WSL2-Linux-Kernel/lib
Guenter Roeck d19ba2e3f5 mm/slub, kunit: Use inverted data to corrupt kmem cache
[ Upstream commit b1080c667b3b2c8c38a7fa83ca5567124887abae ]

Two failure patterns are seen randomly when running slub_kunit tests with
CONFIG_SLAB_FREELIST_RANDOM and CONFIG_SLAB_FREELIST_HARDENED enabled.

Pattern 1:
     # test_clobber_zone: pass:1 fail:0 skip:0 total:1
     ok 1 test_clobber_zone
     # test_next_pointer: EXPECTATION FAILED at lib/slub_kunit.c:72
     Expected 3 == slab_errors, but
         slab_errors == 0 (0x0)
     # test_next_pointer: EXPECTATION FAILED at lib/slub_kunit.c:84
     Expected 2 == slab_errors, but
         slab_errors == 0 (0x0)
     # test_next_pointer: pass:0 fail:1 skip:0 total:1
     not ok 2 test_next_pointer

In this case, test_next_pointer() overwrites p[s->offset], but the data
at p[s->offset] is already 0x12.

Pattern 2:
     ok 1 test_clobber_zone
     # test_next_pointer: EXPECTATION FAILED at lib/slub_kunit.c:72
     Expected 3 == slab_errors, but
         slab_errors == 2 (0x2)
     # test_next_pointer: pass:0 fail:1 skip:0 total:1
     not ok 2 test_next_pointer

In this case, p[s->offset] has a value other than 0x12, but one of the
expected failures is nevertheless missing.

Invert data instead of writing a fixed value to corrupt the cache data
structures to fix the problem.

Fixes: 1f9f78b1b3 ("mm/slub, kunit: add a KUnit test for SLUB debugging functionality")
Cc: Oliver Glitta <glittao@gmail.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
CC: Daniel Latypov <dlatypov@google.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-16 13:39:16 +02:00
..
842
crypto crypto: lib - remove unneeded selection of XOR_BLOCKS 2022-09-05 10:30:03 +02:00
dim linux/dim: Do nothing if no time delta between samples 2023-05-24 17:36:41 +01:00
fonts lib/fonts: fix undefined behavior in bit shift for get_default_font 2022-12-31 13:14:02 +01:00
kunit kunit: debugfs: Fix unchecked dereference in debugfs_print_results() 2024-01-25 14:52:34 -08:00
livepatch selftests/livepatch: better synchronize test_klp_callbacks_busy 2022-08-17 14:24:03 +02:00
lz4 lz4: fix LZ4_decompress_safe_partial read out of bound 2022-04-13 20:59:21 +02:00
lzo
math math: make RATIONAL tristate 2021-09-08 11:50:26 -07:00
mpi crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init 2024-02-23 08:55:11 +01:00
pldmfw
raid6 lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 2022-04-08 14:23:56 +02:00
reed_solomon
vdso lib/vdso: use "grep -E" instead of "egrep" 2022-12-02 17:41:08 +01:00
xz lib/xz: Validate the value before assigning it to an enum variable 2021-11-18 19:16:17 +01:00
zlib_deflate
zlib_dfltcc
zlib_inflate lib/zlib_inflate/inffast: check config in C to avoid unused function warning 2021-09-24 16:13:35 -07:00
zstd
.gitignore
Kconfig crypto: memneq - move into lib/ 2022-06-22 14:22:03 +02:00
Kconfig.debug bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition 2024-05-17 11:50:46 +02:00
Kconfig.kasan kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS 2021-09-24 16:13:34 -07:00
Kconfig.kcsan
Kconfig.kfence kfence: default to dynamic branch instead of static keys mode 2021-11-12 15:05:49 +01:00
Kconfig.kgdb
Kconfig.ubsan ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-04-13 20:59:27 +02:00
Makefile crypto: memneq - move into lib/ 2022-06-22 14:22:03 +02:00
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c
asn1_encoder.c
assoc_array.c assoc_array: Fix BUG_ON during garbage collect 2022-06-06 08:43:37 +02:00
atomic64.c
atomic64_test.c
audit.c
bcd.c
bch.c
bitfield_kunit.c
bitmap.c
bitrev.c
bootconfig.c memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
bsearch.c
btree.c
bucket_locks.c
bug.c
build_OID_registry
buildid.c
bust_spinlocks.c
check_signature.c
checksum.c
clz_ctz.c lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels 2023-08-30 16:18:18 +02:00
clz_tab.c
cmdline.c
cmdline_kunit.c lib/cmdline: Fix an invalid format specifier in an assertion msg 2024-03-26 18:21:15 -04:00
cmpdi2.c
compat_audit.c
cpu_rmap.c lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() 2023-06-14 11:13:04 +02:00
cpumask.c
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc4.c
crc7.c
crc8.c
crc16.c
crc32.c
crc32defs.h
crc32test.c
crc64.c
ctype.c
debug_info.c
debug_locks.c
debugobjects.c debugobjects: Recheck debug_objects_enabled before reporting 2024-03-01 13:21:54 +01:00
dec_and_lock.c
decompress.c
decompress_bunzip2.c
decompress_inflate.c
decompress_unlz4.c
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression 2021-11-18 19:16:17 +01:00
decompress_unzstd.c
devmem_is_allowed.c
devres.c
digsig.c
dump_stack.c lib/dump_stack: correct kernel-doc notation 2021-09-08 11:50:26 -07:00
dynamic_debug.c dyndbg: fix old BUG_ON in >control parser 2024-05-17 11:51:04 +02:00
dynamic_queue_limits.c
earlycpio.c
errname.c parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes 2023-12-08 08:48:02 +01:00
error-inject.c
errseq.c
extable.c
fault-inject-usercopy.c
fault-inject.c
fdt.c
fdt_addresses.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c
find_bit_benchmark.c
flex_proportions.c
gen_crc32table.c
gen_crc64table.c
genalloc.c
generic-radix-tree.c
glob.c
globtest.c
hexdump.c hex2bin: fix access beyond string end 2022-05-09 09:14:30 +02:00
hweight.c
idr.c ida: Fix crash in ida_free when the bitmap is empty 2024-01-25 14:52:30 -08:00
inflate.c
interval_tree.c
interval_tree_test.c
iomap.c
iomap_copy.c
iommu-helper.c
iov_iter.c fix short copy handling in copy_mc_pipe_to_iter() 2022-08-17 14:22:51 +02:00
irq_poll.c
irq_regs.c
is_single_threaded.c
kasprintf.c
kfifo.c
klist.c
kobject.c kobject: Add sanity check for kset->kobj.ktype in kset_register() 2023-09-23 11:09:59 +02:00
kobject_uevent.c
kstrtox.c
kstrtox.h
libcrc32c.c
linear_ranges.c
list-test.c list: test: Add a test for list_is_head() 2022-06-09 10:23:31 +02:00
list_debug.c lib/list_debug.c: Detect uninitialized lists 2022-08-25 11:40:40 +02:00
list_sort.c
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
lockref.c lockref: stop doing cpu_relax in the cmpxchg loop 2023-02-01 08:27:19 +01:00
logic_iomem.c lib/logic_iomem: correct fallback config references 2022-04-13 20:58:59 +02:00
logic_pio.c
lru_cache.c
lshrdi3.c
memcat_p.c
memneq.c crypto: memneq - move into lib/ 2022-06-22 14:22:03 +02:00
memory-notifier-error-inject.c
memregion.c
memweight.c
muldi3.c
net_utils.c
netdev-notifier-error-inject.c
nlattr.c netlink: prevent potential spectre v1 gadgets 2023-02-01 08:27:26 +01:00
nmi_backtrace.c printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces 2021-11-25 09:48:45 +01:00
nodemask.c nodemask: Fix return values to be unsigned 2022-06-14 18:36:24 +02:00
notifier-error-inject.c lib/notifier-error-inject: fix error when writing -errno to debugfs file 2022-12-31 13:14:03 +01:00
notifier-error-inject.h
objagg.c
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c once: add DO_ONCE_SLOW() for sleepable contexts 2022-10-26 12:34:49 +02:00
packing.c net: update NXP copyright text 2021-09-17 13:52:17 +01:00
parman.c
parser.c
pci_iomap.c pci_iounmap(): Fix MMIO mapping leak 2024-04-10 16:18:34 +02:00
percpu-refcount.c percpu_ref_init(): clean ->percpu_count_ref on failure 2022-06-06 08:43:36 +02:00
percpu_counter.c
percpu_test.c
plist.c
pm-notifier-error-inject.c
radix-tree.c radix tree: remove unused variable 2023-08-30 16:18:18 +02:00
random32.c random: replace custom notifier chain with standard one 2022-05-30 09:29:10 +02:00
ratelimit.c ratelimit: Fix data-races in ___ratelimit(). 2022-08-31 17:16:43 +02:00
rbtree.c
rbtree_test.c
refcount.c
rhashtable.c
sbitmap.c
scatterlist.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
seq_buf.c
sg_pool.c lib/scatterlist: Fix wrong update of orig_nents 2021-08-24 19:52:40 -03:00
sg_split.c
sha1.c lib/crypto: sha1: re-roll loops to reduce code size 2022-05-30 09:28:59 +02:00
show_mem.c
siphash.c siphash: use one source of truth for siphash permutations 2022-05-30 09:29:15 +02:00
slub_kunit.c mm/slub, kunit: Use inverted data to corrupt kmem cache 2024-06-16 13:39:16 +02:00
smp_processor_id.c lib/smp_processor_id: fix imbalanced instrumentation_end() call 2022-08-17 14:24:08 +02:00
sort.c
stackdepot.c stackdepot: respect __GFP_NOLOCKDEP allocation flag 2024-05-02 16:24:49 +02:00
stmp_device.c
string.c string: improve default out-of-line memcmp() implementation 2021-08-30 07:50:56 -07:00
string_helpers.c string: uninline memcpy_and_pad 2021-11-21 13:44:12 +01:00
strncpy_from_user.c
strnlen_user.c
syscall.c
test-kstrtox.c
test-string_helpers.c
test_bitmap.c
test_bitops.c
test_bits.c
test_blackhole_dev.c net: blackhole_dev: fix build warning for ethh set but not used 2024-03-26 18:21:18 -04:00
test_bpf.c test_bpf: fix incorrect netdev features 2022-08-17 14:23:23 +02:00
test_debug_virtual.c
test_firmware.c test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation 2023-07-23 13:47:25 +02:00
test_fpu.c
test_free_pages.c
test_hash.c
test_hexdump.c
test_hmm.c lib/test_hmm: avoid accessing uninitialized pages 2022-08-17 14:23:43 +02:00
test_hmm_uapi.h
test_ida.c ida: Fix crash in ida_free when the bitmap is empty 2024-01-25 14:52:30 -08:00
test_kasan.c kasan/test: avoid gcc warning for intentional overflow 2024-04-10 16:18:35 +02:00
test_kasan_module.c kasan: test: avoid corrupting memory in kasan_rcu_uaf 2021-09-03 09:58:15 -07:00
test_kmod.c lib/test: use after free in register_test_dev_kmod() 2022-04-08 14:23:54 +02:00
test_linear_ranges.c
test_list_sort.c
test_lockup.c lib/test_lockup: fix kernel pointer check for separate address spaces 2022-04-08 14:24:01 +02:00
test_memcat_p.c
test_meminit.c lib/test_meminit: fix off-by-one error in test_pages() 2023-10-19 23:05:33 +02:00
test_min_heap.c
test_module.c
test_objagg.c
test_overflow.c overflow: Implement size_t saturating arithmetic helpers 2022-12-31 13:14:33 +01:00
test_parman.c
test_printf.c Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
test_rhashtable.c
test_scanf.c lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix() 2023-09-19 12:23:01 +02:00
test_siphash.c
test_sort.c lib/test: convert test_sort.c to use KUnit 2021-09-08 11:50:26 -07:00
test_stackinit.c lib/test_stackinit: Add assigned initializers 2021-08-22 00:21:36 -07:00
test_static_key_base.c
test_static_keys.c
test_string.c
test_strscpy.c
test_sysctl.c
test_ubsan.c ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-04-13 20:59:27 +02:00
test_user_copy.c
test_uuid.c
test_vmalloc.c lib/test_vmalloc.c: add a new 'nr_pages' parameter 2021-09-03 09:58:14 -07:00
test_xarray.c XArray: Fix xas_create_range() when multi-order entry present 2022-04-08 14:24:09 +02:00
textsearch.c
timerqueue.c
ts_bm.c lib/ts_bm: reset initial match offset for every block of text 2023-07-23 13:46:56 +02:00
ts_fsm.c
ts_kmp.c
ubsan.c panic: Consolidate open-coded panic_on_warn checks 2023-02-01 08:27:22 +01:00
ubsan.h
ucmpdi2.c
ucs2_string.c
usercopy.c uaccess: Add speculation barrier to copy_from_user() 2023-02-25 12:06:44 +01:00
uuid.c
vsprintf.c lib/vsprintf: Fix %pfwf when current node refcount == 0 2024-01-05 15:13:35 +01:00
win_minmax.c
xarray.c XArray: Update the LRU list in xas_split() 2022-04-08 14:24:09 +02:00
xxhash.c