Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kasan: infer the requested size by scanning shadow memory
We scan the shadow memory to infer the requested size instead of printing cache->object_size directly. This patch will fix the confusing generic kasan report like below. [1] Report shows "cache kmalloc-192 of size 192", but user actually kmalloc(184). ================================================================== BUG: KASAN: slab-out-of-bounds in _find_next_bit+0x143/0x160 lib/find_bit.c:109 Read of size 8 at addr ffff8880175766b8 by task kworker/1:1/26 ... The buggy address belongs to the object at ffff888017576600 which belongs to the cache kmalloc-192 of size 192 The buggy address is located 184 bytes inside of 192-byte region [ffff888017576600, ffff8880175766c0) ... Memory state around the buggy address: ffff888017576580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888017576600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888017576680: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc ^ ffff888017576700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888017576780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== After this patch, report will show "cache kmalloc-192 of size 184". Link: https://bugzilla.kernel.org/show_bug.cgi?id=216457 [1] Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
- Loading branch information