[PATCH AUTOSEL 5.14 95/99] kasan: test: disable kmalloc_memmove_invalid_size for HW_TAGS

0 views
Skip to first unread message

Sasha Levin

unread,
Sep 9, 2021, 8:18:12 PM9/9/21
to linux-...@vger.kernel.org, sta...@vger.kernel.org, Andrey Konovalov, Marco Elver, Alexander Potapenko, Andrey Ryabinin, Dmitry Vyukov, Andrew Morton, Linus Torvalds, Sasha Levin, kasa...@googlegroups.com
From: Andrey Konovalov <andre...@gmail.com>

[ Upstream commit 1b0668be62cfa394903bb368641c80533bf42d5a ]

The HW_TAGS mode doesn't check memmove for negative size. As a result,
the kmalloc_memmove_invalid_size test corrupts memory, which can result in
a crash.

Disable this test with HW_TAGS KASAN.

Link: https://lkml.kernel.org/r/088733a06ac21eba29aa85b6f769d2abd...@gmail.com
Signed-off-by: Andrey Konovalov <andre...@gmail.com>
Reviewed-by: Marco Elver <el...@google.com>
Cc: Alexander Potapenko <gli...@google.com>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Dmitry Vyukov <dvy...@google.com>
Signed-off-by: Andrew Morton <ak...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torv...@linux-foundation.org>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
lib/test_kasan.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index b298edb325ab..c149675300bd 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -485,11 +485,17 @@ static void kmalloc_memmove_invalid_size(struct kunit *test)
size_t size = 64;
volatile size_t invalid_size = -2;

+ /*
+ * Hardware tag-based mode doesn't check memmove for negative size.
+ * As a result, this test introduces a side-effect memory corruption,
+ * which can result in a crash.
+ */
+ KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_HW_TAGS);
+
ptr = kmalloc(size, GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);

memset((char *)ptr, 0, 64);
-
KUNIT_EXPECT_KASAN_FAIL(test,
memmove((char *)ptr, (char *)ptr + 4, invalid_size));
kfree(ptr);
--
2.30.2

Sasha Levin

unread,
Sep 9, 2021, 8:20:21 PM9/9/21
to linux-...@vger.kernel.org, sta...@vger.kernel.org, Andrey Konovalov, Marco Elver, Alexander Potapenko, Andrey Ryabinin, Dmitry Vyukov, Andrew Morton, Linus Torvalds, Sasha Levin, kasa...@googlegroups.com
From: Andrey Konovalov <andre...@gmail.com>

[ Upstream commit 1b0668be62cfa394903bb368641c80533bf42d5a ]

The HW_TAGS mode doesn't check memmove for negative size. As a result,
the kmalloc_memmove_invalid_size test corrupts memory, which can result in
a crash.

Disable this test with HW_TAGS KASAN.

Link: https://lkml.kernel.org/r/088733a06ac21eba29aa85b6f769d2abd...@gmail.com
Signed-off-by: Andrey Konovalov <andre...@gmail.com>
Reviewed-by: Marco Elver <el...@google.com>
Cc: Alexander Potapenko <gli...@google.com>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Dmitry Vyukov <dvy...@google.com>
Signed-off-by: Andrew Morton <ak...@linux-foundation.org>
Signed-off-by: Linus Torvalds <torv...@linux-foundation.org>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
lib/test_kasan.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 9a6eb3c9dc49..00b7061edf59 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -490,11 +490,17 @@ static void kmalloc_memmove_invalid_size(struct kunit *test)
Reply all
Reply to author
Forward
0 new messages