Commit 42db2594 authored by Kees Cook's avatar Kees Cook
Browse files

lkdtm/heap: Note conditions for SLAB_LINEAR_OVERFLOW 



It wasn't clear when SLAB_LINEAR_OVERFLOW would be expected to trip.
Explicitly describe it and include the CONFIGs in the kselftest.

Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent 4a9800c8

drivers/misc/lkdtm/heap.c

+6 −0
Original line number Diff line number Diff line
@@ -22,6 +22,9 @@ static volatile int __offset = 1; 
/*

 * If there aren't guard pages, it's likely that a consecutive allocation will

 * let us overflow into the second allocation without overwriting something real.

 *

 * This should always be caught because there is an unconditional unmapped

 * page after vmap allocations.

 */

void lkdtm_VMALLOC_LINEAR_OVERFLOW(void)

{
@@ -41,6 +44,9 @@ void lkdtm_VMALLOC_LINEAR_OVERFLOW(void) 
 * This tries to stay within the next largest power-of-2 kmalloc cache

 * to avoid actually overwriting anything important if it's not detected

 * correctly.

 *

 * This should get caught by either memory tagging, KASan, or by using

 * CONFIG_SLUB_DEBUG=y and slub_debug=ZF (or CONFIG_SLUB_DEBUG_ON=y).

 */

void lkdtm_SLAB_LINEAR_OVERFLOW(void)

{

tools/testing/selftests/lkdtm/config

+2 −0
Original line number Diff line number Diff line
@@ -9,3 +9,5 @@ CONFIG_UBSAN=y 
CONFIG_UBSAN_BOUNDS=y

CONFIG_UBSAN_TRAP=y

CONFIG_STACKPROTECTOR_STRONG=y

CONFIG_SLUB_DEBUG=y

CONFIG_SLUB_DEBUG_ON=y