| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANpmjNPiAvyn+oARU39yOx7zxMxV8JHiSS_41H+65D_-MKmk7A@mail.gmail.com>
Date: Mon, 21 Sep 2020 19:37:13 +0200
From: Marco Elver <elver@...gle.com>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Alexander Potapenko <glider@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andrey Konovalov <andreyknvl@...gle.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...en8.de>,
Catalin Marinas <catalin.marinas@....com>,
Christoph Lameter <cl@...ux.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Eric Dumazet <edumazet@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Hillf Danton <hdanton@...a.com>,
Ingo Molnar <mingo@...hat.com>, Jann Horn <jannh@...gle.com>,
Jonathan Cameron <Jonathan.Cameron@...wei.com>,
Jonathan Corbet <corbet@....net>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Kees Cook <keescook@...omium.org>,
Mark Rutland <mark.rutland@....com>,
Pekka Enberg <penberg@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
SeongJae Park <sjpark@...zon.com>,
Thomas Gleixner <tglx@...utronix.de>,
Vlastimil Babka <vbabka@...e.cz>,
Will Deacon <will@...nel.org>,
"the arch/x86 maintainers" <x86@...nel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
kasan-dev <kasan-dev@...glegroups.com>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
Linux Memory Management List <linux-mm@...ck.org>
Subject: Re: [PATCH v3 10/10] kfence: add test suite
On Mon, 21 Sep 2020 at 19:13, Paul E. McKenney <paulmck@...nel.org> wrote:
>
> On Mon, Sep 21, 2020 at 03:26:11PM +0200, Marco Elver wrote:
> > Add KFENCE test suite, testing various error detection scenarios. Makes
> > use of KUnit for test organization. Since KFENCE's interface to obtain
> > error reports is via the console, the test verifies that KFENCE outputs
> > expected reports to the console.
> >
> > Reviewed-by: Dmitry Vyukov <dvyukov@...gle.com>
> > Co-developed-by: Alexander Potapenko <glider@...gle.com>
> > Signed-off-by: Alexander Potapenko <glider@...gle.com>
> > Signed-off-by: Marco Elver <elver@...gle.com>
>
> [ . . . ]
>
> > +/* Test SLAB_TYPESAFE_BY_RCU works. */
> > +static void test_memcache_typesafe_by_rcu(struct kunit *test)
> > +{
> > + const size_t size = 32;
> > + struct expect_report expect = {
> > + .type = KFENCE_ERROR_UAF,
> > + .fn = test_memcache_typesafe_by_rcu,
> > + };
> > +
> > + setup_test_cache(test, size, SLAB_TYPESAFE_BY_RCU, NULL);
> > + KUNIT_EXPECT_TRUE(test, test_cache); /* Want memcache. */
> > +
> > + expect.addr = test_alloc(test, size, GFP_KERNEL, ALLOCATE_ANY);
> > + *expect.addr = 42;
> > +
> > + rcu_read_lock();
> > + test_free(expect.addr);
> > + KUNIT_EXPECT_EQ(test, *expect.addr, (char)42);
> > + rcu_read_unlock();
>
> It won't happen very often, but memory really could be freed at this point,
> especially in CONFIG_RCU_STRICT_GRACE_PERIOD=y kernels ...
Ah, thanks for pointing it out.
> > + /* No reports yet, memory should not have been freed on access. */
> > + KUNIT_EXPECT_FALSE(test, report_available());
>
> ... so the above statement needs to go before the rcu_read_unlock().
You mean the comment (and not the KUNIT_EXPECT_FALSE that no reports
were generated), correct?
Admittedly, the whole comment is a bit imprecise, so I'll reword.
> > + rcu_barrier(); /* Wait for free to happen. */
>
> But you are quite right that the memory is not -guaranteed- to be freed
> until we get here.
Right, I'll update the comment.
Thanks,
-- Marco
Powered by blists - more mailing lists