Commit 1b0668be authored by Andrey Konovalov's avatar Andrey Konovalov Committed by Linus Torvalds

kasan: test: disable kmalloc_memmove_invalid_size for HW_TAGS

The HW_TAGS mode doesn't check memmove for negative size.  As a result,
the kmalloc_memmove_invalid_size test corrupts memory, which can result in
a crash.

Disable this test with HW_TAGS KASAN.

Link: https://lkml.kernel.org/r/088733a06ac21eba29aa85b6f769d2abd74f9638.1628779805.git.andreyknvl@gmail.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
Reviewed-by: default avatarMarco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 555999a0
...@@ -501,11 +501,17 @@ static void kmalloc_memmove_invalid_size(struct kunit *test) ...@@ -501,11 +501,17 @@ static void kmalloc_memmove_invalid_size(struct kunit *test)
size_t size = 64; size_t size = 64;
volatile size_t invalid_size = -2; volatile size_t invalid_size = -2;
/*
* Hardware tag-based mode doesn't check memmove for negative size.
* As a result, this test introduces a side-effect memory corruption,
* which can result in a crash.
*/
KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_HW_TAGS);
ptr = kmalloc(size, GFP_KERNEL); ptr = kmalloc(size, GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
memset((char *)ptr, 0, 64); memset((char *)ptr, 0, 64);
KUNIT_EXPECT_KASAN_FAIL(test, KUNIT_EXPECT_KASAN_FAIL(test,
memmove((char *)ptr, (char *)ptr + 4, invalid_size)); memmove((char *)ptr, (char *)ptr + 4, invalid_size));
kfree(ptr); kfree(ptr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment