Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2015/9/8 17:49, Xishi Qiu wrote:

> On 2015/9/8 17:36, Andrey Ryabinin wrote:
> 
>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@xxxxxxxxxx>:
>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>> it calculates wrong, so fix it.
>>>
>>
>> Please, be more specific. Describe what is wrong with the current code and why,
>> what's the effect of this bug and how you fixed it.
>>
>>
> 
> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.

Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.

> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
> continue to call "return memory_is_poisoned_1(addr + 15);"
> 
> Thanks,
> Xishi Qiu
> 
>>> Signed-off-by: Xishi Qiu <qiuxishi@xxxxxxxxxx>
>>> ---
>>>  mm/kasan/kasan.c |    3 +--
>>>  1 files changed, 1 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>>> index 7b28e9c..8da2114 100644
>>> --- a/mm/kasan/kasan.c
>>> +++ b/mm/kasan/kasan.c
>>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>>
>>>         if (unlikely(*shadow_addr)) {
>>>                 u16 shadow_first_bytes = *(u16 *)shadow_addr;
>>> -               s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>>
>>>                 if (unlikely(shadow_first_bytes))
>>>                         return true;
>>>
>>> -               if (likely(!last_byte))
>>> +               if (likely(IS_ALIGNED(addr, 8)))
>>>                         return false;
>>>
>>>                 return memory_is_poisoned_1(addr + 15);
>>> --
>>> 1.7.1
>>>
>>>
>>
>> .
>>
> 
> 



--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]