On Fri, May 7, 2021 at 4:59 AM Peter Collingbourne <pcc@xxxxxxxxxx> wrote: > > These tests deliberately access these arrays out of bounds, > which will cause the dynamic local bounds checks inserted by > CONFIG_UBSAN_LOCAL_BOUNDS to fail and panic the kernel. To avoid this > problem, access the arrays via volatile pointers, which will prevent > the compiler from being able to determine the array bounds. > > These accesses use volatile pointers to char (char *volatile) rather > than the more conventional pointers to volatile char (volatile char *) > because we want to prevent the compiler from making inferences about > the pointer itself (i.e. its array bounds), not the data that it > refers to. > > Signed-off-by: Peter Collingbourne <pcc@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Link: https://linux-review.googlesource.com/id/I90b1713fbfa1bf68ff895aef099ea77b98a7c3b9 > --- > lib/test_kasan.c | 29 +++++++++++++++++++++++------ > 1 file changed, 23 insertions(+), 6 deletions(-) > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > index dc05cfc2d12f..cacbbbdef768 100644 > --- a/lib/test_kasan.c > +++ b/lib/test_kasan.c > @@ -654,8 +654,20 @@ static char global_array[10]; > > static void kasan_global_oob(struct kunit *test) > { > - volatile int i = 3; > - char *p = &global_array[ARRAY_SIZE(global_array) + i]; > + /* > + * Deliberate out-of-bounds access. To prevent CONFIG_UBSAN_LOCAL_BOUNDS > + * from failing here and panicing the kernel, access the array via a > + * volatile pointer, which will prevent the compiler from being able to > + * determine the array bounds. > + * > + * This access uses a volatile pointer to char (char *volatile) rather > + * than the more conventional pointer to volatile char (volatile char *) > + * because we want to prevent the compiler from making inferences about > + * the pointer itself (i.e. its array bounds), not the data that it > + * refers to. > + */ > + char *volatile array = global_array; > + char *p = &array[ARRAY_SIZE(global_array) + 3]; > > /* Only generic mode instruments globals. */ > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); > @@ -703,8 +715,9 @@ static void ksize_uaf(struct kunit *test) > static void kasan_stack_oob(struct kunit *test) > { > char stack_array[10]; > - volatile int i = OOB_TAG_OFF; > - char *p = &stack_array[ARRAY_SIZE(stack_array) + i]; > + /* See comment in kasan_global_oob. */ > + char *volatile array = stack_array; > + char *p = &array[ARRAY_SIZE(stack_array) + OOB_TAG_OFF]; > > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_STACK); > > @@ -715,7 +728,9 @@ static void kasan_alloca_oob_left(struct kunit *test) > { > volatile int i = 10; > char alloca_array[i]; > - char *p = alloca_array - 1; > + /* See comment in kasan_global_oob. */ > + char *volatile array = alloca_array; > + char *p = array - 1; > > /* Only generic mode instruments dynamic allocas. */ > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); > @@ -728,7 +743,9 @@ static void kasan_alloca_oob_right(struct kunit *test) > { > volatile int i = 10; > char alloca_array[i]; > - char *p = alloca_array + i; > + /* See comment in kasan_global_oob. */ > + char *volatile array = alloca_array; > + char *p = array + i; > > /* Only generic mode instruments dynamic allocas. */ > KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); > -- > 2.31.1.607.g51e8a6a459-goog > Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx> Thanks!
