On Wed, 11 Aug 2021 at 21:21, <andrey.konovalov@xxxxxxxxx> wrote: > From: Andrey Konovalov <andreyknvl@xxxxxxxxx> > > The HW_TAGS mode doesn't check memmove for negative size. As a result, > the kmalloc_memmove_invalid_size test corrupts memory, which can result > in a crash. > > Disable this test with HW_TAGS KASAN. > > Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxx> Reviewed-by: Marco Elver <elver@xxxxxxxxxx> > --- > lib/test_kasan.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > index fd00cd35e82c..0b5698cd7d1d 100644 > --- a/lib/test_kasan.c > +++ b/lib/test_kasan.c > @@ -495,11 +495,17 @@ static void kmalloc_memmove_invalid_size(struct kunit *test) > size_t size = 64; > volatile size_t invalid_size = -2; > > + /* > + * Hardware tag-based mode doesn't check memmove for negative size. > + * As a result, this test introduces a side-effect memory corruption, > + * which can result in a crash. > + */ > + KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_HW_TAGS); > + > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > > memset((char *)ptr, 0, 64); > - > KUNIT_EXPECT_KASAN_FAIL(test, > memmove((char *)ptr, (char *)ptr + 4, invalid_size)); > kfree(ptr); > -- > 2.25.1 > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@xxxxxxxxxxxxxxxx. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/408c63e4a0353633a13403aab4ff25a505e03d93.1628709663.git.andreyknvl%40gmail.com.
