From: Kuthonuzo Luruo <kuthonuzo.luruo@hpe.com>
To: dvyukov@google.com, aryabinin@virtuozzo.com, glider@google.com,
cl@linux.com, penberg@kernel.org, rientjes@google.com,
iamjoonsoo.kim@lge.com, akpm@linux-foundation.org
Cc: kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, ynorov@caviumnetworks.com,
kuthonuzo.luruo@hpe.com
Subject: [PATCH v3 2/2] kasan: add double-free tests
Date: Wed, 25 May 2016 00:01:55 +0530 [thread overview]
Message-ID: <20160524183155.GA4773@cherokee.in.rdlabs.hpecorp.net> (raw)
This patch adds new tests for KASAN double-free error detection when the
same slab object is concurrently deallocated.
Signed-off-by: Kuthonuzo Luruo <kuthonuzo.luruo@hpe.com>
---
Changes in v3:
- concurrent double-free test simplified to use on_each_cpu_mask() instead
of custom threads.
- reduced #threads and removed CONFIG_SMP guards per suggestion from Dmitry
Vyukov.
---
lib/test_kasan.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 47 insertions(+), 0 deletions(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 5e51872..0f589e7 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -411,6 +411,49 @@ static noinline void __init copy_user_test(void)
kfree(kmem);
}
+#ifdef CONFIG_SLAB
+static void try_free(void *p)
+{
+ kfree(p);
+}
+
+static void __init kasan_double_free_concurrent(void)
+{
+#define MAX_THREADS 3
+ char *p;
+ int cpu, cnt = num_online_cpus();
+ cpumask_t mask = { CPU_BITS_NONE };
+ size_t size = 4097; /* must be <= KMALLOC_MAX_CACHE_SIZE/2 */
+
+ if (cnt == 1)
+ return;
+ cnt = cnt < MAX_THREADS ? cnt : MAX_THREADS;
+ pr_info("concurrent double-free (%d threads)\n", cnt);
+ p = kmalloc(size, GFP_KERNEL);
+ if (!p)
+ return;
+ for_each_online_cpu(cpu) {
+ cpumask_set_cpu(cpu, &mask);
+ if (!--cnt)
+ break;
+ }
+ on_each_cpu_mask(&mask, try_free, p, 0);
+}
+
+static noinline void __init kasan_double_free(void)
+{
+ char *p;
+ size_t size = 2049;
+
+ pr_info("double-free\n");
+ p = kmalloc(size, GFP_KERNEL);
+ if (!p)
+ return;
+ kfree(p);
+ kfree(p);
+}
+#endif
+
static int __init kmalloc_tests_init(void)
{
kmalloc_oob_right();
@@ -436,6 +479,10 @@ static int __init kmalloc_tests_init(void)
kasan_global_oob();
ksize_unpoisons_memory();
copy_user_test();
+#ifdef CONFIG_SLAB
+ kasan_double_free();
+ kasan_double_free_concurrent();
+#endif
return -EAGAIN;
}
--
1.7.1
reply other threads:[~2016-05-24 18:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160524183155.GA4773@cherokee.in.rdlabs.hpecorp.net \
--to=kuthonuzo.luruo@hpe.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=ynorov@caviumnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).