tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm/kasan/kunit: extend vmalloc OOB tests to cover vrealloc()

Extend the vmalloc_oob() test to validate OOB detection after resizing
vmalloc allocations with vrealloc().

The test now verifies that KASAN correctly poisons and unpoisons vmalloc
memory when allocations are shrunk and expanded, ensuring OOB accesses are
reliably detected after each resize.

[ryabinin.a.a@gmail.com: adjust vrealloc() size]
Link: https://lkml.kernel.org/r/20260116132822.22227-1-ryabinin.a.a@gmail.com
Link: https://lkml.kernel.org/r/20260113191516.31015-2-ryabinin.a.a@gmail.com
Signed-off-by: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Maciej Żenczykowski <maze@google.com>
Cc: Uladzislau Rezki <urezki@gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Andrey Ryabinin and committed by
Andrew Morton b19cb086 d6076907

+36 -16
+36 -16
mm/kasan/kasan_test_c.c
··· 1840 1840 vfree(ptr); 1841 1841 } 1842 1842 1843 - static void vmalloc_oob(struct kunit *test) 1843 + static void vmalloc_oob_helper(struct kunit *test, char *v_ptr, size_t size) 1844 1844 { 1845 - char *v_ptr, *p_ptr; 1846 - struct page *page; 1847 - size_t size = PAGE_SIZE / 2 - KASAN_GRANULE_SIZE - 5; 1848 - 1849 - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_VMALLOC); 1850 - 1851 - if (!kasan_vmalloc_enabled()) 1852 - kunit_skip(test, "Test requires kasan.vmalloc=on"); 1853 - 1854 - v_ptr = vmalloc(size); 1855 - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, v_ptr); 1856 - 1857 - OPTIMIZER_HIDE_VAR(v_ptr); 1858 - 1859 1845 /* 1860 1846 * We have to be careful not to hit the guard page in vmalloc tests. 1861 1847 * The MMU will catch that and crash us. ··· 1859 1873 KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)v_ptr)[size]); 1860 1874 1861 1875 /* An aligned access into the first out-of-bounds granule. */ 1862 - KUNIT_EXPECT_KASAN_FAIL_READ(test, ((volatile char *)v_ptr)[size + 5]); 1876 + size = round_up(size, KASAN_GRANULE_SIZE); 1877 + KUNIT_EXPECT_KASAN_FAIL_READ(test, ((volatile char *)v_ptr)[size]); 1878 + } 1879 + 1880 + static void vmalloc_oob(struct kunit *test) 1881 + { 1882 + char *v_ptr, *p_ptr; 1883 + struct page *page; 1884 + size_t size = PAGE_SIZE / 2 - KASAN_GRANULE_SIZE - 5; 1885 + 1886 + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_VMALLOC); 1887 + 1888 + if (!kasan_vmalloc_enabled()) 1889 + kunit_skip(test, "Test requires kasan.vmalloc=on"); 1890 + 1891 + v_ptr = vmalloc(size); 1892 + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, v_ptr); 1893 + 1894 + OPTIMIZER_HIDE_VAR(v_ptr); 1895 + 1896 + vmalloc_oob_helper(test, v_ptr, size); 1897 + 1898 + size -= KASAN_GRANULE_SIZE + 1; 1899 + v_ptr = vrealloc(v_ptr, size, GFP_KERNEL); 1900 + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, v_ptr); 1901 + 1902 + OPTIMIZER_HIDE_VAR(v_ptr); 1903 + 1904 + vmalloc_oob_helper(test, v_ptr, size); 1905 + 1906 + size += 2 * KASAN_GRANULE_SIZE + 2; 1907 + v_ptr = vrealloc(v_ptr, size, GFP_KERNEL); 1908 + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, v_ptr); 1909 + 1910 + vmalloc_oob_helper(test, v_ptr, size); 1863 1911 1864 1912 /* Check that in-bounds accesses to the physical page are valid. */ 1865 1913 page = vmalloc_to_page(v_ptr);