diff options
| author | Kees Cook <keescook@chromium.org> | 2020-06-25 23:37:02 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-08-11 16:48:09 +0300 |
| commit | b8eb3d95c2d4c2c2889b674c47c0e5493884558e (patch) | |
| tree | e08f6fb919608b8052d978b893d6532a1dfb4281 /drivers/misc | |
| parent | 3266873640b76a22e41057c0d644dc14a5a392bb (diff) | |
| download | linux-b8eb3d95c2d4c2c2889b674c47c0e5493884558e.tar.xz | |
lkdtm/heap: Avoid edge and middle of slabs
commit e12145cf1c3a8077e6d9f575711e38dd7d8a3ebc upstream.
Har har, after I moved the slab freelist pointer into the middle of the
slab, now it looks like the contents are getting poisoned. Adjust the
test to avoid the freelist pointer again.
Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200625203704.317097-3-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/misc')
| -rw-r--r-- | drivers/misc/lkdtm/heap.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/misc/lkdtm/heap.c b/drivers/misc/lkdtm/heap.c index 3c5cec85edce..1323bc16f113 100644 --- a/drivers/misc/lkdtm/heap.c +++ b/drivers/misc/lkdtm/heap.c @@ -58,11 +58,12 @@ void lkdtm_READ_AFTER_FREE(void) int *base, *val, saw; size_t len = 1024; /* - * The slub allocator uses the first word to store the free - * pointer in some configurations. Use the middle of the - * allocation to avoid running into the freelist + * The slub allocator will use the either the first word or + * the middle of the allocation to store the free pointer, + * depending on configurations. Store in the second word to + * avoid running into the freelist. */ - size_t offset = (len / sizeof(*base)) / 2; + size_t offset = sizeof(*base); base = kmalloc(len, GFP_KERNEL); if (!base) { |