Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp4717966pxt; Wed, 11 Aug 2021 12:24:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyREV8NzPlhdahz/a/fmMHkt1mF4PTxh5mwXwt8MZAioyd8KUq7Zlu47uqa9W/MUaRL/nMy X-Received: by 2002:a05:6e02:1561:: with SMTP id k1mr23038ilu.25.1628709854235; Wed, 11 Aug 2021 12:24:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628709854; cv=none; d=google.com; s=arc-20160816; b=CLAAk6O1L0NMyXFbnuI1gpbGwUfcpwoVgf1EFYXeC8tWV+vhIbLL6L1Z3vOfRFQVoj 9aQR8GbmAF/C1yzmfzMU6ki1oR2Y08YXD7cWR5/7cWlXMfpESvAbzXpE/YaSnfKJZRag jRtkAXGaJe7YNP37coTmilm1OQQA5ofBGJ8C28A5vv7owqhT+Vxm809UxGMExvKlHJfr WFWtzq3RQQHDaXEM+GDZZvioyG0dT20aTqYH+IkyPhE/vsv0lGrLWtePcp30rdD4iKKt jJQTFe1nv6d7fxaL8imIQVaP/cvo/Q4dz0v9aRaHACuOFpDq3zWrPO2StMz0/Pskths4 rnHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=67kYwukmo7Ml3X3ud3b8IvQ8hH4hhd8RmqNx/G1meFc=; b=Nwo75nmE4PkfwnNCrey0r0eh+NYACFnwBuM7TjTSetPrP/l10f/BQPms3RnP/3n87l qLTsAsg576DlFYD1wwurLmw5VtNrEElS0NaGgoAiMH76lB+ZGaSYkK0uJO3UxcsmKDST MVk5IavNC9o+nO5xlAL008wLZKwd72ar1wGFnYe2busxvtazZzMrDOOpW91EqxS+YEhC NJe3v6YAZbB6s/Uy8zEuW7q32tkPWFznYXo8HrQN3AVUOT+obGNNVY7RC4/oc7d1ifze 26Jjk1vGKRfSdJY6hDjrxNY1fg6Cmp/z5F5QsWel5wOztVc7grBah5TkhsvT/N+mbURk zmUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=flF8MnPS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u10si331659jap.71.2021.08.11.12.24.00; Wed, 11 Aug 2021 12:24:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=flF8MnPS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231431AbhHKTWH (ORCPT + 99 others); Wed, 11 Aug 2021 15:22:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41414 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230207AbhHKTWH (ORCPT ); Wed, 11 Aug 2021 15:22:07 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 743C0C0613D3 for ; Wed, 11 Aug 2021 12:21:43 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1628709702; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=67kYwukmo7Ml3X3ud3b8IvQ8hH4hhd8RmqNx/G1meFc=; b=flF8MnPSoiRN335GyJwBorvW/Aa4A4lDAs/vLZ8BxybGPdxhnkMOU+hHX0di0MXmhAjrnf 1bi9nwZKxzib8NB7gKEMHOqWtpUTtk1sMCRbBAieXa6V3ARyxOXv6dxaJ1gjh/48ggX4Y2 wMtcVEr8Gdz865DyJM1bNV6eFsCh3Gs= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Andrey Ryabinin , Marco Elver , Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/8] kasan: test: avoid writing invalid memory Date: Wed, 11 Aug 2021 21:21:18 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: andrey.konovalov@linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andrey Konovalov Multiple KASAN tests do writes past the allocated objects or writes to freed memory. Turn these writes into reads to avoid corrupting memory. Otherwise, these tests might lead to crashes with the HW_TAGS mode, as it neither uses quarantine nor redzones. Signed-off-by: Andrey Konovalov --- lib/test_kasan.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 1bc3cdd2957f..c82a82eb5393 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -167,7 +167,7 @@ static void kmalloc_node_oob_right(struct kunit *test) ptr = kmalloc_node(size, GFP_KERNEL, 0); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = ptr[size]); kfree(ptr); } @@ -203,7 +203,7 @@ static void kmalloc_pagealloc_uaf(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); kfree(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } static void kmalloc_pagealloc_invalid_free(struct kunit *test) @@ -237,7 +237,7 @@ static void pagealloc_oob_right(struct kunit *test) ptr = page_address(pages); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = ptr[size]); free_pages((unsigned long)ptr, order); } @@ -252,7 +252,7 @@ static void pagealloc_uaf(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); free_pages((unsigned long)ptr, order); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } static void kmalloc_large_oob_right(struct kunit *test) @@ -514,7 +514,7 @@ static void kmalloc_uaf(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); kfree(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, *(ptr + 8) = 'x'); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[8]); } static void kmalloc_uaf_memset(struct kunit *test) @@ -553,7 +553,7 @@ static void kmalloc_uaf2(struct kunit *test) goto again; } - KUNIT_EXPECT_KASAN_FAIL(test, ptr1[40] = 'x'); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr1)[40]); KUNIT_EXPECT_PTR_NE(test, ptr1, ptr2); kfree(ptr2); @@ -700,7 +700,7 @@ static void ksize_unpoisons_memory(struct kunit *test) ptr[size] = 'x'; /* This one must. */ - KUNIT_EXPECT_KASAN_FAIL(test, ptr[real_size] = 'y'); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size]); kfree(ptr); } -- 2.25.1