diff options
| author | Vincenzo Frascino <vincenzo.frascino@arm.com> | 2025-04-02 17:07:00 -0700 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2025-04-15 13:50:17 -0700 |
| commit | 62d32440ac127b79747ef930205052803a8efd0f (patch) | |
| tree | 93e93db467f3667cf92c239b78c1fa29ef21eaaa /net/lapb/lapb_iface.c | |
| parent | d94c12bd97d567de342fd32599e7cd9e50bfa140 (diff) | |
| download | linux-62d32440ac127b79747ef930205052803a8efd0f.tar.gz linux-62d32440ac127b79747ef930205052803a8efd0f.tar.bz2 linux-62d32440ac127b79747ef930205052803a8efd0f.zip | |
kasan: Add strscpy() test to trigger tag fault on arm64
When we invoke strscpy() with a maximum size of N bytes, it assumes
that:
- It can always read N bytes from the source.
- It always write N bytes (zero-padded) to the destination.
On aarch64 with Memory Tagging Extension enabled if we pass an N that is
bigger then the source buffer, it would previously trigger an MTE fault.
Implement a KASAN KUnit test that triggers the issue with the previous
implementation of read_word_at_a_time() on aarch64 with MTE enabled.
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Co-developed-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Peter Collingbourne <pcc@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Link: https://linux-review.googlesource.com/id/If88e396b9e7c058c1a4b5a252274120e77b1898a
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20250403000703.2584581-3-pcc@google.com
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'net/lapb/lapb_iface.c')
0 files changed, 0 insertions, 0 deletions