[PATCH v1] mm, kasan: don't call kasan_krealloc() from ksize(). Add a ksize() test.

Mon, 11 Apr 2016 10:11:13 -0700 

Instead of calling kasan_krealloc(), which replaces the memory allocation
stack ID (if stack depot is used), just unpoison the whole memory chunk.
Add a test that makes sure ksize() unpoisons the whole chunk.

Signed-off-by: Alexander Potapenko <[email protected]>
---
 lib/test_kasan.c | 20 ++++++++++++++++++++
 mm/slab.c        |  2 +-
 mm/slub.c        |  5 +++--
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 82169fb..48e5a0b 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -344,6 +344,25 @@ static noinline void __init kasan_stack_oob(void)
        *(volatile char *)p;
 }
 
+static noinline void __init ksize_unpoisons_memory(void)
+{
+       char *ptr;
+       size_t size = 123, real_size = size;
+
+       pr_info("ksize() unpoisons the whole allocated chunk\n");
+       ptr = kmalloc(size, GFP_KERNEL);
+       if (!ptr) {
+               pr_err("Allocation failed\n");
+               return;
+       }
+       real_size = ksize(ptr);
+       /* This access doesn't trigger an error. */
+       ptr[size] = 'x';
+       /* This one does. */
+       ptr[real_size] = 'y';
+       kfree(ptr);
+}
+
 static int __init kmalloc_tests_init(void)
 {
        kmalloc_oob_right();
@@ -367,6 +386,7 @@ static int __init kmalloc_tests_init(void)
        kmem_cache_oob();
        kasan_stack_oob();
        kasan_global_oob();
+       ksize_unpoisons_memory();
        return -EAGAIN;
 }
 
diff --git a/mm/slab.c b/mm/slab.c
index 17e2848..de46319 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -4324,7 +4324,7 @@ size_t ksize(const void *objp)
        /* We assume that ksize callers could use the whole allocated area,
         * so we need to unpoison this area.
         */
-       kasan_krealloc(objp, size, GFP_NOWAIT);
+       kasan_unpoison_shadow(objp, size);
 
        return size;
 }
diff --git a/mm/slub.c b/mm/slub.c
index 4dbb109e..62194e2 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3635,8 +3635,9 @@ size_t ksize(const void *object)
 {
        size_t size = __ksize(object);
        /* We assume that ksize callers could use whole allocated area,
-          so we need unpoison this area. */
-       kasan_krealloc(object, size, GFP_NOWAIT);
+        * so we need to unpoison this area.
+        */
+       kasan_unpoison_shadow(object, size);
        return size;
 }
 EXPORT_SYMBOL(ksize);
-- 
2.8.0.rc3.226.g39d4020

Reply via email to