From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D676D24454 for ; Thu, 10 Oct 2024 21:39:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CAB016B0082; Thu, 10 Oct 2024 17:39:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C5B306B0083; Thu, 10 Oct 2024 17:39:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B22766B0085; Thu, 10 Oct 2024 17:39:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8DEB36B0082 for ; Thu, 10 Oct 2024 17:39:26 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 35895A0A5A for ; Thu, 10 Oct 2024 21:39:19 +0000 (UTC) X-FDA: 82659009048.26.3B8BA0D Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by imf03.hostedemail.com (Postfix) with ESMTP id 3B18820005 for ; Thu, 10 Oct 2024 21:39:22 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=AxlPrrs1; spf=pass (imf03.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728596293; a=rsa-sha256; cv=none; b=BzWfhvBJlABSFeVt2zH3o3i1yoxUF1+e1YIgSpLDiP1Oi9gadK9lf6qkte9VSoDiPQvW1R L1n0/rTeCVyX6LZ++JxH+sejZR14on3wn1GmIuGuZk8esP1hrcDeihVMmX03k/maL58zMz 5fzF+FZeEVHSibPDgUVDwFmjU4gi7J0= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=AxlPrrs1; spf=pass (imf03.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728596293; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iSmm3ujWM9Lc1PSwYMhMkjrX/ACOqoUCH/T2z1DTYLQ=; b=06U95nTj9lu+UcwHxo0t9t/TYXspWxqnP1Sae9Ax3UyKtSGnAg+2mkKVpGPjUSLGkLONgy fXhJYhsZtOmfoj9zwt8der4O8LqIX16CjaadtMkL53vEEzTUWHLSXHUxkTjetn3ucvgek1 6y6isajBNzl2AJVY9dJZqqI7kuxFFSA= Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-37cea34cb57so832387f8f.0 for ; Thu, 10 Oct 2024 14:39:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728596363; x=1729201163; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=iSmm3ujWM9Lc1PSwYMhMkjrX/ACOqoUCH/T2z1DTYLQ=; b=AxlPrrs1N0ntKir9bGmr1wxzFlzECKtyU6IOp3nSjEaL3eWHJfcXLc4the+U2D2l38 LjVtJOvX6OW9HFAz87RJh0fnL1FUSpZ5PrXsoj/5qLIkTydJ4UlCz7md+kOdrv5bk+LN vtdazdWezr95JSAMQA/vD1Ccl5r33lUIVuNsiOoVkSvZybHkxHintHJ4hog1q2eIM9bd bhCK+OEKIYrkQu9X7ddCUqeAHIzfzDauzDQKWstVcvavQ6YQPNHEagyZafbJ/gBqfuic +HlvCXNsL7Glcxge/4rmAzehk5gxD3sgbUhx+14Y0EG2iWZIdEz4VStruBvH93PBwg/g NHuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728596363; x=1729201163; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iSmm3ujWM9Lc1PSwYMhMkjrX/ACOqoUCH/T2z1DTYLQ=; b=JTbPWMnOKLzDRpQHBGpbhhNxnowj0RhCbsoXaWdZ3jeBbdl0O3HwVxJh7opDMYlehA rWqJT6G3Lz+REOQR5GZ1As9rPGtqcpO67PWbx8LkxpP3wM70uvgaD1p4o9KPnHlkKlGd V15yDdXs6ExdqGO8uMY0PAuBT8QeGa5GliorU36HSZj08FdGsyEaGNOXQ6rd4HT6acqk hA8pYVgq29TLO5tzvS3Sp1/JVGWtfiDgdH/v4q4OAwlegZNrmplcZO9g8lB+lxONbEnz 46YJU50hhFHCAQNeGAGHhW5z4n2ueCDmPxCtDsV7ejsxj5KrLOWfJi2s1JgYut2WFbOs +Xbw== X-Forwarded-Encrypted: i=1; AJvYcCUYE8tAetbdYcIFEDp4hDVbRXrJnMm1GMVx0XPBft1ckXxG3GTGLW0q+sDNOMbDEqPtCHwtonRE4A==@kvack.org X-Gm-Message-State: AOJu0YxkMCbFT8QR+GnrLZZK5VMG//15j0x29yoX+xal45aDQzSyraH1 NUB+t83KKty75srJN9jlL6KyN9jK8a16BT+McEcPb3HCvy0dOQYIKjVehzfJr8Ud13qqlplrLEF hvLmp/ZXN4ytl/IpZfyeVnFE8C7Y= X-Google-Smtp-Source: AGHT+IFMEBpaLju4jvCLHsZaAkZnakbHbO0bzSr1Lxhx4zkylvqs35dJaafFDVXRM129wI/Y/PIljSr8Ivm3T6d21+w= X-Received: by 2002:a05:6000:181a:b0:37d:50e1:b3d3 with SMTP id ffacd0b85a97d-37d551b76c9mr259081f8f.20.1728596362610; Thu, 10 Oct 2024 14:39:22 -0700 (PDT) MIME-Version: 1.0 References: <20241010131130.2903601-1-snovitoll@gmail.com> In-Reply-To: <20241010131130.2903601-1-snovitoll@gmail.com> From: Andrey Konovalov Date: Thu, 10 Oct 2024 23:39:11 +0200 Message-ID: Subject: Re: [PATCH v5] mm, kasan, kmsan: copy_from/to_kernel_nofault To: Sabyrzhan Tasbolatov Cc: elver@google.com, akpm@linux-foundation.org, bpf@vger.kernel.org, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, syzbot+61123a5daeb9f7454599@syzkaller.appspotmail.com, vincenzo.frascino@arm.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: 6twknnj7us8ozs8kysxesfeqwccfy5ma X-Rspamd-Queue-Id: 3B18820005 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1728596362-237075 X-HE-Meta: U2FsdGVkX1+Wpkc6QgZGUw8Db5cZ46FSvoDf/2hw4eLS8HF2ZF7QZH1YUpqo6IAEuibhEFJWHeLNMEalbe4EOoA7B4VqAUE9D68wBfbZ4DW0V66N5UbzNMF/8HO5+thbVJ2/YEBwW0npMaUVNNcM5O9TxOr7ntJx/cRRSQOZ1DC1Hlxk3XUKED2zXtYekr5KiSHxZMMpzr2MXkDoiDYEkV7xE5njZa5/oLuzS2QDlbtLvHHqN+o8qOndXV0nk+OuUgIifkzP7n9mmlDGZuSdciSsmm+1yCOtmu2W/atbKylCYwXsUhrRpJ0XyZFM2O+82XytPaAZQX7d1F6tpx2/O88YlFx5EAwzl8gfJkSqKGgAchJ68060Xmj+20lxRJvkb/IR4hRmKhTP6r8Dn88nNAW5gi6A6Ml0UiQ0utRUaUht4ZED6MXUCDH8GCRv29v6q+DPSpgiqatoCUU36qC6H66rC3dIuxKEqYqL336bZwEkP/1K/RL2NqevGmBUyM8C4nbyPzI736RUUwtUZNN3FmUsbSempCe9Qhsj5+kVZgUO21yUvho+jJKe7WueT5gGWxDVLyuCeTQIxgwTdXWxvSDFDyhMg5tNGA/EIQbz1hF/ZcXvvxvZad600FQRVFdhrl0CJ+Erku8Zmk9T8XxrCH7zd6OyILxVbZwAkvvGSz4i0JYoCVZj0yilOg+sxUqN97YwFgIyCBg/906y+ugYNChluZmKMUHe75eyEJfpkJQoK9OD6ro/HyzCWSescNr73B3dn146d0/A41Knz7a6X1WN3OsQNUeJAOfBAx8nNv+Cx6ex4+u6+wzdQ3tuKcQRgqa37V3Dv9Vga51RLXudSo21/9GYAhvt94dddgIntAGpWmBJBBTbbhziEXW0n0GGm81/P1peivjkpVPiAzCOqFOIqM2MuknrsTuchbCZYm2RvV4xkJoXcP+56woSUKQxpvM+4lzDFF584aiHltc b3sLNg1B dlqg5e5GwVXWVe2UJxWXiKyEpgQxQN2VIc0gmju8P2rYj3qm8w4HTi8R91JeeaY9Gjkqrp+CYa3DtPEte8kDjHmPhf000u32kQAdPt1eIjlrzX2v3J1nCoBnPFZPURYJMrzrdjeiHalpc2Ireu6U32Tx0DRVhAmaYiLx8koYbNcnzHOPQ/oSzjlH7NB/WEs25r5M+s+pJpfuLiTcNGKHI+gE8WG9SRIIQQL76Bw+tWnKnefiscyxQE9CnoaP56ibgXlplR03O7cRN5hSHJtmrSBAc0ukNpnCw56kgF1TnKdp6ilYWd2jmhQRdpk9U/JKXR4nvzTYUxUo6AbaXMICXPyvqV3gbnMt9Olxf6Mvna5wfp3C/Vh/5t8xjkeXTjmoXdd/vMZ/FwsutTkys7KHUG0JYyHxEzkSKDFOoP+tEVG1u/ixJPPaQjMwHO5adxQTNvxNfCHx9pCsbh7UBbAG2O9UBqEggKuDx5F597W99MT2J5dc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000337, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Oct 10, 2024 at 3:10=E2=80=AFPM Sabyrzhan Tasbolatov wrote: > > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c > index a181e4780d9d..cb6ad84641ec 100644 > --- a/mm/kasan/kasan_test_c.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1954,6 +1954,42 @@ static void rust_uaf(struct kunit *test) > KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > } > > +static void copy_to_kernel_nofault_oob(struct kunit *test) > +{ > + char *ptr; > + char buf[128]; > + size_t size =3D sizeof(buf); > + > + /* This test currently fails with the HW_TAGS mode. > + * The reason is unknown and needs to be investigated. */ > + ptr =3D kmalloc(size - KASAN_GRANULE_SIZE, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > + OPTIMIZER_HIDE_VAR(ptr); > + > + if (IS_ENABLED(CONFIG_KASAN_SW_TAGS)) { > + /* Check that the returned pointer is tagged. */ > + KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN= ); > + KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KER= NEL); > + } It appears you deleted a wrong check. I meant the checks above, not the CONFIG_KASAN_HW_TAGS one. > + > + /* > + * We test copy_to_kernel_nofault() to detect corrupted memory tha= t is > + * being written into the kernel. In contrast, copy_from_kernel_no= fault() > + * is primarily used in kernel helper functions where the source a= ddress > + * might be random or uninitialized. Applying KASAN instrumentatio= n to > + * copy_from_kernel_nofault() could lead to false positives. > + * By focusing KASAN checks only on copy_to_kernel_nofault(), > + * we ensure that only valid memory is written to the kernel, > + * minimizing the risk of kernel corruption while avoiding > + * false positives in the reverse case. > + */ > + KUNIT_EXPECT_KASAN_FAIL(test, > + copy_to_kernel_nofault(&buf[0], ptr, size)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + copy_to_kernel_nofault(ptr, &buf[0], size)); Nit: empty line before kfree. > + kfree(ptr); > +}