| kasan_test.c (81895a65ec63ee1daec3255dc1a06675d2fbe915) | kasan_test.c (d6e5040bd8e53371fafd7e0c7c63b090b3a675db) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * 4 * Copyright (c) 2014 Samsung Electronics Co., Ltd. 5 * Author: Andrey Ryabinin <a.ryabinin@samsung.com> 6 */ 7 8#include <linux/bitops.h> --- 281 unchanged lines hidden (view full) --- 290 middle = size1 + (size2 - size1) / 2; 291 292 ptr1 = kmalloc(size1, GFP_KERNEL); 293 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1); 294 295 ptr2 = krealloc(ptr1, size2, GFP_KERNEL); 296 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2); 297 | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * 4 * Copyright (c) 2014 Samsung Electronics Co., Ltd. 5 * Author: Andrey Ryabinin <a.ryabinin@samsung.com> 6 */ 7 8#include <linux/bitops.h> --- 281 unchanged lines hidden (view full) --- 290 middle = size1 + (size2 - size1) / 2; 291 292 ptr1 = kmalloc(size1, GFP_KERNEL); 293 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1); 294 295 ptr2 = krealloc(ptr1, size2, GFP_KERNEL); 296 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2); 297 |
| 298 /* Suppress -Warray-bounds warnings. */ 299 OPTIMIZER_HIDE_VAR(ptr2); 300 |
|
| 298 /* All offsets up to size2 must be accessible. */ 299 ptr2[size1 - 1] = 'x'; 300 ptr2[size1] = 'x'; 301 ptr2[middle] = 'x'; 302 ptr2[size2 - 1] = 'x'; 303 304 /* Generic mode is precise, so unaligned size2 must be inaccessible. */ 305 if (IS_ENABLED(CONFIG_KASAN_GENERIC)) --- 16 unchanged lines hidden (view full) --- 322 middle = size2 + (size1 - size2) / 2; 323 324 ptr1 = kmalloc(size1, GFP_KERNEL); 325 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1); 326 327 ptr2 = krealloc(ptr1, size2, GFP_KERNEL); 328 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2); 329 | 301 /* All offsets up to size2 must be accessible. */ 302 ptr2[size1 - 1] = 'x'; 303 ptr2[size1] = 'x'; 304 ptr2[middle] = 'x'; 305 ptr2[size2 - 1] = 'x'; 306 307 /* Generic mode is precise, so unaligned size2 must be inaccessible. */ 308 if (IS_ENABLED(CONFIG_KASAN_GENERIC)) --- 16 unchanged lines hidden (view full) --- 325 middle = size2 + (size1 - size2) / 2; 326 327 ptr1 = kmalloc(size1, GFP_KERNEL); 328 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1); 329 330 ptr2 = krealloc(ptr1, size2, GFP_KERNEL); 331 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2); 332 |
| 333 /* Suppress -Warray-bounds warnings. */ 334 OPTIMIZER_HIDE_VAR(ptr2); 335 |
|
| 330 /* Must be accessible for all modes. */ 331 ptr2[size2 - 1] = 'x'; 332 333 /* Generic mode is precise, so unaligned size2 must be inaccessible. */ 334 if (IS_ENABLED(CONFIG_KASAN_GENERIC)) 335 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2] = 'x'); 336 337 /* For all modes first aligned offset after size2 must be inaccessible. */ --- 197 unchanged lines hidden (view full) --- 535 memmove((char *)ptr, (char *)ptr + 4, invalid_size)); 536 kfree(ptr); 537} 538 539static void kmalloc_memmove_invalid_size(struct kunit *test) 540{ 541 char *ptr; 542 size_t size = 64; | 336 /* Must be accessible for all modes. */ 337 ptr2[size2 - 1] = 'x'; 338 339 /* Generic mode is precise, so unaligned size2 must be inaccessible. */ 340 if (IS_ENABLED(CONFIG_KASAN_GENERIC)) 341 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2] = 'x'); 342 343 /* For all modes first aligned offset after size2 must be inaccessible. */ --- 197 unchanged lines hidden (view full) --- 541 memmove((char *)ptr, (char *)ptr + 4, invalid_size)); 542 kfree(ptr); 543} 544 545static void kmalloc_memmove_invalid_size(struct kunit *test) 546{ 547 char *ptr; 548 size_t size = 64; |
| 543 volatile size_t invalid_size = size; | 549 size_t invalid_size = size; |
| 544 545 ptr = kmalloc(size, GFP_KERNEL); 546 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 547 548 memset((char *)ptr, 0, 64); 549 OPTIMIZER_HIDE_VAR(ptr); | 550 551 ptr = kmalloc(size, GFP_KERNEL); 552 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 553 554 memset((char *)ptr, 0, 64); 555 OPTIMIZER_HIDE_VAR(ptr); |
| 556 OPTIMIZER_HIDE_VAR(invalid_size); |
|
| 550 KUNIT_EXPECT_KASAN_FAIL(test, 551 memmove((char *)ptr, (char *)ptr + 4, invalid_size)); 552 kfree(ptr); 553} 554 555static void kmalloc_uaf(struct kunit *test) 556{ 557 char *ptr; --- 729 unchanged lines hidden (view full) --- 1287{ 1288 char *ptr; 1289 struct page *pages; 1290 int i, size, order; 1291 1292 KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_GENERIC); 1293 1294 for (i = 0; i < 256; i++) { | 557 KUNIT_EXPECT_KASAN_FAIL(test, 558 memmove((char *)ptr, (char *)ptr + 4, invalid_size)); 559 kfree(ptr); 560} 561 562static void kmalloc_uaf(struct kunit *test) 563{ 564 char *ptr; --- 729 unchanged lines hidden (view full) --- 1294{ 1295 char *ptr; 1296 struct page *pages; 1297 int i, size, order; 1298 1299 KASAN_TEST_NEEDS_CONFIG_OFF(test, CONFIG_KASAN_GENERIC); 1300 1301 for (i = 0; i < 256; i++) { |
| 1295 size = prandom_u32_max(1024) + 1; | 1302 size = (get_random_int() % 1024) + 1; |
| 1296 ptr = kmalloc(size, GFP_KERNEL); 1297 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1298 KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN); 1299 KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KERNEL); 1300 kfree(ptr); 1301 } 1302 1303 for (i = 0; i < 256; i++) { | 1303 ptr = kmalloc(size, GFP_KERNEL); 1304 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1305 KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN); 1306 KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KERNEL); 1307 kfree(ptr); 1308 } 1309 1310 for (i = 0; i < 256; i++) { |
| 1304 order = prandom_u32_max(4) + 1; | 1311 order = (get_random_int() % 4) + 1; |
| 1305 pages = alloc_pages(GFP_KERNEL, order); 1306 ptr = page_address(pages); 1307 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1308 KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN); 1309 KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KERNEL); 1310 free_pages((unsigned long)ptr, order); 1311 } 1312 1313 if (!IS_ENABLED(CONFIG_KASAN_VMALLOC)) 1314 return; 1315 1316 for (i = 0; i < 256; i++) { | 1312 pages = alloc_pages(GFP_KERNEL, order); 1313 ptr = page_address(pages); 1314 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1315 KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN); 1316 KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KERNEL); 1317 free_pages((unsigned long)ptr, order); 1318 } 1319 1320 if (!IS_ENABLED(CONFIG_KASAN_VMALLOC)) 1321 return; 1322 1323 for (i = 0; i < 256; i++) { |
| 1317 size = prandom_u32_max(1024) + 1; | 1324 size = (get_random_int() % 1024) + 1; |
| 1318 ptr = vmalloc(size); 1319 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1320 KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN); 1321 KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KERNEL); 1322 vfree(ptr); 1323 } 1324} 1325 --- 125 unchanged lines hidden --- | 1325 ptr = vmalloc(size); 1326 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1327 KUNIT_EXPECT_GE(test, (u8)get_tag(ptr), (u8)KASAN_TAG_MIN); 1328 KUNIT_EXPECT_LT(test, (u8)get_tag(ptr), (u8)KASAN_TAG_KERNEL); 1329 vfree(ptr); 1330 } 1331} 1332 --- 125 unchanged lines hidden --- |