Kees Cook
unread,Sep 23, 2022, 4:28:36 PM9/23/22Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Vlastimil Babka, Kees Cook, Andrey Ryabinin, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino, Andrew Morton, kasa...@googlegroups.com, linu...@kvack.org, Ruhl, Michael J, Hyeonggon Yoo, Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim, David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Greg Kroah-Hartman, Nick Desaulniers, Alex Elder, Josef Bacik, David Sterba, Sumit Semwal, Christian König, Jesse Brandeburg, Daniel Micay, Yonghong Song, Marco Elver, Miguel Ojeda, linux-...@vger.kernel.org, net...@vger.kernel.org, linux...@vger.kernel.org, linux...@vger.kernel.org, dri-...@lists.freedesktop.org, linaro...@lists.linaro.org, linux-...@vger.kernel.org, intel-w...@lists.osuosl.org, d...@openvswitch.org, x...@kernel.org, ll...@lists.linux.dev, linux-h...@vger.kernel.org
In preparation for no longer unpoisoning in ksize(), remove the behavioral
self-tests for ksize().
Cc: Andrey Ryabinin <
ryabin...@gmail.com>
Cc: Alexander Potapenko <
gli...@google.com>
Cc: Andrey Konovalov <
andre...@gmail.com>
Cc: Dmitry Vyukov <
dvy...@google.com>
Cc: Vincenzo Frascino <
vincenzo...@arm.com>
Cc: Andrew Morton <
ak...@linux-foundation.org>
Cc:
kasa...@googlegroups.com
Cc:
linu...@kvack.org
Signed-off-by: Kees Cook <
kees...@chromium.org>
---
lib/test_kasan.c | 42 ------------------------------------------
mm/kasan/shadow.c | 4 +---
2 files changed, 1 insertion(+), 45 deletions(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 58c1b01ccfe2..bdd0ced8f8d7 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -753,46 +753,6 @@ static void kasan_global_oob_left(struct kunit *test)
KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
}
-/* Check that ksize() makes the whole object accessible. */
-static void ksize_unpoisons_memory(struct kunit *test)
-{
- char *ptr;
- size_t size = 123, real_size;
-
- ptr = kmalloc(size, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
- real_size = ksize(ptr);
-
- OPTIMIZER_HIDE_VAR(ptr);
-
- /* This access shouldn't trigger a KASAN report. */
- ptr[size] = 'x';
-
- /* This one must. */
- KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size]);
-
- kfree(ptr);
-}
-
-/*
- * Check that a use-after-free is detected by ksize() and via normal accesses
- * after it.
- */
-static void ksize_uaf(struct kunit *test)
-{
- char *ptr;
- int size = 128 - KASAN_GRANULE_SIZE;
-
- ptr = kmalloc(size, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
- kfree(ptr);
-
- OPTIMIZER_HIDE_VAR(ptr);
- KUNIT_EXPECT_KASAN_FAIL(test, ksize(ptr));
- KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]);
- KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]);
-}
-
static void kasan_stack_oob(struct kunit *test)
{
char stack_array[10];
@@ -1392,8 +1352,6 @@ static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(kasan_stack_oob),
KUNIT_CASE(kasan_alloca_oob_left),
KUNIT_CASE(kasan_alloca_oob_right),
- KUNIT_CASE(ksize_unpoisons_memory),
- KUNIT_CASE(ksize_uaf),
KUNIT_CASE(kmem_cache_double_free),
KUNIT_CASE(kmem_cache_invalid_free),
KUNIT_CASE(kmem_cache_double_destroy),
diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c
index 0e3648b603a6..0895c73e9b69 100644
--- a/mm/kasan/shadow.c
+++ b/mm/kasan/shadow.c
@@ -124,9 +124,7 @@ void kasan_unpoison(const void *addr, size_t size, bool init)
addr = kasan_reset_tag(addr);
/*
- * Skip KFENCE memory if called explicitly outside of sl*b. Also note
- * that calls to ksize(), where size is not a multiple of machine-word
- * size, would otherwise poison the invalid portion of the word.
+ * Skip KFENCE memory if called explicitly outside of sl*b.
*/
if (is_kfence_address(addr))
return;
--
2.34.1