Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Nov 2016 00:25:05 +0800
From: kbuild test robot <lkp@...el.com>
To: Michael Ellerman <mpe@...erman.id.au>
Cc: kbuild-all@...org, keescook@...omium.org,
	kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] lkdtm: Add tests for LIST_POISON and ZERO_SIZE_PTR

Hi Michael,

[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on v4.9-rc5]
[cannot apply to next-20161115]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Michael-Ellerman/lkdtm-Add-tests-for-LIST_POISON-and-ZERO_SIZE_PTR/20161115-235441
config: i386-randconfig-x007-201646 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

All warnings (new ones prefixed by >>):

   drivers/misc/lkdtm_bugs.c: In function 'test_poison_ptr':
>> drivers/misc/lkdtm_bugs.c:178:9: warning: large integer implicitly truncated to unsigned type [-Woverflow]
     *ptr = 0xdeadbeefabcd1234;
            ^~~~~~~~~~~~~~~~~~

vim +178 drivers/misc/lkdtm_bugs.c

   162		}
   163	
   164		/*
   165		 * Creating a mapping and adding mmap_min_addr to the value is cheating
   166		 * in a way. But it simulates the case where an attacker is able to
   167		 * cause an access at a small offset from the base value, leading to a
   168		 * user space access. If an arch doesn't define CONFIG_ILLEGAL_POINTER_VALUE
   169		 * then it's likely this will work in the absence of other protections.
   170		 */
   171		ptr = mmap_min_addr + base;
   172	
   173		pr_info("attempting read of %s %p\n", desc, ptr);
   174		val = *ptr;
   175		pr_info("FAIL: Was able to read %s! Got 0x%lx\n", desc, val);
   176	
   177		pr_info("attempting write of %s %p\n", desc, ptr);
 > 178		*ptr = 0xdeadbeefabcd1234;
   179		pr_info("FAIL: Was able to write %s! Now = 0x%lx\n", desc, *ptr);
   180	
   181		vm_munmap(uaddr, PAGE_SIZE);
   182	}
   183	
   184	void lkdtm_ACCESS_LIST_POISON(void)
   185	{
   186		test_poison_ptr(LIST_POISON1, "LIST_POISON");

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Download attachment ".config.gz" of type "application/gzip" (24141 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.