From: Daniel Axtens <dja@axtens.net>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
akpm@linux-foundation.org, kasan-dev@googlegroups.com
Cc: dvyukov@google.com, christophe.leroy@c-s.fr,
Daniel Axtens <dja@axtens.net>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>
Subject: [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test
Date: Fri, 24 Apr 2020 01:45:03 +1000 [thread overview]
Message-ID: <20200423154503.5103-4-dja@axtens.net> (raw)
In-Reply-To: <20200423154503.5103-1-dja@axtens.net>
memcmp may bail out before accessing all the memory if the buffers
contain differing bytes. kasan_memcmp calls memcmp with a stack array.
Stack variables are not necessarily initialised (in the absence of a
compiler plugin, at least). Sometimes this causes the memcpy to bail
early thus fail to trigger kasan.
Make sure the array initialised to zero in the code.
No other test is dependent on the contents of an array on the stack.
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
---
lib/test_kasan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 939f395a5392..7700097842c8 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -638,7 +638,7 @@ static noinline void __init kasan_memcmp(void)
{
char *ptr;
size_t size = 24;
- int arr[9];
+ int arr[9] = {};
pr_info("out-of-bounds in memcmp\n");
ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
--
2.20.1
next prev parent reply other threads:[~2020-04-23 15:45 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-23 15:45 [PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 1/3] kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE Daniel Axtens
2020-04-23 15:45 ` [PATCH v3 2/3] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Daniel Axtens
2020-04-23 15:45 ` Daniel Axtens [this message]
2020-04-23 17:25 ` [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test Dmitry Vyukov
2020-04-24 14:37 ` Daniel Axtens
2020-04-24 6:54 ` [PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE David Gow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200423154503.5103-4-dja@axtens.net \
--to=dja@axtens.net \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=christophe.leroy@c-s.fr \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).