1 /*
2 * This is for all the tests related to logic bugs (e.g. bad dereferences,
3 * bad alignment, bad loops, bad locking, bad scheduling, deep stacks, and
4 * lockups) along with other things that don't fit well into existing LKDTM
5 * test source files.
6 */
7 #include "lkdtm.h"
8 #include <linux/sched.h>
9
10 /*
11 * Make sure our attempts to over run the kernel stack doesn't trigger
12 * a compiler warning when CONFIG_FRAME_WARN is set. Then make sure we
13 * recurse past the end of THREAD_SIZE by default.
14 */
15 #if defined(CONFIG_FRAME_WARN) && (CONFIG_FRAME_WARN > 0)
16 #define REC_STACK_SIZE (CONFIG_FRAME_WARN / 2)
17 #else
18 #define REC_STACK_SIZE (THREAD_SIZE / 8)
19 #endif
20 #define REC_NUM_DEFAULT ((THREAD_SIZE / REC_STACK_SIZE) * 2)
21
22 static int recur_count = REC_NUM_DEFAULT;
23
24 static DEFINE_SPINLOCK(lock_me_up);
25
recursive_loop(int remaining)26 static int recursive_loop(int remaining)
27 {
28 char buf[REC_STACK_SIZE];
29
30 /* Make sure compiler does not optimize this away. */
31 memset(buf, (remaining & 0xff) | 0x1, REC_STACK_SIZE);
32 if (!remaining)
33 return 0;
34 else
35 return recursive_loop(remaining - 1);
36 }
37
38 /* If the depth is negative, use the default, otherwise keep parameter. */
lkdtm_bugs_init(int * recur_param)39 void __init lkdtm_bugs_init(int *recur_param)
40 {
41 if (*recur_param < 0)
42 *recur_param = recur_count;
43 else
44 recur_count = *recur_param;
45 }
46
lkdtm_PANIC(void)47 void lkdtm_PANIC(void)
48 {
49 panic("dumptest");
50 }
51
lkdtm_BUG(void)52 void lkdtm_BUG(void)
53 {
54 BUG();
55 }
56
lkdtm_WARNING(void)57 void lkdtm_WARNING(void)
58 {
59 WARN_ON(1);
60 }
61
lkdtm_EXCEPTION(void)62 void lkdtm_EXCEPTION(void)
63 {
64 *((int *) 0) = 0;
65 }
66
lkdtm_LOOP(void)67 void lkdtm_LOOP(void)
68 {
69 for (;;)
70 ;
71 }
72
lkdtm_OVERFLOW(void)73 void lkdtm_OVERFLOW(void)
74 {
75 (void) recursive_loop(recur_count);
76 }
77
lkdtm_CORRUPT_STACK(void)78 noinline void lkdtm_CORRUPT_STACK(void)
79 {
80 /* Use default char array length that triggers stack protection. */
81 char data[8];
82
83 memset((void *)data, 0, 64);
84 }
85
lkdtm_UNALIGNED_LOAD_STORE_WRITE(void)86 void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void)
87 {
88 static u8 data[5] __attribute__((aligned(4))) = {1, 2, 3, 4, 5};
89 u32 *p;
90 u32 val = 0x12345678;
91
92 p = (u32 *)(data + 1);
93 if (*p == 0)
94 val = 0x87654321;
95 *p = val;
96 }
97
lkdtm_SOFTLOCKUP(void)98 void lkdtm_SOFTLOCKUP(void)
99 {
100 preempt_disable();
101 for (;;)
102 cpu_relax();
103 }
104
lkdtm_HARDLOCKUP(void)105 void lkdtm_HARDLOCKUP(void)
106 {
107 local_irq_disable();
108 for (;;)
109 cpu_relax();
110 }
111
lkdtm_SPINLOCKUP(void)112 void lkdtm_SPINLOCKUP(void)
113 {
114 /* Must be called twice to trigger. */
115 spin_lock(&lock_me_up);
116 /* Let sparse know we intended to exit holding the lock. */
117 __release(&lock_me_up);
118 }
119
lkdtm_HUNG_TASK(void)120 void lkdtm_HUNG_TASK(void)
121 {
122 set_current_state(TASK_UNINTERRUPTIBLE);
123 schedule();
124 }
125
lkdtm_ATOMIC_UNDERFLOW(void)126 void lkdtm_ATOMIC_UNDERFLOW(void)
127 {
128 atomic_t under = ATOMIC_INIT(INT_MIN);
129
130 pr_info("attempting good atomic increment\n");
131 atomic_inc(&under);
132 atomic_dec(&under);
133
134 pr_info("attempting bad atomic underflow\n");
135 atomic_dec(&under);
136 }
137
lkdtm_ATOMIC_OVERFLOW(void)138 void lkdtm_ATOMIC_OVERFLOW(void)
139 {
140 atomic_t over = ATOMIC_INIT(INT_MAX);
141
142 pr_info("attempting good atomic decrement\n");
143 atomic_dec(&over);
144 atomic_inc(&over);
145
146 pr_info("attempting bad atomic overflow\n");
147 atomic_inc(&over);
148 }
149