Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp3405028ybx; Sun, 3 Nov 2019 18:12:55 -0800 (PST) X-Google-Smtp-Source: APXvYqwELPr61rJRcK21BItTTjBVMdoUC5y5Pjzp+rK/6WNkFz71EZpDjFpPVQU0+Od56WN3ikR9 X-Received: by 2002:a17:906:529a:: with SMTP id c26mr17211255ejm.69.1572833575629; Sun, 03 Nov 2019 18:12:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572833575; cv=none; d=google.com; s=arc-20160816; b=WJdHBH93j9A+m+HAhZr0YNtOzT7FKmnxQqYXMJgJQIvaIH7XkqCmsFrAYLK573yu2C d6j5nnPlfeAVyxscdEsznn12smWLWzD5EDiKFI5hOGJYTM9J4WmNU+HEhl9MzYykQHrD 1fDhnUobOift55UzdkscDDdc8LL2EGE0x5wxvyrN4WmNd/ZK+z3FLMLMDTAu4lC0EJg1 50UggafYHPPnMqUVtl8wr44aD+o44P+2OR7QyVcMi6xRFmDKmN7/SS2rVV7QlphalPh8 0qxgOjmNQUVB4W7qSPe/DFehN4iRSWioPHGGUJNwzjmFBuVg5CawP4hh6wdGvffGVJj6 jPNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from; bh=NXUhWbaZQQgu25hdem8MHn0Xfn5xg3kHqkgFGT4qSAo=; b=uUYkbTgsQcZQkyh/1dFYh3Yx6pSjmSDGOpWnwcIRbnhebLZBnUPjHagLfCQiDeo4ZM tJhrM4vMA+d1MUlHLj2RD+EvwTN3JK9fTGC8p/yKGE36tqNHfE5VaxvWm8WdTVhN6mav RjBvZhcxjiZniGtPeJKoHArP8yxzknlQA2jNYszsPjU4wieq9tGixI/nR2Ik8WqAJerQ 6YpbWIn++plQApp+z1lrNIh1oesyx6F71LS1cJSA+6CJh+lWZa2HslOIW7OMAeImdMrP 0e+8Ie8jukCQOP4eGRv7mDVdB044zxabfeb49G65mIryZt0jDHq5vczcKogcK6zznZ83 KJtA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id hh19si3716375ejb.209.2019.11.03.18.12.32; Sun, 03 Nov 2019 18:12:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728730AbfKDCFt (ORCPT + 99 others); Sun, 3 Nov 2019 21:05:49 -0500 Received: from mailgw01.mediatek.com ([210.61.82.183]:49967 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728234AbfKDCFt (ORCPT ); Sun, 3 Nov 2019 21:05:49 -0500 X-UUID: 04af6f70713449ee9a2bbe13afb6df6a-20191104 X-UUID: 04af6f70713449ee9a2bbe13afb6df6a-20191104 Received: from mtkcas07.mediatek.inc [(172.21.101.84)] by mailgw01.mediatek.com (envelope-from ) (Cellopoint E-mail Firewall v4.1.10 Build 0809 with TLS) with ESMTP id 2092748576; Mon, 04 Nov 2019 10:05:42 +0800 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs08n2.mediatek.inc (172.21.101.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 4 Nov 2019 10:05:39 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1395.4 via Frontend Transport; Mon, 4 Nov 2019 10:05:39 +0800 From: Walter Wu To: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Matthias Brugger CC: , , , , wsd_upstream , Walter Wu Subject: [PATCH v3 2/2] kasan: add test for invalid size in memmove Date: Mon, 4 Nov 2019 10:05:39 +0800 Message-ID: <20191104020539.28039-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Content-Type: text/plain X-TM-SNTS-SMTP: C7718962B9A4B5E4228DBC919FD5E100E8BDABB44BCDF8ABD45A72F8B85F7A0D2000:8 X-MTK: N Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Test negative size in memmove in order to verify whether it correctly get KASAN report. Casting negative numbers to size_t would indeed turn up as a large size_t, so it will have out-of-bounds bug and be detected by KASAN. Signed-off-by: Walter Wu Reviewed-by: Dmitry Vyukov --- lib/test_kasan.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 49cc4d570a40..06942cf585cc 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -283,6 +283,23 @@ static noinline void __init kmalloc_oob_in_memset(void) kfree(ptr); } +static noinline void __init kmalloc_memmove_invalid_size(void) +{ + char *ptr; + size_t size = 64; + + pr_info("invalid size in memmove\n"); + ptr = kmalloc(size, GFP_KERNEL); + if (!ptr) { + pr_err("Allocation failed\n"); + return; + } + + memset((char *)ptr, 0, 64); + memmove((char *)ptr, (char *)ptr + 4, -2); + kfree(ptr); +} + static noinline void __init kmalloc_uaf(void) { char *ptr; @@ -773,6 +790,7 @@ static int __init kmalloc_tests_init(void) kmalloc_oob_memset_4(); kmalloc_oob_memset_8(); kmalloc_oob_memset_16(); + kmalloc_memmove_invalid_size(); kmalloc_uaf(); kmalloc_uaf_memset(); kmalloc_uaf2(); -- 2.18.0