Skip to content

Commit e6d468d

Browse files
keesgregkh
authored andcommitted
lkdtm/heap: Avoid __alloc_size hint warning for VMALLOC_LINEAR_OVERFLOW
Once __alloc_size hints have been added, the compiler will (correctly!) see this as an overflow. We are, however, trying to test for this condition at run-time (not compile-time), so work around it with a volatile int offset. Cc: Arnd Bergmann <[email protected]> Signed-off-by: Kees Cook <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent b866145 commit e6d468d

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

drivers/misc/lkdtm/heap.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,13 @@ static struct kmem_cache *double_free_cache;
1212
static struct kmem_cache *a_cache;
1313
static struct kmem_cache *b_cache;
1414

15+
/*
16+
* Using volatile here means the compiler cannot ever make assumptions
17+
* about this value. This means compile-time length checks involving
18+
* this variable cannot be performed; only run-time checks.
19+
*/
20+
static volatile int __offset = 1;
21+
1522
/*
1623
* If there aren't guard pages, it's likely that a consecutive allocation will
1724
* let us overflow into the second allocation without overwriting something real.
@@ -24,7 +31,7 @@ void lkdtm_VMALLOC_LINEAR_OVERFLOW(void)
2431
two = vzalloc(PAGE_SIZE);
2532

2633
pr_info("Attempting vmalloc linear overflow ...\n");
27-
memset(one, 0xAA, PAGE_SIZE + 1);
34+
memset(one, 0xAA, PAGE_SIZE + __offset);
2835

2936
vfree(two);
3037
vfree(one);

0 commit comments

Comments
 (0)