Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp440672pxt; Thu, 12 Aug 2021 01:59:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw5asWkIsF2X7qx3d32y7Xb/143g+kqYs43MHafkhYxWk2wf1POaSVETv4lsk60CQv0lpbP X-Received: by 2002:a17:906:3c10:: with SMTP id h16mr2672264ejg.205.1628758748562; Thu, 12 Aug 2021 01:59:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628758748; cv=none; d=google.com; s=arc-20160816; b=n1qNm2O+laWdF68Rfbri1lyyubnRGwVvLZIQdmYrF0Qdtnd8iVVojMN6fpxcDMIV39 CgOfuSiKir+1tjvnNpMFkNZN1ShL779IlmCb8T+PKt43O2jw/R3ewiplf2InOwk2/q6M qIVr1SmGFAM4QenjrIZHp2N9uKcBjhjs2MYqJrilTbfpLeRsJRP3vsSqzrbKV5U5y8v5 GTR3iop8nzJAPVIik78+XWGGyNaIGqSdj1MwqcmHgCjc/A2JDSdCrV9taXwZ3x3/6hls 9XsfvUeqmifa3E4HvOosapzYRMoFU6pU8j8z9Ayx9wsTyRou5Fq1DqroeHYaxMZmiltF ZJvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=NvfdMZYMJAya7AOkWdDc2oNND0X7RYexhanHnq6ZuEo=; b=Soawm5R77Mn0mVAZ/mdTG5s2gYtVaOStubt8wc+msNKpfjOBOd8U5CxJ/O2DhL3oUM CaDtQZaR9Gq+JK7TECQ7u8p2Qs/2XDcwJ3ivtp3CFBAZMP5LGcDXwA486e03S+s5nZc0 hI+N/xxiD9r+JHQyQ2GmSCt8rWfksxmq3VO4Znv92O/VDKNAYVc858ztj6Tj3GJa5M69 GgoGxgZB0aUcwk40k4tKGN5GT2w+I+MXj+/jnpsa/W0CvnS8PnEx2DoTwS///R4PRbI1 mQ2Zgw+eH+Ir9UPj2/NPfJPgVpWSziofjBWtNTkdpBuFpidQ6I9Ive1GNvt4/FE7LWjf Khaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AQQ58CvZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l9si2129381edr.73.2021.08.12.01.58.45; Thu, 12 Aug 2021 01:59:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AQQ58CvZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235423AbhHLI5j (ORCPT + 99 others); Thu, 12 Aug 2021 04:57:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235413AbhHLI5g (ORCPT ); Thu, 12 Aug 2021 04:57:36 -0400 Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9554C061765 for ; Thu, 12 Aug 2021 01:57:11 -0700 (PDT) Received: by mail-oi1-x236.google.com with SMTP id bi32so9301657oib.2 for ; Thu, 12 Aug 2021 01:57:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NvfdMZYMJAya7AOkWdDc2oNND0X7RYexhanHnq6ZuEo=; b=AQQ58CvZy+rfpZWHDYz/szGP6NhLQ7avJgQsOENXbxHg66Rtz/gGjDD5044NvFnq9i i+uKnufxs+r3OE6tVIWowA3Y+Z9zNpapLfMyHNmFf7CdsZAGK7HN/Z3lw0q3oeWDss5J oWhEKGCNWNwYFsVDuAVISFYqQdk3N5Tn9SSidPwx1BfnU6WWLqjHRxrbD8qxVdMxFGQy MIh3BmEbvqf9GNR4Gov/v214Ivdw/HkR0Nhj77tjmnTeOWQqUPjw5quVEJ1Up8nzSngX JxZBFS42WPH/vjBsMcB2hI8tgGA23BJkx0t4VDRAQ+tRvAdLEANySxSgZpMQUr5BZUKx 5+kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NvfdMZYMJAya7AOkWdDc2oNND0X7RYexhanHnq6ZuEo=; b=c3GlwpoRPwCXMxmFMe/BV4IcRS6M9Ju+pvEHixp+AubuKqKOIRV2gbQDuFlLcj57Cv 59aUEMrqM4onGk8lMGNCu5IrlHJ0b1NVyZVL6jPuC4PNDWkQzvlIQa4zuyJnqk4HNkyH Evci9jTiQPMNtuj0oXieDRA8gYGxfvElq87Kie5gquKQgDYDnnvA5c/xk5tS8m1JBNF5 eGjW+A4YhzAGEJPBTU9FxOvUNjAKDyrb9QTDDf6urv6apt2XUvf84BBhvHTEK971Ev5N h8uNkCdBWXpLT984BIX8EizKt9q8qgAGqv2zBph876VJ/OXpAqQxN1jFYplivJzUvgkL TCvw== X-Gm-Message-State: AOAM532D3N8GUiWwuuUdQz+TKhzEcfpfbMoDWxUVKwPeHAEMgYPhayTu 0wRLt43KEMRrmCzZV0k1M3G5rLgzb8Z9JT0wviE97w== X-Received: by 2002:aca:eb8a:: with SMTP id j132mr2510361oih.121.1628758629909; Thu, 12 Aug 2021 01:57:09 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Marco Elver Date: Thu, 12 Aug 2021 10:56:58 +0200 Message-ID: Subject: Re: [PATCH 3/8] kasan: test: avoid corrupting memory via memset To: andrey.konovalov@linux.dev Cc: Andrew Morton , Andrey Konovalov , Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 11 Aug 2021 at 21:21, wrote: > From: Andrey Konovalov > > kmalloc_oob_memset_*() tests do writes past the allocated objects. > As the result, they corrupt memory, which might lead to crashes with the > HW_TAGS mode, as it neither uses quarantine nor redzones. > > Adjust the tests to only write memory within the aligned kmalloc objects. > > Signed-off-by: Andrey Konovalov > --- > lib/test_kasan.c | 22 +++++++++++----------- > 1 file changed, 11 insertions(+), 11 deletions(-) > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > index c82a82eb5393..fd00cd35e82c 100644 > --- a/lib/test_kasan.c > +++ b/lib/test_kasan.c > @@ -431,61 +431,61 @@ static void kmalloc_uaf_16(struct kunit *test) > static void kmalloc_oob_memset_2(struct kunit *test) > { > char *ptr; > - size_t size = 8; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 7 + OOB_TAG_OFF, 0, 2)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 2)); I think one important aspect of these tests in generic mode is that the written range touches both valid and invalid memory. I think that was meant to test any explicit instrumentation isn't just looking at the starting address, but at the whole range. It seems that with these changes that is no longer tested. Could we somehow make it still test that? > kfree(ptr); > } > > static void kmalloc_oob_memset_4(struct kunit *test) > { > char *ptr; > - size_t size = 8; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 5 + OOB_TAG_OFF, 0, 4)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 4)); > kfree(ptr); > } > > - > static void kmalloc_oob_memset_8(struct kunit *test) > { > char *ptr; > - size_t size = 8; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 1 + OOB_TAG_OFF, 0, 8)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 8)); > kfree(ptr); > } > > static void kmalloc_oob_memset_16(struct kunit *test) > { > char *ptr; > - size_t size = 16; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 1 + OOB_TAG_OFF, 0, 16)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 16)); > kfree(ptr); > } > > static void kmalloc_oob_in_memset(struct kunit *test) > { > char *ptr; > - size_t size = 666; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr, 0, size + 5 + OOB_TAG_OFF)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + memset(ptr, 0, size + KASAN_GRANULE_SIZE)); > kfree(ptr); > } > > -- > 2.25.1 > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/e9e2f7180f96e2496f0249ac81887376c6171e8f.1628709663.git.andreyknvl%40gmail.com.