I am trying to set the instruction point (regs->ip) to a return address of a function in a loadable kernel module (for Linux 3.13). However, it throws stack smashing detection. My question is how to get around it.
More specifically, before setting instruction point in the kernel module, the stack of user land process looks like the following:
+--------+
| foo |
+--------+
| bar |
+--------+
| bottom |
+--------+
the kernel module sets ip (instruction point) to the return address of bar, which apparrently is stack overflow...
So I am thinking if I can simulate the return of foo in the kernel module, and thus setting ip would not cause smashing detected error.
First, is this speculation correct? that is, by simulating return of foo in kernel space allows me to return to bar without smashing detected?
Second, if it is correct, how to implement it in kernel space?
Updates: An interesting (or undefined) behavior to mention: the bar function looks like:
foo(){
call_into_kernel_module();
printf("end of foo()");
}
bar(){
...
char a[4];
...
foo();
printf("end of bar()");
}
a is never filled with any data, or referenced afterwards. If I remove the declaration, smashing will be gone. Otherwise, it stays. (Btw, I can see end of bar() in the printout ).
