[PATCH v5 18/23] mm/ksw: add stack overflow test

Sat, 18 Oct 2025 09:50:03 -0700 

Extend the test module with a new test case (test1) that intentionally
overflows a local u64 buffer to corrupt the stack canary.

Signed-off-by: Jinchao Wang <[email protected]>
---
 mm/kstackwatch/test.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/mm/kstackwatch/test.c b/mm/kstackwatch/test.c
index 1ed98931cc51..740e3c11b3ef 100644
--- a/mm/kstackwatch/test.c
+++ b/mm/kstackwatch/test.c
@@ -43,6 +43,20 @@ static void test_watch_fire(void)
        pr_info("exit of %s\n", __func__);
 }
 
+static void test_canary_overflow(void)
+{
+       u64 buffer[BUFFER_SIZE];
+
+       pr_info("entry of %s\n", __func__);
+
+       /* intentionally overflow */
+       for (int i = BUFFER_SIZE; i < BUFFER_SIZE + 10; i++)
+               buffer[i] = 0xdeadbeefdeadbeef;
+       barrier_data(buffer);
+
+       pr_info("exit of %s\n", __func__);
+}
+
 
 static ssize_t test_proc_write(struct file *file, const char __user *buffer,
                               size_t count, loff_t *pos)
@@ -66,6 +80,9 @@ static ssize_t test_proc_write(struct file *file, const char 
__user *buffer,
                case 0:
                        test_watch_fire();
                        break;
+               case 1:
+                       test_canary_overflow();
+                       break;
                default:
                        pr_err("Unknown test number %d\n", test_num);
                        return -EINVAL;
@@ -85,7 +102,8 @@ static ssize_t test_proc_read(struct file *file, char __user 
*buffer,
                                    "============ usage ==============\n"
                                    "Usage:\n"
                                    "echo test{i} > /proc/kstackwatch_test\n"
-                                   " test0 - test watch fire\n";
+                                   " test0 - test watch fire\n"
+                                   " test1 - test canary overflow\n";
 
        return simple_read_from_buffer(buffer, count, pos, usage,
                                       strlen(usage));
-- 
2.43.0

Reply via email to