| Message ID | da8d30df9206b54be2768b27bb026ec06e4da7a4.1628709663.git.andreyknvl@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | kasan: test: avoid crashing the kernel with HW_TAGS | expand |
On Wed, 11 Aug 2021 at 21:34, <andrey.konovalov@linux.dev> wrote: > > From: Andrey Konovalov <andreyknvl@gmail.com> > > kasan_rcu_uaf() writes to freed memory via kasan_rcu_reclaim(), which is > only safe with the GENERIC mode (as it uses quarantine). For other modes, > this test corrupts kernel memory, which might result in a crash. > > Turn the write into a read. > > Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com> Reviewed-by: Marco Elver <elver@google.com> > --- > lib/test_kasan_module.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c > index fa73b9df0be4..7ebf433edef3 100644 > --- a/lib/test_kasan_module.c > +++ b/lib/test_kasan_module.c > @@ -71,7 +71,7 @@ static noinline void __init kasan_rcu_reclaim(struct rcu_head *rp) > struct kasan_rcu_info, rcu); > > kfree(fp); > - fp->i = 1; > + ((volatile struct kasan_rcu_info *)fp)->i; > } > > static noinline void __init kasan_rcu_uaf(void) > -- > 2.25.1 >
diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c index fa73b9df0be4..7ebf433edef3 100644 --- a/lib/test_kasan_module.c +++ b/lib/test_kasan_module.c @@ -71,7 +71,7 @@ static noinline void __init kasan_rcu_reclaim(struct rcu_head *rp) struct kasan_rcu_info, rcu); kfree(fp); - fp->i = 1; + ((volatile struct kasan_rcu_info *)fp)->i; } static noinline void __init kasan_rcu_uaf(void)