From patchwork Mon Feb 4 21:29:50 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: mtd: mtd_torturetest can cause stack overflows Date: Mon, 04 Feb 2013 11:29:50 -0000 From: Al Cooper X-Patchwork-Id: 218073 Message-Id: <1360013390-30179-1-git-send-email-alcooperx@gmail.com> To: dwmw2@infradead.org, linux-mtd@lists.infradead.org Cc: Al Cooper mtd_torturetest uses the module parm "ebcnt" to control the size of a stack based array of int's. When "ebcnt" is large, Ex: 1000, it causes stack overflows on systems with small kernel stacks. The fix is to move the array from the stack to kmalloc memory. Signed-off-by: Al Cooper --- drivers/mtd/tests/mtd_torturetest.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/drivers/mtd/tests/mtd_torturetest.c b/drivers/mtd/tests/mtd_torturetest.c index c4cde1e..a777cc8 100644 --- a/drivers/mtd/tests/mtd_torturetest.c +++ b/drivers/mtd/tests/mtd_torturetest.c @@ -208,7 +208,7 @@ static inline int write_pattern(int ebnum, void *buf) static int __init tort_init(void) { int err = 0, i, infinite = !cycles_count; - int bad_ebs[ebcnt]; + int *bad_ebs; printk(KERN_INFO "\n"); printk(KERN_INFO "=================================================\n"); @@ -273,6 +273,12 @@ static int __init tort_init(void) goto out_patt_FF; } + bad_ebs = kmalloc(sizeof(*bad_ebs) * ebcnt, GFP_KERNEL); + if (!bad_ebs) { + pr_err("error: cannot allocate memory\n"); + goto out_check_buf; + } + err = 0; /* Initialize patterns */ @@ -394,6 +400,8 @@ out: pr_info("finished after %u erase cycles\n", erase_cycles); + kfree(bad_ebs); +out_check_buf: kfree(check_buf); out_patt_FF: kfree(patt_FF);