diff options
author | Alexander Potapenko <[email protected]> | 2024-05-28 12:48:06 +0200 |
---|---|---|
committer | Andrew Morton <[email protected]> | 2024-06-05 19:19:25 -0700 |
commit | 2ef3cec44c60ae171b287db7fc2aa341586d65ba (patch) | |
tree | f55c92430f01a4c594020af42344ec8dee417f2a /lib/test_fortify/write_overflow-memcpy.c | |
parent | 0105eaabb27f31d9b8d340aca6fb6a3420cab30f (diff) |
kmsan: do not wipe out origin when doing partial unpoisoning
As noticed by Brian, KMSAN should not be zeroing the origin when
unpoisoning parts of a four-byte uninitialized value, e.g.:
char a[4];
kmsan_unpoison_memory(a, 1);
This led to false negatives, as certain poisoned values could receive zero
origins, preventing those values from being reported.
To fix the problem, check that kmsan_internal_set_shadow_origin() writes
zero origins only to slots which have zero shadow.
Link: https://lkml.kernel.org/r/[email protected]
Fixes: f80be4571b19 ("kmsan: add KMSAN runtime core")
Signed-off-by: Alexander Potapenko <[email protected]>
Reported-by: Brian Johannesmeyer <[email protected]>
Link: https://lore.kernel.org/lkml/[email protected]/T/
Reviewed-by: Marco Elver <[email protected]>
Tested-by: Brian Johannesmeyer <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'lib/test_fortify/write_overflow-memcpy.c')
0 files changed, 0 insertions, 0 deletions