The patch titled Subject: kasan: move checks to do_strncpy_from_user has been added to the -mm mm-unstable branch. Its filename is kasan-move-checks-to-do_strncpy_from_user.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/kasan-move-checks-to-do_strncpy_from_user.patch This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sabyrzhan Tasbolatov <snovitoll@xxxxxxxxx> Subject: kasan: move checks to do_strncpy_from_user Date: Mon, 14 Oct 2024 07:56:59 +0500 Patch series "kasan: migrate the last module test to kunit", v3. copy_user_test() is the last KUnit-incompatible test with CONFIG_KASAN_MODULE_TEST requirement, which we are going to migrate to KUnit framework and delete the former test and Kconfig as well. In this patch series: - [1/3] move kasan_check_write() and check_object_size() to do_strncpy_from_user() to cover with KASAN checks with multiple conditions in strncpy_from_user(). - [2/3] migrated copy_user_test() to KUnit, where we can also test strncpy_from_user() due to [1/4]. KUnits have been tested on: - x86_64 with CONFIG_KASAN_GENERIC. Passed - arm64 with CONFIG_KASAN_SW_TAGS. 1 fail. See [1] - arm64 with CONFIG_KASAN_HW_TAGS. 1 fail. See [1] [1] https://lore.kernel.org/linux-mm/CACzwLxj21h7nCcS2-KA_q7ybe+5pxH0uCDwu64q_9pPsydneWQ@xxxxxxxxxxxxxx/ - [3/3] delete CONFIG_KASAN_MODULE_TEST and documentation occurrences. This patch (of 3): Since in the commit 2865baf54077("x86: support user address masking instead of non-speculative conditional") do_strncpy_from_user() is called from multiple places, we should sanitize the kernel *dst memory and size which were done in strncpy_from_user() previously. Link: https://lkml.kernel.org/r/20241014025701.3096253-1-snovitoll@xxxxxxxxx Link: https://lkml.kernel.org/r/20241014025701.3096253-2-snovitoll@xxxxxxxxx Fixes: 2865baf54077 ("x86: support user address masking instead of non-speculative conditional") Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@xxxxxxxxx> Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx> Cc: Alexander Potapenko <glider@xxxxxxxxxx> Cc: Alex Shi <alexs@xxxxxxxxxx> Cc: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Cc: Hu Haowen <2023002089@xxxxxxxxxxxxxxxx> Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Marco Elver <elver@xxxxxxxxxx> Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx> Cc: Yanteng Si <siyanteng@xxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- lib/strncpy_from_user.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/lib/strncpy_from_user.c~kasan-move-checks-to-do_strncpy_from_user +++ a/lib/strncpy_from_user.c @@ -31,6 +31,9 @@ static __always_inline long do_strncpy_f const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; unsigned long res = 0; + kasan_check_write(dst, count); + check_object_size(dst, count, false); + if (IS_UNALIGNED(src, dst)) goto byte_at_a_time; @@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const if (max > count) max = count; - kasan_check_write(dst, count); - check_object_size(dst, count, false); if (user_read_access_begin(src, max)) { retval = do_strncpy_from_user(dst, src, count, max); user_read_access_end(); _ Patches currently in -mm which might be from snovitoll@xxxxxxxxx are kasan-move-checks-to-do_strncpy_from_user.patch kasan-migrate-copy_user_test-to-kunit.patch kasan-delete-config_kasan_module_test.patch