From: zhong jiang <zhongjiang@huawei.com>
To: akpm@linux-foundation.org, adech.fo@gmail.com, ryabinin.a.a@gmail.com
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, qiuxishi@huawei.com,
guohanjun@huawei.com, zhangdianfang@huawei.com
Subject: some problems about kasan
Date: Thu, 15 Oct 2015 14:59:54 +0800 [thread overview]
Message-ID: <561F4EEA.60203@huawei.com> (raw)
1a?? I feel confused about one of the cases when testing the cases kasan can solve . the function come from the kernel in the /lib/test_kasan.c.
static noinline void __init kmalloc_uaf2(void)
{
char *ptr1, *ptr2;
size_t size = 43;
pr_info("use-after-free after another kmalloc\n");
ptr1 = kmalloc(size, GFP_KERNEL);
if (!ptr1) {
pr_err("Allocation failed\n");
return;
}
kfree(ptr1);
ptr2 = kmalloc(size, GFP_KERNEL);
if (!ptr2) {
pr_err("Allocation failed\n");
return;
}
ptr1[40] = 'x';
kfree(ptr2);
}
In the above function, the point ptr1 are probably the same as the ptr2 . so the error not certain to occur.
2a??Is the stack local variable out of bound access set by the GCC ? I don't see any operate in the kernel
3a??I want to know that the global variable size include redzone is allocated by the module_alloc().
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next reply other threads:[~2015-10-15 7:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-15 6:59 zhong jiang [this message]
2015-10-15 7:49 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=561F4EEA.60203@huawei.com \
--to=zhongjiang@huawei.com \
--cc=adech.fo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=guohanjun@huawei.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=qiuxishi@huawei.com \
--cc=ryabinin.a.a@gmail.com \
--cc=zhangdianfang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox