The patch titled Subject: lib/test_kasan.c: use underlying string helpers has been added to the -mm tree. Its filename is kasan-test-use-underlying-string-helpers.patch This patch should soon appear at https://ozlabs.org/~akpm/mmots/broken-out/kasan-test-use-underlying-string-helpers.patch and later at https://ozlabs.org/~akpm/mmotm/broken-out/kasan-test-use-underlying-string-helpers.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Arnd Bergmann <arnd@xxxxxxxx> Subject: lib/test_kasan.c: use underlying string helpers Calling memcmp() and memchr() with an intentional buffer overflow is now caught at compile time: In function 'memcmp', inlined from 'kasan_memcmp' at lib/test_kasan.c:897:2: include/linux/fortify-string.h:263:25: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object (1st parameter) 263 | __read_overflow(); | ^~~~~~~~~~~~~~~~~ In function 'memchr', inlined from 'kasan_memchr' at lib/test_kasan.c:872:2: include/linux/fortify-string.h:277:17: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object (1st parameter) 277 | __read_overflow(); | ^~~~~~~~~~~~~~~~~ Change the kasan tests to wrap those inside of a noinline function to prevent the compiler from noticing the bug and let kasan find it at runtime. Link: https://lkml.kernel.org/r/20211013150025.2875883-1-arnd@xxxxxxxxxx Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxx> Cc: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx> Cc: Alexander Potapenko <glider@xxxxxxxxxx> Cc: Andrey Konovalov <andreyknvl@xxxxxxxxx> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Cc: Marco Elver <elver@xxxxxxxxxx> Cc: Catalin Marinas <catalin.marinas@xxxxxxx> Cc: Peter Collingbourne <pcc@xxxxxxxxxx> Cc: Patricia Alfonso <trishalfonso@xxxxxxxxxx> Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- lib/test_kasan.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) --- a/lib/test_kasan.c~kasan-test-use-underlying-string-helpers +++ a/lib/test_kasan.c @@ -831,6 +831,21 @@ static void kmem_cache_invalid_free(stru kmem_cache_destroy(cache); } +/* + * noinline wrappers to prevent the compiler from noticing the overflow + * at compile time rather than having kasan catch it. + * */ +static noinline void *__kasan_memchr(const void *s, int c, size_t n) +{ + return memchr(s, c, n); +} + +static noinline int __kasan_memcmp(const void *s1, const void *s2, size_t n) +{ + return memcmp(s1, s2, n); +} + + static void kasan_memchr(struct kunit *test) { char *ptr; @@ -849,7 +864,7 @@ static void kasan_memchr(struct kunit *t KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); KUNIT_EXPECT_KASAN_FAIL(test, - kasan_ptr_result = memchr(ptr, '1', size + 1)); + kasan_ptr_result = __kasan_memchr(ptr, '1', size + 1)); kfree(ptr); } @@ -874,7 +889,7 @@ static void kasan_memcmp(struct kunit *t memset(arr, 0, sizeof(arr)); KUNIT_EXPECT_KASAN_FAIL(test, - kasan_int_result = memcmp(ptr, arr, size+1)); + kasan_int_result = __kasan_memcmp(ptr, arr, size+1)); kfree(ptr); } _ Patches currently in -mm which might be from arnd@xxxxxxxx are kasan-test-use-underlying-string-helpers.patch posix-acl-avoid-wempty-body-warning.patch hfs-hfsplus-use-warn_on-for-sanity-check.patch