lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200921171325.GE29330@paulmck-ThinkPad-P72>
Date:   Mon, 21 Sep 2020 10:13:25 -0700
From:   "Paul E. McKenney" <paulmck@...nel.org>
To:     Marco Elver <elver@...gle.com>
Cc:     akpm@...ux-foundation.org, glider@...gle.com, hpa@...or.com,
        andreyknvl@...gle.com, aryabinin@...tuozzo.com, luto@...nel.org,
        bp@...en8.de, catalin.marinas@....com, cl@...ux.com,
        dave.hansen@...ux.intel.com, rientjes@...gle.com,
        dvyukov@...gle.com, edumazet@...gle.com,
        gregkh@...uxfoundation.org, hdanton@...a.com, mingo@...hat.com,
        jannh@...gle.com, Jonathan.Cameron@...wei.com, corbet@....net,
        iamjoonsoo.kim@....com, keescook@...omium.org,
        mark.rutland@....com, penberg@...nel.org, peterz@...radead.org,
        sjpark@...zon.com, tglx@...utronix.de, vbabka@...e.cz,
        will@...nel.org, x86@...nel.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com,
        linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org
Subject: Re: [PATCH v3 10/10] kfence: add test suite

On Mon, Sep 21, 2020 at 03:26:11PM +0200, Marco Elver wrote:
> Add KFENCE test suite, testing various error detection scenarios. Makes
> use of KUnit for test organization. Since KFENCE's interface to obtain
> error reports is via the console, the test verifies that KFENCE outputs
> expected reports to the console.
> 
> Reviewed-by: Dmitry Vyukov <dvyukov@...gle.com>
> Co-developed-by: Alexander Potapenko <glider@...gle.com>
> Signed-off-by: Alexander Potapenko <glider@...gle.com>
> Signed-off-by: Marco Elver <elver@...gle.com>

[ . . . ]

> +/* Test SLAB_TYPESAFE_BY_RCU works. */
> +static void test_memcache_typesafe_by_rcu(struct kunit *test)
> +{
> +	const size_t size = 32;
> +	struct expect_report expect = {
> +		.type = KFENCE_ERROR_UAF,
> +		.fn = test_memcache_typesafe_by_rcu,
> +	};
> +
> +	setup_test_cache(test, size, SLAB_TYPESAFE_BY_RCU, NULL);
> +	KUNIT_EXPECT_TRUE(test, test_cache); /* Want memcache. */
> +
> +	expect.addr = test_alloc(test, size, GFP_KERNEL, ALLOCATE_ANY);
> +	*expect.addr = 42;
> +
> +	rcu_read_lock();
> +	test_free(expect.addr);
> +	KUNIT_EXPECT_EQ(test, *expect.addr, (char)42);
> +	rcu_read_unlock();

It won't happen very often, but memory really could be freed at this point,
especially in CONFIG_RCU_STRICT_GRACE_PERIOD=y kernels ...

> +	/* No reports yet, memory should not have been freed on access. */
> +	KUNIT_EXPECT_FALSE(test, report_available());

... so the above statement needs to go before the rcu_read_unlock().

> +	rcu_barrier(); /* Wait for free to happen. */

But you are quite right that the memory is not -guaranteed- to be freed
until we get here.

							Thanx, Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ