From: Thorsten Scherer <T.Scherer@eckelmann.de>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 5/5] commands: add stacksmash command for causing stack overflows
Date: Tue, 12 Sep 2023 06:48:12 +0200 [thread overview]
Message-ID: <20230912044812.upnef32iqvcjggwd@nb821.eckelmann.group> (raw)
In-Reply-To: <20230911150900.3584523-6-a.fatoum@pengutronix.de>
Hi Ahmad,
On Mon, Sep 11, 2023 at 05:09:00PM +0200, Ahmad Fatoum wrote:
> Now that we have two mechanisms for detecting stack overflows, add a
> command to intentionally trigger stack frame and stack region overflow
> to verify their correct operation.
>
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> commands/Kconfig | 6 +++++
> commands/Makefile | 1 +
> commands/stacksmash.c | 58 +++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 65 insertions(+)
> create mode 100644 commands/stacksmash.c
>
> diff --git a/commands/Kconfig b/commands/Kconfig
> index eb95b2a5fbcc..c1bba22443e6 100644
> --- a/commands/Kconfig
> +++ b/commands/Kconfig
> @@ -2401,6 +2401,12 @@ config CMD_UBSAN
> This is a test command for the undefined behavior sanitizer.
> It triggers various undefined behavior, and detect it.
>
> +config CMD_STACKSMASH
> + tristate "stacksmash"
> + help
> + This commands trashes the stack to test stackprotector and
> + guard page. This command does not return.
> +
> # end Miscellaneous commands
> endmenu
>
> diff --git a/commands/Makefile b/commands/Makefile
> index 4b083a852d83..4924755500e3 100644
> --- a/commands/Makefile
> +++ b/commands/Makefile
> @@ -145,5 +145,6 @@ obj-$(CONFIG_CMD_BTHREAD) += bthread.o
> obj-$(CONFIG_CMD_UBSAN) += ubsan.o
> obj-$(CONFIG_CMD_SELFTEST) += selftest.o
> obj-$(CONFIG_CMD_TUTORIAL) += tutorial.o
> +obj-$(CONFIG_CMD_STACKSMASH) += stacksmash.o
>
> UBSAN_SANITIZE_ubsan.o := y
> diff --git a/commands/stacksmash.c b/commands/stacksmash.c
> new file mode 100644
> index 000000000000..1e9be0d40e15
> --- /dev/null
> +++ b/commands/stacksmash.c
> @@ -0,0 +1,58 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +
> +#include <common.h>
> +#include <command.h>
> +#include <complete.h>
> +#include <linux/compiler.h>
> +#include <string.h>
> +
> +static noinline void stack_overflow_frame(void)
> +{
> + volatile int length = 512;
> + char a[128] = {};
> +
> + /*
> + * In order to avoid having the compiler optimize away the stack smashing
> + * we need to do a little something here.
> + */
> + OPTIMIZER_HIDE_VAR(length);
> +
> + memset(a, 0xa5, length);
> +
> + printf("We have smashed our stack as this should not exceed 128: sizeof(a) = %zu\n",
> + strlen(a));
> +}
> +
> +static noinline void stack_overflow_region(u64 i)
> +{
> + volatile char a[1024] = {};
> +
> + if (ctrlc())
> + return;
> +
> + RELOC_HIDE(&a, 0);
> +
> + stack_overflow_region(0);
> +
> + printf("%*ph", 1024, a);
> +}
> +
> +static int do_stacksmash(int argc, char *argv[])
> +{
> + if (argc != 2)
> + return COMMAND_ERROR_USAGE;
> +
> + if (!strcmp(argv[1], "frame"))
> + stack_overflow_frame();
> + else if (!strcmp(argv[1], "region"))
> + stack_overflow_region(0);
> +
> + panic("Stack smashing of %s not caught\n", argv[1]);
> +}
> +BAREBOX_CMD_START(stacksmash)
> + .cmd = do_stacksmash,
> + BAREBOX_CMD_DESC("Run stack smashing tests")
> + BAREBOX_CMD_OPTS("[frame | region]")
Indentation is a bit broken here.
> + BAREBOX_CMD_GROUP(CMD_GRP_MISC)
> + BAREBOX_CMD_COMPLETE(empty_complete)
> +BAREBOX_CMD_END
> --
> 2.39.2
>
>
Best regards
Thorsten
next prev parent reply other threads:[~2023-09-12 4:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-11 15:08 [PATCH 0/5] add stack protector and guard page support Ahmad Fatoum
2023-09-11 15:08 ` [PATCH 1/5] include: move PAGE_ definitions into linux/pagemap.h Ahmad Fatoum
2023-09-11 15:08 ` [PATCH 2/5] ARM: mark early C setup functions as __prereloc Ahmad Fatoum
2023-09-11 15:08 ` [PATCH 3/5] lib: add stackprotector support Ahmad Fatoum
2023-09-21 8:52 ` [PATCH] fixup! " Ahmad Fatoum
2023-09-11 15:08 ` [PATCH 4/5] ARM: mmu: catch stack overflowing into TTB with stack guard page Ahmad Fatoum
2023-09-11 15:09 ` [PATCH 5/5] commands: add stacksmash command for causing stack overflows Ahmad Fatoum
2023-09-12 4:48 ` Thorsten Scherer [this message]
2023-09-11 15:47 ` [PATCH] fixup! lib: add stackprotector support Ahmad Fatoum
2023-09-14 9:14 ` [PATCH] fixup! commands: add stacksmash command for causing stack overflows Ahmad Fatoum
2023-09-14 10:22 ` Thorsten Scherer
2023-09-14 11:05 ` Ahmad Fatoum
2023-09-21 8:49 ` [PATCH 0/5] add stack protector and guard page support Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230912044812.upnef32iqvcjggwd@nb821.eckelmann.group \
--to=t.scherer@eckelmann.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox