"exec_null"
소스 코드
void lkdtm_EXEC_NULL(void)
{
execute_location(NULL, CODE_AS_IS);
}
void trace_exec_null(void)
{
printf("trace exec null \n");
lkdtm_EXEC_NULL();
}
관련 로그
lkdtm_user-10616 [005] d..1 679.448094: signal_generate: sig=5 errno=0 code=196609 comm=lkdtm_user pid=10616 grp=0 res=0
lkdtm_user-10616 [005] d..1 679.448102: <stack trace> // 5) SIGTRAP
=> brk_handler+0xf8/0x158 <ffffff9d4a485c10>
=> do_debug_exception+0xc8/0x150 <ffffff9d4a481bc0>
=> el0_dbg+0x14/0x1c <ffffff9d4a4840e4>
lkdtm_user-10616 [005] d..1 679.448111: signal_deliver: sig=5 errno=0 code=196609 sa_handler=0 sa_flags=0
lkdtm_user-10616 [005] d..1 679.448112: <stack trace> // 5) SIGTRAP
=> work_pending+0x8/0x10 <ffffff9d4a484408>
"exec_assert"
void lkdtm_EXEC_ASSERT(void)
{
assert(1);
printf("finishing assert \n");
}
void trace_exec_assert(void)
{
printf("trace exec assert \n");
lkdtm_EXEC_ASSERT();
}
관련 로그
no log
"access_null"
소스
void lkdtm_ACCESS_NULL(void)
{
unsigned long tmp;
unsigned long *ptr = (unsigned long *)NULL;
printf("attempting bad read at \n");
tmp = *ptr;
tmp += 0xc0dec0de;
printf("attempting bad write at \n");
*ptr = tmp;
printf("finishing bad write at \n");
}
void trace_access_null(void)
{
printf("trace accesss null \n");
lkdtm_ACCESS_NULL();
}
로그
lkdtm_user-11298 [004] d..1 1771.884643: signal_generate: sig=5 errno=0 code=196609 comm=lkdtm_user pid=11298 grp=0 res=0
lkdtm_user-11298 [004] d..1 1771.884651: <stack trace> // 5) SIGTRAP
=> brk_handler+0xf8/0x158 <ffffff9d4a485c10>
=> do_debug_exception+0xc8/0x150 <ffffff9d4a481bc0>
=> el0_dbg+0x14/0x1c <ffffff9d4a4840e4>
lkdtm_user-11298 [004] d..1 1771.884658: signal_deliver: sig=5 errno=0 code=196609 sa_handler=0 sa_flags=0
lkdtm_user-11298 [004] d..1 1771.884659: <stack trace>
"exec_data"
소스
void lkdtm_EXEC_DATA(void)
{
execute_location(data_area, CODE_WRITE);
}
void trace_exec_data(void)
{
printf("trace exec data \n");
lkdtm_EXEC_DATA();
}
로그
lkdtm_user-11483 [005] .... 2131.066939: user_fault: task_name:lkdtm_user addr:2187428, fsr:2449473551
lkdtm_user-11483 [005] .... 2131.066948: <stack trace>
=> do_mem_abort+0x70/0xf0 <ffffff9d4a481778>
=> el0_da+0x20/0x24 <ffffff9d4a484048>
lkdtm_user-11483 [005] d..1 2131.066958: signal_generate: sig=11 errno=0 code=196610 comm=lkdtm_user pid=11483 grp=0 res=0
lkdtm_user-11483 [005] d..1 2131.066959: <stack trace> // 11) SIGSEGV
=> __do_user_fault+0x180/0x1c0 <ffffff9d4a4a5570>
=> do_page_fault+0x3a8/0x3e8 <ffffff9d4a4a52a0>
=> do_mem_abort+0x70/0xf0 <ffffff9d4a481778>
=> el0_da+0x20/0x24 <ffffff9d4a484048>
lkdtm_user-11483 [005] d..1 2131.066966: signal_deliver: sig=11 errno=0 code=196610 sa_handler=0 sa_flags=0
lkdtm_user-11483 [005] d..1 2131.066967: <stack trace> // 11) SIGSEGV
=> work_pending+0x8/0x10 <ffffff9d4a484408>
"exec_stack"
소스
void lkdtm_EXEC_STACK(void)
{
u8 stack_area[EXEC_SIZE];
execute_location(stack_area, CODE_WRITE);
}
void trace_exec_stack(void)
{
printf("trace exec stack \n");
lkdtm_EXEC_STACK();
}
로그
lkdtm_user-11726 [004] .... 2361.645929: user_fault: task_name:lkdtm_user addr:549726137512, fsr:2181038095
lkdtm_user-11726 [004] .... 2361.645937: <stack trace>
=> do_el0_ia_bp_hardening+0xcc/0x148 <ffffff9d4a481914>
=> el0_ia+0x18/0x1c <ffffff9d4a484064>
lkdtm_user-11726 [004] d..1 2361.645947: signal_generate: sig=11 errno=0 code=196610 comm=lkdtm_user pid=11726 grp=0 res=0
lkdtm_user-11726 [004] d..1 2361.645948: <stack trace> // 11) SIGSEGV
=> __do_user_fault+0x180/0x1c0 <ffffff9d4a4a5570>
=> do_page_fault+0x3a8/0x3e8 <ffffff9d4a4a52a0>
=> do_el0_ia_bp_hardening+0xcc/0x148 <ffffff9d4a481914>
=> el0_ia+0x18/0x1c <ffffff9d4a484064>
lkdtm_user-11726 [004] d..1 2361.645953: signal_deliver: sig=11 errno=0 code=196610 sa_handler=0 sa_flags=0
lkdtm_user-11726 [004] d..1 2361.645954: <stack trace> // 11) SIGSEGV
=> work_pending+0x8/0x10 <ffffff9d4a484408>
"exec_malloc"
소스
void lkdtm_EXEC_MALLOC(void)
{
u32 *malloc_area = malloc(EXEC_SIZE);
execute_location(malloc_area, CODE_WRITE);
free(malloc_area);
}
void trace_exec_malloc(void)
{
printf("trace exec malloc \n");
lkdtm_EXEC_MALLOC();
}
로그
lkdtm_user-12029 [004] .... 2646.004566: user_fault: task_name:lkdtm_user addr:528081797120, fsr:2181038087
lkdtm_user-12029 [004] .... 2646.004574: <stack trace>
=> do_translation_fault+0x50/0xb0 <ffffff9d4a4a4e98>
=> do_el0_ia_bp_hardening+0xcc/0x148 <ffffff9d4a481914>
=> el0_ia+0x18/0x1c <ffffff9d4a484064>
lkdtm_user-12029 [004] d..1 2646.004584: signal_generate: sig=11 errno=0 code=196610 comm=lkdtm_user pid=12029 grp=0 res=0
lkdtm_user-12029 [004] d..1 2646.004585: <stack trace>
=> __do_user_fault+0x180/0x1c0 <ffffff9d4a4a5570>
=> do_page_fault+0x3a8/0x3e8 <ffffff9d4a4a52a0>
=> do_translation_fault+0x50/0xb0 <ffffff9d4a4a4e98>
=> do_el0_ia_bp_hardening+0xcc/0x148 <ffffff9d4a481914>
=> el0_ia+0x18/0x1c <ffffff9d4a484064>
lkdtm_user-12029 [004] d..1 2646.004590: signal_deliver: sig=11 errno=0 code=196610 sa_handler=0 sa_flags=0
lkdtm_user-12029 [004] d..1 2646.004591: <stack trace>
=> work_pending+0x8/0x10 <ffffff9d4a484408>
"exec_rodata"
소스
void lkdtm_EXEC_RODATA(void)
{
execute_location(lkdtm_rodata_do_nothing, CODE_AS_IS);
}
void trace_exec_rodata(void)
{
printf("trace exec rodata \n");
lkdtm_EXEC_RODATA();
}
로그
No log
"corrupt_stack"
소스
void lkdtm_CORRUPT_STACK(int remaining)
{
/* Use default char array length that triggers stack protection. */
char data[8];
// memset((void *)data, 0, 64);
memset((void *)data, (remaining & 0xff) | 0x1, (remaining & 0xff) | 0xff);
}
void trace_corrupt_stack(void)
{
printf("trace corrupt stack \n");
lkdtm_CORRUPT_STACK(recur_count);
}
로그
lkdtm_user-12344 [004] d..1 3192.089012: signal_generate: sig=6 errno=0 code=-1 comm=lkdtm_user pid=12344 grp=0 res=0
lkdtm_user-12344 [004] d..1 3192.089021: <stack trace> // 6) SIGABRT
=> SyS_rt_tgsigqueueinfo+0xc4/0x130 <ffffff9d4a4cbe04>
=> el0_svc_naked+0x34/0x38 <ffffff9d4a4845c0>
lkdtm_user-12344 [004] d..1 3192.089029: signal_deliver: sig=6 errno=0 code=-1 sa_handler=0 sa_flags=0
lkdtm_user-12344 [004] d..1 3192.089030: <stack trace>
=> work_pending+0x8/0x10 <ffffff9d4a484408>
"stack_overflow"
소스
static int recursive_loop(int remaining)
{
char buf[REC_STACK_SIZE];
/* Make sure compiler does not optimize this away. */
memset(buf, (remaining & 0xff) | 0x1, REC_STACK_SIZE);
if (!remaining)
return 0;
else
return recursive_loop(remaining - 1);
}
void lkdtm_OVERFLOW(void)
{
(void) recursive_loop(recur_count);
}
void trace_stack_overflow(void)
{
printf("trace stack overflow \n");
lkdtm_OVERFLOW();
}
로그
lkdtm_user-12706 [005] d..2 3910.806313: signal_generate: sig=1 errno=0 code=128 comm=lkdtm_user pid=12706 grp=1 res=0
lkdtm_user-12706 [005] d..2 3910.806322: <stack trace>
=> kill_pgrp+0x60/0xb0 <ffffff9d4a4c70c8>
=> disassociate_ctty+0xe0/0x3f8 <ffffff9d4aac52a0>
=> do_exit+0x270/0x8f8 <ffffff9d4a4b8d38>
=> SyS_exit_group+0x0/0x20 <ffffff9d4a4b96f8>
=> SyS_exit_group+0x1c/0x20 <ffffff9d4a4b9714>
=> el0_svc_naked+0x34/0x38 <ffffff9d4a4845c0>
'KDT-리눅스_커널(유익한 자료) > 덤프 분석' 카테고리의 다른 글
lkdtm_user 소스 코드 (0) | 2023.06.09 |
---|