Re: [PATCH v7 0/3] mm/slub: extend redzone check for kmalloc objects

From: Feng Tang
Date: Mon Nov 21 2022 - 01:41:36 EST


On Fri, Nov 11, 2022 at 04:29:43PM +0800, Tang, Feng wrote:
> On Fri, Nov 11, 2022 at 04:16:32PM +0800, Vlastimil Babka wrote:
> > > for (shift = 3; shift <= 12; shift++) {
> > > size = 1 << shift;
> > > buf = kmalloc(size + 4, GFP_KERNEL);
> > > /* We have 96, 196 kmalloc size, which is not power of 2 */
> > > if (size == 64 || size == 128)
> > > oob_size = 16;
> > > else
> > > oob_size = size - 4;
> > > memset(buf + size + 4, 0xee, oob_size);
> > > kfree(buf);
> > > }
> >
> > Sounds like a new slub_kunit test would be useful? :) doesn't need to be
> > that exhaustive wrt all sizes, we could just pick one and check that a write
> > beyond requested kmalloc size is detected?
>
> Just git-grepped out slub_kunit.c :), will try to add a case to it.
> I'll also check if the case will also be caught by other sanitizer
> tools like kasan/kfence etc.

Just checked, kasan has already has API to disable kasan check
temporarily, and I did see sometime kfence can chime in (4 out of 178
runs) so we need skip kfenced address.

Here is the draft patch, thanks!