17.14.1. CONFIG_FORTIFY_SOURCE

Detects buffer overflows for us:

./build-linux --config 'CONFIG_FORTIFY_SOURCE=y' --linux-build-id fortify
./build-modules --clean
./build-modules
./build-buildroot
./run --eval-after 'insmod strlen_overflow.ko' --linux-build-id fortify

Possible dmesg output:

strlen_overflow: loading out-of-tree module taints kernel.
detected buffer overflow in strlen
------------[ cut here ]------------

followed by a trace.

You may not get this error because this depends on strlen overflowing at least until the next page: if a random \0 appears soon enough, it won’t blow up as desired.

TODO not always reproducible. Find a more reproducible failure. I could not observe it on:

insmod memcpy_overflow.ko