Skip to content
Permalink
Tree: 23005322ac
Commits on Sep 27, 2018
  1. kmsan: force initialize the result of get_freepointer_safe()

    ramosian-glider committed Sep 27, 2018
    The uninitialized value returned by get_freepointer_safe() may be
    passed into CAS, where KMSAN will check it regardless of whether
    CAS failed or not.
Commits on Sep 25, 2018
Commits on Sep 24, 2018
  1. Merge pull request #24 from nefigtut/patch-1

    ramosian-glider committed Sep 24, 2018
    kmsan: fix kfree() of unallocated memory in kmsan_vmap()
Commits on Sep 23, 2018
  1. kmsan: fix kfree() of unallocated memory in kmsan_vmap()

    nefigtut committed Sep 23, 2018
    kfree(o_pages) can try to free an unallocated memory in case "if (!s_pages) goto err_free;" and
    o_pages contains garbage from a stack. fix this by initializing o_pages and s_pages, just in case.
    
    Reported-by: https://syzkaller.appspot.com/bug?id=ae239a8b52cf47d202f7ca93d3e861499f9dffcd
    Reported-by: https://syzkaller.appspot.com/text?tag=CrashReport&x=104ebce1400000
Commits on Sep 21, 2018
  1. kmsan, kcov: don't check atomic functions in kcov.c

    ramosian-glider committed Sep 21, 2018
    We don't instrument kernel/kcov.c, so checking the parameters of
    atomic functions called from it may cause false positives.
    Introduce KMSAN_CHECK_ATOMIC_PARAMS which can be defined to 0
    to disable those checks in atomic-instrumented.h
Commits on Sep 20, 2018
  1. kmsan: leftover bits for atomic instrumentation

    ramosian-glider committed Sep 20, 2018
    Add INIT_INT(), INIT_S64(), INIT_BOOL() helpers
  2. kmsan: instrument more of vdso

    ramosian-glider committed Sep 20, 2018
    Instrument everything except vgetcpu.c and vclock_gettime.c
    This is a prerequisite to instrumenting atomics (otherwise we'll get
    false positives), and also a good thing to do.
Commits on Sep 19, 2018
  1. kmsan: disable assembly implementations of crypto algorithms

    ramosian-glider committed Sep 17, 2018
    Instead of carpet unpoisoning in crypto_cipher_encrypt_one() and
    crypto_cipher_decrypt_one() done in 2a40ed8,
    just disable all the possible assembly implementations.
    This may still let us catch bugs in C-based crypto implementations.
  2. Temporarily revert "Revert "kmsan: don't track pages allocated by __d…

    ramosian-glider committed Sep 14, 2018
    …o_page_cache_readahead()""
    
    The original commit ("kmsan: don't track pages allocated by
    __do_page_cache_readahead()") masks real bugs, but otherwise we get too
    many false positives on syzbot.
    
    This reverts commit 1bba65d.
  3. Revert "kmsan: don't track pages allocated by __do_page_cache_readahe…

    ramosian-glider committed Sep 13, 2018
    …ad()"
    
    This reverts commit 1054a1b.
    It masks a real bug in reading /dev/nullb0
  4. kmsan: bail out from kmsan_copy_to_user() if there's nothing to check

    ramosian-glider committed Sep 12, 2018
    If the preceding copy_to_user() failed completely (e.g. because of
    EFAULT), we shouldn't try to check the buffer, because it may not exist
    at all.
  5. kmsan: check memory in __put_user_fn()

    ramosian-glider committed Sep 12, 2018
    committing a leftover chunk of the previous patch
  6. kmsan: unpoison pages moved from iov_iter to bio for reading

    ramosian-glider committed Aug 30, 2018
    As the pages are then passed to block device, speculatively unpoison
    them.
    
    Test case:
    
    r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x1, 0x0)
    ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000000)={0x0, 0x6, 0x9, 0xffff, 'syz0\x00', 0x1000})
    r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000400)='/dev/nullb0\x00', 0x10d000, 0x0)
    sendfile(r0, r1, 0x0, 0x10000)
  7. kmsan: don't use |pc| passed to __msan_poison_alloca()

    ramosian-glider committed Aug 9, 2018
    It should be simpler to just get the necessary number of alloca stack
    frames in __msan_poison_alloca().
    Right now we store only the return address of __msan_poison_alloca() and
    the caller, for which we need kmsan_internal_return_address().
  8. kmsan: rename __msan_warning_32() to __msan_warning()

    ramosian-glider committed Jul 13, 2018
    Keep the old name around till the compiler updates.
Older
You can’t perform that action at this time.