In commit 88ad9dc30bbf("mm, kasan: instrument
copy_from/to_kernel_nofault"), both src and dst were checked which might
lead to the false-positive reports.
Regular instrument_read() for copy_from and instrument_write() for
copy_to triggers KASAN reports in mm/kasan_test_c.c
copy_from_to_kernel_nofault_oob() kunit test.
Tested on x86_64, arm64 with CONFIG_KASAN_SW_TAGS using the latest linux-next
tree, where this commit has been merged today.
Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=210505
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@xxxxxxxxx>
---
mm/maccess.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/mm/maccess.c b/mm/maccess.c
index 2c4251df46c..f752f0c0fa3 100644
--- a/mm/maccess.c
+++ b/mm/maccess.c
@@ -32,7 +32,7 @@ long copy_from_kernel_nofault(void *dst, const void *src, size_t size)
return -ERANGE;
pagefault_disable();
- instrument_memcpy_before(dst, src, size);
+ instrument_read(src, size);
if (!(align & 7))
copy_from_kernel_nofault_loop(dst, src, size, u64, Efault);
if (!(align & 3))
@@ -40,7 +40,6 @@ long copy_from_kernel_nofault(void *dst, const void *src, size_t size)
if (!(align & 1))
copy_from_kernel_nofault_loop(dst, src, size, u16, Efault);
copy_from_kernel_nofault_loop(dst, src, size, u8, Efault);
- instrument_memcpy_after(dst, src, size, 0);
pagefault_enable();
return 0;
Efault:
@@ -65,7 +64,7 @@ long copy_to_kernel_nofault(void *dst, const void *src, size_t size)
align = (unsigned long)dst | (unsigned long)src;
pagefault_disable();
- instrument_memcpy_before(dst, src, size);
+ instrument_write(dst, size);
if (!(align & 7))
copy_to_kernel_nofault_loop(dst, src, size, u64, Efault);
if (!(align & 3))
@@ -73,7 +72,6 @@ long copy_to_kernel_nofault(void *dst, const void *src, size_t size)
if (!(align & 1))
copy_to_kernel_nofault_loop(dst, src, size, u16, Efault);
copy_to_kernel_nofault_loop(dst, src, size, u8, Efault);
- instrument_memcpy_after(dst, src, size, 0);
pagefault_enable();
return 0;
Efault:
--
2.34.1
