lib/test_kasan.c at v5.7 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / lib / test_kasan.c
at v5.7 18 kB view raw
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 *
  4 * Copyright (c) 2014 Samsung Electronics Co., Ltd.
  5 * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
  6 */
  7
  8#define pr_fmt(fmt) "kasan test: %s " fmt, __func__
  9
 10#include <linux/bitops.h>
 11#include <linux/delay.h>
 12#include <linux/kasan.h>
 13#include <linux/kernel.h>
 14#include <linux/mm.h>
 15#include <linux/mman.h>
 16#include <linux/module.h>
 17#include <linux/printk.h>
 18#include <linux/slab.h>
 19#include <linux/string.h>
 20#include <linux/uaccess.h>
 21#include <linux/io.h>
 22#include <linux/vmalloc.h>
 23
 24#include <asm/page.h>
 25
 26/*
 27 * Note: test functions are marked noinline so that their names appear in
 28 * reports.
 29 */
 30
 31static noinline void __init kmalloc_oob_right(void)
 32{
 33	char *ptr;
 34	size_t size = 123;
 35
 36	pr_info("out-of-bounds to right\n");
 37	ptr = kmalloc(size, GFP_KERNEL);
 38	if (!ptr) {
 39		pr_err("Allocation failed\n");
 40		return;
 41	}
 42
 43	ptr[size] = 'x';
 44	kfree(ptr);
 45}
 46
 47static noinline void __init kmalloc_oob_left(void)
 48{
 49	char *ptr;
 50	size_t size = 15;
 51
 52	pr_info("out-of-bounds to left\n");
 53	ptr = kmalloc(size, GFP_KERNEL);
 54	if (!ptr) {
 55		pr_err("Allocation failed\n");
 56		return;
 57	}
 58
 59	*ptr = *(ptr - 1);
 60	kfree(ptr);
 61}
 62
 63static noinline void __init kmalloc_node_oob_right(void)
 64{
 65	char *ptr;
 66	size_t size = 4096;
 67
 68	pr_info("kmalloc_node(): out-of-bounds to right\n");
 69	ptr = kmalloc_node(size, GFP_KERNEL, 0);
 70	if (!ptr) {
 71		pr_err("Allocation failed\n");
 72		return;
 73	}
 74
 75	ptr[size] = 0;
 76	kfree(ptr);
 77}
 78
 79#ifdef CONFIG_SLUB
 80static noinline void __init kmalloc_pagealloc_oob_right(void)
 81{
 82	char *ptr;
 83	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 84
 85	/* Allocate a chunk that does not fit into a SLUB cache to trigger
 86	 * the page allocator fallback.
 87	 */
 88	pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
 89	ptr = kmalloc(size, GFP_KERNEL);
 90	if (!ptr) {
 91		pr_err("Allocation failed\n");
 92		return;
 93	}
 94
 95	ptr[size] = 0;
 96	kfree(ptr);
 97}
 98
 99static noinline void __init kmalloc_pagealloc_uaf(void)
100{
101	char *ptr;
102	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
103
104	pr_info("kmalloc pagealloc allocation: use-after-free\n");
105	ptr = kmalloc(size, GFP_KERNEL);
106	if (!ptr) {
107		pr_err("Allocation failed\n");
108		return;
109	}
110
111	kfree(ptr);
112	ptr[0] = 0;
113}
114
115static noinline void __init kmalloc_pagealloc_invalid_free(void)
116{
117	char *ptr;
118	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
119
120	pr_info("kmalloc pagealloc allocation: invalid-free\n");
121	ptr = kmalloc(size, GFP_KERNEL);
122	if (!ptr) {
123		pr_err("Allocation failed\n");
124		return;
125	}
126
127	kfree(ptr + 1);
128}
129#endif
130
131static noinline void __init kmalloc_large_oob_right(void)
132{
133	char *ptr;
134	size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
135	/* Allocate a chunk that is large enough, but still fits into a slab
136	 * and does not trigger the page allocator fallback in SLUB.
137	 */
138	pr_info("kmalloc large allocation: out-of-bounds to right\n");
139	ptr = kmalloc(size, GFP_KERNEL);
140	if (!ptr) {
141		pr_err("Allocation failed\n");
142		return;
143	}
144
145	ptr[size] = 0;
146	kfree(ptr);
147}
148
149static noinline void __init kmalloc_oob_krealloc_more(void)
150{
151	char *ptr1, *ptr2;
152	size_t size1 = 17;
153	size_t size2 = 19;
154
155	pr_info("out-of-bounds after krealloc more\n");
156	ptr1 = kmalloc(size1, GFP_KERNEL);
157	ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
158	if (!ptr1 || !ptr2) {
159		pr_err("Allocation failed\n");
160		kfree(ptr1);
161		kfree(ptr2);
162		return;
163	}
164
165	ptr2[size2] = 'x';
166	kfree(ptr2);
167}
168
169static noinline void __init kmalloc_oob_krealloc_less(void)
170{
171	char *ptr1, *ptr2;
172	size_t size1 = 17;
173	size_t size2 = 15;
174
175	pr_info("out-of-bounds after krealloc less\n");
176	ptr1 = kmalloc(size1, GFP_KERNEL);
177	ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
178	if (!ptr1 || !ptr2) {
179		pr_err("Allocation failed\n");
180		kfree(ptr1);
181		return;
182	}
183	ptr2[size2] = 'x';
184	kfree(ptr2);
185}
186
187static noinline void __init kmalloc_oob_16(void)
188{
189	struct {
190		u64 words[2];
191	} *ptr1, *ptr2;
192
193	pr_info("kmalloc out-of-bounds for 16-bytes access\n");
194	ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
195	ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
196	if (!ptr1 || !ptr2) {
197		pr_err("Allocation failed\n");
198		kfree(ptr1);
199		kfree(ptr2);
200		return;
201	}
202	*ptr1 = *ptr2;
203	kfree(ptr1);
204	kfree(ptr2);
205}
206
207static noinline void __init kmalloc_oob_memset_2(void)
208{
209	char *ptr;
210	size_t size = 8;
211
212	pr_info("out-of-bounds in memset2\n");
213	ptr = kmalloc(size, GFP_KERNEL);
214	if (!ptr) {
215		pr_err("Allocation failed\n");
216		return;
217	}
218
219	memset(ptr+7, 0, 2);
220	kfree(ptr);
221}
222
223static noinline void __init kmalloc_oob_memset_4(void)
224{
225	char *ptr;
226	size_t size = 8;
227
228	pr_info("out-of-bounds in memset4\n");
229	ptr = kmalloc(size, GFP_KERNEL);
230	if (!ptr) {
231		pr_err("Allocation failed\n");
232		return;
233	}
234
235	memset(ptr+5, 0, 4);
236	kfree(ptr);
237}
238
239
240static noinline void __init kmalloc_oob_memset_8(void)
241{
242	char *ptr;
243	size_t size = 8;
244
245	pr_info("out-of-bounds in memset8\n");
246	ptr = kmalloc(size, GFP_KERNEL);
247	if (!ptr) {
248		pr_err("Allocation failed\n");
249		return;
250	}
251
252	memset(ptr+1, 0, 8);
253	kfree(ptr);
254}
255
256static noinline void __init kmalloc_oob_memset_16(void)
257{
258	char *ptr;
259	size_t size = 16;
260
261	pr_info("out-of-bounds in memset16\n");
262	ptr = kmalloc(size, GFP_KERNEL);
263	if (!ptr) {
264		pr_err("Allocation failed\n");
265		return;
266	}
267
268	memset(ptr+1, 0, 16);
269	kfree(ptr);
270}
271
272static noinline void __init kmalloc_oob_in_memset(void)
273{
274	char *ptr;
275	size_t size = 666;
276
277	pr_info("out-of-bounds in memset\n");
278	ptr = kmalloc(size, GFP_KERNEL);
279	if (!ptr) {
280		pr_err("Allocation failed\n");
281		return;
282	}
283
284	memset(ptr, 0, size+5);
285	kfree(ptr);
286}
287
288static noinline void __init kmalloc_memmove_invalid_size(void)
289{
290	char *ptr;
291	size_t size = 64;
292	volatile size_t invalid_size = -2;
293
294	pr_info("invalid size in memmove\n");
295	ptr = kmalloc(size, GFP_KERNEL);
296	if (!ptr) {
297		pr_err("Allocation failed\n");
298		return;
299	}
300
301	memset((char *)ptr, 0, 64);
302	memmove((char *)ptr, (char *)ptr + 4, invalid_size);
303	kfree(ptr);
304}
305
306static noinline void __init kmalloc_uaf(void)
307{
308	char *ptr;
309	size_t size = 10;
310
311	pr_info("use-after-free\n");
312	ptr = kmalloc(size, GFP_KERNEL);
313	if (!ptr) {
314		pr_err("Allocation failed\n");
315		return;
316	}
317
318	kfree(ptr);
319	*(ptr + 8) = 'x';
320}
321
322static noinline void __init kmalloc_uaf_memset(void)
323{
324	char *ptr;
325	size_t size = 33;
326
327	pr_info("use-after-free in memset\n");
328	ptr = kmalloc(size, GFP_KERNEL);
329	if (!ptr) {
330		pr_err("Allocation failed\n");
331		return;
332	}
333
334	kfree(ptr);
335	memset(ptr, 0, size);
336}
337
338static noinline void __init kmalloc_uaf2(void)
339{
340	char *ptr1, *ptr2;
341	size_t size = 43;
342
343	pr_info("use-after-free after another kmalloc\n");
344	ptr1 = kmalloc(size, GFP_KERNEL);
345	if (!ptr1) {
346		pr_err("Allocation failed\n");
347		return;
348	}
349
350	kfree(ptr1);
351	ptr2 = kmalloc(size, GFP_KERNEL);
352	if (!ptr2) {
353		pr_err("Allocation failed\n");
354		return;
355	}
356
357	ptr1[40] = 'x';
358	if (ptr1 == ptr2)
359		pr_err("Could not detect use-after-free: ptr1 == ptr2\n");
360	kfree(ptr2);
361}
362
363static noinline void __init kfree_via_page(void)
364{
365	char *ptr;
366	size_t size = 8;
367	struct page *page;
368	unsigned long offset;
369
370	pr_info("invalid-free false positive (via page)\n");
371	ptr = kmalloc(size, GFP_KERNEL);
372	if (!ptr) {
373		pr_err("Allocation failed\n");
374		return;
375	}
376
377	page = virt_to_page(ptr);
378	offset = offset_in_page(ptr);
379	kfree(page_address(page) + offset);
380}
381
382static noinline void __init kfree_via_phys(void)
383{
384	char *ptr;
385	size_t size = 8;
386	phys_addr_t phys;
387
388	pr_info("invalid-free false positive (via phys)\n");
389	ptr = kmalloc(size, GFP_KERNEL);
390	if (!ptr) {
391		pr_err("Allocation failed\n");
392		return;
393	}
394
395	phys = virt_to_phys(ptr);
396	kfree(phys_to_virt(phys));
397}
398
399static noinline void __init kmem_cache_oob(void)
400{
401	char *p;
402	size_t size = 200;
403	struct kmem_cache *cache = kmem_cache_create("test_cache",
404						size, 0,
405						0, NULL);
406	if (!cache) {
407		pr_err("Cache allocation failed\n");
408		return;
409	}
410	pr_info("out-of-bounds in kmem_cache_alloc\n");
411	p = kmem_cache_alloc(cache, GFP_KERNEL);
412	if (!p) {
413		pr_err("Allocation failed\n");
414		kmem_cache_destroy(cache);
415		return;
416	}
417
418	*p = p[size];
419	kmem_cache_free(cache, p);
420	kmem_cache_destroy(cache);
421}
422
423static noinline void __init memcg_accounted_kmem_cache(void)
424{
425	int i;
426	char *p;
427	size_t size = 200;
428	struct kmem_cache *cache;
429
430	cache = kmem_cache_create("test_cache", size, 0, SLAB_ACCOUNT, NULL);
431	if (!cache) {
432		pr_err("Cache allocation failed\n");
433		return;
434	}
435
436	pr_info("allocate memcg accounted object\n");
437	/*
438	 * Several allocations with a delay to allow for lazy per memcg kmem
439	 * cache creation.
440	 */
441	for (i = 0; i < 5; i++) {
442		p = kmem_cache_alloc(cache, GFP_KERNEL);
443		if (!p)
444			goto free_cache;
445
446		kmem_cache_free(cache, p);
447		msleep(100);
448	}
449
450free_cache:
451	kmem_cache_destroy(cache);
452}
453
454static char global_array[10];
455
456static noinline void __init kasan_global_oob(void)
457{
458	volatile int i = 3;
459	char *p = &global_array[ARRAY_SIZE(global_array) + i];
460
461	pr_info("out-of-bounds global variable\n");
462	*(volatile char *)p;
463}
464
465static noinline void __init kasan_stack_oob(void)
466{
467	char stack_array[10];
468	volatile int i = 0;
469	char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
470
471	pr_info("out-of-bounds on stack\n");
472	*(volatile char *)p;
473}
474
475static noinline void __init ksize_unpoisons_memory(void)
476{
477	char *ptr;
478	size_t size = 123, real_size;
479
480	pr_info("ksize() unpoisons the whole allocated chunk\n");
481	ptr = kmalloc(size, GFP_KERNEL);
482	if (!ptr) {
483		pr_err("Allocation failed\n");
484		return;
485	}
486	real_size = ksize(ptr);
487	/* This access doesn't trigger an error. */
488	ptr[size] = 'x';
489	/* This one does. */
490	ptr[real_size] = 'y';
491	kfree(ptr);
492}
493
494static noinline void __init copy_user_test(void)
495{
496	char *kmem;
497	char __user *usermem;
498	size_t size = 10;
499	int unused;
500
501	kmem = kmalloc(size, GFP_KERNEL);
502	if (!kmem)
503		return;
504
505	usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
506			    PROT_READ | PROT_WRITE | PROT_EXEC,
507			    MAP_ANONYMOUS | MAP_PRIVATE, 0);
508	if (IS_ERR(usermem)) {
509		pr_err("Failed to allocate user memory\n");
510		kfree(kmem);
511		return;
512	}
513
514	pr_info("out-of-bounds in copy_from_user()\n");
515	unused = copy_from_user(kmem, usermem, size + 1);
516
517	pr_info("out-of-bounds in copy_to_user()\n");
518	unused = copy_to_user(usermem, kmem, size + 1);
519
520	pr_info("out-of-bounds in __copy_from_user()\n");
521	unused = __copy_from_user(kmem, usermem, size + 1);
522
523	pr_info("out-of-bounds in __copy_to_user()\n");
524	unused = __copy_to_user(usermem, kmem, size + 1);
525
526	pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
527	unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
528
529	pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
530	unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
531
532	pr_info("out-of-bounds in strncpy_from_user()\n");
533	unused = strncpy_from_user(kmem, usermem, size + 1);
534
535	vm_munmap((unsigned long)usermem, PAGE_SIZE);
536	kfree(kmem);
537}
538
539static noinline void __init kasan_alloca_oob_left(void)
540{
541	volatile int i = 10;
542	char alloca_array[i];
543	char *p = alloca_array - 1;
544
545	pr_info("out-of-bounds to left on alloca\n");
546	*(volatile char *)p;
547}
548
549static noinline void __init kasan_alloca_oob_right(void)
550{
551	volatile int i = 10;
552	char alloca_array[i];
553	char *p = alloca_array + i;
554
555	pr_info("out-of-bounds to right on alloca\n");
556	*(volatile char *)p;
557}
558
559static noinline void __init kmem_cache_double_free(void)
560{
561	char *p;
562	size_t size = 200;
563	struct kmem_cache *cache;
564
565	cache = kmem_cache_create("test_cache", size, 0, 0, NULL);
566	if (!cache) {
567		pr_err("Cache allocation failed\n");
568		return;
569	}
570	pr_info("double-free on heap object\n");
571	p = kmem_cache_alloc(cache, GFP_KERNEL);
572	if (!p) {
573		pr_err("Allocation failed\n");
574		kmem_cache_destroy(cache);
575		return;
576	}
577
578	kmem_cache_free(cache, p);
579	kmem_cache_free(cache, p);
580	kmem_cache_destroy(cache);
581}
582
583static noinline void __init kmem_cache_invalid_free(void)
584{
585	char *p;
586	size_t size = 200;
587	struct kmem_cache *cache;
588
589	cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU,
590				  NULL);
591	if (!cache) {
592		pr_err("Cache allocation failed\n");
593		return;
594	}
595	pr_info("invalid-free of heap object\n");
596	p = kmem_cache_alloc(cache, GFP_KERNEL);
597	if (!p) {
598		pr_err("Allocation failed\n");
599		kmem_cache_destroy(cache);
600		return;
601	}
602
603	/* Trigger invalid free, the object doesn't get freed */
604	kmem_cache_free(cache, p + 1);
605
606	/*
607	 * Properly free the object to prevent the "Objects remaining in
608	 * test_cache on __kmem_cache_shutdown" BUG failure.
609	 */
610	kmem_cache_free(cache, p);
611
612	kmem_cache_destroy(cache);
613}
614
615static noinline void __init kasan_memchr(void)
616{
617	char *ptr;
618	size_t size = 24;
619
620	pr_info("out-of-bounds in memchr\n");
621	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
622	if (!ptr)
623		return;
624
625	memchr(ptr, '1', size + 1);
626	kfree(ptr);
627}
628
629static noinline void __init kasan_memcmp(void)
630{
631	char *ptr;
632	size_t size = 24;
633	int arr[9];
634
635	pr_info("out-of-bounds in memcmp\n");
636	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
637	if (!ptr)
638		return;
639
640	memset(arr, 0, sizeof(arr));
641	memcmp(ptr, arr, size+1);
642	kfree(ptr);
643}
644
645static noinline void __init kasan_strings(void)
646{
647	char *ptr;
648	size_t size = 24;
649
650	pr_info("use-after-free in strchr\n");
651	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
652	if (!ptr)
653		return;
654
655	kfree(ptr);
656
657	/*
658	 * Try to cause only 1 invalid access (less spam in dmesg).
659	 * For that we need ptr to point to zeroed byte.
660	 * Skip metadata that could be stored in freed object so ptr
661	 * will likely point to zeroed byte.
662	 */
663	ptr += 16;
664	strchr(ptr, '1');
665
666	pr_info("use-after-free in strrchr\n");
667	strrchr(ptr, '1');
668
669	pr_info("use-after-free in strcmp\n");
670	strcmp(ptr, "2");
671
672	pr_info("use-after-free in strncmp\n");
673	strncmp(ptr, "2", 1);
674
675	pr_info("use-after-free in strlen\n");
676	strlen(ptr);
677
678	pr_info("use-after-free in strnlen\n");
679	strnlen(ptr, 1);
680}
681
682static noinline void __init kasan_bitops(void)
683{
684	/*
685	 * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
686	 * this way we do not actually corrupt other memory.
687	 */
688	long *bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL);
689	if (!bits)
690		return;
691
692	/*
693	 * Below calls try to access bit within allocated memory; however, the
694	 * below accesses are still out-of-bounds, since bitops are defined to
695	 * operate on the whole long the bit is in.
696	 */
697	pr_info("out-of-bounds in set_bit\n");
698	set_bit(BITS_PER_LONG, bits);
699
700	pr_info("out-of-bounds in __set_bit\n");
701	__set_bit(BITS_PER_LONG, bits);
702
703	pr_info("out-of-bounds in clear_bit\n");
704	clear_bit(BITS_PER_LONG, bits);
705
706	pr_info("out-of-bounds in __clear_bit\n");
707	__clear_bit(BITS_PER_LONG, bits);
708
709	pr_info("out-of-bounds in clear_bit_unlock\n");
710	clear_bit_unlock(BITS_PER_LONG, bits);
711
712	pr_info("out-of-bounds in __clear_bit_unlock\n");
713	__clear_bit_unlock(BITS_PER_LONG, bits);
714
715	pr_info("out-of-bounds in change_bit\n");
716	change_bit(BITS_PER_LONG, bits);
717
718	pr_info("out-of-bounds in __change_bit\n");
719	__change_bit(BITS_PER_LONG, bits);
720
721	/*
722	 * Below calls try to access bit beyond allocated memory.
723	 */
724	pr_info("out-of-bounds in test_and_set_bit\n");
725	test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
726
727	pr_info("out-of-bounds in __test_and_set_bit\n");
728	__test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
729
730	pr_info("out-of-bounds in test_and_set_bit_lock\n");
731	test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
732
733	pr_info("out-of-bounds in test_and_clear_bit\n");
734	test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
735
736	pr_info("out-of-bounds in __test_and_clear_bit\n");
737	__test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
738
739	pr_info("out-of-bounds in test_and_change_bit\n");
740	test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
741
742	pr_info("out-of-bounds in __test_and_change_bit\n");
743	__test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
744
745	pr_info("out-of-bounds in test_bit\n");
746	(void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
747
748#if defined(clear_bit_unlock_is_negative_byte)
749	pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
750	clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
751#endif
752	kfree(bits);
753}
754
755static noinline void __init kmalloc_double_kzfree(void)
756{
757	char *ptr;
758	size_t size = 16;
759
760	pr_info("double-free (kzfree)\n");
761	ptr = kmalloc(size, GFP_KERNEL);
762	if (!ptr) {
763		pr_err("Allocation failed\n");
764		return;
765	}
766
767	kzfree(ptr);
768	kzfree(ptr);
769}
770
771#ifdef CONFIG_KASAN_VMALLOC
772static noinline void __init vmalloc_oob(void)
773{
774	void *area;
775
776	pr_info("vmalloc out-of-bounds\n");
777
778	/*
779	 * We have to be careful not to hit the guard page.
780	 * The MMU will catch that and crash us.
781	 */
782	area = vmalloc(3000);
783	if (!area) {
784		pr_err("Allocation failed\n");
785		return;
786	}
787
788	((volatile char *)area)[3100];
789	vfree(area);
790}
791#else
792static void __init vmalloc_oob(void) {}
793#endif
794
795static int __init kmalloc_tests_init(void)
796{
797	/*
798	 * Temporarily enable multi-shot mode. Otherwise, we'd only get a
799	 * report for the first case.
800	 */
801	bool multishot = kasan_save_enable_multi_shot();
802
803	kmalloc_oob_right();
804	kmalloc_oob_left();
805	kmalloc_node_oob_right();
806#ifdef CONFIG_SLUB
807	kmalloc_pagealloc_oob_right();
808	kmalloc_pagealloc_uaf();
809	kmalloc_pagealloc_invalid_free();
810#endif
811	kmalloc_large_oob_right();
812	kmalloc_oob_krealloc_more();
813	kmalloc_oob_krealloc_less();
814	kmalloc_oob_16();
815	kmalloc_oob_in_memset();
816	kmalloc_oob_memset_2();
817	kmalloc_oob_memset_4();
818	kmalloc_oob_memset_8();
819	kmalloc_oob_memset_16();
820	kmalloc_memmove_invalid_size();
821	kmalloc_uaf();
822	kmalloc_uaf_memset();
823	kmalloc_uaf2();
824	kfree_via_page();
825	kfree_via_phys();
826	kmem_cache_oob();
827	memcg_accounted_kmem_cache();
828	kasan_stack_oob();
829	kasan_global_oob();
830	kasan_alloca_oob_left();
831	kasan_alloca_oob_right();
832	ksize_unpoisons_memory();
833	copy_user_test();
834	kmem_cache_double_free();
835	kmem_cache_invalid_free();
836	kasan_memchr();
837	kasan_memcmp();
838	kasan_strings();
839	kasan_bitops();
840	kmalloc_double_kzfree();
841	vmalloc_oob();
842
843	kasan_restore_multi_shot(multishot);
844
845	return -EAGAIN;
846}
847
848module_init(kmalloc_tests_init);
849MODULE_LICENSE("GPL");