diff options
| author | Kees Cook <kees@kernel.org> | 2026-03-31 16:54:09 -0700 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2026-03-31 16:54:09 -0700 |
| commit | e0142e0de50ade58e49decc788c512fda305672a (patch) | |
| tree | e2e619505fbdd5f3e24303590c1acd94df6404aa | |
| parent | f46a603c66867b5231512dc5fd9b0b65b4800b2a (diff) | |
| parent | cf2f06f7152d5e38a87aa2e9b8b452714789f6ba (diff) | |
| download | linux-next-e0142e0de50ade58e49decc788c512fda305672a.tar.gz | |
Merge branch 'for-next/hardening' into for-next/kspp
| -rw-r--r-- | drivers/misc/lkdtm/fortify.c | 36 | ||||
| -rw-r--r-- | tools/testing/selftests/lkdtm/tests.txt | 1 |
2 files changed, 6 insertions, 31 deletions
diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c index 00ed2147113e6..7615a02dfc477 100644 --- a/drivers/misc/lkdtm/fortify.c +++ b/drivers/misc/lkdtm/fortify.c @@ -10,30 +10,6 @@ static volatile int fortify_scratch_space; -static void lkdtm_FORTIFY_STR_OBJECT(void) -{ - struct target { - char a[10]; - int foo; - } target[3] = {}; - /* - * Using volatile prevents the compiler from determining the value of - * 'size' at compile time. Without that, we would get a compile error - * rather than a runtime error. - */ - volatile int size = 20; - - pr_info("trying to strcmp() past the end of a struct\n"); - - strncpy(target[0].a, target[1].a, size); - - /* Store result to global to prevent the code from being eliminated */ - fortify_scratch_space = target[0].a[3]; - - pr_err("FAIL: fortify did not block a strncpy() object write overflow!\n"); - pr_expected_config(CONFIG_FORTIFY_SOURCE); -} - static void lkdtm_FORTIFY_STR_MEMBER(void) { struct target { @@ -47,22 +23,23 @@ static void lkdtm_FORTIFY_STR_MEMBER(void) if (!src) return; + /* 15 bytes: past end of a[] but not target. */ strscpy(src, "over ten bytes", size); size = strlen(src) + 1; - pr_info("trying to strncpy() past the end of a struct member...\n"); + pr_info("trying to strscpy() past the end of a struct member...\n"); /* - * strncpy(target.a, src, 20); will hit a compile error because the - * compiler knows at build time that target.a < 20 bytes. Use a + * strscpy(target.a, src, 15); will hit a compile error because the + * compiler knows at build time that target.a < 15 bytes. Use a * volatile to force a runtime error. */ - strncpy(target.a, src, size); + strscpy(target.a, src, size); /* Store result to global to prevent the code from being eliminated */ fortify_scratch_space = target.a[3]; - pr_err("FAIL: fortify did not block a strncpy() struct member write overflow!\n"); + pr_err("FAIL: fortify did not block a strscpy() struct member write overflow!\n"); pr_expected_config(CONFIG_FORTIFY_SOURCE); kfree(src); @@ -210,7 +187,6 @@ static void lkdtm_FORTIFY_STRSCPY(void) } static struct crashtype crashtypes[] = { - CRASHTYPE(FORTIFY_STR_OBJECT), CRASHTYPE(FORTIFY_STR_MEMBER), CRASHTYPE(FORTIFY_MEM_OBJECT), CRASHTYPE(FORTIFY_MEM_MEMBER), diff --git a/tools/testing/selftests/lkdtm/tests.txt b/tools/testing/selftests/lkdtm/tests.txt index e62b85b591be5..3245032db34d3 100644 --- a/tools/testing/selftests/lkdtm/tests.txt +++ b/tools/testing/selftests/lkdtm/tests.txt @@ -82,7 +82,6 @@ STACKLEAK_ERASING OK: the rest of the thread stack is properly erased CFI_FORWARD_PROTO CFI_BACKWARD call trace:|ok: control flow unchanged FORTIFY_STRSCPY detected buffer overflow -FORTIFY_STR_OBJECT detected buffer overflow FORTIFY_STR_MEMBER detected buffer overflow FORTIFY_MEM_OBJECT detected buffer overflow FORTIFY_MEM_MEMBER detected field-spanning write |