1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * This code tests that the current task stack is properly erased (filled
4*4882a593Smuzhiyun * with STACKLEAK_POISON).
5*4882a593Smuzhiyun *
6*4882a593Smuzhiyun * Authors:
7*4882a593Smuzhiyun * Alexander Popov <alex.popov@linux.com>
8*4882a593Smuzhiyun * Tycho Andersen <tycho@tycho.ws>
9*4882a593Smuzhiyun */
10*4882a593Smuzhiyun
11*4882a593Smuzhiyun #include "lkdtm.h"
12*4882a593Smuzhiyun #include <linux/stackleak.h>
13*4882a593Smuzhiyun
lkdtm_STACKLEAK_ERASING(void)14*4882a593Smuzhiyun void lkdtm_STACKLEAK_ERASING(void)
15*4882a593Smuzhiyun {
16*4882a593Smuzhiyun unsigned long *sp, left, found, i;
17*4882a593Smuzhiyun const unsigned long check_depth =
18*4882a593Smuzhiyun STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
19*4882a593Smuzhiyun bool test_failed = false;
20*4882a593Smuzhiyun
21*4882a593Smuzhiyun /*
22*4882a593Smuzhiyun * For the details about the alignment of the poison values, see
23*4882a593Smuzhiyun * the comment in stackleak_track_stack().
24*4882a593Smuzhiyun */
25*4882a593Smuzhiyun sp = PTR_ALIGN(&i, sizeof(unsigned long));
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun left = ((unsigned long)sp & (THREAD_SIZE - 1)) / sizeof(unsigned long);
28*4882a593Smuzhiyun sp--;
29*4882a593Smuzhiyun
30*4882a593Smuzhiyun /*
31*4882a593Smuzhiyun * One 'long int' at the bottom of the thread stack is reserved
32*4882a593Smuzhiyun * and not poisoned.
33*4882a593Smuzhiyun */
34*4882a593Smuzhiyun if (left > 1) {
35*4882a593Smuzhiyun left--;
36*4882a593Smuzhiyun } else {
37*4882a593Smuzhiyun pr_err("FAIL: not enough stack space for the test\n");
38*4882a593Smuzhiyun test_failed = true;
39*4882a593Smuzhiyun goto end;
40*4882a593Smuzhiyun }
41*4882a593Smuzhiyun
42*4882a593Smuzhiyun pr_info("checking unused part of the thread stack (%lu bytes)...\n",
43*4882a593Smuzhiyun left * sizeof(unsigned long));
44*4882a593Smuzhiyun
45*4882a593Smuzhiyun /*
46*4882a593Smuzhiyun * Search for 'check_depth' poison values in a row (just like
47*4882a593Smuzhiyun * stackleak_erase() does).
48*4882a593Smuzhiyun */
49*4882a593Smuzhiyun for (i = 0, found = 0; i < left && found <= check_depth; i++) {
50*4882a593Smuzhiyun if (*(sp - i) == STACKLEAK_POISON)
51*4882a593Smuzhiyun found++;
52*4882a593Smuzhiyun else
53*4882a593Smuzhiyun found = 0;
54*4882a593Smuzhiyun }
55*4882a593Smuzhiyun
56*4882a593Smuzhiyun if (found <= check_depth) {
57*4882a593Smuzhiyun pr_err("FAIL: the erased part is not found (checked %lu bytes)\n",
58*4882a593Smuzhiyun i * sizeof(unsigned long));
59*4882a593Smuzhiyun test_failed = true;
60*4882a593Smuzhiyun goto end;
61*4882a593Smuzhiyun }
62*4882a593Smuzhiyun
63*4882a593Smuzhiyun pr_info("the erased part begins after %lu not poisoned bytes\n",
64*4882a593Smuzhiyun (i - found) * sizeof(unsigned long));
65*4882a593Smuzhiyun
66*4882a593Smuzhiyun /* The rest of thread stack should be erased */
67*4882a593Smuzhiyun for (; i < left; i++) {
68*4882a593Smuzhiyun if (*(sp - i) != STACKLEAK_POISON) {
69*4882a593Smuzhiyun pr_err("FAIL: bad value number %lu in the erased part: 0x%lx\n",
70*4882a593Smuzhiyun i, *(sp - i));
71*4882a593Smuzhiyun test_failed = true;
72*4882a593Smuzhiyun }
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun
75*4882a593Smuzhiyun end:
76*4882a593Smuzhiyun if (test_failed) {
77*4882a593Smuzhiyun pr_err("FAIL: the thread stack is NOT properly erased\n");
78*4882a593Smuzhiyun dump_stack();
79*4882a593Smuzhiyun } else {
80*4882a593Smuzhiyun pr_info("OK: the rest of the thread stack is properly erased\n");
81*4882a593Smuzhiyun }
82*4882a593Smuzhiyun }
83