diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2016-11-30 18:54:16 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-11-30 19:32:52 -0500 |
| commit | 828347f8f9a558cf1af2faa46387a26564f2ac3e (patch) | |
| tree | 4acb63366cc89b3e87e85805530911300dd4ab19 /lib | |
| parent | 045d599a286bc01daa3510d59272440a17b23c2e (diff) | |
kasan: support use-after-scope detection
Gcc revision 241896 implements use-after-scope detection. Will be
available in gcc 7. Support it in KASAN.
Gcc emits 2 new callbacks to poison/unpoison large stack objects when
they go in/out of scope. Implement the callbacks and add a test.
[dvyukov@google.com: v3]
Link: http://lkml.kernel.org/r/1479998292-144502-1-git-send-email-dvyukov@google.com
Link: http://lkml.kernel.org/r/1479226045-145148-1-git-send-email-dvyukov@google.com
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: <stable@vger.kernel.org> [4.0+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/test_kasan.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 5e51872b3fc1..fbdf87920093 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c | |||
| @@ -20,6 +20,11 @@ | |||
| 20 | #include <linux/uaccess.h> | 20 | #include <linux/uaccess.h> |
| 21 | #include <linux/module.h> | 21 | #include <linux/module.h> |
| 22 | 22 | ||
| 23 | /* | ||
| 24 | * Note: test functions are marked noinline so that their names appear in | ||
| 25 | * reports. | ||
| 26 | */ | ||
| 27 | |||
| 23 | static noinline void __init kmalloc_oob_right(void) | 28 | static noinline void __init kmalloc_oob_right(void) |
| 24 | { | 29 | { |
| 25 | char *ptr; | 30 | char *ptr; |
| @@ -411,6 +416,29 @@ static noinline void __init copy_user_test(void) | |||
| 411 | kfree(kmem); | 416 | kfree(kmem); |
| 412 | } | 417 | } |
| 413 | 418 | ||
| 419 | static noinline void __init use_after_scope_test(void) | ||
| 420 | { | ||
| 421 | volatile char *volatile p; | ||
| 422 | |||
| 423 | pr_info("use-after-scope on int\n"); | ||
| 424 | { | ||
| 425 | int local = 0; | ||
| 426 | |||
| 427 | p = (char *)&local; | ||
| 428 | } | ||
| 429 | p[0] = 1; | ||
| 430 | p[3] = 1; | ||
| 431 | |||
| 432 | pr_info("use-after-scope on array\n"); | ||
| 433 | { | ||
| 434 | char local[1024] = {0}; | ||
| 435 | |||
| 436 | p = local; | ||
| 437 | } | ||
| 438 | p[0] = 1; | ||
| 439 | p[1023] = 1; | ||
| 440 | } | ||
| 441 | |||
| 414 | static int __init kmalloc_tests_init(void) | 442 | static int __init kmalloc_tests_init(void) |
| 415 | { | 443 | { |
| 416 | kmalloc_oob_right(); | 444 | kmalloc_oob_right(); |
| @@ -436,6 +464,7 @@ static int __init kmalloc_tests_init(void) | |||
| 436 | kasan_global_oob(); | 464 | kasan_global_oob(); |
| 437 | ksize_unpoisons_memory(); | 465 | ksize_unpoisons_memory(); |
| 438 | copy_user_test(); | 466 | copy_user_test(); |
| 467 | use_after_scope_test(); | ||
| 439 | return -EAGAIN; | 468 | return -EAGAIN; |
| 440 | } | 469 | } |
| 441 | 470 | ||