Date: Tue, 27 May 2014 10:06:32 GMT From: op@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r268696 - in soc2014/op/tests/smap-tester: kmod smap-test Message-ID: <201405271006.s4RA6WIs050949@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: op Date: Tue May 27 10:06:32 2014 New Revision: 268696 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=268696 Log: added read and write test cases, with and without SMAP Signed-off-by: Oliver Pinter <oliver.pntr@gmail.com> Modified: soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c soc2014/op/tests/smap-tester/smap-test/smap-test.c Modified: soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c ============================================================================== --- soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c Tue May 27 09:42:07 2014 (r268695) +++ soc2014/op/tests/smap-tester/kmod/smap-tester-vuln-kld.c Tue May 27 10:06:32 2014 (r268696) @@ -11,6 +11,7 @@ #include <sys/malloc.h> #include <vm/vm.h> +#define TEST_STRING "Write from kernel to user-space. De ha mar sikerul, akkor: http://www.youtube.com/watch?v=wT8NO5FDS7E" const char *agreement = "shoot my foot!!!11oneone!!"; static bool allow_tests = false; @@ -79,6 +80,9 @@ int error=0; long val; + printf("{#} TEST: not allowed read address from kernel to user-space\n"); + uprintf("\n{#} TEST: not allowed read address from kernel to user-space\n"); + if(!allow_tests) { printf("{-} tests are disabled\n"); uprintf("\n{-} tests are disabled\n"); @@ -94,8 +98,8 @@ case 0: break; case 1: - printf("{#}derefable user-space memory region from kernel\n"); - uprintf("\n{#}derefable user-space memory region from kernel\n"); + printf("{#} derefable user-space memory region from kernel\n"); + uprintf("\n{#} derefable user-space memory region from kernel\n"); uprintf("{-} %p\n", us_addr); val = 0; @@ -108,12 +112,194 @@ return (error); } - SYSCTL_PROC(_debug_smap, OID_AUTO, test0, CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY, 0, 0, sysctl_debug_smap_test0, "L", "print out the userspace buffer address"); +static int +sysctl_debug_smap_not_allowed_read(SYSCTL_HANDLER_ARGS) +{ + int error=0; + long val; + + printf("{#} TEST: not allowed read from kernel to user-space\n"); + uprintf("\n{#} TEST: not allowed read from kernel to user-space\n"); + + if(!allow_tests) { + printf("{-} tests are disabled\n"); + uprintf("\n{-} tests are disabled\n"); + return (ENOSYS); + } + + error = sysctl_handle_long(oidp, &val, 0, req); + if (error != 0 || req->newptr == NULL) { + return (error); + } + + switch (val) { + case 0: + break; + case 1: + printf("{#} read user-space memory region from kernel\n"); + uprintf("\n{#} read user-space memory region from kernel\n"); + + uprintf("{+} us_buf: %s\n", us_addr); + + val = 0; + break; + default: + val = 0; + return (EINVAL); + break; + } + + return (error); +} +SYSCTL_PROC(_debug_smap, OID_AUTO, test_not_allowed_read, + CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY, + 0, 0, sysctl_debug_smap_not_allowed_read, + "L", "read from userspace buffer"); + +static int +sysctl_debug_smap_not_allowed_write(SYSCTL_HANDLER_ARGS) +{ + int error=0; + long val; + + printf("{#} TEST: not allowed write from kernel to user-space\n"); + uprintf("\n{#} TEST: not allowed write from kernel to user-space\n"); + + if(!allow_tests) { + printf("{-} tests are disabled\n"); + uprintf("\n{-} tests are disabled\n"); + return (ENOSYS); + } + + error = sysctl_handle_long(oidp, &val, 0, req); + if (error != 0 || req->newptr == NULL) { + return (error); + } + + switch (val) { + case 0: + break; + case 1: + printf("{#} write user-space memory region from kernel\n"); + uprintf("\n{#} write user-space memory region from kernel\n"); + + uprintf("{#} write \"%s\" from kernel to user-space buffer\n", TEST_STRING); + strcpy(us_addr, TEST_STRING); + + val = 0; + break; + default: + val = 0; + return (EINVAL); + break; + } + + return (error); +} +SYSCTL_PROC(_debug_smap, OID_AUTO, test_not_allowed_write, + CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY, + 0, 0, sysctl_debug_smap_not_allowed_write, + "L", "write to userspace buffer"); + +static int +sysctl_debug_smap_allowed_read(SYSCTL_HANDLER_ARGS) +{ + int error=0; + long val; + + printf("{#} TEST: allowed read from kernel to user-space\n"); + uprintf("\n{#} TEST: allowed read from kernel to user-space\n"); + + if(!allow_tests) { + printf("{-} tests are disabled\n"); + uprintf("\n{-} tests are disabled\n"); + return (ENOSYS); + } + + error = sysctl_handle_long(oidp, &val, 0, req); + if (error != 0 || req->newptr == NULL) { + return (error); + } + + switch (val) { + case 0: + break; + case 2: + printf("{#} read user-space memory region from kernel\n"); + uprintf("\n{#} read user-space memory region from kernel\n"); + + stac(); + uprintf("{+} us_buf: %s\n", us_addr); + clac(); + + val = 0; + break; + default: + val = 0; + return (EINVAL); + break; + } + + return (error); +} +SYSCTL_PROC(_debug_smap, OID_AUTO, test_allowed_read, + CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY, + 0, 0, sysctl_debug_smap_allowed_read, + "L", "allowed read from userspace buffer"); + +static int +sysctl_debug_smap_allowed_write(SYSCTL_HANDLER_ARGS) +{ + int error=0; + long val; + + printf("{#} TEST: allowed write from kernel to user-space\n"); + uprintf("\n{#} TEST: allowed write from kernel to user-space\n"); + + if(!allow_tests) { + printf("{-} tests are disabled\n"); + uprintf("\n{-} tests are disabled\n"); + return (ENOSYS); + } + + error = sysctl_handle_long(oidp, &val, 0, req); + if (error != 0 || req->newptr == NULL) { + return (error); + } + + switch (val) { + case 0: + break; + case 2: + printf("{#} write user-space memory region from kernel\n"); + uprintf("\n{#} write user-space memory region from kernel\n"); + + uprintf("{#} write \"%s\" from kernel to user-space buffer\n", TEST_STRING); + stac(); + strcpy(us_addr, TEST_STRING); + clac(); + + val = 0; + break; + default: + val = 0; + return (EINVAL); + break; + } + + return (error); +} +SYSCTL_PROC(_debug_smap, OID_AUTO, test_allowed_write, + CTLTYPE_LONG | CTLFLAG_RW | CTLFLAG_ANYBODY, + 0, 0, sysctl_debug_smap_allowed_write, + "L", "allowed write to userspace buffer"); + + static int smap_tester_vuln_kld_loader(struct module *m __unused, int what, void *arg __unused) Modified: soc2014/op/tests/smap-tester/smap-test/smap-test.c ============================================================================== --- soc2014/op/tests/smap-tester/smap-test/smap-test.c Tue May 27 09:42:07 2014 (r268695) +++ soc2014/op/tests/smap-tester/smap-test/smap-test.c Tue May 27 10:06:32 2014 (r268696) @@ -4,9 +4,15 @@ #include <sys/types.h> #include <sys/sysctl.h> +#define TEST_STR "Ezt itt jo lenne nem kiolvasni..." + void test_prepare(void); void test_allow(void); void test_0(void); +void test_allowed_read(void); +void test_allowed_write(void); +void test_not_allowed_read(void); +void test_not_allowed_write(void); void test_destroy(void); @@ -19,6 +25,16 @@ test_allow(); test_0(); +#if 0 + test_allowed_read(); + test_allowed_write(); + test_destroy(); + + test_prepare(); + test_0(); +#endif + test_not_allowed_read(); + test_not_allowed_write(); test_destroy(); @@ -34,7 +50,7 @@ int error=0; /* prepare the user-space memory region */ - us_buf = strdup("Ez itt jo lenne nem kiolvasni!\n"); + us_buf = strdup(TEST_STR); if (us_buf == NULL) { printf("[-] failed to prepare SMAP test\n"); exit(1); @@ -105,10 +121,87 @@ long val=1; int error; + printf("\n[#] %s\n", __func__); + sysctlbyname("debug.smap.test0", NULL, 0, &val, sizeof(val)); if (error != 0) { printf("[-] sysctl error - unable to set test0\n"); exit(5); } - printf("[+] debug.smap.test0 done\n"); + printf("[+] debug.smap.test0 done\n\n"); +} + + +void +test_not_allowed_read(void) +{ + long val=1; + int error; + + printf("\n[#] %s\n", __func__); + + printf("[+] us_buf: %s\n", us_buf); + + sysctlbyname("debug.smap.test_not_allowed_read", NULL, 0, &val, sizeof(val)); + if (error != 0) { + printf("[-] sysctl error - unable to set test_not_allowed_read\n"); + exit(6); + } + printf("[+] debug.smap.test_not_allowed_read done\n\n"); +} + +void +test_not_allowed_write(void) +{ + long val=1; + int error; + + printf("\n[#] %s\n", __func__); + + printf("[+] us_buf: %s\n", us_buf); + + sysctlbyname("debug.smap.test_not_allowed_write", NULL, 0, &val, sizeof(val)); + if (error != 0) { + printf("[-] sysctl error - unable to set test_not_allowed_write\n"); + exit(6); + } + printf("[+] us_buf: %s\n", us_buf); + printf("[+] debug.smap.test_not_allowed_write done\n\n"); +} + +void +test_allowed_read(void) +{ + long val=2; + int error; + + printf("\n[#] %s\n", __func__); + + printf("[+] us_buf: %s\n", us_buf); + + sysctlbyname("debug.smap.test_allowed_read", NULL, 0, &val, sizeof(val)); + if (error != 0) { + printf("[-] sysctl error - unable to set test_allowed_read\n"); + exit(6); + } + printf("[+] debug.smap.test_allowed_read done\n\n"); +} + +void +test_allowed_write(void) +{ + long val=2; + int error; + + printf("\n[#] %s\n", __func__); + + printf("[+] us_buf: %s\n", us_buf); + + sysctlbyname("debug.smap.test_allowed_write", NULL, 0, &val, sizeof(val)); + if (error != 0) { + printf("[-] sysctl error - unable to set test_allowed_write\n"); + exit(6); + } + printf("[+] us_buf: %s\n", us_buf); + printf("[+] debug.smap.test_allowed_write done\n\n"); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405271006.s4RA6WIs050949>