From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4008C433FE for ; Fri, 10 Sep 2021 00:42:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BF71660C40 for ; Fri, 10 Sep 2021 00:42:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241141AbhIJAni (ORCPT ); Thu, 9 Sep 2021 20:43:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:45654 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232955AbhIJATS (ORCPT ); Thu, 9 Sep 2021 20:19:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6CDFE61101; Fri, 10 Sep 2021 00:18:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1631233088; bh=5myRRUC/o18GS6INhNKBgC2fJ2cP2r2OM/TzivGl2Gk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NTyvjppnlTlYniyZ46u6C1vGsQqusk9QzUa4NhTJXtUhzboIL3ajoSWpDyk84nLua pmwFzg4sjmnxuWg9ep4rJtdmOSPpTvf+0GQeNLAQGiMgR5y7dMWFre0XsBrbBcZG2N yfCudPrLVMX5Fps3/UeWRwZuyQr+/VWupJTaFnMNvf+p4vdvnSd2qyqmw+vCRjIBnV uHNX3p1/jsLJg+gYUpJWV6ESGct3SyC1azQTF1ZU3twAHdYmCFlzneK5R84HRUd0AX Or34WsiQwa2XyuIfxDKt0HPvbUxnNCZqrqB9f7ZEXSvjwhEVRoOOHWgXz4QZAnjTeb PjESCBvdqwUjw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Andrey Ryabinin , Dmitry Vyukov , Andrew Morton , Linus Torvalds , Sasha Levin , kasan-dev@googlegroups.com Subject: [PATCH AUTOSEL 5.14 93/99] kasan: test: avoid writing invalid memory Date: Thu, 9 Sep 2021 20:15:52 -0400 Message-Id: <20210910001558.173296-93-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210910001558.173296-1-sashal@kernel.org> References: <20210910001558.173296-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Andrey Konovalov [ Upstream commit 8fbad19bdcb4b9be8131536e5bb9616ab2e4eeb3 ] Multiple KASAN tests do writes past the allocated objects or writes to freed memory. Turn these writes into reads to avoid corrupting memory. Otherwise, these tests might lead to crashes with the HW_TAGS mode, as it neither uses quarantine nor redzones. Link: https://lkml.kernel.org/r/c3cd2a383e757e27dd9131635fc7d09a48a49cf9.1628779805.git.andreyknvl@gmail.com Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver Cc: Alexander Potapenko Cc: Andrey Ryabinin Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- lib/test_kasan.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 8f7b0b2f6e11..b261fe9f3110 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -151,7 +151,7 @@ static void kmalloc_node_oob_right(struct kunit *test) ptr = kmalloc_node(size, GFP_KERNEL, 0); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = ptr[size]); kfree(ptr); } @@ -187,7 +187,7 @@ static void kmalloc_pagealloc_uaf(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); kfree(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } static void kmalloc_pagealloc_invalid_free(struct kunit *test) @@ -221,7 +221,7 @@ static void pagealloc_oob_right(struct kunit *test) ptr = page_address(pages); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = ptr[size]); free_pages((unsigned long)ptr, order); } @@ -236,7 +236,7 @@ static void pagealloc_uaf(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); free_pages((unsigned long)ptr, order); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = 0); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } static void kmalloc_large_oob_right(struct kunit *test) @@ -498,7 +498,7 @@ static void kmalloc_uaf(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); kfree(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, *(ptr + 8) = 'x'); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[8]); } static void kmalloc_uaf_memset(struct kunit *test) @@ -537,7 +537,7 @@ static void kmalloc_uaf2(struct kunit *test) goto again; } - KUNIT_EXPECT_KASAN_FAIL(test, ptr1[40] = 'x'); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr1)[40]); KUNIT_EXPECT_PTR_NE(test, ptr1, ptr2); kfree(ptr2); @@ -684,7 +684,7 @@ static void ksize_unpoisons_memory(struct kunit *test) ptr[size] = 'x'; /* This one must. */ - KUNIT_EXPECT_KASAN_FAIL(test, ptr[real_size] = 'y'); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size]); kfree(ptr); } -- 2.30.2