[0/8] kasan: test: avoid crashing the kernel with HW_TAGS

Message ID	cover.1628709663.git.andreyknvl@gmail.com (mailing list archive)
Headers	show Return-Path: <SRS0=LhOy=NC=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F294760F21 From: andrey.konovalov@linux.dev To: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Konovalov <andreyknvl@gmail.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Marco Elver <elver@google.com>, Dmitry Vyukov <dvyukov@google.com>, Alexander Potapenko <glider@google.com>, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 0/8] kasan: test: avoid crashing the kernel with HW_TAGS Date: Wed, 11 Aug 2021 21:21:16 +0200 Message-Id: <cover.1628709663.git.andreyknvl@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	kasan: test: avoid crashing the kernel with HW_TAGS \| expand [0/8] kasan: test: avoid crashing the kernel with HW_TAGS [1/8] kasan: test: rework kmalloc_oob_right [2/8] kasan: test: avoid writing invalid memory [3/8] kasan: test: avoid corrupting memory via memset [4/8] kasan: test: disable kmalloc_memmove_invalid_size for HW_TAGS [5/8] kasan: test: only do kmalloc_uaf_memset for generic mode [6/8] kasan: test: clean up ksize_uaf [7/8] kasan: test: avoid corrupting memory in copy_user_test [8/8] kasan: test: avoid corrupting memory in kasan_rcu_uaf

Message ID

cover.1628709663.git.andreyknvl@gmail.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F294760F21
From: andrey.konovalov@linux.dev
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Marco Elver <elver@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Alexander Potapenko <glider@google.com>,
	kasan-dev@googlegroups.com,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 0/8] kasan: test: avoid crashing the kernel with HW_TAGS
Date: Wed, 11 Aug 2021 21:21:16 +0200
Message-Id: <cover.1628709663.git.andreyknvl@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

kasan: test: avoid crashing the kernel with HW_TAGS | expand

Message

andrey.konovalov@linux.dev Aug. 11, 2021, 7:21 p.m. UTC

From: Andrey Konovalov <andreyknvl@gmail.com>

KASAN tests do out-of-bounds and use-after-free accesses. Running the
tests works fine for the GENERIC mode, as it uses qurantine and redzones.
But the HW_TAGS mode uses neither, and running the tests might crash
the kernel.

Rework the tests to avoid corrupting kernel memory.

Andrey Konovalov (8):
  kasan: test: rework kmalloc_oob_right
  kasan: test: avoid writing invalid memory
  kasan: test: avoid corrupting memory via memset
  kasan: test: disable kmalloc_memmove_invalid_size for HW_TAGS
  kasan: test: only do kmalloc_uaf_memset for generic mode
  kasan: test: clean up ksize_uaf
  kasan: test: avoid corrupting memory in copy_user_test
  kasan: test: avoid corrupting memory in kasan_rcu_uaf

 lib/test_kasan.c        | 74 ++++++++++++++++++++++++++++-------------
 lib/test_kasan_module.c | 20 +++++------
 2 files changed, 60 insertions(+), 34 deletions(-)

Comments

Marco Elver Aug. 12, 2021, 8:58 a.m. UTC | #1

On Wed, 11 Aug 2021 at 21:21, <andrey.konovalov@linux.dev> wrote:
>
> From: Andrey Konovalov <andreyknvl@gmail.com>
>
> KASAN tests do out-of-bounds and use-after-free accesses. Running the
> tests works fine for the GENERIC mode, as it uses qurantine and redzones.
> But the HW_TAGS mode uses neither, and running the tests might crash
> the kernel.
>
> Rework the tests to avoid corrupting kernel memory.

Thanks for this!

I think only 1 change is questionable ("kasan: test: avoid corrupting
memory via memset") because it no longer checks overlapping valid to
invalid range writes.

> Andrey Konovalov (8):
>   kasan: test: rework kmalloc_oob_right
>   kasan: test: avoid writing invalid memory
>   kasan: test: avoid corrupting memory via memset
>   kasan: test: disable kmalloc_memmove_invalid_size for HW_TAGS
>   kasan: test: only do kmalloc_uaf_memset for generic mode
>   kasan: test: clean up ksize_uaf
>   kasan: test: avoid corrupting memory in copy_user_test
>   kasan: test: avoid corrupting memory in kasan_rcu_uaf
>
>  lib/test_kasan.c        | 74 ++++++++++++++++++++++++++++-------------
>  lib/test_kasan_module.c | 20 +++++------
>  2 files changed, 60 insertions(+), 34 deletions(-)
>
> --
> 2.25.1
>