d46e58ef77
Introduce REPORT_STACK_CANARY to check for differing stack canaries between two processes (i.e. that an architecture is correctly implementing per-task stack canaries), using the task_struct canary as the hint to locate in the stack. Requires that one of the processes being tested not be pid 1. Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20211022223826.330653-3-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
80 lines
2.3 KiB
Plaintext
80 lines
2.3 KiB
Plaintext
#PANIC
|
|
BUG kernel BUG at
|
|
WARNING WARNING:
|
|
WARNING_MESSAGE message trigger
|
|
EXCEPTION
|
|
#LOOP Hangs the system
|
|
#EXHAUST_STACK Corrupts memory on failure
|
|
#CORRUPT_STACK Crashes entire system on success
|
|
#CORRUPT_STACK_STRONG Crashes entire system on success
|
|
ARRAY_BOUNDS
|
|
CORRUPT_LIST_ADD list_add corruption
|
|
CORRUPT_LIST_DEL list_del corruption
|
|
STACK_GUARD_PAGE_LEADING
|
|
STACK_GUARD_PAGE_TRAILING
|
|
REPORT_STACK_CANARY repeat:2 ok: stack canaries differ
|
|
UNSET_SMEP pinned CR4 bits changed:
|
|
DOUBLE_FAULT
|
|
CORRUPT_PAC
|
|
UNALIGNED_LOAD_STORE_WRITE
|
|
SLAB_LINEAR_OVERFLOW
|
|
VMALLOC_LINEAR_OVERFLOW
|
|
#WRITE_AFTER_FREE Corrupts memory on failure
|
|
READ_AFTER_FREE call trace:|Memory correctly poisoned
|
|
#WRITE_BUDDY_AFTER_FREE Corrupts memory on failure
|
|
READ_BUDDY_AFTER_FREE call trace:|Memory correctly poisoned
|
|
SLAB_INIT_ON_ALLOC Memory appears initialized
|
|
BUDDY_INIT_ON_ALLOC Memory appears initialized
|
|
SLAB_FREE_DOUBLE
|
|
SLAB_FREE_CROSS
|
|
SLAB_FREE_PAGE
|
|
#SOFTLOCKUP Hangs the system
|
|
#HARDLOCKUP Hangs the system
|
|
#SPINLOCKUP Hangs the system
|
|
#HUNG_TASK Hangs the system
|
|
EXEC_DATA
|
|
EXEC_STACK
|
|
EXEC_KMALLOC
|
|
EXEC_VMALLOC
|
|
EXEC_RODATA
|
|
EXEC_USERSPACE
|
|
EXEC_NULL
|
|
ACCESS_USERSPACE
|
|
ACCESS_NULL
|
|
WRITE_RO
|
|
WRITE_RO_AFTER_INIT
|
|
WRITE_KERN
|
|
REFCOUNT_INC_OVERFLOW
|
|
REFCOUNT_ADD_OVERFLOW
|
|
REFCOUNT_INC_NOT_ZERO_OVERFLOW
|
|
REFCOUNT_ADD_NOT_ZERO_OVERFLOW
|
|
REFCOUNT_DEC_ZERO
|
|
REFCOUNT_DEC_NEGATIVE Negative detected: saturated
|
|
REFCOUNT_DEC_AND_TEST_NEGATIVE Negative detected: saturated
|
|
REFCOUNT_SUB_AND_TEST_NEGATIVE Negative detected: saturated
|
|
REFCOUNT_INC_ZERO
|
|
REFCOUNT_ADD_ZERO
|
|
REFCOUNT_INC_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_DEC_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_ADD_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_INC_NOT_ZERO_SATURATED
|
|
REFCOUNT_ADD_NOT_ZERO_SATURATED
|
|
REFCOUNT_DEC_AND_TEST_SATURATED Saturation detected: still saturated
|
|
REFCOUNT_SUB_AND_TEST_SATURATED Saturation detected: still saturated
|
|
#REFCOUNT_TIMING timing only
|
|
#ATOMIC_TIMING timing only
|
|
USERCOPY_HEAP_SIZE_TO
|
|
USERCOPY_HEAP_SIZE_FROM
|
|
USERCOPY_HEAP_WHITELIST_TO
|
|
USERCOPY_HEAP_WHITELIST_FROM
|
|
USERCOPY_STACK_FRAME_TO
|
|
USERCOPY_STACK_FRAME_FROM
|
|
USERCOPY_STACK_BEYOND
|
|
USERCOPY_KERNEL
|
|
STACKLEAK_ERASING OK: the rest of the thread stack is properly erased
|
|
CFI_FORWARD_PROTO
|
|
FORTIFIED_STRSCPY
|
|
FORTIFIED_OBJECT
|
|
FORTIFIED_SUBOBJECT
|
|
PPC_SLB_MULTIHIT Recovered
|