From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35524C83030 for ; Mon, 7 Jul 2025 05:06:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2FCC68D0010; Mon, 7 Jul 2025 01:06:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2ADC48D0002; Mon, 7 Jul 2025 01:06:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0DA1D8D0010; Mon, 7 Jul 2025 01:06:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E34D78D0002 for ; Mon, 7 Jul 2025 01:06:20 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B384A1A035B for ; Mon, 7 Jul 2025 05:06:20 +0000 (UTC) X-FDA: 83636282520.05.87E8F19 Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf27.hostedemail.com (Postfix) with ESMTP id 1F6B140011 for ; Mon, 7 Jul 2025 05:06:18 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jZKs1LG3; spf=pass (imf27.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751864779; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lLUnQAO3/HtQe3sUDS+hIo1qlwo3a5ODAVyHi6Qtg/c=; b=GwQ33RGzSOURVhcNnvZua+PFLyerQIiz28zpYpAHfMS7cnyKRUubz9CtzsO6t+TqJ3OvNq 4jYcpJjYGdCYPdAmqtuhpok+c+xYAs10sl/yYbWcehjhI+74pAIYhfS6rcy0m/lB5wXXxV yyVojyjRYxGNlp9IrmVmxeCgb+F9I48= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751864779; a=rsa-sha256; cv=none; b=mfWz4xpSjg31HJJxH5j+6eI4JdsC4quN+7kOJNCjqoycVAyxXYYl3Rc4H+hMxWr0dNaSIv ceE/Xo8WWwPfZPz33/dryZSIVRPBIDiHc4P3JkokyPcEpaqDBEDp1QcEzOu0Qg6GX/QvOo 9+hLKk1OMyEO2+05whKKGNggy/NrEio= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jZKs1LG3; spf=pass (imf27.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id 3EA4E6114D; Mon, 7 Jul 2025 05:06:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0ED7C4CEF3; Mon, 7 Jul 2025 05:06:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1751864778; bh=NHyBpShfNxuRT7LHWtM7yTeZwYuB33fj2KjVFAvh+ps=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jZKs1LG3kb0nVPIQgR1hXQuPVNnzQN5m23O/yq0nZ9XTycpu03iDudYeDmtJnPC+a wJgFLf2bbflGQtVT2GqtWxcUwJQ8oGWUfXCjXy3FbAZ4LTGKK0WD0RH1NGH2XaXBja eg9kUR6n8QaU7IzjMtYDJ8qD7iT952AAkB636Zym1YRRB5auZKCCpBOoT8vZA+KCd3 j03WUE5Lr3EEzWfAtxzlWNiA1p+bAJGzhmBMXzFe0Ll04XxVG2Fy2ghiFpP4Kn33Sb SoqZbtPvMJv08ueHyE/wR+2fJ9luwRlrBU3PN4DxETUsJSYV0gXtukozRbdrIDN3RQ 7PJ07tG+x8ihw== Date: Mon, 7 Jul 2025 07:06:15 +0200 From: Alejandro Colomar To: linux-mm@kvack.org, linux-hardening@vger.kernel.org Cc: Alejandro Colomar , Kees Cook , Christopher Bazley , shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew Morton , kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo , Andrew Clayton , Jann Horn , Linus Torvalds Subject: [RFC v3 5/7] mm: Fix benign off-by-one bugs Message-ID: <740755c1a888ae27de3f127c27bf925a91e9b264.1751862634.git.alx@kernel.org> X-Mailer: git-send-email 2.50.0 References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 1F6B140011 X-Stat-Signature: kqa5wuayh94wp3mym31phhjimg4myths X-HE-Tag: 1751864778-562469 X-HE-Meta: U2FsdGVkX192iOGF1lDWlCSbI/ybHHOhAauHLZSlzflDIqH5oToG0f72rRygOp5sQIxfJQElPS7P5oCcVjKEZSs3Pbj9n6/+xavC74YfmeEwdOSoBGBqg6pMi7g+HTRUSM/eGoaTdGG93qpg+YiYErLIng+WIeQ644QlCmNk7k2RRy25fqZGsBAyjAADNTXd9aPJYwZHJJk11ZO6dcLAtLtsSeiuq3rvU/cwWSFgpe83QqJYi5O6IJohnHB0pwGv4lPn8ejOv874ZIueoOpm3sYWNvU3yxv8XAna8sWcys18l2y8UAwbc/mqf7XZ/Fp4X65zBQeiRV3YpFQTlSXu0xQlJQhI+kWt7jl2FVJvflwr3KPfmCuaZ4SMc5Op4rQ8dEU+DkmMh8f4EUN3ZjlWO/Byicg7A2GosXqJ3btSC1PDWVWC7r4ZZgsjt4pRBrMHihbNZsioUpmLA7yTqQfEWfA5+RgobqYZ+DOu+TFUtLOn27VicvKB7y5oYQ0ocp4nxaou+RFm3wczF+bTJQAYF22HmO54F5joKs//bYBtAy78j0Yo1YA6wM2yxfeU4pUD3rzHiIJJaXyuQOpI8kxTvEj3bgdkQIJxxztYwF/thcANZSt73l4u9gRKME1+UpO/ErE2Houxw4QE9ojq0Zeg7BF53IRJSP8at9vxVaFW++sA6ksg4Z5ro+D73zkZ5fnG+zx1Vth5pqGaGdVrK9fwLmfkcbki0D+IY9Vd8VHtIB5AXphb2G8XBAYZN4UWBDfA8wuB7lTpjWJC6UQZkuKiPZFAnmV2/J75+LVr+MfJk4PdWbLCVe/u3hlwpzftoPWJOrMY4DB2hMKtwVVGEqnwbhq5KMSSkfmiwdZLG8vd5ZFCbgmjVaK7+9P0x8MLAGJ1Andcf/tBEx8xyhBYXXAfDjzWeU7VDWLI3tqnLlQVpxPorT+hfB5Z7sDvIsIlW9SsxgKzLWanMfu5bD6RFmr VUA9DyTf 5D8RJpgECA1cXqcAECdJbEfcTvcuxrGe49BFOuIUJ1RO8nhixf0EPbCo+OrpcSyS97K1sthzTtl7hR5Qyv6p8bj8tHPr84yO+HHZXjNOMqXgtVJQNZWWHwgO2WCJKnESbr4mRIMJNnQ29O69mjJ4jcxLirNfvWPGoG3P0WU8II+w6ouoN/RurlZOxcgdQVNwe4cS0nuPXVB2zJvha7iUsXrXAIiVMs7Fp/uvnEcKjRlFzbYXYJWW28GG3AiwHRKVyI6oyVbwzq+iqd8mgAdeASS4wEuwkNRcWLPQzFtBNURTIadyGIGbEGZEHmaYu77IpUJdCE8R6AfiV/z2xExh6McXoX0ws8yp+MoMR593blS1ufi3fHKIR6KR0VpW6o+aRBqEkn3/tYTAjwbEdup1AR8+Vtr6IlcMem5IcM9Ilo099IL4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: We were wasting a byte due to an off-by-one bug. s[c]nprintf() doesn't write more than $2 bytes including the null byte, so trying to pass 'size-1' there is wasting one byte. Now that we use seprintf(), the situation isn't different: seprintf() will stop writing *before* 'end' --that is, at most the terminating null byte will be written at 'end-1'--. Fixes: bc8fbc5f305a (2021-02-26; "kfence: add test suite") Fixes: 8ed691b02ade (2022-10-03; "kmsan: add tests for KMSAN") Cc: Kees Cook Cc: Christopher Bazley Cc: Alexander Potapenko Cc: Marco Elver Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Jann Horn Cc: Andrew Morton Cc: Linus Torvalds Signed-off-by: Alejandro Colomar --- mm/kfence/kfence_test.c | 4 ++-- mm/kmsan/kmsan_test.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c index ff734c514c03..f02c3e23638a 100644 --- a/mm/kfence/kfence_test.c +++ b/mm/kfence/kfence_test.c @@ -110,7 +110,7 @@ static bool report_matches(const struct expect_report *r) /* Title */ cur = expect[0]; - end = &expect[0][sizeof(expect[0]) - 1]; + end = ENDOF(expect[0]); switch (r->type) { case KFENCE_ERROR_OOB: cur = seprintf(cur, end, "BUG: KFENCE: out-of-bounds %s", @@ -140,7 +140,7 @@ static bool report_matches(const struct expect_report *r) /* Access information */ cur = expect[1]; - end = &expect[1][sizeof(expect[1]) - 1]; + end = ENDOF(expect[1]); switch (r->type) { case KFENCE_ERROR_OOB: diff --git a/mm/kmsan/kmsan_test.c b/mm/kmsan/kmsan_test.c index a062a46b2d24..882500807db8 100644 --- a/mm/kmsan/kmsan_test.c +++ b/mm/kmsan/kmsan_test.c @@ -105,7 +105,7 @@ static bool report_matches(const struct expect_report *r) /* Title */ cur = expected_header; - end = &expected_header[sizeof(expected_header) - 1]; + end = ENDOF(expected_header); cur = seprintf(cur, end, "BUG: KMSAN: %s", r->error_type); -- 2.50.0