1 // SPDX-License-Identifier: GPL-2.0-only
4 * Copyright (c) 2014 Samsung Electronics Co., Ltd.
5 * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
8 #include <linux/bitops.h>
9 #include <linux/delay.h>
10 #include <linux/kasan.h>
11 #include <linux/kernel.h>
13 #include <linux/mman.h>
14 #include <linux/module.h>
15 #include <linux/printk.h>
16 #include <linux/slab.h>
17 #include <linux/string.h>
18 #include <linux/uaccess.h>
20 #include <linux/vmalloc.h>
24 #include <kunit/test.h>
26 #include "../mm/kasan/kasan.h"
28 #define OOB_TAG_OFF (IS_ENABLED(CONFIG_KASAN_GENERIC) ? 0 : KASAN_GRANULE_SIZE)
31 * Some tests use these global variables to store return values from function
32 * calls that could otherwise be eliminated by the compiler as dead code.
34 void *kasan_ptr_result;
37 static struct kunit_resource resource;
38 static struct kunit_kasan_expectation fail_data;
39 static bool multishot;
42 * Temporarily enable multi-shot mode. Otherwise, KASAN would only report the
43 * first detected bug and panic the kernel if panic_on_warn is enabled.
45 static int kasan_test_init(struct kunit *test)
47 multishot = kasan_save_enable_multi_shot();
51 static void kasan_test_exit(struct kunit *test)
53 kasan_restore_multi_shot(multishot);
57 * KUNIT_EXPECT_KASAN_FAIL() - check that the executed expression produces a
58 * KASAN report; causes a test failure otherwise. This relies on a KUnit
59 * resource named "kasan_data". Do not use this name for KUnit resources
60 * outside of KASAN tests.
62 #define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \
63 fail_data.report_expected = true; \
64 fail_data.report_found = false; \
65 kunit_add_named_resource(test, \
69 "kasan_data", &fail_data); \
71 KUNIT_EXPECT_EQ(test, \
72 fail_data.report_expected, \
73 fail_data.report_found); \
76 static void kmalloc_oob_right(struct kunit *test)
81 ptr = kmalloc(size, GFP_KERNEL);
82 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
84 KUNIT_EXPECT_KASAN_FAIL(test, ptr[size + OOB_TAG_OFF] = 'x');
88 static void kmalloc_oob_left(struct kunit *test)
93 ptr = kmalloc(size, GFP_KERNEL);
94 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
96 KUNIT_EXPECT_KASAN_FAIL(test, *ptr = *(ptr - 1));
100 static void kmalloc_node_oob_right(struct kunit *test)
105 ptr = kmalloc_node(size, GFP_KERNEL, 0);
106 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
108 KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0);
112 static void kmalloc_pagealloc_oob_right(struct kunit *test)
115 size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
117 if (!IS_ENABLED(CONFIG_SLUB)) {
118 kunit_info(test, "CONFIG_SLUB is not enabled.");
123 * Allocate a chunk that does not fit into a SLUB cache to trigger
124 * the page allocator fallback.
126 ptr = kmalloc(size, GFP_KERNEL);
127 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
129 KUNIT_EXPECT_KASAN_FAIL(test, ptr[size + OOB_TAG_OFF] = 0);
133 static void kmalloc_pagealloc_uaf(struct kunit *test)
136 size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
138 if (!IS_ENABLED(CONFIG_SLUB)) {
139 kunit_info(test, "CONFIG_SLUB is not enabled.");
143 ptr = kmalloc(size, GFP_KERNEL);
144 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
147 KUNIT_EXPECT_KASAN_FAIL(test, ptr[0] = 0);
150 static void kmalloc_pagealloc_invalid_free(struct kunit *test)
153 size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
155 if (!IS_ENABLED(CONFIG_SLUB)) {
156 kunit_info(test, "CONFIG_SLUB is not enabled.");
160 ptr = kmalloc(size, GFP_KERNEL);
161 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
163 KUNIT_EXPECT_KASAN_FAIL(test, kfree(ptr + 1));
166 static void kmalloc_large_oob_right(struct kunit *test)
169 size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
172 * Allocate a chunk that is large enough, but still fits into a slab
173 * and does not trigger the page allocator fallback in SLUB.
175 ptr = kmalloc(size, GFP_KERNEL);
176 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
178 KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0);
182 static void kmalloc_oob_krealloc_more(struct kunit *test)
188 ptr1 = kmalloc(size1, GFP_KERNEL);
189 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
191 ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
192 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2);
194 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2 + OOB_TAG_OFF] = 'x');
198 static void kmalloc_oob_krealloc_less(struct kunit *test)
204 ptr1 = kmalloc(size1, GFP_KERNEL);
205 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
207 ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
208 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2);
210 KUNIT_EXPECT_KASAN_FAIL(test, ptr2[size2 + OOB_TAG_OFF] = 'x');
214 static void kmalloc_oob_16(struct kunit *test)
220 /* This test is specifically crafted for the generic mode. */
221 if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) {
222 kunit_info(test, "CONFIG_KASAN_GENERIC required\n");
226 ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
227 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
229 ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
230 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2);
232 KUNIT_EXPECT_KASAN_FAIL(test, *ptr1 = *ptr2);
237 static void kmalloc_uaf_16(struct kunit *test)
243 ptr1 = kmalloc(sizeof(*ptr1), GFP_KERNEL);
244 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
246 ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
247 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2);
250 KUNIT_EXPECT_KASAN_FAIL(test, *ptr1 = *ptr2);
254 static void kmalloc_oob_memset_2(struct kunit *test)
259 ptr = kmalloc(size, GFP_KERNEL);
260 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
262 KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 7 + OOB_TAG_OFF, 0, 2));
266 static void kmalloc_oob_memset_4(struct kunit *test)
271 ptr = kmalloc(size, GFP_KERNEL);
272 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
274 KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 5 + OOB_TAG_OFF, 0, 4));
279 static void kmalloc_oob_memset_8(struct kunit *test)
284 ptr = kmalloc(size, GFP_KERNEL);
285 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
287 KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 1 + OOB_TAG_OFF, 0, 8));
291 static void kmalloc_oob_memset_16(struct kunit *test)
296 ptr = kmalloc(size, GFP_KERNEL);
297 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
299 KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr + 1 + OOB_TAG_OFF, 0, 16));
303 static void kmalloc_oob_in_memset(struct kunit *test)
308 ptr = kmalloc(size, GFP_KERNEL);
309 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
311 KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr, 0, size + 5 + OOB_TAG_OFF));
315 static void kmalloc_memmove_invalid_size(struct kunit *test)
319 volatile size_t invalid_size = -2;
321 ptr = kmalloc(size, GFP_KERNEL);
322 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
324 memset((char *)ptr, 0, 64);
326 KUNIT_EXPECT_KASAN_FAIL(test,
327 memmove((char *)ptr, (char *)ptr + 4, invalid_size));
331 static void kmalloc_uaf(struct kunit *test)
336 ptr = kmalloc(size, GFP_KERNEL);
337 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
340 KUNIT_EXPECT_KASAN_FAIL(test, *(ptr + 8) = 'x');
343 static void kmalloc_uaf_memset(struct kunit *test)
348 ptr = kmalloc(size, GFP_KERNEL);
349 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
352 KUNIT_EXPECT_KASAN_FAIL(test, memset(ptr, 0, size));
355 static void kmalloc_uaf2(struct kunit *test)
360 ptr1 = kmalloc(size, GFP_KERNEL);
361 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
365 ptr2 = kmalloc(size, GFP_KERNEL);
366 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr2);
368 KUNIT_EXPECT_KASAN_FAIL(test, ptr1[40] = 'x');
369 KUNIT_EXPECT_PTR_NE(test, ptr1, ptr2);
374 static void kfree_via_page(struct kunit *test)
379 unsigned long offset;
381 ptr = kmalloc(size, GFP_KERNEL);
382 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
384 page = virt_to_page(ptr);
385 offset = offset_in_page(ptr);
386 kfree(page_address(page) + offset);
389 static void kfree_via_phys(struct kunit *test)
395 ptr = kmalloc(size, GFP_KERNEL);
396 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
398 phys = virt_to_phys(ptr);
399 kfree(phys_to_virt(phys));
402 static void kmem_cache_oob(struct kunit *test)
406 struct kmem_cache *cache = kmem_cache_create("test_cache",
409 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache);
410 p = kmem_cache_alloc(cache, GFP_KERNEL);
412 kunit_err(test, "Allocation failed: %s\n", __func__);
413 kmem_cache_destroy(cache);
417 KUNIT_EXPECT_KASAN_FAIL(test, *p = p[size + OOB_TAG_OFF]);
418 kmem_cache_free(cache, p);
419 kmem_cache_destroy(cache);
422 static void memcg_accounted_kmem_cache(struct kunit *test)
427 struct kmem_cache *cache;
429 cache = kmem_cache_create("test_cache", size, 0, SLAB_ACCOUNT, NULL);
430 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache);
433 * Several allocations with a delay to allow for lazy per memcg kmem
436 for (i = 0; i < 5; i++) {
437 p = kmem_cache_alloc(cache, GFP_KERNEL);
441 kmem_cache_free(cache, p);
446 kmem_cache_destroy(cache);
449 static char global_array[10];
451 static void kasan_global_oob(struct kunit *test)
454 char *p = &global_array[ARRAY_SIZE(global_array) + i];
456 /* Only generic mode instruments globals. */
457 if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) {
458 kunit_info(test, "CONFIG_KASAN_GENERIC required");
462 KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
465 static void ksize_unpoisons_memory(struct kunit *test)
468 size_t size = 123, real_size;
470 ptr = kmalloc(size, GFP_KERNEL);
471 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
472 real_size = ksize(ptr);
474 /* This access shouldn't trigger a KASAN report. */
478 KUNIT_EXPECT_KASAN_FAIL(test, ptr[real_size] = 'y');
483 static void kasan_stack_oob(struct kunit *test)
485 char stack_array[10];
486 volatile int i = OOB_TAG_OFF;
487 char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
489 if (!IS_ENABLED(CONFIG_KASAN_STACK)) {
490 kunit_info(test, "CONFIG_KASAN_STACK is not enabled");
494 KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
497 static void kasan_alloca_oob_left(struct kunit *test)
500 char alloca_array[i];
501 char *p = alloca_array - 1;
503 /* Only generic mode instruments dynamic allocas. */
504 if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) {
505 kunit_info(test, "CONFIG_KASAN_GENERIC required");
509 if (!IS_ENABLED(CONFIG_KASAN_STACK)) {
510 kunit_info(test, "CONFIG_KASAN_STACK is not enabled");
514 KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
517 static void kasan_alloca_oob_right(struct kunit *test)
520 char alloca_array[i];
521 char *p = alloca_array + i;
523 /* Only generic mode instruments dynamic allocas. */
524 if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) {
525 kunit_info(test, "CONFIG_KASAN_GENERIC required");
529 if (!IS_ENABLED(CONFIG_KASAN_STACK)) {
530 kunit_info(test, "CONFIG_KASAN_STACK is not enabled");
534 KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
537 static void kmem_cache_double_free(struct kunit *test)
541 struct kmem_cache *cache;
543 cache = kmem_cache_create("test_cache", size, 0, 0, NULL);
544 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache);
546 p = kmem_cache_alloc(cache, GFP_KERNEL);
548 kunit_err(test, "Allocation failed: %s\n", __func__);
549 kmem_cache_destroy(cache);
553 kmem_cache_free(cache, p);
554 KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p));
555 kmem_cache_destroy(cache);
558 static void kmem_cache_invalid_free(struct kunit *test)
562 struct kmem_cache *cache;
564 cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU,
566 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache);
568 p = kmem_cache_alloc(cache, GFP_KERNEL);
570 kunit_err(test, "Allocation failed: %s\n", __func__);
571 kmem_cache_destroy(cache);
575 /* Trigger invalid free, the object doesn't get freed. */
576 KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1));
579 * Properly free the object to prevent the "Objects remaining in
580 * test_cache on __kmem_cache_shutdown" BUG failure.
582 kmem_cache_free(cache, p);
584 kmem_cache_destroy(cache);
587 static void kasan_memchr(struct kunit *test)
593 * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT.
594 * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details.
596 if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
598 "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT");
603 size = round_up(size, OOB_TAG_OFF);
605 ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
606 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
608 KUNIT_EXPECT_KASAN_FAIL(test,
609 kasan_ptr_result = memchr(ptr, '1', size + 1));
614 static void kasan_memcmp(struct kunit *test)
621 * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT.
622 * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details.
624 if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
626 "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT");
631 size = round_up(size, OOB_TAG_OFF);
633 ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
634 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
635 memset(arr, 0, sizeof(arr));
637 KUNIT_EXPECT_KASAN_FAIL(test,
638 kasan_int_result = memcmp(ptr, arr, size+1));
642 static void kasan_strings(struct kunit *test)
648 * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT.
649 * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details.
651 if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
653 "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT");
657 ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
658 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
663 * Try to cause only 1 invalid access (less spam in dmesg).
664 * For that we need ptr to point to zeroed byte.
665 * Skip metadata that could be stored in freed object so ptr
666 * will likely point to zeroed byte.
669 KUNIT_EXPECT_KASAN_FAIL(test, kasan_ptr_result = strchr(ptr, '1'));
671 KUNIT_EXPECT_KASAN_FAIL(test, kasan_ptr_result = strrchr(ptr, '1'));
673 KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result = strcmp(ptr, "2"));
675 KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result = strncmp(ptr, "2", 1));
677 KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result = strlen(ptr));
679 KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result = strnlen(ptr, 1));
682 static void kasan_bitops_modify(struct kunit *test, int nr, void *addr)
684 KUNIT_EXPECT_KASAN_FAIL(test, set_bit(nr, addr));
685 KUNIT_EXPECT_KASAN_FAIL(test, __set_bit(nr, addr));
686 KUNIT_EXPECT_KASAN_FAIL(test, clear_bit(nr, addr));
687 KUNIT_EXPECT_KASAN_FAIL(test, __clear_bit(nr, addr));
688 KUNIT_EXPECT_KASAN_FAIL(test, clear_bit_unlock(nr, addr));
689 KUNIT_EXPECT_KASAN_FAIL(test, __clear_bit_unlock(nr, addr));
690 KUNIT_EXPECT_KASAN_FAIL(test, change_bit(nr, addr));
691 KUNIT_EXPECT_KASAN_FAIL(test, __change_bit(nr, addr));
694 static void kasan_bitops_test_and_modify(struct kunit *test, int nr, void *addr)
696 KUNIT_EXPECT_KASAN_FAIL(test, test_and_set_bit(nr, addr));
697 KUNIT_EXPECT_KASAN_FAIL(test, __test_and_set_bit(nr, addr));
698 KUNIT_EXPECT_KASAN_FAIL(test, test_and_set_bit_lock(nr, addr));
699 KUNIT_EXPECT_KASAN_FAIL(test, test_and_clear_bit(nr, addr));
700 KUNIT_EXPECT_KASAN_FAIL(test, __test_and_clear_bit(nr, addr));
701 KUNIT_EXPECT_KASAN_FAIL(test, test_and_change_bit(nr, addr));
702 KUNIT_EXPECT_KASAN_FAIL(test, __test_and_change_bit(nr, addr));
703 KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result = test_bit(nr, addr));
705 #if defined(clear_bit_unlock_is_negative_byte)
706 KUNIT_EXPECT_KASAN_FAIL(test, kasan_int_result =
707 clear_bit_unlock_is_negative_byte(nr, addr));
711 static void kasan_bitops_generic(struct kunit *test)
715 /* This test is specifically crafted for the generic mode. */
716 if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) {
717 kunit_info(test, "CONFIG_KASAN_GENERIC required\n");
722 * Allocate 1 more byte, which causes kzalloc to round up to 16 bytes;
723 * this way we do not actually corrupt other memory.
725 bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL);
726 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, bits);
729 * Below calls try to access bit within allocated memory; however, the
730 * below accesses are still out-of-bounds, since bitops are defined to
731 * operate on the whole long the bit is in.
733 kasan_bitops_modify(test, BITS_PER_LONG, bits);
736 * Below calls try to access bit beyond allocated memory.
738 kasan_bitops_test_and_modify(test, BITS_PER_LONG + BITS_PER_BYTE, bits);
743 static void kasan_bitops_tags(struct kunit *test)
747 /* This test is specifically crafted for the tag-based mode. */
748 if (IS_ENABLED(CONFIG_KASAN_GENERIC)) {
749 kunit_info(test, "CONFIG_KASAN_SW_TAGS required\n");
753 /* Allocation size will be rounded to up granule size, which is 16. */
754 bits = kzalloc(sizeof(*bits), GFP_KERNEL);
755 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, bits);
757 /* Do the accesses past the 16 allocated bytes. */
758 kasan_bitops_modify(test, BITS_PER_LONG, &bits[1]);
759 kasan_bitops_test_and_modify(test, BITS_PER_LONG + BITS_PER_BYTE, &bits[1]);
764 static void kmalloc_double_kzfree(struct kunit *test)
769 ptr = kmalloc(size, GFP_KERNEL);
770 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
772 kfree_sensitive(ptr);
773 KUNIT_EXPECT_KASAN_FAIL(test, kfree_sensitive(ptr));
776 static void vmalloc_oob(struct kunit *test)
780 if (!IS_ENABLED(CONFIG_KASAN_VMALLOC)) {
781 kunit_info(test, "CONFIG_KASAN_VMALLOC is not enabled.");
786 * We have to be careful not to hit the guard page.
787 * The MMU will catch that and crash us.
789 area = vmalloc(3000);
790 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, area);
792 KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)area)[3100]);
796 static struct kunit_case kasan_kunit_test_cases[] = {
797 KUNIT_CASE(kmalloc_oob_right),
798 KUNIT_CASE(kmalloc_oob_left),
799 KUNIT_CASE(kmalloc_node_oob_right),
800 KUNIT_CASE(kmalloc_pagealloc_oob_right),
801 KUNIT_CASE(kmalloc_pagealloc_uaf),
802 KUNIT_CASE(kmalloc_pagealloc_invalid_free),
803 KUNIT_CASE(kmalloc_large_oob_right),
804 KUNIT_CASE(kmalloc_oob_krealloc_more),
805 KUNIT_CASE(kmalloc_oob_krealloc_less),
806 KUNIT_CASE(kmalloc_oob_16),
807 KUNIT_CASE(kmalloc_uaf_16),
808 KUNIT_CASE(kmalloc_oob_in_memset),
809 KUNIT_CASE(kmalloc_oob_memset_2),
810 KUNIT_CASE(kmalloc_oob_memset_4),
811 KUNIT_CASE(kmalloc_oob_memset_8),
812 KUNIT_CASE(kmalloc_oob_memset_16),
813 KUNIT_CASE(kmalloc_memmove_invalid_size),
814 KUNIT_CASE(kmalloc_uaf),
815 KUNIT_CASE(kmalloc_uaf_memset),
816 KUNIT_CASE(kmalloc_uaf2),
817 KUNIT_CASE(kfree_via_page),
818 KUNIT_CASE(kfree_via_phys),
819 KUNIT_CASE(kmem_cache_oob),
820 KUNIT_CASE(memcg_accounted_kmem_cache),
821 KUNIT_CASE(kasan_global_oob),
822 KUNIT_CASE(kasan_stack_oob),
823 KUNIT_CASE(kasan_alloca_oob_left),
824 KUNIT_CASE(kasan_alloca_oob_right),
825 KUNIT_CASE(ksize_unpoisons_memory),
826 KUNIT_CASE(kmem_cache_double_free),
827 KUNIT_CASE(kmem_cache_invalid_free),
828 KUNIT_CASE(kasan_memchr),
829 KUNIT_CASE(kasan_memcmp),
830 KUNIT_CASE(kasan_strings),
831 KUNIT_CASE(kasan_bitops_generic),
832 KUNIT_CASE(kasan_bitops_tags),
833 KUNIT_CASE(kmalloc_double_kzfree),
834 KUNIT_CASE(vmalloc_oob),
838 static struct kunit_suite kasan_kunit_test_suite = {
840 .init = kasan_test_init,
841 .test_cases = kasan_kunit_test_cases,
842 .exit = kasan_test_exit,
845 kunit_test_suite(kasan_kunit_test_suite);
847 MODULE_LICENSE("GPL");