kasan: Add strscpy() test to trigger tag fault on arm64 - kernel

diff options

author	Vincenzo Frascino <[email protected]>	2025-04-03 00:07:00 +0000
committer	Kees Cook <[email protected]>	2025-04-15 20:50:17 +0000
commit	62d32440ac127b79747ef930205052803a8efd0f (patch)
tree	93e93db467f3667cf92c239b78c1fa29ef21eaaa /rust/helpers/bug.c
parent	string: Add load_unaligned_zeropad() code path to sized_strscpy() (diff)
download	kernel-62d32440ac127b79747ef930205052803a8efd0f.tar.gz kernel-62d32440ac127b79747ef930205052803a8efd0f.zip

kasan: Add strscpy() test to trigger tag fault on arm64

When we invoke strscpy() with a maximum size of N bytes, it assumes that: - It can always read N bytes from the source. - It always write N bytes (zero-padded) to the destination. On aarch64 with Memory Tagging Extension enabled if we pass an N that is bigger then the source buffer, it would previously trigger an MTE fault. Implement a KASAN KUnit test that triggers the issue with the previous implementation of read_word_at_a_time() on aarch64 with MTE enabled. Cc: Will Deacon <[email protected]> Signed-off-by: Vincenzo Frascino <[email protected]> Signed-off-by: Catalin Marinas <[email protected]> Co-developed-by: Peter Collingbourne <[email protected]> Signed-off-by: Peter Collingbourne <[email protected]> Reviewed-by: Andrey Konovalov <[email protected]> Link: https://linux-review.googlesource.com/id/If88e396b9e7c058c1a4b5a252274120e77b1898a Reviewed-by: Catalin Marinas <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Kees Cook <[email protected]>

Diffstat (limited to 'rust/helpers/bug.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: