[PATCH] kasan: fix type cast in memory_is_poisoned_n

From: andrey . konovalov
Date: Mon Jul 03 2023 - 20:57:38 EST

Next message: SeongJae Park: "[PATCH] arch/arm64/mm/fault: Fix undeclared variable error in do_page_fault()"
Previous message: lihongweizz: "[PATCH] IB/iser: Protect tasks cleanup in case iser connection was stopped"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

Commit bb6e04a173f0 ("kasan: use internal prototypes matching gcc-13
builtins") introduced a bug into the memory_is_poisoned_n implementation:
it effectively removed the cast to a signed integer type after applying
KASAN_GRANULE_MASK.

As a result, KASAN started failing to properly check memset, memcpy,
and other similar functions.

Fix the bug by adding the cast back (through an additional signed integer
variable to make the code more readable).

Fixes: bb6e04a173f0 ("kasan: use internal prototypes matching gcc-13 builtins")
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
---
mm/kasan/generic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index 5b4c97baa656..4d837ab83f08 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -130,9 +130,10 @@ static __always_inline bool memory_is_poisoned_n(const void *addr, size_t size)
if (unlikely(ret)) {
const void *last_byte = addr + size - 1;
s8 *last_shadow = (s8 *)kasan_mem_to_shadow(last_byte);
+ s8 last_accessible_byte = (unsigned long)last_byte & KASAN_GRANULE_MASK;

if (unlikely(ret != (unsigned long)last_shadow ||
- (((long)last_byte & KASAN_GRANULE_MASK) >= *last_shadow)))
+ last_accessible_byte >= *last_shadow))
return true;
}
return false;
--
2.25.1

Next message: SeongJae Park: "[PATCH] arch/arm64/mm/fault: Fix undeclared variable error in do_page_fault()"
Previous message: lihongweizz: "[PATCH] IB/iser: Protect tasks cleanup in case iser connection was stopped"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]