On Wed, 11 Aug 2021 at 21:34, <andrey.konovalov@xxxxxxxxx> wrote: > > From: Andrey Konovalov <andreyknvl@xxxxxxxxx> > > kasan_rcu_uaf() writes to freed memory via kasan_rcu_reclaim(), which is > only safe with the GENERIC mode (as it uses quarantine). For other modes, > this test corrupts kernel memory, which might result in a crash. > > Turn the write into a read. > > Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxx> Reviewed-by: Marco Elver <elver@xxxxxxxxxx> > --- > lib/test_kasan_module.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c > index fa73b9df0be4..7ebf433edef3 100644 > --- a/lib/test_kasan_module.c > +++ b/lib/test_kasan_module.c > @@ -71,7 +71,7 @@ static noinline void __init kasan_rcu_reclaim(struct rcu_head *rp) > struct kasan_rcu_info, rcu); > > kfree(fp); > - fp->i = 1; > + ((volatile struct kasan_rcu_info *)fp)->i; > } > > static noinline void __init kasan_rcu_uaf(void) > -- > 2.25.1 >
