Skip to content

Commit

Permalink
kasan: add memcg kmem_cache test
Browse files Browse the repository at this point in the history
Make a kasan test which uses a SLAB_ACCOUNT slab cache.  If the test is
run within a non default memcg, then it uncovers the bug fixed by
"kasan: drain quarantine of memcg slab objects"[1].

If run without fix [1] it shows "Slab cache still has objects", and the
kmem_cache structure is leaked.
Here's an unpatched kernel test:

 $ dmesg -c > /dev/null
 $ mkdir /sys/fs/cgroup/memory/test
 $ echo $$ > /sys/fs/cgroup/memory/test/tasks
 $ modprobe test_kasan 2> /dev/null
 $ dmesg | grep -B1 still
 [ 123.456789] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object
 [ 124.456789] kmem_cache_destroy test_cache: Slab cache still has objects

Kernels with fix [1] don't have the "Slab cache still has objects"
warning or the underlying leak.

The new test runs and passes in the default (root) memcg, though in the
root memcg it won't uncover the problem fixed by [1].

Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Greg Thelen <[email protected]>
Reviewed-by: Vladimir Davydov <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: Christoph Lameter <[email protected]>
Cc: Pekka Enberg <[email protected]>
Cc: David Rientjes <[email protected]>
Cc: Joonsoo Kim <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
gthelen authored and torvalds committed Feb 25, 2017
1 parent f9fa1d9 commit 0386bf3
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions lib/test_kasan.c
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

#define pr_fmt(fmt) "kasan test: %s " fmt, __func__

#include <linux/delay.h>
#include <linux/kernel.h>
#include <linux/mman.h>
#include <linux/mm.h>
Expand Down Expand Up @@ -331,6 +332,38 @@ static noinline void __init kmem_cache_oob(void)
kmem_cache_destroy(cache);
}

static noinline void __init memcg_accounted_kmem_cache(void)
{
int i;
char *p;
size_t size = 200;
struct kmem_cache *cache;

cache = kmem_cache_create("test_cache", size, 0, SLAB_ACCOUNT, NULL);
if (!cache) {
pr_err("Cache allocation failed\n");
return;
}

pr_info("allocate memcg accounted object\n");
/*
* Several allocations with a delay to allow for lazy per memcg kmem
* cache creation.
*/
for (i = 0; i < 5; i++) {
p = kmem_cache_alloc(cache, GFP_KERNEL);
if (!p) {
pr_err("Allocation failed\n");
goto free_cache;
}
kmem_cache_free(cache, p);
msleep(100);
}

free_cache:
kmem_cache_destroy(cache);
}

static char global_array[10];

static noinline void __init kasan_global_oob(void)
Expand Down Expand Up @@ -460,6 +493,7 @@ static int __init kmalloc_tests_init(void)
kmalloc_uaf_memset();
kmalloc_uaf2();
kmem_cache_oob();
memcg_accounted_kmem_cache();
kasan_stack_oob();
kasan_global_oob();
ksize_unpoisons_memory();
Expand Down

0 comments on commit 0386bf3

Please sign in to comment.