From patchwork Fri Oct 18 17:46:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ritesh Harjani (IBM)" X-Patchwork-Id: 13842157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0DCAD3DEA0 for ; Fri, 18 Oct 2024 17:46:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 46D4D6B00B2; Fri, 18 Oct 2024 13:46:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 41EB36B00B4; Fri, 18 Oct 2024 13:46:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2973D6B00B5; Fri, 18 Oct 2024 13:46:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 095A06B00B2 for ; Fri, 18 Oct 2024 13:46:17 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id B6C4314027F for ; Fri, 18 Oct 2024 17:46:03 +0000 (UTC) X-FDA: 82687451700.15.E2F745C Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by imf03.hostedemail.com (Postfix) with ESMTP id 1B23F20008 for ; Fri, 18 Oct 2024 17:46:08 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=AM05SFlb; spf=pass (imf03.hostedemail.com: domain of ritesh.list@gmail.com designates 209.85.210.169 as permitted sender) smtp.mailfrom=ritesh.list@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729273379; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=qaM5T4CJ19PBW8+xMVASp9taX+sewdJcY3azhiQ9zoE=; b=wAcBuUnuNAc9L9UnLMQ/pd1k1DS8xd3VqDMUQxjfJvOyl66VwXWKSd235RUT0ROo3LqD1n AIEyiAYy2X3js5c/2ZkXC4yxKjNSCBxxm8OoLsRcgvGa1J+DJlfK6ILqb+ItViz+Hh9hna huphjNpaFPju0XGa2I+iSaGBPeT5Meo= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=AM05SFlb; spf=pass (imf03.hostedemail.com: domain of ritesh.list@gmail.com designates 209.85.210.169 as permitted sender) smtp.mailfrom=ritesh.list@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729273379; a=rsa-sha256; cv=none; b=Iw3hxsTC8u5SHhziz3S6WDtPsD0jCd00WqaJvlCQ1Bi93Wyes175o6Ian8lzqFcyicBogQ hVCgdTr7jG39yUzfxMMlGrjfCkQPmDb2T5svKTDtlmKRrGWIodzmAPmB9VGd6chwrUrX0E iSd7ORC26jxaNOOjlDP/QeqbHwItTaM= Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-71ea2643545so977758b3a.3 for ; Fri, 18 Oct 2024 10:46:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729273573; x=1729878373; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=qaM5T4CJ19PBW8+xMVASp9taX+sewdJcY3azhiQ9zoE=; b=AM05SFlblMSKlxNS5ioLXUA2NVMnpzS0thhYjldldLBpON8ZXNHXzIMIgSXVarP26g Krex5VucwsJ8eAsFZj8A7mVqSsM7ciev+tErvQ6Mdi+moo41mSryEDSIzeKxje92KTdU 21UO7XqUsNjTPRySvVA0MNZkDaXOsg3j/fBc83om+DeBDYj6dDDybiCJZXZQlJ6D3iHB ArwAHJPXBi09E9gMX2s7sV87VXLsDUZfORoaPC/Nalm9nrV6QeqhZc1k5lWg4FyEejzz qwu0/ENsl0v8NvLlx87xayXqNhgLYENp9r1C9L1+xOHCW2tsl/ksYW78LHDlSz5QiT87 uzWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729273573; x=1729878373; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qaM5T4CJ19PBW8+xMVASp9taX+sewdJcY3azhiQ9zoE=; b=DaSdLDVUr+Wn00uZAvy+X8OY4OfrXGMUzBxfQH9OCWLfClT4BlE76Rk7fhDg7tLktp yUmOVQRWFL2jHA1i8B89IU6SA9dRJ0kHG1WxaRba1MZJb3EIiT/zf6VH0jKaxSLHhJj2 XNWmCrIpWl2u2TSFKb2nPinMq5Vb29sUyroVczCXodu/xzZbThPqwH52RMqIPpT7jUXI MKLoLJCaEKNJGNCT6y+W8uHGUS8g5geI5EKcDftlVS3f5TmkegrrYvNKmpZRB20Q0cSq o8Mm2LBjALblN6eL+xlIL7mqJLhASUMjXaMNBKTdm+M1eExuz9h+51oqhsHO7BdZjiic CUhg== X-Forwarded-Encrypted: i=1; AJvYcCWU5Pozri9t0n92K6pnCtw/O2n6u9gvj8XTNTFOQJp8vExDsTpK5wF5tmgchqCwAuzUvQQSXMFn7w==@kvack.org X-Gm-Message-State: AOJu0YzRQj9jCBPQY/L0GhdHoBkLv0W0n1h4vInBtl2eB2EwkvXfc29Q qGvbo/2WhYFwAKSC7D61pOIeuzKTl3jMbECUgqEDupzGQK32K8Av X-Google-Smtp-Source: AGHT+IGSSI7jEYC7xY7ckeIela+JOOPhw5yI7WHvEbCADCnIxcJvFhDyLOcRwdwjOsLHqTB2hn2gxw== X-Received: by 2002:a05:6a00:18a2:b0:71e:1722:d02c with SMTP id d2e1a72fcca58-71ea3117050mr4572391b3a.3.1729273573297; Fri, 18 Oct 2024 10:46:13 -0700 (PDT) Received: from dw-tp.ibmuc.com ([171.76.80.151]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71ea333e939sm1731148b3a.82.2024.10.18.10.46.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Oct 2024 10:46:12 -0700 (PDT) From: "Ritesh Harjani (IBM)" To: kasan-dev@googlegroups.com Cc: linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, Dmitry Vyukov , Marco Elver , Alexander Potapenko , Heiko Carstens , Nirjhar Roy , "Ritesh Harjani (IBM)" Subject: [PATCH v3] mm/kfence: Add a new kunit test test_use_after_free_read_nofault() Date: Fri, 18 Oct 2024 23:16:01 +0530 Message-ID: <210e561f7845697a32de44b643393890f180069f.1729272697.git.ritesh.list@gmail.com> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 1B23F20008 X-Stat-Signature: s56a48zrbm9sdt5kynms9fb4k9jdghqx X-Rspam-User: X-HE-Tag: 1729273568-115300 X-HE-Meta: U2FsdGVkX1+qTa4GvWmFcSp0LpsPyG18ZtE0++fj/C7fENKDhREIXeVSYmqR4M85sbnWXmDN3PRkX+d9k/sA6QdGrKFi3qx0Nm6gK7qCTaYj1PzAo/AFL/VCiuZdNg8oyCNWjx+wFLhbdjJTDCoe380tRy8PZaXRcoWyCPqdxuLzyjBx7rxp74mhfnlzztk1HcrH6A+YhMdrNOOqARtYq5s3nCgpIvtRgkitcgobixc0YK3LOWLe1eErRaud90Wtn+5QQtThLEldtibGTPIyV1RYgD28uKk69aHmvMxGqyu2jeThFjlKEAnq1CXuTLJ22S0STd5h0Mi5cpdKXfjEDOghVL/y2Au/ZpP0D4y5itgtObJeDqhBbGPrueFwnIlmCTEXRUOPb7EZbbJG6qoFzOnG7n0tZZNZYxT5FBAwDHjN+TaKCSC/dOfV5n9z2n7y+FY+i9wti53dl5D0tvyEW8/3JufVcFzerjzIVxIK9wfHlKHtRZvMhK6woPnTaf6fhSjLSSjH0NDpCKF2SA3cuhmydq1rL0g8P61XV2l+dWOY2MfW/1db+b5Rf8vyo1Qa077jbZK030L2Cuz9Rr2P8cGnvJi9URl8uqiAf00Jqr4u7Okh1iAJ1eacGxzy2/xaTXGM71ZkSa/FRFritMXQ66PETS9qhvgnFiyunaixpaARYeQnRwItLh68qLdtsbGIdCenhATW9YXVYF1VBfQa2F4yxak+8gRbaFTe2+GDrsFpKFGkXnJy2ZnZ7q6U46IevJY8uxBKKVJ91FuwBjFk1tKmJps7ltLPRZQAimjiLC1obRyLvN+/I/+vyrcm1Miszz6xP5OyaFxGdb28KcSr844PAO/VaRRZpdG41vjQYzIfVQRs8N+9fXMsQIHdvFNS5ppVZo6uDwGoQ0SEqmNtBaCuHcoPZyrf5o74N/L3i32/b0Se8ROsLlxM+hXbHkJpPn3NIhEnh1QCdg4khLX ut25zp2q xVW5A7xjW+J8qXrCeMNCZHrd7mvmpM4gyfRO6vbYWHWU/i1Lemh9ZM59PrqNCJaHu/7tVC1RKHZGTL4+eMOufCDpS6vhPcWAdghilpLpOLNUU8Tv6hkkuywKUxXcfWb3oyIfgceK4OZf0B9XGhH6RwH/ezElhTDjGnGHB9Dkat4oGVndX23GqeAfykoWpVQqDeDMcDr3xgCd8S1eqEG64NuQZ9MRQ6G9id+MVFCMucw12pAHwSxoipO2wRmvQ5WpdskucpSXHfrzJ1w4q6wi5jACfbQEjYYEtioOlNbQY4JyaNGQVpidwAeYbg6QWn42vCwXKwZb7wi6FwtA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000022, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Nirjhar Roy Faults from copy_from_kernel_nofault() needs to be handled by fixup table and should not be handled by kfence. Otherwise while reading /proc/kcore which uses copy_from_kernel_nofault(), kfence can generate false negatives. This can happen when /proc/kcore ends up reading an unmapped address from kfence pool. Let's add a testcase to cover this case. Co-developed-by: Ritesh Harjani (IBM) Signed-off-by: Nirjhar Roy Signed-off-by: Ritesh Harjani (IBM) Tested-by: Marco Elver Reviewed-by: Marco Elver --- Will be nice if we can get some feedback on this. v2 -> v3: ========= 1. Separated out this kfence kunit test from the larger powerpc+kfence+v3 series. 2. Dropped RFC tag [v2]: https://lore.kernel.org/linuxppc-dev/cover.1728954719.git.ritesh.list@gmail.com [powerpc+kfence+v3]: https://lore.kernel.org/linuxppc-dev/cover.1729271995.git.ritesh.list@gmail.com mm/kfence/kfence_test.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) -- 2.46.0 diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c index 00fd17285285..f65fb182466d 100644 --- a/mm/kfence/kfence_test.c +++ b/mm/kfence/kfence_test.c @@ -383,6 +383,22 @@ static void test_use_after_free_read(struct kunit *test) KUNIT_EXPECT_TRUE(test, report_matches(&expect)); } +static void test_use_after_free_read_nofault(struct kunit *test) +{ + const size_t size = 32; + char *addr; + char dst; + int ret; + + setup_test_cache(test, size, 0, NULL); + addr = test_alloc(test, size, GFP_KERNEL, ALLOCATE_ANY); + test_free(addr); + /* Use after free with *_nofault() */ + ret = copy_from_kernel_nofault(&dst, addr, 1); + KUNIT_EXPECT_EQ(test, ret, -EFAULT); + KUNIT_EXPECT_FALSE(test, report_available()); +} + static void test_double_free(struct kunit *test) { const size_t size = 32; @@ -780,6 +796,7 @@ static struct kunit_case kfence_test_cases[] = { KFENCE_KUNIT_CASE(test_out_of_bounds_read), KFENCE_KUNIT_CASE(test_out_of_bounds_write), KFENCE_KUNIT_CASE(test_use_after_free_read), + KFENCE_KUNIT_CASE(test_use_after_free_read_nofault), KFENCE_KUNIT_CASE(test_double_free), KFENCE_KUNIT_CASE(test_invalid_addr_free), KFENCE_KUNIT_CASE(test_corruption),