kasan: Add strscpy() test to trigger tag fault on arm64 - linux-rng

diff options

author	Vincenzo Frascino <vincenzo.frascino@arm.com>	2025-04-02 17:07:00 -0700
committer	Kees Cook <kees@kernel.org>	2025-04-15 13:50:17 -0700
commit	62d32440ac127b79747ef930205052803a8efd0f (patch)
tree	93e93db467f3667cf92c239b78c1fa29ef21eaaa /scripts/lib/kdoc/kdoc_files.py
parent	string: Add load_unaligned_zeropad() code path to sized_strscpy() (diff)
download	linux-rng-62d32440ac127b79747ef930205052803a8efd0f.tar.xz linux-rng-62d32440ac127b79747ef930205052803a8efd0f.zip

kasan: Add strscpy() test to trigger tag fault on arm64

When we invoke strscpy() with a maximum size of N bytes, it assumes that: - It can always read N bytes from the source. - It always write N bytes (zero-padded) to the destination. On aarch64 with Memory Tagging Extension enabled if we pass an N that is bigger then the source buffer, it would previously trigger an MTE fault. Implement a KASAN KUnit test that triggers the issue with the previous implementation of read_word_at_a_time() on aarch64 with MTE enabled. Cc: Will Deacon <will@kernel.org> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Co-developed-by: Peter Collingbourne <pcc@google.com> Signed-off-by: Peter Collingbourne <pcc@google.com> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Link: https://linux-review.googlesource.com/id/If88e396b9e7c058c1a4b5a252274120e77b1898a Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Link: https://lore.kernel.org/r/20250403000703.2584581-3-pcc@google.com Signed-off-by: Kees Cook <kees@kernel.org>

Diffstat (limited to 'scripts/lib/kdoc/kdoc_files.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: