+ kasan-add-tests-for-alloca-poisoning.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Fri, 15 Dec 2017 15:57:06 -0800

The patch titled
     Subject: kasan: add tests for alloca poisoning
has been added to the -mm tree.  Its filename is
     kasan-add-tests-for-alloca-poisoning.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kasan-add-tests-for-alloca-poisoning.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kasan-add-tests-for-alloca-poisoning.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Paul Lawrence <paullawrence@xxxxxxxxxx>
Subject: kasan: add tests for alloca poisoning

Link: http://lkml.kernel.org/r/20171204191735.132544-5-paullawrence@xxxxxxxxxx
Signed-off-by: Greg Hackmann <ghackmann@xxxxxxxxxx>
Signed-off-by: Paul Lawrence <paullawrence@xxxxxxxxxx>
Acked-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Cc: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Cc: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
Cc: Matthias Kaehlcke <mka@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 lib/test_kasan.c |   22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff -puN lib/test_kasan.c~kasan-add-tests-for-alloca-poisoning lib/test_kasan.c

--- a/lib/test_kasan.c~kasan-add-tests-for-alloca-poisoning
+++ a/lib/test_kasan.c
@@ -472,6 +472,26 @@ static noinline void __init use_after_sc
 	p[1023] = 1;
 }
 
+static noinline void __init kasan_alloca_oob_left(void)
+{
+	volatile int i = 10;
+	char alloca_array[i];
+	char *p = alloca_array - 1;
+
+	pr_info("out-of-bounds to left on alloca\n");
+	*(volatile char *)p;
+}
+
+static noinline void __init kasan_alloca_oob_right(void)
+{
+	volatile int i = 10;
+	char alloca_array[i];
+	char *p = alloca_array + i;
+
+	pr_info("out-of-bounds to right on alloca\n");
+	*(volatile char *)p;
+}
+
 static int __init kmalloc_tests_init(void)
 {
 	/*
@@ -502,6 +522,8 @@ static int __init kmalloc_tests_init(voi
 	memcg_accounted_kmem_cache();
 	kasan_stack_oob();
 	kasan_global_oob();
+	kasan_alloca_oob_left();
+	kasan_alloca_oob_right();
 	ksize_unpoisons_memory();
 	copy_user_test();
 	use_after_scope_test();
_

Patches currently in -mm which might be from paullawrence@xxxxxxxxxx are

kasan-add-compiler-support-for-clang.patch
kasan-support-alloca-poisoning.patch
kasan-add-tests-for-alloca-poisoning.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






