Google Git
Sign in
android / kernel / common / 1a59d1b8e05ea6ab45f7e18897de1ef0e6bc3da6 / . / drivers / misc / lkdtm / core.c
blob: 1972dad966f54ccccf4f6fa536d8267a83dfff9b [file] [log] [blame]
Thomas Gleixner1a59d1b82019-05-27 08:55:05 +0200[diff] [blame^]1// SPDX-License-Identifier: GPL-2.0-or-later
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]2/*
Kees Cook426f3a52016-06-03 11:16:32 -0700[diff] [blame]3 * Linux Kernel Dump Test Module for testing kernel crashes conditions:
4 * induces system failures at predefined crashpoints and under predefined
5 * operational conditions in order to evaluate the reliability of kernel
6 * sanity checking and crash dumps obtained using different dumping
7 * solutions.
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]8 *
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]9 * Copyright (C) IBM Corporation, 2006
10 *
11 * Author: Ankita Garg <[email protected]>
12 *
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]13 * It is adapted from the Linux Kernel Dump Test Tool by
14 * Fernando Luis Vazquez Cao <http://lkdtt.sourceforge.net>
15 *
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]16 * Debugfs support added by Simon Kagstrom <[email protected]>
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]17 *
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]18 * See Documentation/fault-injection/provoke-crashes.txt for instructions
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]19 */
Kees Cook6d2e91a2016-07-15 16:04:39 -0700[diff] [blame]20#include "lkdtm.h"
Randy Dunlap5d861d92006-11-02 22:07:06 -0800[diff] [blame]21#include <linux/fs.h>
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]22#include <linux/module.h>
Randy Dunlap5d861d92006-11-02 22:07:06 -0800[diff] [blame]23#include <linux/buffer_head.h>
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]24#include <linux/kprobes.h>
Randy Dunlap5d861d92006-11-02 22:07:06 -0800[diff] [blame]25#include <linux/list.h>
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]26#include <linux/init.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +0900[diff] [blame]27#include <linux/slab.h>
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]28#include <linux/debugfs.h>
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]29
Kees Cookd87c9782016-06-29 08:07:11 -0700[diff] [blame]30#define DEFAULT_COUNT 10
31
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]32static int lkdtm_debugfs_open(struct inode *inode, struct file *file);
33static ssize_t lkdtm_debugfs_read(struct file *f, char __user *user_buf,
34 size_t count, loff_t *off);
35static ssize_t direct_entry(struct file *f, const char __user *user_buf,
36 size_t count, loff_t *off);
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]37
38#ifdef CONFIG_KPROBES
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]39static int lkdtm_kprobe_handler(struct kprobe *kp, struct pt_regs *regs);
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]40static ssize_t lkdtm_debugfs_entry(struct file *f,
41 const char __user *user_buf,
42 size_t count, loff_t *off);
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]43# define CRASHPOINT_KPROBE(_symbol) \
44 .kprobe = { \
45 .symbol_name = (_symbol), \
46 .pre_handler = lkdtm_kprobe_handler, \
47 },
48# define CRASHPOINT_WRITE(_symbol) \
49 (_symbol) ? lkdtm_debugfs_entry : direct_entry
50#else
51# define CRASHPOINT_KPROBE(_symbol)
52# define CRASHPOINT_WRITE(_symbol) direct_entry
Kees Cookf2c6edc2016-06-29 08:10:36 -0700[diff] [blame]53#endif
54
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]55/* Crash points */
56struct crashpoint {
57 const char *name;
58 const struct file_operations fops;
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]59 struct kprobe kprobe;
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]60};
61
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]62#define CRASHPOINT(_name, _symbol) \
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]63 { \
64 .name = _name, \
65 .fops = { \
66 .read = lkdtm_debugfs_read, \
67 .llseek = generic_file_llseek, \
68 .open = lkdtm_debugfs_open, \
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]69 .write = CRASHPOINT_WRITE(_symbol) \
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]70 }, \
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]71 CRASHPOINT_KPROBE(_symbol) \
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]72 }
73
74/* Define the possible places where we can trigger a crash point. */
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]75static struct crashpoint crashpoints[] = {
76 CRASHPOINT("DIRECT", NULL),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]77#ifdef CONFIG_KPROBES
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]78 CRASHPOINT("INT_HARDWARE_ENTRY", "do_IRQ"),
Ivan Delalande5be2a502018-01-24 17:16:22 -0800[diff] [blame]79 CRASHPOINT("INT_HW_IRQ_EN", "handle_irq_event"),
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]80 CRASHPOINT("INT_TASKLET_ENTRY", "tasklet_action"),
81 CRASHPOINT("FS_DEVRW", "ll_rw_block"),
82 CRASHPOINT("MEM_SWAPOUT", "shrink_inactive_list"),
83 CRASHPOINT("TIMERADD", "hrtimer_start"),
84 CRASHPOINT("SCSI_DISPATCH_CMD", "scsi_dispatch_cmd"),
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]85 CRASHPOINT("IDE_CORE_CP", "generic_ide_ioctl"),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]86#endif
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]87};
88
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]89
90/* Crash types. */
91struct crashtype {
92 const char *name;
93 void (*func)(void);
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]94};
95
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]96#define CRASHTYPE(_name) \
97 { \
98 .name = __stringify(_name), \
99 .func = lkdtm_ ## _name, \
100 }
101
102/* Define the possible types of crashes that can be triggered. */
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]103static const struct crashtype crashtypes[] = {
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]104 CRASHTYPE(PANIC),
105 CRASHTYPE(BUG),
106 CRASHTYPE(WARNING),
107 CRASHTYPE(EXCEPTION),
108 CRASHTYPE(LOOP),
109 CRASHTYPE(OVERFLOW),
Kees Cook6819d102016-08-17 14:42:12 -0700[diff] [blame]110 CRASHTYPE(CORRUPT_LIST_ADD),
111 CRASHTYPE(CORRUPT_LIST_DEL),
Kees Cooke22aa9d2017-03-24 10:51:25 -0700[diff] [blame]112 CRASHTYPE(CORRUPT_USER_DS),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]113 CRASHTYPE(CORRUPT_STACK),
Kees Cook93e78c62017-08-04 14:34:40 -0700[diff] [blame]114 CRASHTYPE(CORRUPT_STACK_STRONG),
Kees Cook7b25a852017-08-04 13:04:21 -0700[diff] [blame]115 CRASHTYPE(STACK_GUARD_PAGE_LEADING),
116 CRASHTYPE(STACK_GUARD_PAGE_TRAILING),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]117 CRASHTYPE(UNALIGNED_LOAD_STORE_WRITE),
118 CRASHTYPE(OVERWRITE_ALLOCATION),
119 CRASHTYPE(WRITE_AFTER_FREE),
120 CRASHTYPE(READ_AFTER_FREE),
121 CRASHTYPE(WRITE_BUDDY_AFTER_FREE),
122 CRASHTYPE(READ_BUDDY_AFTER_FREE),
123 CRASHTYPE(SOFTLOCKUP),
124 CRASHTYPE(HARDLOCKUP),
125 CRASHTYPE(SPINLOCKUP),
126 CRASHTYPE(HUNG_TASK),
127 CRASHTYPE(EXEC_DATA),
128 CRASHTYPE(EXEC_STACK),
129 CRASHTYPE(EXEC_KMALLOC),
130 CRASHTYPE(EXEC_VMALLOC),
131 CRASHTYPE(EXEC_RODATA),
132 CRASHTYPE(EXEC_USERSPACE),
Christophe Leroy59a12202018-12-14 15:26:20 +0000[diff] [blame]133 CRASHTYPE(EXEC_NULL),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]134 CRASHTYPE(ACCESS_USERSPACE),
Christophe Leroy59a12202018-12-14 15:26:20 +0000[diff] [blame]135 CRASHTYPE(ACCESS_NULL),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]136 CRASHTYPE(WRITE_RO),
137 CRASHTYPE(WRITE_RO_AFTER_INIT),
138 CRASHTYPE(WRITE_KERN),
Kees Cook95925c92017-04-24 13:23:21 -0700[diff] [blame]139 CRASHTYPE(REFCOUNT_INC_OVERFLOW),
140 CRASHTYPE(REFCOUNT_ADD_OVERFLOW),
141 CRASHTYPE(REFCOUNT_INC_NOT_ZERO_OVERFLOW),
142 CRASHTYPE(REFCOUNT_ADD_NOT_ZERO_OVERFLOW),
143 CRASHTYPE(REFCOUNT_DEC_ZERO),
144 CRASHTYPE(REFCOUNT_DEC_NEGATIVE),
145 CRASHTYPE(REFCOUNT_DEC_AND_TEST_NEGATIVE),
146 CRASHTYPE(REFCOUNT_SUB_AND_TEST_NEGATIVE),
147 CRASHTYPE(REFCOUNT_INC_ZERO),
148 CRASHTYPE(REFCOUNT_ADD_ZERO),
149 CRASHTYPE(REFCOUNT_INC_SATURATED),
150 CRASHTYPE(REFCOUNT_DEC_SATURATED),
151 CRASHTYPE(REFCOUNT_ADD_SATURATED),
152 CRASHTYPE(REFCOUNT_INC_NOT_ZERO_SATURATED),
153 CRASHTYPE(REFCOUNT_ADD_NOT_ZERO_SATURATED),
154 CRASHTYPE(REFCOUNT_DEC_AND_TEST_SATURATED),
155 CRASHTYPE(REFCOUNT_SUB_AND_TEST_SATURATED),
Kees Cookc7fea482017-07-21 06:19:14 -0700[diff] [blame]156 CRASHTYPE(REFCOUNT_TIMING),
157 CRASHTYPE(ATOMIC_TIMING),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]158 CRASHTYPE(USERCOPY_HEAP_SIZE_TO),
159 CRASHTYPE(USERCOPY_HEAP_SIZE_FROM),
Kees Cooke47e3112017-06-14 18:56:55 -0700[diff] [blame]160 CRASHTYPE(USERCOPY_HEAP_WHITELIST_TO),
161 CRASHTYPE(USERCOPY_HEAP_WHITELIST_FROM),
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]162 CRASHTYPE(USERCOPY_STACK_FRAME_TO),
163 CRASHTYPE(USERCOPY_STACK_FRAME_FROM),
164 CRASHTYPE(USERCOPY_STACK_BEYOND),
165 CRASHTYPE(USERCOPY_KERNEL),
Jann Hornbef45902018-08-28 22:14:21 +0200[diff] [blame]166 CRASHTYPE(USERCOPY_KERNEL_DS),
Alexander Popovf90d1e02018-08-17 01:17:00 +0300[diff] [blame]167 CRASHTYPE(STACKLEAK_ERASING),
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]168};
169
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]170
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]171/* Global kprobe entry and crashtype. */
172static struct kprobe *lkdtm_kprobe;
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]173static struct crashpoint *lkdtm_crashpoint;
174static const struct crashtype *lkdtm_crashtype;
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]175
Kees Cookd87c9782016-06-29 08:07:11 -0700[diff] [blame]176/* Module parameters */
177static int recur_count = -1;
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]178module_param(recur_count, int, 0644);
Kees Cook7d196ac2013-10-24 09:25:39 -0700[diff] [blame]179MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test");
Kees Cookd87c9782016-06-29 08:07:11 -0700[diff] [blame]180
181static char* cpoint_name;
Rusty Russelldca41302010-08-11 23:04:21 -0600[diff] [blame]182module_param(cpoint_name, charp, 0444);
Randy Dunlap5d861d92006-11-02 22:07:06 -0800[diff] [blame]183MODULE_PARM_DESC(cpoint_name, " Crash Point, where kernel is to be crashed");
Kees Cookd87c9782016-06-29 08:07:11 -0700[diff] [blame]184
185static char* cpoint_type;
Rusty Russelldca41302010-08-11 23:04:21 -0600[diff] [blame]186module_param(cpoint_type, charp, 0444);
Randy Dunlap5d861d92006-11-02 22:07:06 -0800[diff] [blame]187MODULE_PARM_DESC(cpoint_type, " Crash Point Type, action to be taken on "\
188 "hitting the crash point");
Kees Cookd87c9782016-06-29 08:07:11 -0700[diff] [blame]189
190static int cpoint_count = DEFAULT_COUNT;
Randy Dunlap5d861d92006-11-02 22:07:06 -0800[diff] [blame]191module_param(cpoint_count, int, 0644);
192MODULE_PARM_DESC(cpoint_count, " Crash Point Count, number of times the "\
193 "crash point is to be hit to trigger action");
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]194
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]195
196/* Return the crashtype number or NULL if the name is invalid */
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]197static const struct crashtype *find_crashtype(const char *name)
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]198{
199 int i;
200
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]201 for (i = 0; i < ARRAY_SIZE(crashtypes); i++) {
202 if (!strcmp(name, crashtypes[i].name))
203 return &crashtypes[i];
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]204 }
205
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]206 return NULL;
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]207}
208
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]209/*
210 * This is forced noinline just so it distinctly shows up in the stackdump
211 * which makes validation of expected lkdtm crashes easier.
212 */
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]213static noinline void lkdtm_do_action(const struct crashtype *crashtype)
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]214{
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]215 if (WARN_ON(!crashtype || !crashtype->func))
216 return;
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]217 crashtype->func();
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]218}
219
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]220static int lkdtm_register_cpoint(struct crashpoint *crashpoint,
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]221 const struct crashtype *crashtype)
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]222{
223 int ret;
224
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]225 /* If this doesn't have a symbol, just call immediately. */
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]226 if (!crashpoint->kprobe.symbol_name) {
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]227 lkdtm_do_action(crashtype);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]228 return 0;
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]229 }
230
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]231 if (lkdtm_kprobe != NULL)
232 unregister_kprobe(lkdtm_kprobe);
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]233
234 lkdtm_crashpoint = crashpoint;
235 lkdtm_crashtype = crashtype;
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]236 lkdtm_kprobe = &crashpoint->kprobe;
237 ret = register_kprobe(lkdtm_kprobe);
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]238 if (ret < 0) {
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]239 pr_info("Couldn't register kprobe %s\n",
240 crashpoint->kprobe.symbol_name);
241 lkdtm_kprobe = NULL;
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]242 lkdtm_crashpoint = NULL;
243 lkdtm_crashtype = NULL;
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]244 }
245
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]246 return ret;
247}
248
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]249#ifdef CONFIG_KPROBES
250/* Global crash counter and spinlock. */
251static int crash_count = DEFAULT_COUNT;
252static DEFINE_SPINLOCK(crash_count_lock);
253
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]254/* Called by kprobe entry points. */
255static int lkdtm_kprobe_handler(struct kprobe *kp, struct pt_regs *regs)
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]256{
257 unsigned long flags;
258 bool do_it = false;
259
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]260 if (WARN_ON(!lkdtm_crashpoint || !lkdtm_crashtype))
261 return 0;
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]262
263 spin_lock_irqsave(&crash_count_lock, flags);
264 crash_count--;
265 pr_info("Crash point %s of type %s hit, trigger in %d rounds\n",
266 lkdtm_crashpoint->name, lkdtm_crashtype->name, crash_count);
267
268 if (crash_count == 0) {
269 do_it = true;
270 crash_count = cpoint_count;
271 }
272 spin_unlock_irqrestore(&crash_count_lock, flags);
273
274 if (do_it)
275 lkdtm_do_action(lkdtm_crashtype);
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]276
277 return 0;
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]278}
279
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]280static ssize_t lkdtm_debugfs_entry(struct file *f,
281 const char __user *user_buf,
282 size_t count, loff_t *off)
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]283{
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]284 struct crashpoint *crashpoint = file_inode(f)->i_private;
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]285 const struct crashtype *crashtype = NULL;
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]286 char *buf;
287 int err;
288
289 if (count >= PAGE_SIZE)
290 return -EINVAL;
291
292 buf = (char *)__get_free_page(GFP_KERNEL);
293 if (!buf)
294 return -ENOMEM;
295 if (copy_from_user(buf, user_buf, count)) {
296 free_page((unsigned long) buf);
297 return -EFAULT;
298 }
299 /* NULL-terminate and remove enter */
300 buf[count] = '\0';
301 strim(buf);
302
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]303 crashtype = find_crashtype(buf);
304 free_page((unsigned long)buf);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]305
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]306 if (!crashtype)
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]307 return -EINVAL;
308
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]309 err = lkdtm_register_cpoint(crashpoint, crashtype);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]310 if (err < 0)
311 return err;
312
313 *off += count;
314
315 return count;
316}
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]317#endif
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]318
319/* Generic read callback that just prints out the available crash types */
320static ssize_t lkdtm_debugfs_read(struct file *f, char __user *user_buf,
321 size_t count, loff_t *off)
322{
323 char *buf;
324 int i, n, out;
325
326 buf = (char *)__get_free_page(GFP_KERNEL);
Alan Cox086ff4b2012-07-30 14:43:24 -0700[diff] [blame]327 if (buf == NULL)
328 return -ENOMEM;
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]329
Silvio Cesare87bf65bc2019-01-12 16:28:37 +0100[diff] [blame]330 n = scnprintf(buf, PAGE_SIZE, "Available crash types:\n");
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]331 for (i = 0; i < ARRAY_SIZE(crashtypes); i++) {
Silvio Cesare87bf65bc2019-01-12 16:28:37 +0100[diff] [blame]332 n += scnprintf(buf + n, PAGE_SIZE - n, "%s\n",
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]333 crashtypes[i].name);
334 }
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]335 buf[n] = '\0';
336
337 out = simple_read_from_buffer(user_buf, count, off,
338 buf, n);
339 free_page((unsigned long) buf);
340
341 return out;
342}
343
344static int lkdtm_debugfs_open(struct inode *inode, struct file *file)
345{
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]346 return 0;
347}
348
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]349/* Special entry to just crash directly. Available without KPROBEs */
350static ssize_t direct_entry(struct file *f, const char __user *user_buf,
351 size_t count, loff_t *off)
352{
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]353 const struct crashtype *crashtype;
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]354 char *buf;
355
356 if (count >= PAGE_SIZE)
357 return -EINVAL;
358 if (count < 1)
359 return -EINVAL;
360
361 buf = (char *)__get_free_page(GFP_KERNEL);
362 if (!buf)
363 return -ENOMEM;
364 if (copy_from_user(buf, user_buf, count)) {
365 free_page((unsigned long) buf);
366 return -EFAULT;
367 }
368 /* NULL-terminate and remove enter */
369 buf[count] = '\0';
370 strim(buf);
371
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]372 crashtype = find_crashtype(buf);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]373 free_page((unsigned long) buf);
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]374 if (!crashtype)
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]375 return -EINVAL;
376
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]377 pr_info("Performing direct entry %s\n", crashtype->name);
378 lkdtm_do_action(crashtype);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]379 *off += count;
380
381 return count;
382}
383
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]384static struct dentry *lkdtm_debugfs_root;
385
386static int __init lkdtm_module_init(void)
387{
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]388 struct crashpoint *crashpoint = NULL;
Kees Cook75f98b72017-10-20 06:31:49 -0700[diff] [blame]389 const struct crashtype *crashtype = NULL;
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]390 int ret = -EINVAL;
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]391 int i;
392
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]393 /* Neither or both of these need to be set */
394 if ((cpoint_type || cpoint_name) && !(cpoint_type && cpoint_name)) {
395 pr_err("Need both cpoint_type and cpoint_name or neither\n");
396 return -EINVAL;
397 }
398
399 if (cpoint_type) {
400 crashtype = find_crashtype(cpoint_type);
401 if (!crashtype) {
402 pr_err("Unknown crashtype '%s'\n", cpoint_type);
403 return -EINVAL;
404 }
405 }
406
407 if (cpoint_name) {
408 for (i = 0; i < ARRAY_SIZE(crashpoints); i++) {
409 if (!strcmp(cpoint_name, crashpoints[i].name))
410 crashpoint = &crashpoints[i];
411 }
412
413 /* Refuse unknown crashpoints. */
414 if (!crashpoint) {
415 pr_err("Invalid crashpoint %s\n", cpoint_name);
416 return -EINVAL;
417 }
418 }
419
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]420#ifdef CONFIG_KPROBES
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]421 /* Set crash count. */
422 crash_count = cpoint_count;
Arnd Bergmann2b271cb72016-07-15 15:58:55 -0700[diff] [blame]423#endif
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]424
Kees Cooka3dff712016-06-26 08:46:23 -0700[diff] [blame]425 /* Handle test-specific initialization. */
Kees Cook00f496c2016-06-26 22:17:25 -0700[diff] [blame]426 lkdtm_bugs_init(&recur_count);
Kees Cook0d9eb292016-06-26 15:12:31 -0700[diff] [blame]427 lkdtm_perms_init();
Kees Cooka3dff712016-06-26 08:46:23 -0700[diff] [blame]428 lkdtm_usercopy_init();
429
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]430 /* Register debugfs interface */
431 lkdtm_debugfs_root = debugfs_create_dir("provoke-crash", NULL);
432 if (!lkdtm_debugfs_root) {
Kees Cookfeac6e22014-02-09 13:48:46 -0800[diff] [blame]433 pr_err("creating root dir failed\n");
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]434 return -ENODEV;
435 }
436
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]437 /* Install debugfs trigger files. */
438 for (i = 0; i < ARRAY_SIZE(crashpoints); i++) {
439 struct crashpoint *cur = &crashpoints[i];
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]440 struct dentry *de;
441
442 de = debugfs_create_file(cur->name, 0644, lkdtm_debugfs_root,
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]443 cur, &cur->fops);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]444 if (de == NULL) {
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]445 pr_err("could not create crashpoint %s\n", cur->name);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]446 goto out_err;
447 }
448 }
449
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]450 /* Install crashpoint if one was selected. */
451 if (crashpoint) {
452 ret = lkdtm_register_cpoint(crashpoint, crashtype);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]453 if (ret < 0) {
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]454 pr_info("Invalid crashpoint %s\n", crashpoint->name);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]455 goto out_err;
456 }
Kees Cookfeac6e22014-02-09 13:48:46 -0800[diff] [blame]457 pr_info("Crash point %s of type %s registered\n",
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]458 crashpoint->name, cpoint_type);
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]459 } else {
Kees Cookfeac6e22014-02-09 13:48:46 -0800[diff] [blame]460 pr_info("No crash points registered, enable through debugfs\n");
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]461 }
462
463 return 0;
464
465out_err:
466 debugfs_remove_recursive(lkdtm_debugfs_root);
467 return ret;
468}
469
Adrian Bunk21181162008-02-06 01:36:50 -0800[diff] [blame]470static void __exit lkdtm_module_exit(void)
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]471{
Simon Kagstrom0347af42010-03-05 13:42:49 -0800[diff] [blame]472 debugfs_remove_recursive(lkdtm_debugfs_root);
473
Kees Cooka3dff712016-06-26 08:46:23 -0700[diff] [blame]474 /* Handle test-specific clean-up. */
475 lkdtm_usercopy_exit();
Kees Cookaa981a62016-06-03 12:06:52 -0700[diff] [blame]476
Kees Cook31c5c872017-10-20 06:31:27 -0700[diff] [blame]477 if (lkdtm_kprobe != NULL)
478 unregister_kprobe(lkdtm_kprobe);
Juerg Haefliger9ba60572017-01-19 11:40:13 +0100[diff] [blame]479
Kees Cookfeac6e22014-02-09 13:48:46 -0800[diff] [blame]480 pr_info("Crash point unregistered\n");
Ankita Garg8bb31b92006-10-02 02:17:36 -0700[diff] [blame]481}
482
483module_init(lkdtm_module_init);
484module_exit(lkdtm_module_exit);
485
486MODULE_LICENSE("GPL");
Kees Cookc479e3f2016-06-29 08:18:27 -0700[diff] [blame]487MODULE_DESCRIPTION("Kernel crash testing module");