linux/tools/testing/selftests/lkdtm/tests.txt
Ricardo Cañuelo cf77bf6988 selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
The lkdtm selftest config fragment enables CONFIG_UBSAN_TRAP to make the
ARRAY_BOUNDS test kill the calling process when an out-of-bound access
is detected by UBSAN. However, after this [1] commit, UBSAN is triggered
under many new scenarios that weren't detected before, such as in struct
definitions with fixed-size trailing arrays used as flexible arrays. As
a result, CONFIG_UBSAN_TRAP=y has become a very aggressive option to
enable except for specific situations.

`make kselftest-merge` applies CONFIG_UBSAN_TRAP=y to the kernel config
for all selftests, which makes many of them fail because of system hangs
during boot.

This change removes the config option from the lkdtm kselftest and
configures the ARRAY_BOUNDS test to look for UBSAN reports rather than
relying on the calling process being killed.

[1] commit 2d47c6956a ("ubsan: Tighten UBSAN_BOUNDS on GCC")'

Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230802063252.1917997-1-ricardo.canuelo@collabora.com
Signed-off-by: Kees Cook <keescook@chromium.org>
2023-09-28 16:39:08 -07:00

85 lines
2.6 KiB
Plaintext

#PANIC
#PANIC_STOP_IRQOFF Crashes entire system
BUG kernel BUG at
WARNING WARNING:
WARNING_MESSAGE message trigger
EXCEPTION
#LOOP Hangs the system
#EXHAUST_STACK Corrupts memory on failure
#CORRUPT_STACK Crashes entire system on success
#CORRUPT_STACK_STRONG Crashes entire system on success
ARRAY_BOUNDS call trace:|UBSAN: array-index-out-of-bounds
CORRUPT_LIST_ADD list_add corruption
CORRUPT_LIST_DEL list_del corruption
STACK_GUARD_PAGE_LEADING
STACK_GUARD_PAGE_TRAILING
REPORT_STACK_CANARY repeat:2 ok: stack canaries differ
UNSET_SMEP pinned CR4 bits changed:
DOUBLE_FAULT
CORRUPT_PAC
UNALIGNED_LOAD_STORE_WRITE
SLAB_LINEAR_OVERFLOW
VMALLOC_LINEAR_OVERFLOW
#WRITE_AFTER_FREE Corrupts memory on failure
READ_AFTER_FREE call trace:|Memory correctly poisoned
#WRITE_BUDDY_AFTER_FREE Corrupts memory on failure
READ_BUDDY_AFTER_FREE call trace:|Memory correctly poisoned
SLAB_INIT_ON_ALLOC Memory appears initialized
BUDDY_INIT_ON_ALLOC Memory appears initialized
SLAB_FREE_DOUBLE
SLAB_FREE_CROSS
SLAB_FREE_PAGE
#SOFTLOCKUP Hangs the system
#HARDLOCKUP Hangs the system
#SPINLOCKUP Hangs the system
#HUNG_TASK Hangs the system
EXEC_DATA
EXEC_STACK
EXEC_KMALLOC
EXEC_VMALLOC
EXEC_RODATA
EXEC_USERSPACE
EXEC_NULL
ACCESS_USERSPACE
ACCESS_NULL
WRITE_RO
WRITE_RO_AFTER_INIT
WRITE_KERN
WRITE_OPD
REFCOUNT_INC_OVERFLOW
REFCOUNT_ADD_OVERFLOW
REFCOUNT_INC_NOT_ZERO_OVERFLOW
REFCOUNT_ADD_NOT_ZERO_OVERFLOW
REFCOUNT_DEC_ZERO
REFCOUNT_DEC_NEGATIVE Negative detected: saturated
REFCOUNT_DEC_AND_TEST_NEGATIVE Negative detected: saturated
REFCOUNT_SUB_AND_TEST_NEGATIVE Negative detected: saturated
REFCOUNT_INC_ZERO
REFCOUNT_ADD_ZERO
REFCOUNT_INC_SATURATED Saturation detected: still saturated
REFCOUNT_DEC_SATURATED Saturation detected: still saturated
REFCOUNT_ADD_SATURATED Saturation detected: still saturated
REFCOUNT_INC_NOT_ZERO_SATURATED
REFCOUNT_ADD_NOT_ZERO_SATURATED
REFCOUNT_DEC_AND_TEST_SATURATED Saturation detected: still saturated
REFCOUNT_SUB_AND_TEST_SATURATED Saturation detected: still saturated
#REFCOUNT_TIMING timing only
#ATOMIC_TIMING timing only
USERCOPY_SLAB_SIZE_TO
USERCOPY_SLAB_SIZE_FROM
USERCOPY_SLAB_WHITELIST_TO
USERCOPY_SLAB_WHITELIST_FROM
USERCOPY_STACK_FRAME_TO
USERCOPY_STACK_FRAME_FROM
USERCOPY_STACK_BEYOND
USERCOPY_KERNEL
STACKLEAK_ERASING OK: the rest of the thread stack is properly erased
CFI_FORWARD_PROTO
CFI_BACKWARD call trace:|ok: control flow unchanged
FORTIFY_STRSCPY detected buffer overflow
FORTIFY_STR_OBJECT detected buffer overflow
FORTIFY_STR_MEMBER detected buffer overflow
FORTIFY_MEM_OBJECT detected buffer overflow
FORTIFY_MEM_MEMBER detected field-spanning write
PPC_SLB_MULTIHIT Recovered