kasan/tests: add tests for user memory access functions
authorAndrey Ryabinin <aryabinin@virtuozzo.com>
Fri, 20 May 2016 23:59:34 +0000 (16:59 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sat, 21 May 2016 00:58:30 +0000 (17:58 -0700)
Add some tests for the newly-added user memory access API.

Link: http://lkml.kernel.org/r/1462538722-1574-1-git-send-email-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lib/test_kasan.c

index 48e5a0be655cb9aa02bd5cd672710f46fed73801..5e51872b3fc163af2fe82e6d7010b4aba08b612a 100644 (file)
 #define pr_fmt(fmt) "kasan test: %s " fmt, __func__
 
 #include <linux/kernel.h>
+#include <linux/mman.h>
+#include <linux/mm.h>
 #include <linux/printk.h>
 #include <linux/slab.h>
 #include <linux/string.h>
+#include <linux/uaccess.h>
 #include <linux/module.h>
 
 static noinline void __init kmalloc_oob_right(void)
@@ -363,6 +366,51 @@ static noinline void __init ksize_unpoisons_memory(void)
        kfree(ptr);
 }
 
+static noinline void __init copy_user_test(void)
+{
+       char *kmem;
+       char __user *usermem;
+       size_t size = 10;
+       int unused;
+
+       kmem = kmalloc(size, GFP_KERNEL);
+       if (!kmem)
+               return;
+
+       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
+                           PROT_READ | PROT_WRITE | PROT_EXEC,
+                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
+       if (IS_ERR(usermem)) {
+               pr_err("Failed to allocate user memory\n");
+               kfree(kmem);
+               return;
+       }
+
+       pr_info("out-of-bounds in copy_from_user()\n");
+       unused = copy_from_user(kmem, usermem, size + 1);
+
+       pr_info("out-of-bounds in copy_to_user()\n");
+       unused = copy_to_user(usermem, kmem, size + 1);
+
+       pr_info("out-of-bounds in __copy_from_user()\n");
+       unused = __copy_from_user(kmem, usermem, size + 1);
+
+       pr_info("out-of-bounds in __copy_to_user()\n");
+       unused = __copy_to_user(usermem, kmem, size + 1);
+
+       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
+       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
+
+       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
+       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
+
+       pr_info("out-of-bounds in strncpy_from_user()\n");
+       unused = strncpy_from_user(kmem, usermem, size + 1);
+
+       vm_munmap((unsigned long)usermem, PAGE_SIZE);
+       kfree(kmem);
+}
+
 static int __init kmalloc_tests_init(void)
 {
        kmalloc_oob_right();
@@ -387,6 +435,7 @@ static int __init kmalloc_tests_init(void)
        kasan_stack_oob();
        kasan_global_oob();
        ksize_unpoisons_memory();
+       copy_user_test();
        return -EAGAIN;
 }