All of lore.kernel.org
 help / color / mirror / Atom feed
* [melver:kasan/dev 1/4] lib/test_kasan.c:718 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13
@ 2021-12-06 14:24 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-12-06 14:24 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 4774 bytes --]

CC: kbuild-all(a)lists.01.org
TO: elver(a)google.com

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/melver/linux.git kasan/dev
head:   96d518f350d75d04aa5cf44b01bcfeecadb7685c
commit: af20ac667de8a9cd873664238ead275e63f3a0c8 [1/4] kasan: test: add globals left-out-of-bounds test
:::::: branch date: 6 days ago
:::::: commit date: 6 days ago
config: arm-randconfig-m031-20211206 (https://download.01.org/0day-ci/archive/20211206/202112062202.wUxap8sZ-lkp(a)intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
lib/test_kasan.c:718 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13

Old smatch warnings:
lib/test_kasan.c:139 kmalloc_oob_right() error: buffer overflow 'ptr' 115 <= 120
lib/test_kasan.c:142 kmalloc_oob_right() error: buffer overflow 'ptr' 115 <= 128
lib/test_kasan.c:168 kmalloc_node_oob_right() error: buffer overflow 'ptr' 4096 <= 4096
lib/test_kasan.c:295 krealloc_more_oob_helper() warn: potentially one past the end of array 'ptr2[size2]'
lib/test_kasan.c:295 krealloc_more_oob_helper() warn: potentially one past the end of array 'ptr2[size2]'
lib/test_kasan.c:324 krealloc_less_oob_helper() warn: potentially one past the end of array 'ptr2[size2]'
lib/test_kasan.c:324 krealloc_less_oob_helper() warn: potentially one past the end of array 'ptr2[size2]'
lib/test_kasan.c:338 krealloc_less_oob_helper() warn: potentially one past the end of array 'ptr2[middle]'
lib/test_kasan.c:338 krealloc_less_oob_helper() warn: potentially one past the end of array 'ptr2[middle]'
lib/test_kasan.c:387 krealloc_uaf() warn: passing freed memory 'ptr1'
lib/test_kasan.c:425 kmalloc_uaf_16() error: dereferencing freed memory 'ptr2'
lib/test_kasan.c:566 kmalloc_uaf_memset() warn: passing freed memory 'ptr'
lib/test_kasan.c:751 ksize_unpoisons_memory() error: buffer overflow 'ptr' 123 <= 123
lib/test_kasan.c:772 ksize_uaf() warn: passing freed memory 'ptr'
lib/test_kasan.c:836 kmem_cache_double_free() error: double free of 'p'

vim +/array +718 lib/test_kasan.c

3f15801cdc2379 Andrey Ryabinin     2015-02-13  702  
af20ac667de8a9 Marco Elver         2021-11-16  703  static void kasan_global_oob_right(struct kunit *test)
3f15801cdc2379 Andrey Ryabinin     2015-02-13  704  {
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  705  	/*
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  706  	 * Deliberate out-of-bounds access. To prevent CONFIG_UBSAN_LOCAL_BOUNDS
53b0fe36ab7c6e Zhen Lei            2021-07-07  707  	 * from failing here and panicking the kernel, access the array via a
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  708  	 * volatile pointer, which will prevent the compiler from being able to
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  709  	 * determine the array bounds.
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  710  	 *
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  711  	 * This access uses a volatile pointer to char (char *volatile) rather
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  712  	 * than the more conventional pointer to volatile char (volatile char *)
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  713  	 * because we want to prevent the compiler from making inferences about
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  714  	 * the pointer itself (i.e. its array bounds), not the data that it
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  715  	 * refers to.
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  716  	 */
f649dc0e0d7b50 Peter Collingbourne 2021-05-14  717  	char *volatile array = global_array;
f649dc0e0d7b50 Peter Collingbourne 2021-05-14 @718  	char *p = &array[ARRAY_SIZE(global_array) + 3];
3f15801cdc2379 Andrey Ryabinin     2015-02-13  719  
58b999d7a22c59 Andrey Konovalov    2020-11-01  720  	/* Only generic mode instruments globals. */
da17e377723f50 Andrey Konovalov    2021-02-24  721  	KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
58b999d7a22c59 Andrey Konovalov    2020-11-01  722  
73228c7ecc5e40 Patricia Alfonso    2020-10-13  723  	KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
3f15801cdc2379 Andrey Ryabinin     2015-02-13  724  }
3f15801cdc2379 Andrey Ryabinin     2015-02-13  725  

:::::: The code@line 718 was first introduced by commit
:::::: f649dc0e0d7b509c75570ee403723660f5b72ec7 kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled

:::::: TO: Peter Collingbourne <pcc@google.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2021-12-06 14:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-06 14:24 [melver:kasan/dev 1/4] lib/test_kasan.c:718 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13 kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.