Re: [PATCH] riscv: lib: Fix ZBB strnlen reading past count boundary

Next message: Maulik Shah (mkshah): "Re: [PATCH v2] cpuidle: Deny idle entry when CPU already have IPI interrupt pending"
Previous message: syzbot: "Re: [syzbot] [fuse?] BUG: scheduling while atomic in __synchronize_srcu"
In reply to: Feng Jiang: "Re: [PATCH] riscv: lib: Fix ZBB strnlen reading past count boundary"
Next in thread: Feng Jiang: "Re: [PATCH] riscv: lib: Fix ZBB strnlen reading past count boundary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michael Neuling

Date: Mon Apr 13 2026 - 01:04:10 EST

> Thanks for catching and fixing this! Your analysis is spot on—that
> "load-before-check" logic was indeed an oversight on my part, especially
> regarding the page boundary edge case.

No worries.

> The test case you provided is extremely helpful. Since you've already
> built this reproducer, would you be interested in helping to improve
> the KUnit test string_test_strnlen() in lib/tests/string_kunit.c as well?
> Currently, it mainly tests strings with NUL terminators and lacks coverage
> for these kinds of non-terminated boundary scenarios.

The below is from Claude. I gave it a test under qemu riscv with and without
the patch and it seems to catch the failure. Feel free to use it as you see fit.

[ 19.042129] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 19.043133] Oops [#1]
[ 66.197273] ok 5 string_test_strnlen
[ 66.197855] Unable to handle kernel paging request at virtual address ff20000000096000
[ 66.198980] Oops [#2]
[ 66.199867] ra : string_test_strnlen_page_boundary+0xba/0x244
[ 66.204025] # string_test_strnlen_page_boundary: try faulted: last line seen lib/tests/string_kunit.c:195
[ 66.204391] # string_test_strnlen_page_boundary: internal error occurred preventing test case from running: -4
[ 66.205133] not ok 6 string_test_strnlen_page_boundary
[ 66.227546] # string: pass:24 fail:1 skip:4 total:29
[ 66.227879] not ok 74 string

Mikey