Commit e6d468d3 authored by Kees Cook's avatar Kees Cook Committed by Greg Kroah-Hartman
Browse files

lkdtm/heap: Avoid __alloc_size hint warning for VMALLOC_LINEAR_OVERFLOW 



Once __alloc_size hints have been added, the compiler will (correctly!)
see this as an overflow. We are, however, trying to test for this
condition at run-time (not compile-time), so work around it with a
volatile int offset.

Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210818174855.2307828-5-keescook@chromium.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent b8661450

drivers/misc/lkdtm/heap.c

+8 −1
Original line number Diff line number Diff line
@@ -12,6 +12,13 @@ static struct kmem_cache *double_free_cache; 
static struct kmem_cache *a_cache;

static struct kmem_cache *b_cache;



/*

 * Using volatile here means the compiler cannot ever make assumptions

 * about this value. This means compile-time length checks involving

 * this variable cannot be performed; only run-time checks.

 */

static volatile int __offset = 1;



/*

 * If there aren't guard pages, it's likely that a consecutive allocation will

 * let us overflow into the second allocation without overwriting something real.
@@ -24,7 +31,7 @@ void lkdtm_VMALLOC_LINEAR_OVERFLOW(void) 
	two = vzalloc(PAGE_SIZE);



	pr_info("Attempting vmalloc linear overflow ...\n");

	memset(one, 0xAA, PAGE_SIZE + 1);

	memset(one, 0xAA, PAGE_SIZE + __offset);



	vfree(two);

	vfree(one);