 'randomize_kstack_offset=y'?" 48 exit 1 49else 50 exit 0 51fi