mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
ef8f3d48af
Merge updates from Andrew Morton:
"Am experimenting with splitting MM up into identifiable subsystems
perhaps with a view to gitifying it in complex ways. Also with more
verbose "incoming" emails.
Most of MM is here and a few other trees.
Subsystems affected by this patch series:
- hotfixes
- iommu
- scripts
- arch/sh
- ocfs2
- mm:slab-generic
- mm:slub
- mm:kmemleak
- mm:kasan
- mm:cleanups
- mm:debug
- mm:pagecache
- mm:swap
- mm:memcg
- mm:gup
- mm:pagemap
- mm:infrastructure
- mm:vmalloc
- mm:initialization
- mm:pagealloc
- mm:vmscan
- mm:tools
- mm:proc
- mm:ras
- mm:oom-kill
hotfixes:
mm: vmscan: scan anonymous pages on file refaults
mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
mm/memcontrol: fix wrong statistics in memory.stat
mm/z3fold.c: lock z3fold page before __SetPageMovable()
nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
MAINTAINERS: nilfs2: update email address
iommu:
include/linux/dmar.h: replace single-char identifiers in macros
scripts:
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
scripts/decode_stacktrace: look for modules with .ko.debug extension
scripts/spelling.txt: drop "sepc" from the misspelling list
scripts/spelling.txt: add spelling fix for prohibited
scripts/decode_stacktrace: Accept dash/underscore in modules
scripts/spelling.txt: add more spellings to spelling.txt
arch/sh:
arch/sh/configs/sdk7786_defconfig: remove CONFIG_LOGFS
sh: config: remove left-over BACKLIGHT_LCD_SUPPORT
sh: prevent warnings when using iounmap
ocfs2:
fs: ocfs: fix spelling mistake "hearbeating" -> "heartbeat"
ocfs2/dlm: use struct_size() helper
ocfs2: add last unlock times in locking_state
ocfs2: add locking filter debugfs file
ocfs2: add first lock wait time in locking_state
ocfs: no need to check return value of debugfs_create functions
fs/ocfs2/dlmglue.c: unneeded variable: "status"
ocfs2: use kmemdup rather than duplicating its implementation
mm:slab-generic:
Patch series "mm/slab: Improved sanity checking":
mm/slab: validate cache membership under freelist hardening
mm/slab: sanity-check page type when looking up cache
lkdtm/heap: add tests for freelist hardening
mm:slub:
mm/slub.c: avoid double string traverse in kmem_cache_flags()
slub: don't panic for memcg kmem cache creation failure
mm:kmemleak:
mm/kmemleak.c: fix check for softirq context
mm/kmemleak.c: change error at _write when kmemleak is disabled
docs: kmemleak: add more documentation details
mm:kasan:
mm/kasan: print frame description for stack bugs
Patch series "Bitops instrumentation for KASAN", v5:
lib/test_kasan: add bitops tests
x86: use static_cpu_has in uaccess region to avoid instrumentation
asm-generic, x86: add bitops instrumentation for KASAN
Patch series "mm/kasan: Add object validation in ksize()", v3:
mm/kasan: introduce __kasan_check_{read,write}
mm/kasan: change kasan_check_{read,write} to return boolean
lib/test_kasan: Add test for double-kzfree detection
mm/slab: refactor common ksize KASAN logic into slab_common.c
mm/kasan: add object validation in ksize()
mm:cleanups:
include/linux/pfn_t.h: remove pfn_t_to_virt()
Patch series "remove ARCH_SELECT_MEMORY_MODEL where it has no effect":
arm: remove ARCH_SELECT_MEMORY_MODEL
s390: remove ARCH_SELECT_MEMORY_MODEL
sparc: remove ARCH_SELECT_MEMORY_MODEL
mm/gup.c: make follow_page_mask() static
mm/memory.c: trivial clean up in insert_page()
mm: make !CONFIG_HUGE_PAGE wrappers into static inlines
include/linux/mm_types.h: ifdef struct vm_area_struct::swap_readahead_info
mm: remove the account_page_dirtied export
mm/page_isolation.c: change the prototype of undo_isolate_page_range()
include/linux/vmpressure.h: use spinlock_t instead of struct spinlock
mm: remove the exporting of totalram_pages
include/linux/pagemap.h: document trylock_page() return value
mm:debug:
mm/failslab.c: by default, do not fail allocations with direct reclaim only
Patch series "debug_pagealloc improvements":
mm, debug_pagelloc: use static keys to enable debugging
mm, page_alloc: more extensive free page checking with debug_pagealloc
mm, debug_pagealloc: use a page type instead of page_ext flag
mm:pagecache:
Patch series "fix filler_t callback type mismatches", v2:
mm/filemap.c: fix an overly long line in read_cache_page
mm/filemap: don't cast ->readpage to filler_t for do_read_cache_page
jffs2: pass the correct prototype to read_cache_page
9p: pass the correct prototype to read_cache_page
mm/filemap.c: correct the comment about VM_FAULT_RETRY
mm:swap:
mm, swap: fix race between swapoff and some swap operations
mm/swap_state.c: simplify total_swapcache_pages() with get_swap_device()
mm, swap: use rbtree for swap_extent
mm/mincore.c: fix race between swapoff and mincore
mm:memcg:
memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL
memcg, fsnotify: no oom-kill for remote memcg charging
mm, memcg: introduce memory.events.local
mm: memcontrol: dump memory.stat during cgroup OOM
Patch series "mm: reparent slab memory on cgroup removal", v7:
mm: memcg/slab: postpone kmem_cache memcg pointer initialization to memcg_link_cache()
mm: memcg/slab: rename slab delayed deactivation functions and fields
mm: memcg/slab: generalize postponed non-root kmem_cache deactivation
mm: memcg/slab: introduce __memcg_kmem_uncharge_memcg()
mm: memcg/slab: unify SLAB and SLUB page accounting
mm: memcg/slab: don't check the dying flag on kmem_cache creation
mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock
mm: memcg/slab: rework non-root kmem_cache lifecycle management
mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
mm, memcg: add a memcg_slabinfo debugfs file
mm:gup:
Patch series "switch the remaining architectures to use generic GUP", v4:
mm: use untagged_addr() for get_user_pages_fast addresses
mm: simplify gup_fast_permitted
mm: lift the x86_32 PAE version of gup_get_pte to common code
MIPS: use the generic get_user_pages_fast code
sh: add the missing pud_page definition
sh: use the generic get_user_pages_fast code
sparc64: add the missing pgd_page definition
sparc64: define untagged_addr()
sparc64: use the generic get_user_pages_fast code
mm: rename CONFIG_HAVE_GENERIC_GUP to CONFIG_HAVE_FAST_GUP
mm: reorder code blocks in gup.c
mm: consolidate the get_user_pages* implementations
mm: validate get_user_pages_fast flags
mm: move the powerpc hugepd code to mm/gup.c
mm: switch gup_hugepte to use try_get_compound_head
mm: mark the page referenced in gup_hugepte
mm/gup: speed up check_and_migrate_cma_pages() on huge page
mm/gup.c: remove some BUG_ONs from get_gate_page()
mm/gup.c: mark undo_dev_pagemap as __maybe_unused
mm:pagemap:
asm-generic, x86: introduce generic pte_{alloc,free}_one[_kernel]
alpha: switch to generic version of pte allocation
arm: switch to generic version of pte allocation
arm64: switch to generic version of pte allocation
csky: switch to generic version of pte allocation
m68k: sun3: switch to generic version of pte allocation
mips: switch to generic version of pte allocation
nds32: switch to generic version of pte allocation
nios2: switch to generic version of pte allocation
parisc: switch to generic version of pte allocation
riscv: switch to generic version of pte allocation
um: switch to generic version of pte allocation
unicore32: switch to generic version of pte allocation
mm/pgtable: drop pgtable_t variable from pte_fn_t functions
mm/memory.c: fail when offset == num in first check of __vm_map_pages()
mm:infrastructure:
mm/mmu_notifier: use hlist_add_head_rcu()
mm:vmalloc:
Patch series "Some cleanups for the KVA/vmalloc", v5:
mm/vmalloc.c: remove "node" argument
mm/vmalloc.c: preload a CPU with one object for split purpose
mm/vmalloc.c: get rid of one single unlink_va() when merge
mm/vmalloc.c: switch to WARN_ON() and move it under unlink_va()
mm/vmalloc.c: spelling> s/informaion/information/
mm:initialization:
mm/large system hash: use vmalloc for size > MAX_ORDER when !hashdist
mm/large system hash: clear hashdist when only one node with memory is booted
mm:pagealloc:
arm64: move jump_label_init() before parse_early_param()
Patch series "add init_on_alloc/init_on_free boot options", v10:
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
mm: init: report memory auto-initialization features at boot time
mm:vmscan:
mm: vmscan: remove double slab pressure by inc'ing sc->nr_scanned
mm: vmscan: correct some vmscan counters for THP swapout
mm:tools:
tools/vm/slabinfo: order command line options
tools/vm/slabinfo: add partial slab listing to -X
tools/vm/slabinfo: add option to sort by partial slabs
tools/vm/slabinfo: add sorting info to help menu
mm:proc:
proc: use down_read_killable mmap_sem for /proc/pid/maps
proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup
proc: use down_read_killable mmap_sem for /proc/pid/pagemap
proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
proc: use down_read_killable mmap_sem for /proc/pid/map_files
mm: use down_read_killable for locking mmap_sem in access_remote_vm
mm: smaps: split PSS into components
mm: vmalloc: show number of vmalloc pages in /proc/meminfo
mm:ras:
mm/memory-failure.c: clarify error message
mm:oom-kill:
mm: memcontrol: use CSS_TASK_ITER_PROCS at mem_cgroup_scan_tasks()
mm, oom: refactor dump_tasks for memcg OOMs
mm, oom: remove redundant task_in_mem_cgroup() check
oom: decouple mems_allowed from oom_unkillable_task
mm/oom_kill.c: remove redundant OOM score normalization in select_bad_process()"
* akpm: (147 commits)
mm/oom_kill.c: remove redundant OOM score normalization in select_bad_process()
oom: decouple mems_allowed from oom_unkillable_task
mm, oom: remove redundant task_in_mem_cgroup() check
mm, oom: refactor dump_tasks for memcg OOMs
mm: memcontrol: use CSS_TASK_ITER_PROCS at mem_cgroup_scan_tasks()
mm/memory-failure.c: clarify error message
mm: vmalloc: show number of vmalloc pages in /proc/meminfo
mm: smaps: split PSS into components
mm: use down_read_killable for locking mmap_sem in access_remote_vm
proc: use down_read_killable mmap_sem for /proc/pid/map_files
proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
proc: use down_read_killable mmap_sem for /proc/pid/pagemap
proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup
proc: use down_read_killable mmap_sem for /proc/pid/maps
tools/vm/slabinfo: add sorting info to help menu
tools/vm/slabinfo: add option to sort by partial slabs
tools/vm/slabinfo: add partial slab listing to -X
tools/vm/slabinfo: order command line options
mm: vmscan: correct some vmscan counters for THP swapout
mm: vmscan: remove double slab pressure by inc'ing sc->nr_scanned
...
493 lines
12 KiB
C
493 lines
12 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* Linux Kernel Dump Test Module for testing kernel crashes conditions:
|
|
* induces system failures at predefined crashpoints and under predefined
|
|
* operational conditions in order to evaluate the reliability of kernel
|
|
* sanity checking and crash dumps obtained using different dumping
|
|
* solutions.
|
|
*
|
|
* Copyright (C) IBM Corporation, 2006
|
|
*
|
|
* Author: Ankita Garg <ankita@in.ibm.com>
|
|
*
|
|
* It is adapted from the Linux Kernel Dump Test Tool by
|
|
* Fernando Luis Vazquez Cao <http://lkdtt.sourceforge.net>
|
|
*
|
|
* Debugfs support added by Simon Kagstrom <simon.kagstrom@netinsight.net>
|
|
*
|
|
* See Documentation/fault-injection/provoke-crashes.rst for instructions
|
|
*/
|
|
#include "lkdtm.h"
|
|
#include <linux/fs.h>
|
|
#include <linux/module.h>
|
|
#include <linux/buffer_head.h>
|
|
#include <linux/kprobes.h>
|
|
#include <linux/list.h>
|
|
#include <linux/init.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/debugfs.h>
|
|
|
|
#define DEFAULT_COUNT 10
|
|
|
|
static int lkdtm_debugfs_open(struct inode *inode, struct file *file);
|
|
static ssize_t lkdtm_debugfs_read(struct file *f, char __user *user_buf,
|
|
size_t count, loff_t *off);
|
|
static ssize_t direct_entry(struct file *f, const char __user *user_buf,
|
|
size_t count, loff_t *off);
|
|
|
|
#ifdef CONFIG_KPROBES
|
|
static int lkdtm_kprobe_handler(struct kprobe *kp, struct pt_regs *regs);
|
|
static ssize_t lkdtm_debugfs_entry(struct file *f,
|
|
const char __user *user_buf,
|
|
size_t count, loff_t *off);
|
|
# define CRASHPOINT_KPROBE(_symbol) \
|
|
.kprobe = { \
|
|
.symbol_name = (_symbol), \
|
|
.pre_handler = lkdtm_kprobe_handler, \
|
|
},
|
|
# define CRASHPOINT_WRITE(_symbol) \
|
|
(_symbol) ? lkdtm_debugfs_entry : direct_entry
|
|
#else
|
|
# define CRASHPOINT_KPROBE(_symbol)
|
|
# define CRASHPOINT_WRITE(_symbol) direct_entry
|
|
#endif
|
|
|
|
/* Crash points */
|
|
struct crashpoint {
|
|
const char *name;
|
|
const struct file_operations fops;
|
|
struct kprobe kprobe;
|
|
};
|
|
|
|
#define CRASHPOINT(_name, _symbol) \
|
|
{ \
|
|
.name = _name, \
|
|
.fops = { \
|
|
.read = lkdtm_debugfs_read, \
|
|
.llseek = generic_file_llseek, \
|
|
.open = lkdtm_debugfs_open, \
|
|
.write = CRASHPOINT_WRITE(_symbol) \
|
|
}, \
|
|
CRASHPOINT_KPROBE(_symbol) \
|
|
}
|
|
|
|
/* Define the possible places where we can trigger a crash point. */
|
|
static struct crashpoint crashpoints[] = {
|
|
CRASHPOINT("DIRECT", NULL),
|
|
#ifdef CONFIG_KPROBES
|
|
CRASHPOINT("INT_HARDWARE_ENTRY", "do_IRQ"),
|
|
CRASHPOINT("INT_HW_IRQ_EN", "handle_irq_event"),
|
|
CRASHPOINT("INT_TASKLET_ENTRY", "tasklet_action"),
|
|
CRASHPOINT("FS_DEVRW", "ll_rw_block"),
|
|
CRASHPOINT("MEM_SWAPOUT", "shrink_inactive_list"),
|
|
CRASHPOINT("TIMERADD", "hrtimer_start"),
|
|
CRASHPOINT("SCSI_DISPATCH_CMD", "scsi_dispatch_cmd"),
|
|
CRASHPOINT("IDE_CORE_CP", "generic_ide_ioctl"),
|
|
#endif
|
|
};
|
|
|
|
|
|
/* Crash types. */
|
|
struct crashtype {
|
|
const char *name;
|
|
void (*func)(void);
|
|
};
|
|
|
|
#define CRASHTYPE(_name) \
|
|
{ \
|
|
.name = __stringify(_name), \
|
|
.func = lkdtm_ ## _name, \
|
|
}
|
|
|
|
/* Define the possible types of crashes that can be triggered. */
|
|
static const struct crashtype crashtypes[] = {
|
|
CRASHTYPE(PANIC),
|
|
CRASHTYPE(BUG),
|
|
CRASHTYPE(WARNING),
|
|
CRASHTYPE(EXCEPTION),
|
|
CRASHTYPE(LOOP),
|
|
CRASHTYPE(EXHAUST_STACK),
|
|
CRASHTYPE(CORRUPT_STACK),
|
|
CRASHTYPE(CORRUPT_STACK_STRONG),
|
|
CRASHTYPE(CORRUPT_LIST_ADD),
|
|
CRASHTYPE(CORRUPT_LIST_DEL),
|
|
CRASHTYPE(CORRUPT_USER_DS),
|
|
CRASHTYPE(STACK_GUARD_PAGE_LEADING),
|
|
CRASHTYPE(STACK_GUARD_PAGE_TRAILING),
|
|
CRASHTYPE(UNSET_SMEP),
|
|
CRASHTYPE(UNALIGNED_LOAD_STORE_WRITE),
|
|
CRASHTYPE(OVERWRITE_ALLOCATION),
|
|
CRASHTYPE(WRITE_AFTER_FREE),
|
|
CRASHTYPE(READ_AFTER_FREE),
|
|
CRASHTYPE(WRITE_BUDDY_AFTER_FREE),
|
|
CRASHTYPE(READ_BUDDY_AFTER_FREE),
|
|
CRASHTYPE(SLAB_FREE_DOUBLE),
|
|
CRASHTYPE(SLAB_FREE_CROSS),
|
|
CRASHTYPE(SLAB_FREE_PAGE),
|
|
CRASHTYPE(SOFTLOCKUP),
|
|
CRASHTYPE(HARDLOCKUP),
|
|
CRASHTYPE(SPINLOCKUP),
|
|
CRASHTYPE(HUNG_TASK),
|
|
CRASHTYPE(EXEC_DATA),
|
|
CRASHTYPE(EXEC_STACK),
|
|
CRASHTYPE(EXEC_KMALLOC),
|
|
CRASHTYPE(EXEC_VMALLOC),
|
|
CRASHTYPE(EXEC_RODATA),
|
|
CRASHTYPE(EXEC_USERSPACE),
|
|
CRASHTYPE(EXEC_NULL),
|
|
CRASHTYPE(ACCESS_USERSPACE),
|
|
CRASHTYPE(ACCESS_NULL),
|
|
CRASHTYPE(WRITE_RO),
|
|
CRASHTYPE(WRITE_RO_AFTER_INIT),
|
|
CRASHTYPE(WRITE_KERN),
|
|
CRASHTYPE(REFCOUNT_INC_OVERFLOW),
|
|
CRASHTYPE(REFCOUNT_ADD_OVERFLOW),
|
|
CRASHTYPE(REFCOUNT_INC_NOT_ZERO_OVERFLOW),
|
|
CRASHTYPE(REFCOUNT_ADD_NOT_ZERO_OVERFLOW),
|
|
CRASHTYPE(REFCOUNT_DEC_ZERO),
|
|
CRASHTYPE(REFCOUNT_DEC_NEGATIVE),
|
|
CRASHTYPE(REFCOUNT_DEC_AND_TEST_NEGATIVE),
|
|
CRASHTYPE(REFCOUNT_SUB_AND_TEST_NEGATIVE),
|
|
CRASHTYPE(REFCOUNT_INC_ZERO),
|
|
CRASHTYPE(REFCOUNT_ADD_ZERO),
|
|
CRASHTYPE(REFCOUNT_INC_SATURATED),
|
|
CRASHTYPE(REFCOUNT_DEC_SATURATED),
|
|
CRASHTYPE(REFCOUNT_ADD_SATURATED),
|
|
CRASHTYPE(REFCOUNT_INC_NOT_ZERO_SATURATED),
|
|
CRASHTYPE(REFCOUNT_ADD_NOT_ZERO_SATURATED),
|
|
CRASHTYPE(REFCOUNT_DEC_AND_TEST_SATURATED),
|
|
CRASHTYPE(REFCOUNT_SUB_AND_TEST_SATURATED),
|
|
CRASHTYPE(REFCOUNT_TIMING),
|
|
CRASHTYPE(ATOMIC_TIMING),
|
|
CRASHTYPE(USERCOPY_HEAP_SIZE_TO),
|
|
CRASHTYPE(USERCOPY_HEAP_SIZE_FROM),
|
|
CRASHTYPE(USERCOPY_HEAP_WHITELIST_TO),
|
|
CRASHTYPE(USERCOPY_HEAP_WHITELIST_FROM),
|
|
CRASHTYPE(USERCOPY_STACK_FRAME_TO),
|
|
CRASHTYPE(USERCOPY_STACK_FRAME_FROM),
|
|
CRASHTYPE(USERCOPY_STACK_BEYOND),
|
|
CRASHTYPE(USERCOPY_KERNEL),
|
|
CRASHTYPE(USERCOPY_KERNEL_DS),
|
|
CRASHTYPE(STACKLEAK_ERASING),
|
|
};
|
|
|
|
|
|
/* Global kprobe entry and crashtype. */
|
|
static struct kprobe *lkdtm_kprobe;
|
|
static struct crashpoint *lkdtm_crashpoint;
|
|
static const struct crashtype *lkdtm_crashtype;
|
|
|
|
/* Module parameters */
|
|
static int recur_count = -1;
|
|
module_param(recur_count, int, 0644);
|
|
MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test");
|
|
|
|
static char* cpoint_name;
|
|
module_param(cpoint_name, charp, 0444);
|
|
MODULE_PARM_DESC(cpoint_name, " Crash Point, where kernel is to be crashed");
|
|
|
|
static char* cpoint_type;
|
|
module_param(cpoint_type, charp, 0444);
|
|
MODULE_PARM_DESC(cpoint_type, " Crash Point Type, action to be taken on "\
|
|
"hitting the crash point");
|
|
|
|
static int cpoint_count = DEFAULT_COUNT;
|
|
module_param(cpoint_count, int, 0644);
|
|
MODULE_PARM_DESC(cpoint_count, " Crash Point Count, number of times the "\
|
|
"crash point is to be hit to trigger action");
|
|
|
|
|
|
/* Return the crashtype number or NULL if the name is invalid */
|
|
static const struct crashtype *find_crashtype(const char *name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(crashtypes); i++) {
|
|
if (!strcmp(name, crashtypes[i].name))
|
|
return &crashtypes[i];
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* This is forced noinline just so it distinctly shows up in the stackdump
|
|
* which makes validation of expected lkdtm crashes easier.
|
|
*/
|
|
static noinline void lkdtm_do_action(const struct crashtype *crashtype)
|
|
{
|
|
if (WARN_ON(!crashtype || !crashtype->func))
|
|
return;
|
|
crashtype->func();
|
|
}
|
|
|
|
static int lkdtm_register_cpoint(struct crashpoint *crashpoint,
|
|
const struct crashtype *crashtype)
|
|
{
|
|
int ret;
|
|
|
|
/* If this doesn't have a symbol, just call immediately. */
|
|
if (!crashpoint->kprobe.symbol_name) {
|
|
lkdtm_do_action(crashtype);
|
|
return 0;
|
|
}
|
|
|
|
if (lkdtm_kprobe != NULL)
|
|
unregister_kprobe(lkdtm_kprobe);
|
|
|
|
lkdtm_crashpoint = crashpoint;
|
|
lkdtm_crashtype = crashtype;
|
|
lkdtm_kprobe = &crashpoint->kprobe;
|
|
ret = register_kprobe(lkdtm_kprobe);
|
|
if (ret < 0) {
|
|
pr_info("Couldn't register kprobe %s\n",
|
|
crashpoint->kprobe.symbol_name);
|
|
lkdtm_kprobe = NULL;
|
|
lkdtm_crashpoint = NULL;
|
|
lkdtm_crashtype = NULL;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
#ifdef CONFIG_KPROBES
|
|
/* Global crash counter and spinlock. */
|
|
static int crash_count = DEFAULT_COUNT;
|
|
static DEFINE_SPINLOCK(crash_count_lock);
|
|
|
|
/* Called by kprobe entry points. */
|
|
static int lkdtm_kprobe_handler(struct kprobe *kp, struct pt_regs *regs)
|
|
{
|
|
unsigned long flags;
|
|
bool do_it = false;
|
|
|
|
if (WARN_ON(!lkdtm_crashpoint || !lkdtm_crashtype))
|
|
return 0;
|
|
|
|
spin_lock_irqsave(&crash_count_lock, flags);
|
|
crash_count--;
|
|
pr_info("Crash point %s of type %s hit, trigger in %d rounds\n",
|
|
lkdtm_crashpoint->name, lkdtm_crashtype->name, crash_count);
|
|
|
|
if (crash_count == 0) {
|
|
do_it = true;
|
|
crash_count = cpoint_count;
|
|
}
|
|
spin_unlock_irqrestore(&crash_count_lock, flags);
|
|
|
|
if (do_it)
|
|
lkdtm_do_action(lkdtm_crashtype);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static ssize_t lkdtm_debugfs_entry(struct file *f,
|
|
const char __user *user_buf,
|
|
size_t count, loff_t *off)
|
|
{
|
|
struct crashpoint *crashpoint = file_inode(f)->i_private;
|
|
const struct crashtype *crashtype = NULL;
|
|
char *buf;
|
|
int err;
|
|
|
|
if (count >= PAGE_SIZE)
|
|
return -EINVAL;
|
|
|
|
buf = (char *)__get_free_page(GFP_KERNEL);
|
|
if (!buf)
|
|
return -ENOMEM;
|
|
if (copy_from_user(buf, user_buf, count)) {
|
|
free_page((unsigned long) buf);
|
|
return -EFAULT;
|
|
}
|
|
/* NULL-terminate and remove enter */
|
|
buf[count] = '\0';
|
|
strim(buf);
|
|
|
|
crashtype = find_crashtype(buf);
|
|
free_page((unsigned long)buf);
|
|
|
|
if (!crashtype)
|
|
return -EINVAL;
|
|
|
|
err = lkdtm_register_cpoint(crashpoint, crashtype);
|
|
if (err < 0)
|
|
return err;
|
|
|
|
*off += count;
|
|
|
|
return count;
|
|
}
|
|
#endif
|
|
|
|
/* Generic read callback that just prints out the available crash types */
|
|
static ssize_t lkdtm_debugfs_read(struct file *f, char __user *user_buf,
|
|
size_t count, loff_t *off)
|
|
{
|
|
char *buf;
|
|
int i, n, out;
|
|
|
|
buf = (char *)__get_free_page(GFP_KERNEL);
|
|
if (buf == NULL)
|
|
return -ENOMEM;
|
|
|
|
n = scnprintf(buf, PAGE_SIZE, "Available crash types:\n");
|
|
for (i = 0; i < ARRAY_SIZE(crashtypes); i++) {
|
|
n += scnprintf(buf + n, PAGE_SIZE - n, "%s\n",
|
|
crashtypes[i].name);
|
|
}
|
|
buf[n] = '\0';
|
|
|
|
out = simple_read_from_buffer(user_buf, count, off,
|
|
buf, n);
|
|
free_page((unsigned long) buf);
|
|
|
|
return out;
|
|
}
|
|
|
|
static int lkdtm_debugfs_open(struct inode *inode, struct file *file)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Special entry to just crash directly. Available without KPROBEs */
|
|
static ssize_t direct_entry(struct file *f, const char __user *user_buf,
|
|
size_t count, loff_t *off)
|
|
{
|
|
const struct crashtype *crashtype;
|
|
char *buf;
|
|
|
|
if (count >= PAGE_SIZE)
|
|
return -EINVAL;
|
|
if (count < 1)
|
|
return -EINVAL;
|
|
|
|
buf = (char *)__get_free_page(GFP_KERNEL);
|
|
if (!buf)
|
|
return -ENOMEM;
|
|
if (copy_from_user(buf, user_buf, count)) {
|
|
free_page((unsigned long) buf);
|
|
return -EFAULT;
|
|
}
|
|
/* NULL-terminate and remove enter */
|
|
buf[count] = '\0';
|
|
strim(buf);
|
|
|
|
crashtype = find_crashtype(buf);
|
|
free_page((unsigned long) buf);
|
|
if (!crashtype)
|
|
return -EINVAL;
|
|
|
|
pr_info("Performing direct entry %s\n", crashtype->name);
|
|
lkdtm_do_action(crashtype);
|
|
*off += count;
|
|
|
|
return count;
|
|
}
|
|
|
|
static struct dentry *lkdtm_debugfs_root;
|
|
|
|
static int __init lkdtm_module_init(void)
|
|
{
|
|
struct crashpoint *crashpoint = NULL;
|
|
const struct crashtype *crashtype = NULL;
|
|
int ret = -EINVAL;
|
|
int i;
|
|
|
|
/* Neither or both of these need to be set */
|
|
if ((cpoint_type || cpoint_name) && !(cpoint_type && cpoint_name)) {
|
|
pr_err("Need both cpoint_type and cpoint_name or neither\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
if (cpoint_type) {
|
|
crashtype = find_crashtype(cpoint_type);
|
|
if (!crashtype) {
|
|
pr_err("Unknown crashtype '%s'\n", cpoint_type);
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
|
|
if (cpoint_name) {
|
|
for (i = 0; i < ARRAY_SIZE(crashpoints); i++) {
|
|
if (!strcmp(cpoint_name, crashpoints[i].name))
|
|
crashpoint = &crashpoints[i];
|
|
}
|
|
|
|
/* Refuse unknown crashpoints. */
|
|
if (!crashpoint) {
|
|
pr_err("Invalid crashpoint %s\n", cpoint_name);
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_KPROBES
|
|
/* Set crash count. */
|
|
crash_count = cpoint_count;
|
|
#endif
|
|
|
|
/* Handle test-specific initialization. */
|
|
lkdtm_bugs_init(&recur_count);
|
|
lkdtm_perms_init();
|
|
lkdtm_usercopy_init();
|
|
lkdtm_heap_init();
|
|
|
|
/* Register debugfs interface */
|
|
lkdtm_debugfs_root = debugfs_create_dir("provoke-crash", NULL);
|
|
if (!lkdtm_debugfs_root) {
|
|
pr_err("creating root dir failed\n");
|
|
return -ENODEV;
|
|
}
|
|
|
|
/* Install debugfs trigger files. */
|
|
for (i = 0; i < ARRAY_SIZE(crashpoints); i++) {
|
|
struct crashpoint *cur = &crashpoints[i];
|
|
struct dentry *de;
|
|
|
|
de = debugfs_create_file(cur->name, 0644, lkdtm_debugfs_root,
|
|
cur, &cur->fops);
|
|
if (de == NULL) {
|
|
pr_err("could not create crashpoint %s\n", cur->name);
|
|
goto out_err;
|
|
}
|
|
}
|
|
|
|
/* Install crashpoint if one was selected. */
|
|
if (crashpoint) {
|
|
ret = lkdtm_register_cpoint(crashpoint, crashtype);
|
|
if (ret < 0) {
|
|
pr_info("Invalid crashpoint %s\n", crashpoint->name);
|
|
goto out_err;
|
|
}
|
|
pr_info("Crash point %s of type %s registered\n",
|
|
crashpoint->name, cpoint_type);
|
|
} else {
|
|
pr_info("No crash points registered, enable through debugfs\n");
|
|
}
|
|
|
|
return 0;
|
|
|
|
out_err:
|
|
debugfs_remove_recursive(lkdtm_debugfs_root);
|
|
return ret;
|
|
}
|
|
|
|
static void __exit lkdtm_module_exit(void)
|
|
{
|
|
debugfs_remove_recursive(lkdtm_debugfs_root);
|
|
|
|
/* Handle test-specific clean-up. */
|
|
lkdtm_heap_exit();
|
|
lkdtm_usercopy_exit();
|
|
|
|
if (lkdtm_kprobe != NULL)
|
|
unregister_kprobe(lkdtm_kprobe);
|
|
|
|
pr_info("Crash point unregistered\n");
|
|
}
|
|
|
|
module_init(lkdtm_module_init);
|
|
module_exit(lkdtm_module_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_DESCRIPTION("Kernel crash testing module");
|