Extend the test module with a new test case (test1) that intentionally overflows a local u64 buffer to corrupt the stack canary.
Signed-off-by: Jinchao Wang <[email protected]> show addr of buf and watch_addr of test case --- mm/kstackwatch/test.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/mm/kstackwatch/test.c b/mm/kstackwatch/test.c index 2969564b1a00..b3f363d9e1e8 100644 --- a/mm/kstackwatch/test.c +++ b/mm/kstackwatch/test.c @@ -32,6 +32,22 @@ static void test_watch_fire(void) pr_info("exit of %s\n", __func__); } +static void test_canary_overflow(void) +{ + u64 buffer[BUFFER_SIZE]; + + pr_info("entry of %s\n", __func__); + ksw_watch_show(); + pr_info("buf: 0x%px\n", buffer); + + /* intentionally overflow */ + for (int i = BUFFER_SIZE; i < BUFFER_SIZE + 10; i++) + buffer[i] = 0xdeadbeefdeadbeef; + barrier_data(buffer); + + pr_info("exit of %s\n", __func__); +} + static ssize_t test_dbgfs_write(struct file *file, const char __user *buffer, size_t count, loff_t *pos) { @@ -54,6 +70,9 @@ static ssize_t test_dbgfs_write(struct file *file, const char __user *buffer, case 0: test_watch_fire(); break; + case 1: + test_canary_overflow(); + break; default: pr_err("Unknown test number %d\n", test_num); return -EINVAL; @@ -74,7 +93,8 @@ static ssize_t test_dbgfs_read(struct file *file, char __user *buffer, "============ usage ===============\n" "Usage:\n" "echo test{i} > /sys/kernel/debug/kstackwatch/test\n" - " test0 - test watch fire\n"; + " test0 - test watch fire\n" + " test1 - test canary overflow\n"; return simple_read_from_buffer(buffer, count, ppos, usage, strlen(usage)); -- 2.43.0
