Skip to content
Commit 62d32440 authored by Vincenzo Frascino's avatar Vincenzo Frascino Committed by Kees Cook
Browse files

kasan: Add strscpy() test to trigger tag fault on arm64 



When we invoke strscpy() with a maximum size of N bytes, it assumes
that:
- It can always read N bytes from the source.
- It always write N bytes (zero-padded) to the destination.

On aarch64 with Memory Tagging Extension enabled if we pass an N that is
bigger then the source buffer, it would previously trigger an MTE fault.

Implement a KASAN KUnit test that triggers the issue with the previous
implementation of read_word_at_a_time() on aarch64 with MTE enabled.

Cc: Will Deacon <will@kernel.org>
Signed-off-by: Vincenzo Frascino's avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Catalin Marinas's avatarCatalin Marinas <catalin.marinas@arm.com>
Co-developed-by: default avatarPeter Collingbourne <pcc@google.com>
Signed-off-by: default avatarPeter Collingbourne <pcc@google.com>
Reviewed-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
Link: https://linux-review.googlesource.com/id/If88e396b9e7c058c1a4b5a252274120e77b1898a


Reviewed-by: Catalin Marinas's avatarCatalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20250403000703.2584581-3-pcc@google.com


Signed-off-by: default avatarKees Cook <kees@kernel.org>
parent d94c12bd
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment