Re: [RFC v3 5/7] mm: Fix benign off-by-one bugs

From: Marco Elver
Date: Mon Jul 07 2025 - 03:47:28 EST

Next message: Alice Ryhl: "Re: [PATCH v12 2/3] rust: io: mem: add a generic iomem abstraction"
Previous message: Greg Kroah-Hartman: "Re: [char-misc-next v2] mei: bus: fix device leak"
In reply to: Alejandro Colomar: "[RFC v3 5/7] mm: Fix benign off-by-one bugs"
Next in thread: Michal Hocko: "Re: [RFC v3 5/7] mm: Fix benign off-by-one bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 7 Jul 2025 at 07:06, Alejandro Colomar <alx@xxxxxxxxxx> wrote:
>
> We were wasting a byte due to an off-by-one bug. s[c]nprintf()
> doesn't write more than $2 bytes including the null byte, so trying to
> pass 'size-1' there is wasting one byte. Now that we use seprintf(),
> the situation isn't different: seprintf() will stop writing *before*
> 'end' --that is, at most the terminating null byte will be written at
> 'end-1'--.
>
> Fixes: bc8fbc5f305a (2021-02-26; "kfence: add test suite")
> Fixes: 8ed691b02ade (2022-10-03; "kmsan: add tests for KMSAN")

Not sure about the Fixes - this means it's likely going to be
backported to stable kernels, which is not appropriate. There's no
functional problem, and these are tests only, so not worth the churn.

Did you run the tests?

Otherwise:

Acked-by: Marco Elver <elver@xxxxxxxxxx>

> Cc: Kees Cook <kees@xxxxxxxxxx>
> Cc: Christopher Bazley <chris.bazley.wg14@xxxxxxxxx>
> Cc: Alexander Potapenko <glider@xxxxxxxxxx>
> Cc: Marco Elver <elver@xxxxxxxxxx>
> Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> Cc: Alexander Potapenko <glider@xxxxxxxxxx>
> Cc: Jann Horn <jannh@xxxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Alejandro Colomar <alx@xxxxxxxxxx>
> ---
> mm/kfence/kfence_test.c | 4 ++--
> mm/kmsan/kmsan_test.c | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c
> index ff734c514c03..f02c3e23638a 100644
> --- a/mm/kfence/kfence_test.c
> +++ b/mm/kfence/kfence_test.c
> @@ -110,7 +110,7 @@ static bool report_matches(const struct expect_report *r)
>
> /* Title */
> cur = expect[0];
> - end = &expect[0][sizeof(expect[0]) - 1];
> + end = ENDOF(expect[0]);
> switch (r->type) {
> case KFENCE_ERROR_OOB:
> cur = seprintf(cur, end, "BUG: KFENCE: out-of-bounds %s",
> @@ -140,7 +140,7 @@ static bool report_matches(const struct expect_report *r)
>
> /* Access information */
> cur = expect[1];
> - end = &expect[1][sizeof(expect[1]) - 1];
> + end = ENDOF(expect[1]);
>
> switch (r->type) {
> case KFENCE_ERROR_OOB:
> diff --git a/mm/kmsan/kmsan_test.c b/mm/kmsan/kmsan_test.c
> index a062a46b2d24..882500807db8 100644
> --- a/mm/kmsan/kmsan_test.c
> +++ b/mm/kmsan/kmsan_test.c
> @@ -105,7 +105,7 @@ static bool report_matches(const struct expect_report *r)
>
> /* Title */
> cur = expected_header;
> - end = &expected_header[sizeof(expected_header) - 1];
> + end = ENDOF(expected_header);
>
> cur = seprintf(cur, end, "BUG: KMSAN: %s", r->error_type);
>
> --
> 2.50.0
>

Next message: Alice Ryhl: "Re: [PATCH v12 2/3] rust: io: mem: add a generic iomem abstraction"
Previous message: Greg Kroah-Hartman: "Re: [char-misc-next v2] mei: bus: fix device leak"
In reply to: Alejandro Colomar: "[RFC v3 5/7] mm: Fix benign off-by-one bugs"
Next in thread: Michal Hocko: "Re: [RFC v3 5/7] mm: Fix benign off-by-one bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]