Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...

[linux-2.6-block.git] / lib / test_kasan.c

diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index c32f3b0048dc826cdad5d04a3c4d15a7ecbe9645..82169fbf24538fdc70ff98fce1f324cb13f241da 100644 (file)
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -65,11 +65,34 @@ static noinline void __init kmalloc_node_oob_right(void)
        kfree(ptr);
 }
 
-static noinline void __init kmalloc_large_oob_right(void)
+#ifdef CONFIG_SLUB
+static noinline void __init kmalloc_pagealloc_oob_right(void)
 {
        char *ptr;
        size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 
+       /* Allocate a chunk that does not fit into a SLUB cache to trigger
+        * the page allocator fallback.
+        */
+       pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
+       ptr = kmalloc(size, GFP_KERNEL);
+       if (!ptr) {
+               pr_err("Allocation failed\n");
+               return;
+       }
+
+       ptr[size] = 0;
+       kfree(ptr);
+}
+#endif
+
+static noinline void __init kmalloc_large_oob_right(void)
+{
+       char *ptr;
+       size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
+       /* Allocate a chunk that is large enough, but still fits into a slab
+        * and does not trigger the page allocator fallback in SLUB.
+        */
        pr_info("kmalloc large allocation: out-of-bounds to right\n");
        ptr = kmalloc(size, GFP_KERNEL);
        if (!ptr) {
@@ -271,6 +294,8 @@ static noinline void __init kmalloc_uaf2(void)
        }
 
        ptr1[40] = 'x';
+       if (ptr1 == ptr2)
+               pr_err("Could not detect use-after-free: ptr1 == ptr2\n");
        kfree(ptr2);
 }
 
@@ -324,6 +349,9 @@ static int __init kmalloc_tests_init(void)
        kmalloc_oob_right();
        kmalloc_oob_left();
        kmalloc_node_oob_right();
+#ifdef CONFIG_SLUB
+       kmalloc_pagealloc_oob_right();
+#endif
        kmalloc_large_oob_right();
        kmalloc_oob_krealloc_more();
        kmalloc_oob_krealloc_less();