summaryrefslogtreecommitdiff
path: root/mm/kasan/kasan_test_rust.rs
diff options
context:
space:
mode:
Diffstat (limited to 'mm/kasan/kasan_test_rust.rs')
-rw-r--r--mm/kasan/kasan_test_rust.rs22
1 files changed, 22 insertions, 0 deletions
diff --git a/mm/kasan/kasan_test_rust.rs b/mm/kasan/kasan_test_rust.rs
new file mode 100644
index 000000000000..5b34edf30e72
--- /dev/null
+++ b/mm/kasan/kasan_test_rust.rs
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Helper crate for KASAN testing.
+//!
+//! Provides behavior to check the sanitization of Rust code.
+
+use core::ptr::addr_of_mut;
+use kernel::prelude::*;
+
+/// Trivial UAF - allocate a big vector, grab a pointer partway through,
+/// drop the vector, and touch it.
+#[no_mangle]
+pub extern "C" fn kasan_test_rust_uaf() -> u8 {
+ let mut v: KVec<u8> = KVec::new();
+ for _ in 0..4096 {
+ v.push(0x42, GFP_KERNEL).unwrap();
+ }
+ let ptr: *mut u8 = addr_of_mut!(v[2048]);
+ drop(v);
+ // SAFETY: Incorrect, on purpose.
+ unsafe { *ptr }
+}
generated by cgit (git 2.34.1) at 2025-07-25 19:02:52 +0000