From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D705C4320A for ; Thu, 12 Aug 2021 08:57:12 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 04AEB6103A for ; Thu, 12 Aug 2021 08:57:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 04AEB6103A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 867356B0083; Thu, 12 Aug 2021 04:57:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 816FE6B0085; Thu, 12 Aug 2021 04:57:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 705A16B0087; Thu, 12 Aug 2021 04:57:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0150.hostedemail.com [216.40.44.150]) by kanga.kvack.org (Postfix) with ESMTP id 571C76B0083 for ; Thu, 12 Aug 2021 04:57:11 -0400 (EDT) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id F066A183F7928 for ; Thu, 12 Aug 2021 08:57:10 +0000 (UTC) X-FDA: 78465824220.25.11FB540 Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) by imf27.hostedemail.com (Postfix) with ESMTP id AD1A670468CC for ; Thu, 12 Aug 2021 08:57:10 +0000 (UTC) Received: by mail-oi1-f181.google.com with SMTP id r5so9229501oiw.7 for ; Thu, 12 Aug 2021 01:57:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NvfdMZYMJAya7AOkWdDc2oNND0X7RYexhanHnq6ZuEo=; b=AQQ58CvZy+rfpZWHDYz/szGP6NhLQ7avJgQsOENXbxHg66Rtz/gGjDD5044NvFnq9i i+uKnufxs+r3OE6tVIWowA3Y+Z9zNpapLfMyHNmFf7CdsZAGK7HN/Z3lw0q3oeWDss5J oWhEKGCNWNwYFsVDuAVISFYqQdk3N5Tn9SSidPwx1BfnU6WWLqjHRxrbD8qxVdMxFGQy MIh3BmEbvqf9GNR4Gov/v214Ivdw/HkR0Nhj77tjmnTeOWQqUPjw5quVEJ1Up8nzSngX JxZBFS42WPH/vjBsMcB2hI8tgGA23BJkx0t4VDRAQ+tRvAdLEANySxSgZpMQUr5BZUKx 5+kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NvfdMZYMJAya7AOkWdDc2oNND0X7RYexhanHnq6ZuEo=; b=k/DHdRCUE4CQZVfHsO9aLyfcpIR5uXU1X5BG3DkE4oPxJPIeRhVNStRQntPzhT1VDi uCcesZGtGaSRtYcqZQsLoLekMGF07G+XnNjCIKrVLUtBLvlaKhaSRNR6J532jI7wAlLI kAV6XupGBpjp4hC7GtUuy4bYa+Ge7VgywhOwdpUbjc6Ym6Q56Ugzk+0xF3p0GR1gcW4d m0TUgMC6JO4ZCYiaaci3/NxvzMLZjeUjk2FWWFNlUe9nR/PUxM5sHBK1uiMMLkYvouPq qKS3eIA/pEyLbI0Sduj2GOK4rHDGKHA9eBWBkgthlHbKsUg9TTALR2CE3njLOCNRzW/M OQlQ== X-Gm-Message-State: AOAM5323lW4NrilYU+/TtCHzpgZ1RAT8L4dtKD8d1u4AFcgeHt5CmcJJ DwYpMO+SQFabDhk5B5HbN3lY16Hy6OEyzQy86Q2ilw== X-Google-Smtp-Source: ABdhPJxXljl5uxmG8b/LJgqiYIBpjeeqvZDPTYQ2FwzMVMFT0567lr4jLcPNWeNlomoy6Tc0iwNQs7/6yGs+z/8M/bw= X-Received: by 2002:aca:eb8a:: with SMTP id j132mr2510361oih.121.1628758629909; Thu, 12 Aug 2021 01:57:09 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Marco Elver Date: Thu, 12 Aug 2021 10:56:58 +0200 Message-ID: Subject: Re: [PATCH 3/8] kasan: test: avoid corrupting memory via memset To: andrey.konovalov@linux.dev Cc: Andrew Morton , Andrey Konovalov , Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: AD1A670468CC Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20161025 header.b=AQQ58CvZ; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf27.hostedemail.com: domain of elver@google.com designates 209.85.167.181 as permitted sender) smtp.mailfrom=elver@google.com X-Rspamd-Server: rspam04 X-Stat-Signature: o97isompunxjahwifitwsqsezinwxnur X-HE-Tag: 1628758630-623566 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 11 Aug 2021 at 21:21, wrote: > From: Andrey Konovalov > > kmalloc_oob_memset_*() tests do writes past the allocated objects. > As the result, they corrupt memory, which might lead to crashes with the > HW_TAGS mode, as it neither uses quarantine nor redzones. > > Adjust the tests to only write memory within the aligned kmalloc objects. > > Signed-off-by: Andrey Konovalov > --- > lib/test_kasan.c | 22 +++++++++++----------- > 1 file changed, 11 insertions(+), 11 deletions(-) > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > index c82a82eb5393..fd00cd35e82c 100644 > --- a/lib/test_kasan.c > +++ b/lib/test_kasan.c > @@ -431,61 +431,61 @@ static void kmalloc_uaf_16(struct kunit *test) > static void kmalloc_oob_memset_2(struct kunit *test) > { > char *ptr; > - size_t size = 8; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 7 + OOB_TAG_OFF, 0, 2)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 2)); I think one important aspect of these tests in generic mode is that the written range touches both valid and invalid memory. I think that was meant to test any explicit instrumentation isn't just looking at the starting address, but at the whole range. It seems that with these changes that is no longer tested. Could we somehow make it still test that? > kfree(ptr); > } > > static void kmalloc_oob_memset_4(struct kunit *test) > { > char *ptr; > - size_t size = 8; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 5 + OOB_TAG_OFF, 0, 4)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 4)); > kfree(ptr); > } > > - > static void kmalloc_oob_memset_8(struct kunit *test) > { > char *ptr; > - size_t size = 8; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 1 + OOB_TAG_OFF, 0, 8)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 8)); > kfree(ptr); > } > > static void kmalloc_oob_memset_16(struct kunit *test) > { > char *ptr; > - size_t size = 16; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 1 + OOB_TAG_OFF, 0, 16)); > + KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + size, 0, 16)); > kfree(ptr); > } > > static void kmalloc_oob_in_memset(struct kunit *test) > { > char *ptr; > - size_t size = 666; > + size_t size = 128 - KASAN_GRANULE_SIZE; > > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > - KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr, 0, size + 5 + OOB_TAG_OFF)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + memset(ptr, 0, size + KASAN_GRANULE_SIZE)); > kfree(ptr); > } > > -- > 2.25.1 > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/e9e2f7180f96e2496f0249ac81887376c6171e8f.1628709663.git.andreyknvl%40gmail.com.