Commit af7a794f authored Jun 25, 2020 by Kees Cook Committed by Gerrit - the friendly Code Review server Jul 22, 2020

lkdtm/heap: Avoid edge and middle of slabs



Har har, after I moved the slab freelist pointer into the middle of the
slab, now it looks like the contents are getting poisoned. Adjust the
test to avoid the freelist pointer again.

Change-Id: I46ac60db28cc3e0b6feb6ef3d07973c5eb237893
Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200625203704.317097-3-keescook@chromium.org


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: e12145cf1c3a8077e6d9f575711e38dd7d8a3ebc
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git


Signed-off-by: Prateek Sood <prsood@codeaurora.org>

parent 22980444

drivers/misc/lkdtm/heap.c

+5 −4

Original line number	Diff line number	Diff line
		@@ -54,11 +54,12 @@ void lkdtm_READ_AFTER_FREE(void)
		int base, val, saw;
		size_t len = 1024;
		/*
		* The slub allocator uses the first word to store the free
		* pointer in some configurations. Use the middle of the
		* allocation to avoid running into the freelist
		* The slub allocator will use the either the first word or
		* the middle of the allocation to store the free pointer,
		* depending on configurations. Store in the second word to
		* avoid running into the freelist.
		*/
		size_t offset = (len / sizeof(*base)) / 2;
		size_t offset = sizeof(*base);

		base = kmalloc(len, GFP_KERNEL);
		if (!base) {