Linux-mm Archive on lore.kernel.org
 help / color / Atom feed
From: Daniel Axtens <dja@axtens.net>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	akpm@linux-foundation.org, kasan-dev@googlegroups.com
Cc: dvyukov@google.com, christophe.leroy@c-s.fr,
	Daniel Axtens <dja@axtens.net>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Alexander Potapenko <glider@google.com>
Subject: [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test
Date: Fri, 24 Apr 2020 01:45:03 +1000
Message-ID: <20200423154503.5103-4-dja@axtens.net> (raw)
In-Reply-To: <20200423154503.5103-1-dja@axtens.net>

memcmp may bail out before accessing all the memory if the buffers
contain differing bytes. kasan_memcmp calls memcmp with a stack array.
Stack variables are not necessarily initialised (in the absence of a
compiler plugin, at least). Sometimes this causes the memcpy to bail
early thus fail to trigger kasan.

Make sure the array initialised to zero in the code.

No other test is dependent on the contents of an array on the stack.

Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
---
 lib/test_kasan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 939f395a5392..7700097842c8 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -638,7 +638,7 @@ static noinline void __init kasan_memcmp(void)
 {
 	char *ptr;
 	size_t size = 24;
-	int arr[9];
+	int arr[9] = {};
 
 	pr_info("out-of-bounds in memcmp\n");
 	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
-- 
2.20.1



  parent reply index

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-23 15:45 [PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 1/3] kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 2/3] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Daniel Axtens
2020-04-23 15:45 ` Daniel Axtens [this message]
2020-04-23 17:25   ` [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test Dmitry Vyukov
2020-04-24 14:37     ` Daniel Axtens
2020-04-24  6:54 ` [PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE David Gow

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200423154503.5103-4-dja@axtens.net \
    --to=dja@axtens.net \
    --cc=akpm@linux-foundation.org \
    --cc=aryabinin@virtuozzo.com \
    --cc=christophe.leroy@c-s.fr \
    --cc=dvyukov@google.com \
    --cc=glider@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-mm Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-mm/0 linux-mm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-mm linux-mm/ https://lore.kernel.org/linux-mm \
		linux-mm@kvack.org
	public-inbox-index linux-mm

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kvack.linux-mm


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git