From 5b7ff9dd2c5a1c9f7f07e26c06fd2f7954629ea5 Mon Sep 17 00:00:00 2001 From: Pengfei Xu Date: Sat, 1 Apr 2023 15:21:14 +0800 Subject: sys/linux: add CET(Control-flow Enforcement Technology) user space SHSTK(Shadow Stack) test file CET(Control-flow Enforcement Technology) is a security feature that includes shadow stack and end branch to prevent ROP(Return Oriented programming)/JOP (Jump Oriented Programming) attack from the root cause. User space SHSTK which prevents ROP attack for user space process is in Linux tip repo: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=x86/shstk Add CET user space SHSTK test file in syzkaller to cover related fuzzing tests. Signed-off-by: Pengfei Xu --- sys/linux/test/cet_user_shstk | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 sys/linux/test/cet_user_shstk (limited to 'sys') diff --git a/sys/linux/test/cet_user_shstk b/sys/linux/test/cet_user_shstk new file mode 100644 index 000000000..587255f3f --- /dev/null +++ b/sys/linux/test/cet_user_shstk @@ -0,0 +1,27 @@ +# requires: arch=amd64 + +arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1) +arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x1) +arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x1) + +r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) + +arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) +arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2) +arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) + +ptrace(0x10, r0) + +ptrace$ARCH_SHSTK_DISABLE(0x1e, r0, 0x1, 0x5002) +ptrace$ARCH_SHSTK_ENABLE(0x1e, r0, 0x1, 0x5001) +ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x1, 0x5004) + +ptrace$getregset(0x4204, r0, 0x204, &AUTO={&AUTO='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x8}) +ptrace$setregset(0x4205, r0, 0x204, &AUTO={&AUTO='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x8}) + +ptrace(0x11, r0) + +mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x22, 0, 0x0) +map_shadow_stack(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1) + +arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1) -- cgit mrf-deployment