Re: [PATCH] lkdtm: Add tests for LIST_POISON and ZERO_SIZE_PTR
From: kbuild test robot
Date: Tue Nov 15 2016 - 11:25:18 EST
Hi Michael,
[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on v4.9-rc5]
[cannot apply to next-20161115]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Michael-Ellerman/lkdtm-Add-tests-for-LIST_POISON-and-ZERO_SIZE_PTR/20161115-235441
config: i386-randconfig-x007-201646 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All warnings (new ones prefixed by >>):
drivers/misc/lkdtm_bugs.c: In function 'test_poison_ptr':
>> drivers/misc/lkdtm_bugs.c:178:9: warning: large integer implicitly truncated to unsigned type [-Woverflow]
*ptr = 0xdeadbeefabcd1234;
^~~~~~~~~~~~~~~~~~
vim +178 drivers/misc/lkdtm_bugs.c
162 }
163
164 /*
165 * Creating a mapping and adding mmap_min_addr to the value is cheating
166 * in a way. But it simulates the case where an attacker is able to
167 * cause an access at a small offset from the base value, leading to a
168 * user space access. If an arch doesn't define CONFIG_ILLEGAL_POINTER_VALUE
169 * then it's likely this will work in the absence of other protections.
170 */
171 ptr = mmap_min_addr + base;
172
173 pr_info("attempting read of %s %p\n", desc, ptr);
174 val = *ptr;
175 pr_info("FAIL: Was able to read %s! Got 0x%lx\n", desc, val);
176
177 pr_info("attempting write of %s %p\n", desc, ptr);
> 178 *ptr = 0xdeadbeefabcd1234;
179 pr_info("FAIL: Was able to write %s! Now = 0x%lx\n", desc, *ptr);
180
181 vm_munmap(uaddr, PAGE_SIZE);
182 }
183
184 void lkdtm_ACCESS_LIST_POISON(void)
185 {
186 test_poison_ptr(LIST_POISON1, "LIST_POISON");
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip