From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64658C4338F for ; Thu, 12 Aug 2021 08:50:44 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0155061059 for ; Thu, 12 Aug 2021 08:50:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 0155061059 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6E7756B007B; Thu, 12 Aug 2021 04:50:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 698688D0009; Thu, 12 Aug 2021 04:50:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 585CD6B007E; Thu, 12 Aug 2021 04:50:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0108.hostedemail.com [216.40.44.108]) by kanga.kvack.org (Postfix) with ESMTP id 3CA396B007B for ; Thu, 12 Aug 2021 04:50:43 -0400 (EDT) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id D6E9F24391 for ; Thu, 12 Aug 2021 08:50:42 +0000 (UTC) X-FDA: 78465807924.08.835BD16 Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) by imf01.hostedemail.com (Postfix) with ESMTP id 8D4835042A25 for ; Thu, 12 Aug 2021 08:50:42 +0000 (UTC) Received: by mail-ot1-f50.google.com with SMTP id h63-20020a9d14450000b02904ce97efee36so6868417oth.7 for ; Thu, 12 Aug 2021 01:50:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AFyPNO4ZkizLh3L5gPVy35vzpqSp3wuB2t4x2aRMQPw=; b=Dw7WCJKVYgppAHEJ9FQoaU/9bvIu6cF/4LSfy/ttMhKBAoNhFwTPw0t53y7YerEawH mBCjRqy55uTCgjD+xFR+HRu+IMueLOqNAFVUA30pc2UD9e9WljLfDvNNImDkvmHhtEXq /17Ck0yYL4aMOtXxAnMoMHPNVz+z3HIcmqDoZ9pfI8J9D9PT5wZJV+X0Hh4c9O7XQk0v Q4FRqWdIytObCFcQb1zdUXdUK6YIX0T6leyn1aGbYpRvvJNIcR4Cj7ZVcbzep3r7drJo dzDTcRcQqHqbEpc9P7eeknis+nDKldFIn2TE6YRuWTTAdz/5JnzLI+Bka0lNgQqXapAB Fy/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AFyPNO4ZkizLh3L5gPVy35vzpqSp3wuB2t4x2aRMQPw=; b=A16jEauRzIBAWRdQoEuNjNeokY0P6YzEyJ/aSg4MAm8s/FdmO8TwJ//1EmLBP5TjEx u6gJeKtzctXw/Z+g0Z3UjdUgnRd/GiNoHtTToVxMRI0u1fbU7BqTOffAY+Bs9j131YPT YlTXrL8eOUHPAdP7CRNWXWrvLVfnStCbJ0jtwWbezPQ2NwncUyTYFd8RALzHOHGvc901 buDoloTK2dSXOmcWHYcW1/gvgPepIYMc+6pbesn6el9d0wFW7sN2SeW0w9S6ZTnIV27g tcWYWE+BJ5LmLP1XVYgTr9wjKen+Ocoy1r2qogpBKfJAoRLop02m+bFveUxHLqqmonll NJCg== X-Gm-Message-State: AOAM532xE3/NbALdMRx1D9c1f29BiBKG3BIZkXXJXa0N5C2t7GYIMrNp lC/sKFJjcvaCFleoFKV4X8O///u7Ynipjk/sDww0/Q== X-Google-Smtp-Source: ABdhPJysDReP89EMb13h1cgaiQj6lz+h0CzBnsfGhqallZmJIUoyDxnfKrmhk6+UmkuMXENkHCDbCJHccctC237tsrs= X-Received: by 2002:a05:6830:1490:: with SMTP id s16mr2619178otq.233.1628758241746; Thu, 12 Aug 2021 01:50:41 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Marco Elver Date: Thu, 12 Aug 2021 10:50:30 +0200 Message-ID: Subject: Re: [PATCH 8/8] kasan: test: avoid corrupting memory in kasan_rcu_uaf To: andrey.konovalov@linux.dev Cc: Andrew Morton , Andrey Konovalov , Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20161025 header.b=Dw7WCJKV; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf01.hostedemail.com: domain of elver@google.com designates 209.85.210.50 as permitted sender) smtp.mailfrom=elver@google.com X-Stat-Signature: 4tr4ry1xbgnbr8athjbuxxqhu9i4ak3h X-Rspamd-Queue-Id: 8D4835042A25 X-Rspamd-Server: rspam05 X-HE-Tag: 1628758242-665208 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 11 Aug 2021 at 21:34, wrote: > > From: Andrey Konovalov > > kasan_rcu_uaf() writes to freed memory via kasan_rcu_reclaim(), which is > only safe with the GENERIC mode (as it uses quarantine). For other modes, > this test corrupts kernel memory, which might result in a crash. > > Turn the write into a read. > > Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver > --- > lib/test_kasan_module.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c > index fa73b9df0be4..7ebf433edef3 100644 > --- a/lib/test_kasan_module.c > +++ b/lib/test_kasan_module.c > @@ -71,7 +71,7 @@ static noinline void __init kasan_rcu_reclaim(struct rcu_head *rp) > struct kasan_rcu_info, rcu); > > kfree(fp); > - fp->i = 1; > + ((volatile struct kasan_rcu_info *)fp)->i; > } > > static noinline void __init kasan_rcu_uaf(void) > -- > 2.25.1 >