* [kees:for-next/lkdtm 5/9] drivers/misc/lkdtm/heap.c:46 lkdtm_SLAB_LINEAR_OVERFLOW() error: buffer overflow 'data' 255 <= 256
@ 2021-06-26 20:18 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-06-26 20:18 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 3040 bytes --]
CC: kbuild-all(a)lists.01.org
TO: Kees Cook <keescook@chromium.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/lkdtm
head: 9f9e5fc435890805d030c9e4678a0d5b49bd9a10
commit: 913a29ea10d04e3febe756cc2c50186ecd5441b0 [5/9] lkdtm/heap: Add vmalloc linear overflow test
:::::: branch date: 3 days ago
:::::: commit date: 3 days ago
config: h8300-randconfig-m031-20210625 (attached as .config)
compiler: h8300-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/misc/lkdtm/heap.c:46 lkdtm_SLAB_LINEAR_OVERFLOW() error: buffer overflow 'data' 255 <= 256
Old smatch warnings:
drivers/misc/lkdtm/heap.c:189 lkdtm_SLAB_FREE_DOUBLE() error: double free of 'val'
vim +/data +46 drivers/misc/lkdtm/heap.c
913a29ea10d04e drivers/misc/lkdtm/heap.c Kees Cook 2021-03-12 32
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 33 /*
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 34 * This tries to stay within the next largest power-of-2 kmalloc cache
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 35 * to avoid actually overwriting anything important if it's not detected
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 36 * correctly.
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 37 */
913a29ea10d04e drivers/misc/lkdtm/heap.c Kees Cook 2021-03-12 38 void lkdtm_SLAB_LINEAR_OVERFLOW(void)
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 39 {
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 40 size_t len = 1020;
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 41 u32 *data = kmalloc(len, GFP_KERNEL);
02543a4e96760a drivers/misc/lkdtm_heap.c Vasyl Gomonovych 2017-11-23 42 if (!data)
02543a4e96760a drivers/misc/lkdtm_heap.c Vasyl Gomonovych 2017-11-23 43 return;
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 44
913a29ea10d04e drivers/misc/lkdtm/heap.c Kees Cook 2021-03-12 45 pr_info("Attempting slab linear overflow ...\n");
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 @46 data[1024 / sizeof(u32)] = 0x12345678;
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 47 kfree(data);
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 48 }
ffc514f3fcac4a drivers/misc/lkdtm_heap.c Kees Cook 2016-06-26 49
:::::: The code@line 46 was first introduced by commit
:::::: ffc514f3fcac4aa76735ada55228c814153943e6 lkdtm: split heap corruption tests to separate file
:::::: TO: Kees Cook <keescook@chromium.org>
:::::: CC: Kees Cook <keescook@chromium.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 21686 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-06-26 20:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-26 20:18 [kees:for-next/lkdtm 5/9] drivers/misc/lkdtm/heap.c:46 lkdtm_SLAB_LINEAR_OVERFLOW() error: buffer overflow 'data' 255 <= 256 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.