some problems about kasan

From: zhong jiang
Date: Thu Oct 15 2015 - 03:00:29 EST

Next message: Mikko Rapeli: "[PATCH v4 74/79] include/linux/xz.h: use linux/types.h types instead of stdint.h"
Previous message: LABBE Corentin: "[PATCH] arm: fix the return value of find_first{_zero}_bit"
Next in thread: Dmitry Vyukov: "Re: some problems about kasan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

1ã I feel confused about one of the cases when testing the cases kasan can solve . the function come from the kernel in the /lib/test_kasan.c.

static noinline void __init kmalloc_uaf2(void)
{
char *ptr1, *ptr2;
size_t size = 43;

pr_info("use-after-free after another kmalloc\n");
ptr1 = kmalloc(size, GFP_KERNEL);
if (!ptr1) {
pr_err("Allocation failed\n");
return;
}

kfree(ptr1);
ptr2 = kmalloc(size, GFP_KERNEL);
if (!ptr2) {
pr_err("Allocation failed\n");
return;
}

ptr1[40] = 'x';
kfree(ptr2);
}

In the above function, the point ptr1 are probably the same as the ptr2 . so the error not certain to occur.

2ãIs the stack local variable out of bound access set by the GCC ? I don't see any operate in the kernel

3ãI want to know that the global variable size include redzone is allocated by the module_alloc().

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mikko Rapeli: "[PATCH v4 74/79] include/linux/xz.h: use linux/types.h types instead of stdint.h"
Previous message: LABBE Corentin: "[PATCH] arm: fix the return value of find_first{_zero}_bit"
Next in thread: Dmitry Vyukov: "Re: some problems about kasan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]