linux-stable/mm/kasan/kasan_test_rust.rs

// SPDX-License-Identifier: GPL-2.0

//! Helper crate for KASAN testing.
//!
//! Provides behavior to check the sanitization of Rust code.

use core::ptr::addr_of_mut;
use kernel::prelude::*;

/// Trivial UAF - allocate a big vector, grab a pointer partway through,
/// drop the vector, and touch it.
#[no_mangle]
pub extern "C" fn kasan_test_rust_uaf() -> u8 {
    let mut v: KVec<u8> = KVec::new();
    for _ in 0..4096 {
        v.push(0x42, GFP_KERNEL).unwrap();
    }
    let ptr: *mut u8 = addr_of_mut!(v[2048]);
    drop(v);
    // SAFETY: Incorrect, on purpose.
    unsafe { *ptr }
}
kasan: rust: Add KASAN smoke test via UAF Adds a smoke test to ensure that KASAN in Rust is actually detecting a Rust-native UAF. There is significant room to expand this test suite, but this will at least ensure that flags are having the intended effect. The rename from kasan_test.c to kasan_test_c.c is in order to allow the single kasan_test.ko test suite to contain both a .o file produced by the C compiler and one produced by rustc. Signed-off-by: Matthew Maurer <mmaurer@google.com> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Link: https://lore.kernel.org/r/20240820194910.187826-5-mmaurer@google.com [ Applied empty line nit, removed double empty line, applied `rustfmt` and formatted crate comment. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-08-20 19:48:59 +00:00			`// SPDX-License-Identifier: GPL-2.0`

			`//! Helper crate for KASAN testing.`
			`//!`
			`//! Provides behavior to check the sanitization of Rust code.`

			`use core::ptr::addr_of_mut;`
			`use kernel::prelude::*;`

			`/// Trivial UAF - allocate a big vector, grab a pointer partway through,`
			`/// drop the vector, and touch it.`
			`#[no_mangle]`
			`pub extern "C" fn kasan_test_rust_uaf() -> u8 {`
rust: treewide: switch to the kernel `Vec` type Now that we got the kernel `Vec` in place, convert all existing `Vec` users to make use of it. Reviewed-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Gary Guo <gary@garyguo.net> Signed-off-by: Danilo Krummrich <dakr@kernel.org> Link: https://lore.kernel.org/r/20241004154149.93856-20-dakr@kernel.org [ Converted `kasan_test_rust.rs` too, as discussed. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-10-04 17:41:23 +02:00			`let mut v: KVec<u8> = KVec::new();`
kasan: rust: Add KASAN smoke test via UAF Adds a smoke test to ensure that KASAN in Rust is actually detecting a Rust-native UAF. There is significant room to expand this test suite, but this will at least ensure that flags are having the intended effect. The rename from kasan_test.c to kasan_test_c.c is in order to allow the single kasan_test.ko test suite to contain both a .o file produced by the C compiler and one produced by rustc. Signed-off-by: Matthew Maurer <mmaurer@google.com> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Link: https://lore.kernel.org/r/20240820194910.187826-5-mmaurer@google.com [ Applied empty line nit, removed double empty line, applied `rustfmt` and formatted crate comment. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-08-20 19:48:59 +00:00			`for _ in 0..4096 {`
			`v.push(0x42, GFP_KERNEL).unwrap();`
			`}`
			`let ptr: *mut u8 = addr_of_mut!(v[2048]);`
			`drop(v);`
rust: enable `clippy::undocumented_unsafe_blocks` lint Checking that we are not missing any `// SAFETY` comments in our `unsafe` blocks is something we have wanted to do for a long time, as well as cleaning up the remaining cases that were not documented [1]. Back when Rust for Linux started, this was something that could have been done via a script, like Rust's `tidy`. Soon after, in Rust 1.58.0, Clippy implemented the `undocumented_unsafe_blocks` lint [2]. Even though the lint has a few false positives, e.g. in some cases where attributes appear between the comment and the `unsafe` block [3], there are workarounds and the lint seems quite usable already. Thus enable the lint now. We still have a few cases to clean up, so just allow those for the moment by writing a `TODO` comment -- some of those may be good candidates for new contributors. Link: https://github.com/Rust-for-Linux/linux/issues/351 [1] Link: https://rust-lang.github.io/rust-clippy/master/#/undocumented_unsafe_blocks [2] Link: https://github.com/rust-lang/rust-clippy/issues/13189 [3] Reviewed-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Trevor Gross <tmgross@umich.edu> Tested-by: Gary Guo <gary@garyguo.net> Reviewed-by: Gary Guo <gary@garyguo.net> Link: https://lore.kernel.org/r/20240904204347.168520-5-ojeda@kernel.org Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-09-04 22:43:32 +02:00			`// SAFETY: Incorrect, on purpose.`
kasan: rust: Add KASAN smoke test via UAF Adds a smoke test to ensure that KASAN in Rust is actually detecting a Rust-native UAF. There is significant room to expand this test suite, but this will at least ensure that flags are having the intended effect. The rename from kasan_test.c to kasan_test_c.c is in order to allow the single kasan_test.ko test suite to contain both a .o file produced by the C compiler and one produced by rustc. Signed-off-by: Matthew Maurer <mmaurer@google.com> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Link: https://lore.kernel.org/r/20240820194910.187826-5-mmaurer@google.com [ Applied empty line nit, removed double empty line, applied `rustfmt` and formatted crate comment. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 2024-08-20 19:48:59 +00:00			`unsafe { *ptr }`
			`}`