summaryrefslogtreecommitdiff
path: root/mm/kasan/report.c
diff options
context:
space:
mode:
authorPaul Lawrence <paullawrence@google.com>2018-02-07 02:36:11 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2018-02-07 05:32:42 +0300
commit342061ee4ef3d80001d1ae494378f3979c861dba (patch)
tree0441486ae0c2df8e8edad38a70aa62515235eb02 /mm/kasan/report.c
parent1a69e7ce8391a8bc808baf04e06d88ab4024ca47 (diff)
downloadlinux-342061ee4ef3d80001d1ae494378f3979c861dba.tar.xz
kasan: support alloca() poisoning
clang's AddressSanitizer implementation adds redzones on either side of alloca()ed buffers. These redzones are 32-byte aligned and at least 32 bytes long. __asan_alloca_poison() is passed the size and address of the allocated buffer, *excluding* the redzones on either side. The left redzone will always be to the immediate left of this buffer; but AddressSanitizer may need to add padding between the end of the buffer and the right redzone. If there are any 8-byte chunks inside this padding, we should poison those too. __asan_allocas_unpoison() is just passed the top and bottom of the dynamic stack area, so unpoisoning is simpler. Link: http://lkml.kernel.org/r/20171204191735.132544-4-paullawrence@google.com Signed-off-by: Greg Hackmann <ghackmann@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/kasan/report.c')
-rw-r--r--mm/kasan/report.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 410c8235e671..eff12e040498 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -102,6 +102,10 @@ static const char *get_shadow_bug_type(struct kasan_access_info *info)
case KASAN_USE_AFTER_SCOPE:
bug_type = "use-after-scope";
break;
+ case KASAN_ALLOCA_LEFT:
+ case KASAN_ALLOCA_RIGHT:
+ bug_type = "alloca-out-of-bounds";
+ break;
}
return bug_type;