This is a toy Linux Kernel module, with intentional (and perhaps unintentional) coding faults. It is used as an illustration and test case for errors caused by different types of programming errors.
Make sure you have installed kernel headers or sources, for example in Ubuntu with
$ sudo apt show linux-headers-`uname -r`
Then compile the module with
$ make
Load the compiled module with
$ sudo insmod faulty.ko
and if you look at the kernel messages with dmesg -k
you should see
a message indicating that the module is loaded. If you get an error
message saying something about kernel lockdown, you can either
disable Secure Boot in BIOS (easy) or sign the compiled module (not so
easy).
You can unload the module with (if playing with bugs hasn't made your kernel unstable/locked)
$ sudo rmmod faulty
The module exposes endpoints in debugfs
(usually mounted in
/sys/kernel/debugfs
), which can be used to trigger faults. This
might crash or lock your kernel, so using a virtual machine might be a
good idea, a Vagrantfile is provided.
You can usually read from or write to these endpoints using e.g.
# cat /sys/kernel/debugs/faulty/sbo
# echo -n "123" > /sys/kernel/debugfs/faulty/sbo
(accessing debugfs
is easiest as root)
Exposed endpoints:
data-race
(r/w): a write will write the same thing into two buffers, read will return the contents of the first buffer, kernel will notify, is the buffer contents aren't the samedouble-free
(r/w): reading will allocate a buffer, writing will free it, double-free error can be triggered with two subsequent writesformat
(r/w): write will get passed directly to printk-functioninfoleak
(r): reading will return uninitialized memoryoverflow
(r): reading will increment unsigned counter, which will overflowsbo
(r/w): a stack buffer overflow, write more than 10 bytes to triggerslob
(r/w): a buffer overflow in slab area, write more than 10 bytes to triggerunderflow
(r): reading will decrement signed counter, which will underflowuse-after-free
(r): reading will allocate and free memory and then try to access it
Ilja Sidoroff (-at) iki.fi
GNU GPLv2