From: Daniel Axtens <dja@axtens.net>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kasan-dev@googlegroups.com
Cc: linuxppc-dev@lists.ozlabs.org,
linux-arm-kernel@lists.infradead.org, linux-s390@vger.kernel.org,
linux-xtensa@linux-xtensa.org, x86@kernel.org,
dvyukov@google.com, christophe.leroy@c-s.fr,
Daniel Axtens <dja@axtens.net>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>
Subject: [PATCH v2 3/3] kasan: initialise array in kasan_memcmp test
Date: Thu, 16 Jan 2020 17:26:25 +1100 [thread overview]
Message-ID: <20200116062625.32692-4-dja@axtens.net> (raw)
In-Reply-To: <20200116062625.32692-1-dja@axtens.net>
memcmp may bail out before accessing all the memory if the buffers
contain differing bytes. kasan_memcmp calls memcmp with a stack array.
Stack variables are not necessarily initialised (in the absence of a
compiler plugin, at least). Sometimes this causes the memcpy to bail
early thus fail to trigger kasan.
Make sure the array initialised to zero in the code.
No other test is dependent on the contents of an array on the stack.
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
lib/test_kasan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index a130d75b9385..519b0f259e97 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -619,7 +619,7 @@ static noinline void __init kasan_memcmp(void)
{
char *ptr;
size_t size = 24;
- int arr[9];
+ int arr[9] = {};
pr_info("out-of-bounds in memcmp\n");
ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
--
2.20.1
next prev parent reply other threads:[~2020-01-16 6:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 6:26 [PATCH v2 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE Daniel Axtens
2020-01-16 6:26 ` [PATCH v2 1/3] kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE Daniel Axtens
2020-01-16 6:26 ` [PATCH v2 2/3] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Daniel Axtens
2020-01-16 8:11 ` Dmitry Vyukov
2020-01-16 6:26 ` Daniel Axtens [this message]
2020-01-16 8:07 ` [PATCH v2 3/3] kasan: initialise array in kasan_memcmp test Dmitry Vyukov
2020-02-26 23:48 ` [PATCH v2 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE Daniel Axtens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200116062625.32692-4-dja@axtens.net \
--to=dja@axtens.net \
--cc=aryabinin@virtuozzo.com \
--cc=christophe.leroy@c-s.fr \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-xtensa@linux-xtensa.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox