Re: [PATCH v2] mm: Make ksize() a reporting-only function

From: Kees Cook
Date: Thu Dec 01 2022 - 11:51:31 EST

Next message: Saravanan Sekar: "Re: [PATCH v2 2/4] dt-bindings: hwmon/pmbus: Add mps,mpq7932 power-management IC"
Previous message: Jeff LaBundy: "Re: [PATCH] Input: misc: use sysfs_emit() to instead of scnprintf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 30, 2022 at 03:11:35PM +0100, Andrey Konovalov wrote:
> On Sun, Nov 27, 2022 at 1:55 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > > I just realized there's an issue here with the tag-based modes, as
> > > they align the unpoisoned area to 16 bytes.
> > >
> > > One solution would be to change the allocation size to 128 -
> > > KASAN_GRANULE_SIZE - 5, the same way kmalloc_oob_right test does it,
> > > so that the last 16-byte granule won't get unpoisoned for the
> > > tag-based modes. And then check that the ptr[size] access fails only
> > > for the Generic mode.
> >
> > Ah! Good point. Are you able to send a patch? I suspect you know exactly
> > what to change; it might take me a bit longer to double-check all of
> > those details.
>
> Let's do it like this:
>
> size_t size = 128 - KASAN_GRANULE_SIZE - 5, real_size.
>
> ...
>
> /* These must trigger a KASAN report. */
> if (IS_ENABLED(CONFIG_KASAN_GENERIC))
> KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]);
> KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size + 5]);
> KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size - 1]);

Done, and tested! Thanks :)

--
Kees Cook

Next message: Saravanan Sekar: "Re: [PATCH v2 2/4] dt-bindings: hwmon/pmbus: Add mps,mpq7932 power-management IC"
Previous message: Jeff LaBundy: "Re: [PATCH] Input: misc: use sysfs_emit() to instead of scnprintf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]