summaryrefslogtreecommitdiff
path: root/drivers/misc
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2026-04-13 17:52:29 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2026-04-13 17:52:29 -0700
commitd568788baab24875604c231f723dbb72387fb081 (patch)
tree0921e372d643541c59751e1af47b20fc1b702204 /drivers/misc
parentcea4a90faf9e5d15aee1fd01883bc81ad7640260 (diff)
parentcf2f06f7152d5e38a87aa2e9b8b452714789f6ba (diff)
downloadlinux-next-d568788baab24875604c231f723dbb72387fb081.tar.gz
linux-next-d568788baab24875604c231f723dbb72387fb081.zip
Merge tag 'hardening-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening updates from Kees Cook: - randomize_kstack: Improve implementation across arches (Ryan Roberts) - lkdtm/fortify: Drop unneeded FORTIFY_STR_OBJECT test - refcount: Remove unused __signed_wrap function annotations * tag 'hardening-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: lkdtm/fortify: Drop unneeded FORTIFY_STR_OBJECT test refcount: Remove unused __signed_wrap function annotations randomize_kstack: Unify random source across arches randomize_kstack: Maintain kstack_offset per task
Diffstat (limited to 'drivers/misc')
-rw-r--r--drivers/misc/lkdtm/fortify.c36
1 files changed, 6 insertions, 30 deletions
diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c
index 00ed2147113e..7615a02dfc47 100644
--- a/drivers/misc/lkdtm/fortify.c
+++ b/drivers/misc/lkdtm/fortify.c
@@ -10,30 +10,6 @@
static volatile int fortify_scratch_space;
-static void lkdtm_FORTIFY_STR_OBJECT(void)
-{
- struct target {
- char a[10];
- int foo;
- } target[3] = {};
- /*
- * Using volatile prevents the compiler from determining the value of
- * 'size' at compile time. Without that, we would get a compile error
- * rather than a runtime error.
- */
- volatile int size = 20;
-
- pr_info("trying to strcmp() past the end of a struct\n");
-
- strncpy(target[0].a, target[1].a, size);
-
- /* Store result to global to prevent the code from being eliminated */
- fortify_scratch_space = target[0].a[3];
-
- pr_err("FAIL: fortify did not block a strncpy() object write overflow!\n");
- pr_expected_config(CONFIG_FORTIFY_SOURCE);
-}
-
static void lkdtm_FORTIFY_STR_MEMBER(void)
{
struct target {
@@ -47,22 +23,23 @@ static void lkdtm_FORTIFY_STR_MEMBER(void)
if (!src)
return;
+ /* 15 bytes: past end of a[] but not target. */
strscpy(src, "over ten bytes", size);
size = strlen(src) + 1;
- pr_info("trying to strncpy() past the end of a struct member...\n");
+ pr_info("trying to strscpy() past the end of a struct member...\n");
/*
- * strncpy(target.a, src, 20); will hit a compile error because the
- * compiler knows at build time that target.a < 20 bytes. Use a
+ * strscpy(target.a, src, 15); will hit a compile error because the
+ * compiler knows at build time that target.a < 15 bytes. Use a
* volatile to force a runtime error.
*/
- strncpy(target.a, src, size);
+ strscpy(target.a, src, size);
/* Store result to global to prevent the code from being eliminated */
fortify_scratch_space = target.a[3];
- pr_err("FAIL: fortify did not block a strncpy() struct member write overflow!\n");
+ pr_err("FAIL: fortify did not block a strscpy() struct member write overflow!\n");
pr_expected_config(CONFIG_FORTIFY_SOURCE);
kfree(src);
@@ -210,7 +187,6 @@ static void lkdtm_FORTIFY_STRSCPY(void)
}
static struct crashtype crashtypes[] = {
- CRASHTYPE(FORTIFY_STR_OBJECT),
CRASHTYPE(FORTIFY_STR_MEMBER),
CRASHTYPE(FORTIFY_MEM_OBJECT),
CRASHTYPE(FORTIFY_MEM_MEMBER),