lkdtm: fix stack protector trigger

The -fstack-protector compiler flag will only build stack protections if a character array is seen. Additionally, the offset to the saved instruction pointer changes based on architecture, so stomp much harder (64 bytes) when corrupting the stack. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Kees Cook <keescook@chromium.org> 2013-07-08 13:01:30 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-07-25 01:47:19 -0400
commit: 4f198289747f0391bc5a5574279b1791a8ca2d06 (patch)
tree: fcc306d3c263d6b13b10d7b3c3d36b96c161d1f5 /drivers/misc/lkdtm.c
parent: 7b5d4122d39f7c26ce42806b7a67cf04537545e6 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
index 08aad69c8da4..adb6bde2ecc2 100644
--- a/drivers/misc/lkdtm.c
+++ b/drivers/misc/lkdtm.c
@@ -295,10 +295,10 @@ static void lkdtm_do_action(enum ctype which)
                (void) recursive_loop(0);
                break;
        case CT_CORRUPT_STACK: {
-                volatile u32 data[8];
+                /* Make sure the compiler creates and uses an 8 char array. */
-                volatile u32 *p = data;
+                volatile char data[8];
-                p[12] = 0x12345678;
+                memset((void *)data, 0, 64);
                break;
        }
        case CT_UNALIGNED_LOAD_STORE_WRITE: {
author	Kees Cook <keescook@chromium.org>	2013-07-08 13:01:30 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-07-25 01:47:19 -0400
commit	4f198289747f0391bc5a5574279b1791a8ca2d06 (patch)
tree	fcc306d3c263d6b13b10d7b3c3d36b96c161d1f5 /drivers/misc/lkdtm.c
parent	7b5d4122d39f7c26ce42806b7a67cf04537545e6 (diff)

diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index 08aad69c8da4..adb6bde2ecc2 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers/misc/lkdtm.c
@@ -295,10 +295,10 @@ static void lkdtm_do_action(enum ctype which)
295	(void) recursive_loop(0);	295	(void) recursive_loop(0);
296	break;	296	break;
297	case CT_CORRUPT_STACK: {	297	case CT_CORRUPT_STACK: {
298	volatile u32 data[8];	298	/* Make sure the compiler creates and uses an 8 char array. */
299	volatile u32 *p = data;	299	volatile char data[8];
300		300
301	p[12] = 0x12345678;	301	memset((void *)data, 0, 64);
302	break;	302	break;
303	}	303	}
304	case CT_UNALIGNED_LOAD_STORE_WRITE: {	304	case CT_UNALIGNED_LOAD_STORE_WRITE: {