Re: [PATCH] kunit/overflow: Fix UB in overflow_allocation_test

From: David Gow
Date: Thu Aug 15 2024 - 02:39:59 EST


On Thu, 15 Aug 2024 at 08:04, Ivan Orlov <ivan.orlov0322@xxxxxxxxx> wrote:
>
> The 'device_name' array doesn't exist out of the
> 'overflow_allocation_test' function scope. However, it is being used as
> a driver name when calling 'kunit_driver_create' from
> 'kunit_device_register'. It produces the kernel panic with KASAN
> enabled.
>
> Since this variable is used in one place only, remove it and pass the
> device name into kunit_device_register directly as an ascii string.
>
> Signed-off-by: Ivan Orlov <ivan.orlov0322@xxxxxxxxx>
> ---

Thanks -- we've got plans to add support for non-constant strings
here, but the first version had some issues, and (Kees -- correct me
if I'm wrong) there doesn't seem to be any need to have this be
dynamically allocated.

Reviewed-by: David Gow <davidgow@xxxxxxxxxx>

Cheers,
-- David

> lib/overflow_kunit.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c
> index f314a0c15a6d..2abc78367dd1 100644
> --- a/lib/overflow_kunit.c
> +++ b/lib/overflow_kunit.c
> @@ -668,7 +668,6 @@ DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0);
>
> static void overflow_allocation_test(struct kunit *test)
> {
> - const char device_name[] = "overflow-test";
> struct device *dev;
> int count = 0;
>
> @@ -678,7 +677,7 @@ static void overflow_allocation_test(struct kunit *test)
> } while (0)
>
> /* Create dummy device for devm_kmalloc()-family tests. */
> - dev = kunit_device_register(test, device_name);
> + dev = kunit_device_register(test, "overflow-test");
> KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev),
> "Cannot register test device\n");
>
> --
> 2.34.1
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature