lkdtm: fix stack protector trigger

The -fstack-protector compiler flag will only build stack protections if
a character array is seen. Additionally, the offset to the saved
instruction pointer changes based on architecture, so stomp much harder
(64 bytes) when corrupting the stack.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
index 08aad69c8da4e3f4d8572d52eadd46c00bb65941..adb6bde2ecc21793803e82c9bed85be094f85101 100644 (file)
--- a/drivers/misc/lkdtm.c
+++ b/drivers/misc/lkdtm.c
@@ -295,10 +295,10 @@ static void lkdtm_do_action(enum ctype which)
                (void) recursive_loop(0);
                break;
        case CT_CORRUPT_STACK: {
-               volatile u32 data[8];
-               volatile u32 *p = data;
+               /* Make sure the compiler creates and uses an 8 char array. */
+               volatile char data[8];
 
-               p[12] = 0x12345678;
+               memset((void *)data, 0, 64);
                break;
        }
        case CT_UNALIGNED_LOAD_STORE_WRITE: {