On 2015/9/8 17:49, Xishi Qiu wrote:
> On 2015/9/8 17:36, Andrey Ryabinin wrote:
>
>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@xxxxxxxxxx>:
>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>> it calculates wrong, so fix it.
>>>
>>
>> Please, be more specific. Describe what is wrong with the current code and why,
>> what's the effect of this bug and how you fixed it.
>>
>>
>
> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.
> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
> continue to call "return memory_is_poisoned_1(addr + 15);"
>
> Thanks,
> Xishi Qiu
>
>>> Signed-off-by: Xishi Qiu <qiuxishi@xxxxxxxxxx>
>>> ---
>>> mm/kasan/kasan.c | 3 +--
>>> 1 files changed, 1 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>>> index 7b28e9c..8da2114 100644
>>> --- a/mm/kasan/kasan.c
>>> +++ b/mm/kasan/kasan.c
>>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>>
>>> if (unlikely(*shadow_addr)) {
>>> u16 shadow_first_bytes = *(u16 *)shadow_addr;
>>> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>>
>>> if (unlikely(shadow_first_bytes))
>>> return true;
>>>
>>> - if (likely(!last_byte))
>>> + if (likely(IS_ALIGNED(addr, 8)))
>>> return false;
>>>
>>> return memory_is_poisoned_1(addr + 15);
>>> --
>>> 1.7.1
>>>
>>>
>>
>> .
>>
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>