diff options
| author | Kees Cook <keescook@chromium.org> | 2013-10-24 21:05:42 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-10-25 01:21:00 -0400 |
| commit | 629c66a22c21b692b6e58b9c1d8fa56a60ccb52d (patch) | |
| tree | 90519e03a271f90b355570c4b3cb1482e7ee2ce5 | |
| parent | eec86b8e85309a2cb0b33bcb361c67d81ebed474 (diff) | |
lkdtm: isolate stack corruption test
When tests were added to lkdtm that grew the stack frame, the stack
corruption test stopped working. This isolates the test in its own
function, and forces it not to be inlined.
Signed-off-by: Kees Cook <keescook@chromium.org>
Fixes: cc33c537c12f ("lkdtm: add "EXEC_*" triggers")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/misc/lkdtm.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index 2fc0586ce3bb..9cbd0370ca44 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers/misc/lkdtm.c | |||
| @@ -297,6 +297,14 @@ static void do_nothing(void) | |||
| 297 | return; | 297 | return; |
| 298 | } | 298 | } |
| 299 | 299 | ||
| 300 | static noinline void corrupt_stack(void) | ||
| 301 | { | ||
| 302 | /* Use default char array length that triggers stack protection. */ | ||
| 303 | char data[8]; | ||
| 304 | |||
| 305 | memset((void *)data, 0, 64); | ||
| 306 | } | ||
| 307 | |||
| 300 | static void execute_location(void *dst) | 308 | static void execute_location(void *dst) |
| 301 | { | 309 | { |
| 302 | void (*func)(void) = dst; | 310 | void (*func)(void) = dst; |
| @@ -327,13 +335,9 @@ static void lkdtm_do_action(enum ctype which) | |||
| 327 | case CT_OVERFLOW: | 335 | case CT_OVERFLOW: |
| 328 | (void) recursive_loop(0); | 336 | (void) recursive_loop(0); |
| 329 | break; | 337 | break; |
| 330 | case CT_CORRUPT_STACK: { | 338 | case CT_CORRUPT_STACK: |
| 331 | /* Make sure the compiler creates and uses an 8 char array. */ | 339 | corrupt_stack(); |
| 332 | volatile char data[8]; | ||
| 333 | |||
| 334 | memset((void *)data, 0, 64); | ||
| 335 | break; | 340 | break; |
| 336 | } | ||
| 337 | case CT_UNALIGNED_LOAD_STORE_WRITE: { | 341 | case CT_UNALIGNED_LOAD_STORE_WRITE: { |
| 338 | static u8 data[5] __attribute__((aligned(4))) = {1, 2, | 342 | static u8 data[5] __attribute__((aligned(4))) = {1, 2, |
| 339 | 3, 4, 5}; | 343 | 3, 4, 5}; |