On Fri, Sep 5, 2025 at 10:33 AM Alexander Potapenko <glider@xxxxxxxxxx> wrote: > > + * - The poisoning of the range only extends up to the last full granule before > > + * the end of the range. Any remaining bytes in a final partial granule are > > + * ignored. > > Maybe we should require that the end of the range is aligned, as we do > for e.g. kasan_unpoison()? > Are there cases in which we want to call it for non-aligned addresses? It's possible in the current KFuzzTest input format. For example you have an 8 byte struct with a pointer to a 35-byte string. This results in a payload: struct [0: 8), padding [8: 16), string: [16: 51), padding: [51: 59). The framework will poison the unaligned region [51, 59). We could enforce that the size of the payload (including all padding) is a multiple of KASAN_GRANULE_SIZE, thus resulting in padding [51, 64) at the end of the payload. It makes encoding a bit more complex, but it may be a good idea to push that complexity up to the user space encoder. What do you think?
