On Fri, 2023-12-08 at 14:48 +0100, Alexander Potapenko wrote:
> On Tue, Nov 21, 2023 at 11:06 PM Ilya Leoshkevich <iii@xxxxxxxxxxxxx>
> wrote:
> >
> > Add a wrapper for memset() that prevents unpoisoning.
>
> We have __memset() already, won't it work for this case?
A problem with __memset() is that, at least for me, it always ends
up being a call. There is a use case where we need to write only 1
byte, so I thought that introducing a call there (when compiling
without KMSAN) would be unacceptable.
> On the other hand, I am not sure you want to preserve the redzone in
> its previous state (unless it's known to be poisoned).
That's exactly the problem with unpoisoning: it removes the distinction
between a new allocation and a UAF.
> You might consider explicitly unpoisoning the redzone instead.
That was my first attempt, but it resulted in test failures due to the
above.
> ...
>
> > +__no_sanitize_memory
> > +static inline void *memset_no_sanitize_memory(void *s, int c,
> > size_t n)
> > +{
> > + return memset(s, c, n);
> > +}
>
> I think depending on the compiler optimizations this might end up
> being a call to normal memset, that would still change the shadow
> bytes.
Interesting, do you have some specific scenario in mind? I vaguely
remember that in the past there were cases when sanitizer annotations
were lost after inlining, but I thought they were sorted out?
And, in any case, if this were to happen, would not it be considered a
compiler bug that needs fixing there, and not in the kernel?
