Re: [PATCH 6/7] lkdtm: crash on overwriting protected pmalloc var
From: J Freyensee <hidden>
Date: 2018-03-06 17:08:30
Also in:
linux-security-module, lkml
From: J Freyensee <hidden>
Date: 2018-03-06 17:08:30
Also in:
linux-security-module, lkml
On 3/6/18 9:05 AM, J Freyensee wrote:
quoted
A +#ifdef CONFIG_PROTECTABLE_MEMORY +void lkdtm_WRITE_RO_PMALLOC(void) +{ +A A A struct gen_pool *pool; +A A A int *i; + +A A A pool = pmalloc_create_pool("pool", 0); +A A A if (unlikely(!pool)) { +A A A A A A A pr_info("Failed preparing pool for pmalloc test."); +A A A A A A A return; +A A A } + +A A A i = (int *)pmalloc(pool, sizeof(int), GFP_KERNEL); +A A A if (unlikely(!i)) { +A A A A A A A pr_info("Failed allocating memory for pmalloc test."); +A A A A A A A pmalloc_destroy_pool(pool); +A A A A A A A return; +A A A } + +A A A *i = INT_MAX; +A A A pmalloc_protect_pool(pool); + +A A A pr_info("attempting bad pmalloc write at %p\n", i); +A A A *i = 0;
Opps, disregard this, this is the last series of this patch series, not the most recent one :-(.
Seems harmless, but I don't get why *i local variable needs to be set to 0 at the end of this function. Otherwise, Reviewed-by: Jay Freyensee <redacted>
-- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>