Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp438319pxt; Thu, 12 Aug 2021 01:54:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzllkGmWbiPK09D8nXyAC4Mx1/+UvC6c76NxmujMqoRDZHIADZPgmTRO43VomzvVPWkGDnf X-Received: by 2002:a17:906:3888:: with SMTP id q8mr2574070ejd.269.1628758466259; Thu, 12 Aug 2021 01:54:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628758466; cv=none; d=google.com; s=arc-20160816; b=jnKmGggt9NJW4XgvDGNus8swDg89OuI3PjWhbleLQSGdRcU/XbkEcACQvMoP05pA2F qbd4kY1DMcyq7P4kng0gnYw/wdHw6Gqnvd3CTQc3qMPCViQIJdXxLJuF3Y22hrcX0Smo XYamu+xWN9QJL4GNYUifObz3ssS28hF+r5RXsN2UVJraJG84ncLKKcZ+LW0Rj+qcBzwH /GIlXdKvG32Q4+Q56dO489Vd6wOUIIKp1gmI+I9xzVSrzaXr7KvRA6lAnfybvM4JmYDP UYuA35wFI7PMc+lSZFFoomf5oTFR+pqKKOuMy/4LoaTI4bu0lJNqdlaFvzkI8dasZXoa gpPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=AFyPNO4ZkizLh3L5gPVy35vzpqSp3wuB2t4x2aRMQPw=; b=pecZqgj5xKOC6p4SiGaZ7TRNwmHeP/m4K6nlmjbe06+DsMzlJOW1ip+k9bFPy192Be NyJv/LHYKX/HYrEkppj04RHi8ib0fzbPhHHfJD9w3AQc7zbYiSLzJovWJt8iYqb/jMon 3EnXRZEH5CT0bkYVtqronjE9ewfJKAkFLR5IDtZU7Mh2cyLaJVpGHE6IuXuaag/ws1No ygxCGZKMwmodIahOjr1hNslz3Shrjn2uetLPF73JB070cKlxKtLsGEs4uw1HqSvvChTw LG/LwvP7JpQ9U8ro2XOPnv45FoOltb28HAgveEm5FRWAfaIYwlFLXJNjva1l6vR5aqKW TsPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Dw7WCJKV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id br21si1874253ejb.258.2021.08.12.01.54.03; Thu, 12 Aug 2021 01:54:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Dw7WCJKV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234198AbhHLIvJ (ORCPT + 99 others); Thu, 12 Aug 2021 04:51:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231470AbhHLIvI (ORCPT ); Thu, 12 Aug 2021 04:51:08 -0400 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C46CC061765 for ; Thu, 12 Aug 2021 01:50:42 -0700 (PDT) Received: by mail-ot1-x32d.google.com with SMTP id d10-20020a9d4f0a0000b02904f51c5004e3so6852478otl.9 for ; Thu, 12 Aug 2021 01:50:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AFyPNO4ZkizLh3L5gPVy35vzpqSp3wuB2t4x2aRMQPw=; b=Dw7WCJKVYgppAHEJ9FQoaU/9bvIu6cF/4LSfy/ttMhKBAoNhFwTPw0t53y7YerEawH mBCjRqy55uTCgjD+xFR+HRu+IMueLOqNAFVUA30pc2UD9e9WljLfDvNNImDkvmHhtEXq /17Ck0yYL4aMOtXxAnMoMHPNVz+z3HIcmqDoZ9pfI8J9D9PT5wZJV+X0Hh4c9O7XQk0v Q4FRqWdIytObCFcQb1zdUXdUK6YIX0T6leyn1aGbYpRvvJNIcR4Cj7ZVcbzep3r7drJo dzDTcRcQqHqbEpc9P7eeknis+nDKldFIn2TE6YRuWTTAdz/5JnzLI+Bka0lNgQqXapAB Fy/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AFyPNO4ZkizLh3L5gPVy35vzpqSp3wuB2t4x2aRMQPw=; b=rh5NAd/kNC1JF8wjjamNDOjQg/B1TxQsKuegvqjLWGvNEqTD/zQlRRJUv6OxIjpxr8 iace/iZkQol2rE4VAFThPuMBzCMFRDA0t1SEcQK/h5R2oTBY6osD25CFLcBLOke0Dopv Sjgd3nopjB+/0W0P0TpS55WyOYivDNHswDjwGWRInCJ9PGDSyUSbC28A0Y0lU8UKIg53 RbVYGiEU+WpuyKGEr8dsDf4DpM1nyMiQ3hKFUBPP7+dUwruf0eSOel9rRerL6q95Ifwi JVgZBgF9dyY4brY9WN+tidOkEBHuxYhJbChEmXu7MTCb0G3WovPXO+N8efUeLJPlkS/c psmg== X-Gm-Message-State: AOAM532S8cwqC7a8RiBSbeWz/49Dcspn4Xt/QTuJuXuo9PQhWJrvJ3iQ rKbci9xRENkB6Bwxflsx/6gQ1HmEjeWV4CdAwC611A== X-Received: by 2002:a05:6830:1490:: with SMTP id s16mr2619178otq.233.1628758241746; Thu, 12 Aug 2021 01:50:41 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Marco Elver Date: Thu, 12 Aug 2021 10:50:30 +0200 Message-ID: Subject: Re: [PATCH 8/8] kasan: test: avoid corrupting memory in kasan_rcu_uaf To: andrey.konovalov@linux.dev Cc: Andrew Morton , Andrey Konovalov , Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 11 Aug 2021 at 21:34, wrote: > > From: Andrey Konovalov > > kasan_rcu_uaf() writes to freed memory via kasan_rcu_reclaim(), which is > only safe with the GENERIC mode (as it uses quarantine). For other modes, > this test corrupts kernel memory, which might result in a crash. > > Turn the write into a read. > > Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver > --- > lib/test_kasan_module.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c > index fa73b9df0be4..7ebf433edef3 100644 > --- a/lib/test_kasan_module.c > +++ b/lib/test_kasan_module.c > @@ -71,7 +71,7 @@ static noinline void __init kasan_rcu_reclaim(struct rcu_head *rp) > struct kasan_rcu_info, rcu); > > kfree(fp); > - fp->i = 1; > + ((volatile struct kasan_rcu_info *)fp)->i; > } > > static noinline void __init kasan_rcu_uaf(void) > -- > 2.25.1 >