CC: [email protected] In-Reply-To: <[email protected]> References: <[email protected]> TO: Jiasheng Jiang <[email protected]> TO: [email protected] TO: [email protected] TO: [email protected] CC: [email protected] CC: Jiasheng Jiang <[email protected]>
Hi Jiasheng, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on char-misc/char-misc-testing] [also build test WARNING on kees/for-next/pstore soc/for-next linus/master v5.16 next-20220114] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Jiasheng-Jiang/lkdtm-bugs-Check-for-the-NULL-pointer-after-calling-kmalloc/20220114-162452 base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git d47c7407b4c88cf66098eba8893bc38279f301fc :::::: branch date: 14 hours ago :::::: commit date: 14 hours ago config: arm-randconfig-m031-20220113 (https://download.01.org/0day-ci/archive/20220115/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> New smatch warnings: drivers/misc/lkdtm/bugs.c:331 lkdtm_ARRAY_BOUNDS() warn: possible memory leak of 'checked' drivers/misc/lkdtm/bugs.c:331 lkdtm_ARRAY_BOUNDS() warn: possible memory leak of 'not_checked' Old smatch warnings: drivers/misc/lkdtm/bugs.c:346 lkdtm_ARRAY_BOUNDS() error: buffer overflow 'checked->data' 8 <= 8 vim +/checked +331 drivers/misc/lkdtm/bugs.c ae2e1aad3e48e4 Kees Cook 2020-04-06 321 ae2e1aad3e48e4 Kees Cook 2020-04-06 322 void lkdtm_ARRAY_BOUNDS(void) ae2e1aad3e48e4 Kees Cook 2020-04-06 323 { ae2e1aad3e48e4 Kees Cook 2020-04-06 324 struct array_bounds_flex_array *not_checked; ae2e1aad3e48e4 Kees Cook 2020-04-06 325 struct array_bounds *checked; ae2e1aad3e48e4 Kees Cook 2020-04-06 326 volatile int i; ae2e1aad3e48e4 Kees Cook 2020-04-06 327 ae2e1aad3e48e4 Kees Cook 2020-04-06 328 not_checked = kmalloc(sizeof(*not_checked) * 2, GFP_KERNEL); ae2e1aad3e48e4 Kees Cook 2020-04-06 329 checked = kmalloc(sizeof(*checked) * 2, GFP_KERNEL); 6ac33daa73b3fe Jiasheng Jiang 2022-01-14 330 if (!not_checked || !checked) 6ac33daa73b3fe Jiasheng Jiang 2022-01-14 @331 return; ae2e1aad3e48e4 Kees Cook 2020-04-06 332 ae2e1aad3e48e4 Kees Cook 2020-04-06 333 pr_info("Array access within bounds ...\n"); ae2e1aad3e48e4 Kees Cook 2020-04-06 334 /* For both, touch all bytes in the actual member size. */ ae2e1aad3e48e4 Kees Cook 2020-04-06 335 for (i = 0; i < sizeof(checked->data); i++) ae2e1aad3e48e4 Kees Cook 2020-04-06 336 checked->data[i] = 'A'; ae2e1aad3e48e4 Kees Cook 2020-04-06 337 /* ae2e1aad3e48e4 Kees Cook 2020-04-06 338 * For the uninstrumented flex array member, also touch 1 byte ae2e1aad3e48e4 Kees Cook 2020-04-06 339 * beyond to verify it is correctly uninstrumented. ae2e1aad3e48e4 Kees Cook 2020-04-06 340 */ ae2e1aad3e48e4 Kees Cook 2020-04-06 341 for (i = 0; i < sizeof(not_checked->data) + 1; i++) ae2e1aad3e48e4 Kees Cook 2020-04-06 342 not_checked->data[i] = 'A'; ae2e1aad3e48e4 Kees Cook 2020-04-06 343 ae2e1aad3e48e4 Kees Cook 2020-04-06 344 pr_info("Array access beyond bounds ...\n"); ae2e1aad3e48e4 Kees Cook 2020-04-06 345 for (i = 0; i < sizeof(checked->data) + 1; i++) ae2e1aad3e48e4 Kees Cook 2020-04-06 346 checked->data[i] = 'B'; ae2e1aad3e48e4 Kees Cook 2020-04-06 347 ae2e1aad3e48e4 Kees Cook 2020-04-06 348 kfree(not_checked); ae2e1aad3e48e4 Kees Cook 2020-04-06 349 kfree(checked); 464e86b4abadfc Kees Cook 2020-06-25 350 pr_err("FAIL: survived array bounds overflow!\n"); c75be56e35b2ee Kees Cook 2021-08-18 351 pr_expected_config(CONFIG_UBSAN_BOUNDS); ae2e1aad3e48e4 Kees Cook 2020-04-06 352 } ae2e1aad3e48e4 Kees Cook 2020-04-06 353 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
