From: Andrey Ryabinin Date: Fri, 13 Feb 2015 22:39:45 +0000 (-0800) Subject: fs: dcache: manually unpoison dname after allocation to shut up kasan's reports X-Git-Tag: firefly_0821_release~176^2~2328^2~29 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=df4c0e36f1b1782b0611a77c52cc240e5c4752dd;p=firefly-linux-kernel-4.4.55.git fs: dcache: manually unpoison dname after allocation to shut up kasan's reports We need to manually unpoison rounded up allocation size for dname to avoid kasan's reports in dentry_string_cmp(). When CONFIG_DCACHE_WORD_ACCESS=y dentry_string_cmp may access few bytes beyound requested in kmalloc() size. dentry_string_cmp() relates on that fact that dentry allocated using kmalloc and kmalloc internally round up allocation size. So this is not a bug, but this makes kasan to complain about such accesses. To avoid such reports we mark rounded up allocation size in shadow as accessible. Signed-off-by: Andrey Ryabinin Reported-by: Dmitry Vyukov Cc: Konstantin Serebryany Cc: Dmitry Chernenkov Signed-off-by: Andrey Konovalov Cc: Yuri Gribov Cc: Konstantin Khlebnikov Cc: Sasha Levin Cc: Christoph Lameter Cc: Joonsoo Kim Cc: Dave Hansen Cc: Andi Kleen Cc: Ingo Molnar Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/dcache.c b/fs/dcache.c index d04be762b216..7d34f04ec7aa 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -38,6 +38,8 @@ #include #include #include +#include + #include "internal.h" #include "mount.h" @@ -1429,6 +1431,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) } atomic_set(&p->u.count, 1); dname = p->name; + if (IS_ENABLED(CONFIG_DCACHE_WORD_ACCESS)) + kasan_unpoison_shadow(dname, + round_up(name->len + 1, sizeof(unsigned long))); } else { dname = dentry->d_iname; }