lib/test_kasan.c at v5.5 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / lib / test_kasan.c
at v5.5 17 kB view raw
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 *
  4 * Copyright (c) 2014 Samsung Electronics Co., Ltd.
  5 * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
  6 */
  7
  8#define pr_fmt(fmt) "kasan test: %s " fmt, __func__
  9
 10#include <linux/bitops.h>
 11#include <linux/delay.h>
 12#include <linux/kasan.h>
 13#include <linux/kernel.h>
 14#include <linux/mm.h>
 15#include <linux/mman.h>
 16#include <linux/module.h>
 17#include <linux/printk.h>
 18#include <linux/slab.h>
 19#include <linux/string.h>
 20#include <linux/uaccess.h>
 21#include <linux/io.h>
 22#include <linux/vmalloc.h>
 23
 24#include <asm/page.h>
 25
 26/*
 27 * Note: test functions are marked noinline so that their names appear in
 28 * reports.
 29 */
 30
 31static noinline void __init kmalloc_oob_right(void)
 32{
 33	char *ptr;
 34	size_t size = 123;
 35
 36	pr_info("out-of-bounds to right\n");
 37	ptr = kmalloc(size, GFP_KERNEL);
 38	if (!ptr) {
 39		pr_err("Allocation failed\n");
 40		return;
 41	}
 42
 43	ptr[size] = 'x';
 44	kfree(ptr);
 45}
 46
 47static noinline void __init kmalloc_oob_left(void)
 48{
 49	char *ptr;
 50	size_t size = 15;
 51
 52	pr_info("out-of-bounds to left\n");
 53	ptr = kmalloc(size, GFP_KERNEL);
 54	if (!ptr) {
 55		pr_err("Allocation failed\n");
 56		return;
 57	}
 58
 59	*ptr = *(ptr - 1);
 60	kfree(ptr);
 61}
 62
 63static noinline void __init kmalloc_node_oob_right(void)
 64{
 65	char *ptr;
 66	size_t size = 4096;
 67
 68	pr_info("kmalloc_node(): out-of-bounds to right\n");
 69	ptr = kmalloc_node(size, GFP_KERNEL, 0);
 70	if (!ptr) {
 71		pr_err("Allocation failed\n");
 72		return;
 73	}
 74
 75	ptr[size] = 0;
 76	kfree(ptr);
 77}
 78
 79#ifdef CONFIG_SLUB
 80static noinline void __init kmalloc_pagealloc_oob_right(void)
 81{
 82	char *ptr;
 83	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 84
 85	/* Allocate a chunk that does not fit into a SLUB cache to trigger
 86	 * the page allocator fallback.
 87	 */
 88	pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
 89	ptr = kmalloc(size, GFP_KERNEL);
 90	if (!ptr) {
 91		pr_err("Allocation failed\n");
 92		return;
 93	}
 94
 95	ptr[size] = 0;
 96	kfree(ptr);
 97}
 98
 99static noinline void __init kmalloc_pagealloc_uaf(void)
100{
101	char *ptr;
102	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
103
104	pr_info("kmalloc pagealloc allocation: use-after-free\n");
105	ptr = kmalloc(size, GFP_KERNEL);
106	if (!ptr) {
107		pr_err("Allocation failed\n");
108		return;
109	}
110
111	kfree(ptr);
112	ptr[0] = 0;
113}
114
115static noinline void __init kmalloc_pagealloc_invalid_free(void)
116{
117	char *ptr;
118	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
119
120	pr_info("kmalloc pagealloc allocation: invalid-free\n");
121	ptr = kmalloc(size, GFP_KERNEL);
122	if (!ptr) {
123		pr_err("Allocation failed\n");
124		return;
125	}
126
127	kfree(ptr + 1);
128}
129#endif
130
131static noinline void __init kmalloc_large_oob_right(void)
132{
133	char *ptr;
134	size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
135	/* Allocate a chunk that is large enough, but still fits into a slab
136	 * and does not trigger the page allocator fallback in SLUB.
137	 */
138	pr_info("kmalloc large allocation: out-of-bounds to right\n");
139	ptr = kmalloc(size, GFP_KERNEL);
140	if (!ptr) {
141		pr_err("Allocation failed\n");
142		return;
143	}
144
145	ptr[size] = 0;
146	kfree(ptr);
147}
148
149static noinline void __init kmalloc_oob_krealloc_more(void)
150{
151	char *ptr1, *ptr2;
152	size_t size1 = 17;
153	size_t size2 = 19;
154
155	pr_info("out-of-bounds after krealloc more\n");
156	ptr1 = kmalloc(size1, GFP_KERNEL);
157	ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
158	if (!ptr1 || !ptr2) {
159		pr_err("Allocation failed\n");
160		kfree(ptr1);
161		return;
162	}
163
164	ptr2[size2] = 'x';
165	kfree(ptr2);
166}
167
168static noinline void __init kmalloc_oob_krealloc_less(void)
169{
170	char *ptr1, *ptr2;
171	size_t size1 = 17;
172	size_t size2 = 15;
173
174	pr_info("out-of-bounds after krealloc less\n");
175	ptr1 = kmalloc(size1, GFP_KERNEL);
176	ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
177	if (!ptr1 || !ptr2) {
178		pr_err("Allocation failed\n");
179		kfree(ptr1);
180		return;
181	}
182	ptr2[size2] = 'x';
183	kfree(ptr2);
184}
185
186static noinline void __init kmalloc_oob_16(void)
187{
188	struct {
189		u64 words[2];
190	} *ptr1, *ptr2;
191
192	pr_info("kmalloc out-of-bounds for 16-bytes access\n");
193	ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
194	ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
195	if (!ptr1 || !ptr2) {
196		pr_err("Allocation failed\n");
197		kfree(ptr1);
198		kfree(ptr2);
199		return;
200	}
201	*ptr1 = *ptr2;
202	kfree(ptr1);
203	kfree(ptr2);
204}
205
206static noinline void __init kmalloc_oob_memset_2(void)
207{
208	char *ptr;
209	size_t size = 8;
210
211	pr_info("out-of-bounds in memset2\n");
212	ptr = kmalloc(size, GFP_KERNEL);
213	if (!ptr) {
214		pr_err("Allocation failed\n");
215		return;
216	}
217
218	memset(ptr+7, 0, 2);
219	kfree(ptr);
220}
221
222static noinline void __init kmalloc_oob_memset_4(void)
223{
224	char *ptr;
225	size_t size = 8;
226
227	pr_info("out-of-bounds in memset4\n");
228	ptr = kmalloc(size, GFP_KERNEL);
229	if (!ptr) {
230		pr_err("Allocation failed\n");
231		return;
232	}
233
234	memset(ptr+5, 0, 4);
235	kfree(ptr);
236}
237
238
239static noinline void __init kmalloc_oob_memset_8(void)
240{
241	char *ptr;
242	size_t size = 8;
243
244	pr_info("out-of-bounds in memset8\n");
245	ptr = kmalloc(size, GFP_KERNEL);
246	if (!ptr) {
247		pr_err("Allocation failed\n");
248		return;
249	}
250
251	memset(ptr+1, 0, 8);
252	kfree(ptr);
253}
254
255static noinline void __init kmalloc_oob_memset_16(void)
256{
257	char *ptr;
258	size_t size = 16;
259
260	pr_info("out-of-bounds in memset16\n");
261	ptr = kmalloc(size, GFP_KERNEL);
262	if (!ptr) {
263		pr_err("Allocation failed\n");
264		return;
265	}
266
267	memset(ptr+1, 0, 16);
268	kfree(ptr);
269}
270
271static noinline void __init kmalloc_oob_in_memset(void)
272{
273	char *ptr;
274	size_t size = 666;
275
276	pr_info("out-of-bounds in memset\n");
277	ptr = kmalloc(size, GFP_KERNEL);
278	if (!ptr) {
279		pr_err("Allocation failed\n");
280		return;
281	}
282
283	memset(ptr, 0, size+5);
284	kfree(ptr);
285}
286
287static noinline void __init kmalloc_uaf(void)
288{
289	char *ptr;
290	size_t size = 10;
291
292	pr_info("use-after-free\n");
293	ptr = kmalloc(size, GFP_KERNEL);
294	if (!ptr) {
295		pr_err("Allocation failed\n");
296		return;
297	}
298
299	kfree(ptr);
300	*(ptr + 8) = 'x';
301}
302
303static noinline void __init kmalloc_uaf_memset(void)
304{
305	char *ptr;
306	size_t size = 33;
307
308	pr_info("use-after-free in memset\n");
309	ptr = kmalloc(size, GFP_KERNEL);
310	if (!ptr) {
311		pr_err("Allocation failed\n");
312		return;
313	}
314
315	kfree(ptr);
316	memset(ptr, 0, size);
317}
318
319static noinline void __init kmalloc_uaf2(void)
320{
321	char *ptr1, *ptr2;
322	size_t size = 43;
323
324	pr_info("use-after-free after another kmalloc\n");
325	ptr1 = kmalloc(size, GFP_KERNEL);
326	if (!ptr1) {
327		pr_err("Allocation failed\n");
328		return;
329	}
330
331	kfree(ptr1);
332	ptr2 = kmalloc(size, GFP_KERNEL);
333	if (!ptr2) {
334		pr_err("Allocation failed\n");
335		return;
336	}
337
338	ptr1[40] = 'x';
339	if (ptr1 == ptr2)
340		pr_err("Could not detect use-after-free: ptr1 == ptr2\n");
341	kfree(ptr2);
342}
343
344static noinline void __init kfree_via_page(void)
345{
346	char *ptr;
347	size_t size = 8;
348	struct page *page;
349	unsigned long offset;
350
351	pr_info("invalid-free false positive (via page)\n");
352	ptr = kmalloc(size, GFP_KERNEL);
353	if (!ptr) {
354		pr_err("Allocation failed\n");
355		return;
356	}
357
358	page = virt_to_page(ptr);
359	offset = offset_in_page(ptr);
360	kfree(page_address(page) + offset);
361}
362
363static noinline void __init kfree_via_phys(void)
364{
365	char *ptr;
366	size_t size = 8;
367	phys_addr_t phys;
368
369	pr_info("invalid-free false positive (via phys)\n");
370	ptr = kmalloc(size, GFP_KERNEL);
371	if (!ptr) {
372		pr_err("Allocation failed\n");
373		return;
374	}
375
376	phys = virt_to_phys(ptr);
377	kfree(phys_to_virt(phys));
378}
379
380static noinline void __init kmem_cache_oob(void)
381{
382	char *p;
383	size_t size = 200;
384	struct kmem_cache *cache = kmem_cache_create("test_cache",
385						size, 0,
386						0, NULL);
387	if (!cache) {
388		pr_err("Cache allocation failed\n");
389		return;
390	}
391	pr_info("out-of-bounds in kmem_cache_alloc\n");
392	p = kmem_cache_alloc(cache, GFP_KERNEL);
393	if (!p) {
394		pr_err("Allocation failed\n");
395		kmem_cache_destroy(cache);
396		return;
397	}
398
399	*p = p[size];
400	kmem_cache_free(cache, p);
401	kmem_cache_destroy(cache);
402}
403
404static noinline void __init memcg_accounted_kmem_cache(void)
405{
406	int i;
407	char *p;
408	size_t size = 200;
409	struct kmem_cache *cache;
410
411	cache = kmem_cache_create("test_cache", size, 0, SLAB_ACCOUNT, NULL);
412	if (!cache) {
413		pr_err("Cache allocation failed\n");
414		return;
415	}
416
417	pr_info("allocate memcg accounted object\n");
418	/*
419	 * Several allocations with a delay to allow for lazy per memcg kmem
420	 * cache creation.
421	 */
422	for (i = 0; i < 5; i++) {
423		p = kmem_cache_alloc(cache, GFP_KERNEL);
424		if (!p)
425			goto free_cache;
426
427		kmem_cache_free(cache, p);
428		msleep(100);
429	}
430
431free_cache:
432	kmem_cache_destroy(cache);
433}
434
435static char global_array[10];
436
437static noinline void __init kasan_global_oob(void)
438{
439	volatile int i = 3;
440	char *p = &global_array[ARRAY_SIZE(global_array) + i];
441
442	pr_info("out-of-bounds global variable\n");
443	*(volatile char *)p;
444}
445
446static noinline void __init kasan_stack_oob(void)
447{
448	char stack_array[10];
449	volatile int i = 0;
450	char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
451
452	pr_info("out-of-bounds on stack\n");
453	*(volatile char *)p;
454}
455
456static noinline void __init ksize_unpoisons_memory(void)
457{
458	char *ptr;
459	size_t size = 123, real_size;
460
461	pr_info("ksize() unpoisons the whole allocated chunk\n");
462	ptr = kmalloc(size, GFP_KERNEL);
463	if (!ptr) {
464		pr_err("Allocation failed\n");
465		return;
466	}
467	real_size = ksize(ptr);
468	/* This access doesn't trigger an error. */
469	ptr[size] = 'x';
470	/* This one does. */
471	ptr[real_size] = 'y';
472	kfree(ptr);
473}
474
475static noinline void __init copy_user_test(void)
476{
477	char *kmem;
478	char __user *usermem;
479	size_t size = 10;
480	int unused;
481
482	kmem = kmalloc(size, GFP_KERNEL);
483	if (!kmem)
484		return;
485
486	usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
487			    PROT_READ | PROT_WRITE | PROT_EXEC,
488			    MAP_ANONYMOUS | MAP_PRIVATE, 0);
489	if (IS_ERR(usermem)) {
490		pr_err("Failed to allocate user memory\n");
491		kfree(kmem);
492		return;
493	}
494
495	pr_info("out-of-bounds in copy_from_user()\n");
496	unused = copy_from_user(kmem, usermem, size + 1);
497
498	pr_info("out-of-bounds in copy_to_user()\n");
499	unused = copy_to_user(usermem, kmem, size + 1);
500
501	pr_info("out-of-bounds in __copy_from_user()\n");
502	unused = __copy_from_user(kmem, usermem, size + 1);
503
504	pr_info("out-of-bounds in __copy_to_user()\n");
505	unused = __copy_to_user(usermem, kmem, size + 1);
506
507	pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
508	unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
509
510	pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
511	unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
512
513	pr_info("out-of-bounds in strncpy_from_user()\n");
514	unused = strncpy_from_user(kmem, usermem, size + 1);
515
516	vm_munmap((unsigned long)usermem, PAGE_SIZE);
517	kfree(kmem);
518}
519
520static noinline void __init kasan_alloca_oob_left(void)
521{
522	volatile int i = 10;
523	char alloca_array[i];
524	char *p = alloca_array - 1;
525
526	pr_info("out-of-bounds to left on alloca\n");
527	*(volatile char *)p;
528}
529
530static noinline void __init kasan_alloca_oob_right(void)
531{
532	volatile int i = 10;
533	char alloca_array[i];
534	char *p = alloca_array + i;
535
536	pr_info("out-of-bounds to right on alloca\n");
537	*(volatile char *)p;
538}
539
540static noinline void __init kmem_cache_double_free(void)
541{
542	char *p;
543	size_t size = 200;
544	struct kmem_cache *cache;
545
546	cache = kmem_cache_create("test_cache", size, 0, 0, NULL);
547	if (!cache) {
548		pr_err("Cache allocation failed\n");
549		return;
550	}
551	pr_info("double-free on heap object\n");
552	p = kmem_cache_alloc(cache, GFP_KERNEL);
553	if (!p) {
554		pr_err("Allocation failed\n");
555		kmem_cache_destroy(cache);
556		return;
557	}
558
559	kmem_cache_free(cache, p);
560	kmem_cache_free(cache, p);
561	kmem_cache_destroy(cache);
562}
563
564static noinline void __init kmem_cache_invalid_free(void)
565{
566	char *p;
567	size_t size = 200;
568	struct kmem_cache *cache;
569
570	cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU,
571				  NULL);
572	if (!cache) {
573		pr_err("Cache allocation failed\n");
574		return;
575	}
576	pr_info("invalid-free of heap object\n");
577	p = kmem_cache_alloc(cache, GFP_KERNEL);
578	if (!p) {
579		pr_err("Allocation failed\n");
580		kmem_cache_destroy(cache);
581		return;
582	}
583
584	/* Trigger invalid free, the object doesn't get freed */
585	kmem_cache_free(cache, p + 1);
586
587	/*
588	 * Properly free the object to prevent the "Objects remaining in
589	 * test_cache on __kmem_cache_shutdown" BUG failure.
590	 */
591	kmem_cache_free(cache, p);
592
593	kmem_cache_destroy(cache);
594}
595
596static noinline void __init kasan_memchr(void)
597{
598	char *ptr;
599	size_t size = 24;
600
601	pr_info("out-of-bounds in memchr\n");
602	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
603	if (!ptr)
604		return;
605
606	memchr(ptr, '1', size + 1);
607	kfree(ptr);
608}
609
610static noinline void __init kasan_memcmp(void)
611{
612	char *ptr;
613	size_t size = 24;
614	int arr[9];
615
616	pr_info("out-of-bounds in memcmp\n");
617	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
618	if (!ptr)
619		return;
620
621	memset(arr, 0, sizeof(arr));
622	memcmp(ptr, arr, size+1);
623	kfree(ptr);
624}
625
626static noinline void __init kasan_strings(void)
627{
628	char *ptr;
629	size_t size = 24;
630
631	pr_info("use-after-free in strchr\n");
632	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
633	if (!ptr)
634		return;
635
636	kfree(ptr);
637
638	/*
639	 * Try to cause only 1 invalid access (less spam in dmesg).
640	 * For that we need ptr to point to zeroed byte.
641	 * Skip metadata that could be stored in freed object so ptr
642	 * will likely point to zeroed byte.
643	 */
644	ptr += 16;
645	strchr(ptr, '1');
646
647	pr_info("use-after-free in strrchr\n");
648	strrchr(ptr, '1');
649
650	pr_info("use-after-free in strcmp\n");
651	strcmp(ptr, "2");
652
653	pr_info("use-after-free in strncmp\n");
654	strncmp(ptr, "2", 1);
655
656	pr_info("use-after-free in strlen\n");
657	strlen(ptr);
658
659	pr_info("use-after-free in strnlen\n");
660	strnlen(ptr, 1);
661}
662
663static noinline void __init kasan_bitops(void)
664{
665	/*
666	 * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
667	 * this way we do not actually corrupt other memory.
668	 */
669	long *bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL);
670	if (!bits)
671		return;
672
673	/*
674	 * Below calls try to access bit within allocated memory; however, the
675	 * below accesses are still out-of-bounds, since bitops are defined to
676	 * operate on the whole long the bit is in.
677	 */
678	pr_info("out-of-bounds in set_bit\n");
679	set_bit(BITS_PER_LONG, bits);
680
681	pr_info("out-of-bounds in __set_bit\n");
682	__set_bit(BITS_PER_LONG, bits);
683
684	pr_info("out-of-bounds in clear_bit\n");
685	clear_bit(BITS_PER_LONG, bits);
686
687	pr_info("out-of-bounds in __clear_bit\n");
688	__clear_bit(BITS_PER_LONG, bits);
689
690	pr_info("out-of-bounds in clear_bit_unlock\n");
691	clear_bit_unlock(BITS_PER_LONG, bits);
692
693	pr_info("out-of-bounds in __clear_bit_unlock\n");
694	__clear_bit_unlock(BITS_PER_LONG, bits);
695
696	pr_info("out-of-bounds in change_bit\n");
697	change_bit(BITS_PER_LONG, bits);
698
699	pr_info("out-of-bounds in __change_bit\n");
700	__change_bit(BITS_PER_LONG, bits);
701
702	/*
703	 * Below calls try to access bit beyond allocated memory.
704	 */
705	pr_info("out-of-bounds in test_and_set_bit\n");
706	test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
707
708	pr_info("out-of-bounds in __test_and_set_bit\n");
709	__test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
710
711	pr_info("out-of-bounds in test_and_set_bit_lock\n");
712	test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
713
714	pr_info("out-of-bounds in test_and_clear_bit\n");
715	test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
716
717	pr_info("out-of-bounds in __test_and_clear_bit\n");
718	__test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
719
720	pr_info("out-of-bounds in test_and_change_bit\n");
721	test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
722
723	pr_info("out-of-bounds in __test_and_change_bit\n");
724	__test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
725
726	pr_info("out-of-bounds in test_bit\n");
727	(void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
728
729#if defined(clear_bit_unlock_is_negative_byte)
730	pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
731	clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
732#endif
733	kfree(bits);
734}
735
736static noinline void __init kmalloc_double_kzfree(void)
737{
738	char *ptr;
739	size_t size = 16;
740
741	pr_info("double-free (kzfree)\n");
742	ptr = kmalloc(size, GFP_KERNEL);
743	if (!ptr) {
744		pr_err("Allocation failed\n");
745		return;
746	}
747
748	kzfree(ptr);
749	kzfree(ptr);
750}
751
752#ifdef CONFIG_KASAN_VMALLOC
753static noinline void __init vmalloc_oob(void)
754{
755	void *area;
756
757	pr_info("vmalloc out-of-bounds\n");
758
759	/*
760	 * We have to be careful not to hit the guard page.
761	 * The MMU will catch that and crash us.
762	 */
763	area = vmalloc(3000);
764	if (!area) {
765		pr_err("Allocation failed\n");
766		return;
767	}
768
769	((volatile char *)area)[3100];
770	vfree(area);
771}
772#else
773static void __init vmalloc_oob(void) {}
774#endif
775
776static int __init kmalloc_tests_init(void)
777{
778	/*
779	 * Temporarily enable multi-shot mode. Otherwise, we'd only get a
780	 * report for the first case.
781	 */
782	bool multishot = kasan_save_enable_multi_shot();
783
784	kmalloc_oob_right();
785	kmalloc_oob_left();
786	kmalloc_node_oob_right();
787#ifdef CONFIG_SLUB
788	kmalloc_pagealloc_oob_right();
789	kmalloc_pagealloc_uaf();
790	kmalloc_pagealloc_invalid_free();
791#endif
792	kmalloc_large_oob_right();
793	kmalloc_oob_krealloc_more();
794	kmalloc_oob_krealloc_less();
795	kmalloc_oob_16();
796	kmalloc_oob_in_memset();
797	kmalloc_oob_memset_2();
798	kmalloc_oob_memset_4();
799	kmalloc_oob_memset_8();
800	kmalloc_oob_memset_16();
801	kmalloc_uaf();
802	kmalloc_uaf_memset();
803	kmalloc_uaf2();
804	kfree_via_page();
805	kfree_via_phys();
806	kmem_cache_oob();
807	memcg_accounted_kmem_cache();
808	kasan_stack_oob();
809	kasan_global_oob();
810	kasan_alloca_oob_left();
811	kasan_alloca_oob_right();
812	ksize_unpoisons_memory();
813	copy_user_test();
814	kmem_cache_double_free();
815	kmem_cache_invalid_free();
816	kasan_memchr();
817	kasan_memcmp();
818	kasan_strings();
819	kasan_bitops();
820	kmalloc_double_kzfree();
821	vmalloc_oob();
822
823	kasan_restore_multi_shot(multishot);
824
825	return -EAGAIN;
826}
827
828module_init(kmalloc_tests_init);
829MODULE_LICENSE("GPL");