diff options
| author | Kees Cook <keescook@chromium.org> | 2022-02-16 21:20:47 +0300 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2022-04-13 02:11:49 +0300 |
| commit | 42db2594e4cd4a3c29aad87f80b1c00bf7751afe (patch) | |
| tree | fc6a1f3ddb556df937ed649494638a22dc730c1d /drivers/misc/lkdtm | |
| parent | 4a9800c81d2f34afb66b4b42e0330ae8298019a2 (diff) | |
| download | linux-42db2594e4cd4a3c29aad87f80b1c00bf7751afe.tar.xz | |
lkdtm/heap: Note conditions for SLAB_LINEAR_OVERFLOW
It wasn't clear when SLAB_LINEAR_OVERFLOW would be expected to trip.
Explicitly describe it and include the CONFIGs in the kselftest.
Cc: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'drivers/misc/lkdtm')
| -rw-r--r-- | drivers/misc/lkdtm/heap.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/misc/lkdtm/heap.c b/drivers/misc/lkdtm/heap.c index 8a92f5a800fa..b4ac726a548f 100644 --- a/drivers/misc/lkdtm/heap.c +++ b/drivers/misc/lkdtm/heap.c @@ -22,6 +22,9 @@ static volatile int __offset = 1; /* * If there aren't guard pages, it's likely that a consecutive allocation will * let us overflow into the second allocation without overwriting something real. + * + * This should always be caught because there is an unconditional unmapped + * page after vmap allocations. */ void lkdtm_VMALLOC_LINEAR_OVERFLOW(void) { @@ -41,6 +44,9 @@ void lkdtm_VMALLOC_LINEAR_OVERFLOW(void) * This tries to stay within the next largest power-of-2 kmalloc cache * to avoid actually overwriting anything important if it's not detected * correctly. + * + * This should get caught by either memory tagging, KASan, or by using + * CONFIG_SLUB_DEBUG=y and slub_debug=ZF (or CONFIG_SLUB_DEBUG_ON=y). */ void lkdtm_SLAB_LINEAR_OVERFLOW(void) { |