linux/lib/test_kasan.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *
   4 * Copyright (c) 2014 Samsung Electronics Co., Ltd.
   5 * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
   6 */
   7
   8#define pr_fmt(fmt) "kasan test: %s " fmt, __func__
   9
  10#include <linux/bitops.h>
  11#include <linux/delay.h>
  12#include <linux/kasan.h>
  13#include <linux/kernel.h>
  14#include <linux/mm.h>
  15#include <linux/mman.h>
  16#include <linux/module.h>
  17#include <linux/printk.h>
  18#include <linux/slab.h>
  19#include <linux/string.h>
  20#include <linux/uaccess.h>
  21#include <linux/io.h>
  22
  23#include <asm/page.h>
  24
  25/*
  26 * Note: test functions are marked noinline so that their names appear in
  27 * reports.
  28 */
  29
  30static noinline void __init kmalloc_oob_right(void)
  31{
  32        char *ptr;
  33        size_t size = 123;
  34
  35        pr_info("out-of-bounds to right\n");
  36        ptr = kmalloc(size, GFP_KERNEL);
  37        if (!ptr) {
  38                pr_err("Allocation failed\n");
  39                return;
  40        }
  41
  42        ptr[size] = 'x';
  43        kfree(ptr);
  44}
  45
  46static noinline void __init kmalloc_oob_left(void)
  47{
  48        char *ptr;
  49        size_t size = 15;
  50
  51        pr_info("out-of-bounds to left\n");
  52        ptr = kmalloc(size, GFP_KERNEL);
  53        if (!ptr) {
  54                pr_err("Allocation failed\n");
  55                return;
  56        }
  57
  58        *ptr = *(ptr - 1);
  59        kfree(ptr);
  60}
  61
  62static noinline void __init kmalloc_node_oob_right(void)
  63{
  64        char *ptr;
  65        size_t size = 4096;
  66
  67        pr_info("kmalloc_node(): out-of-bounds to right\n");
  68        ptr = kmalloc_node(size, GFP_KERNEL, 0);
  69        if (!ptr) {
  70                pr_err("Allocation failed\n");
  71                return;
  72        }
  73
  74        ptr[size] = 0;
  75        kfree(ptr);
  76}
  77
  78#ifdef CONFIG_SLUB
  79static noinline void __init kmalloc_pagealloc_oob_right(void)
  80{
  81        char *ptr;
  82        size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
  83
  84        /* Allocate a chunk that does not fit into a SLUB cache to trigger
  85         * the page allocator fallback.
  86         */
  87        pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
  88        ptr = kmalloc(size, GFP_KERNEL);
  89        if (!ptr) {
  90                pr_err("Allocation failed\n");
  91                return;
  92        }
  93
  94        ptr[size] = 0;
  95        kfree(ptr);
  96}
  97
  98static noinline void __init kmalloc_pagealloc_uaf(void)
  99{
 100        char *ptr;
 101        size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 102
 103        pr_info("kmalloc pagealloc allocation: use-after-free\n");
 104        ptr = kmalloc(size, GFP_KERNEL);
 105        if (!ptr) {
 106                pr_err("Allocation failed\n");
 107                return;
 108        }
 109
 110        kfree(ptr);
 111        ptr[0] = 0;
 112}
 113
 114static noinline void __init kmalloc_pagealloc_invalid_free(void)
 115{
 116        char *ptr;
 117        size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 118
 119        pr_info("kmalloc pagealloc allocation: invalid-free\n");
 120        ptr = kmalloc(size, GFP_KERNEL);
 121        if (!ptr) {
 122                pr_err("Allocation failed\n");
 123                return;
 124        }
 125
 126        kfree(ptr + 1);
 127}
 128#endif
 129
 130static noinline void __init kmalloc_large_oob_right(void)
 131{
 132        char *ptr;
 133        size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
 134        /* Allocate a chunk that is large enough, but still fits into a slab
 135         * and does not trigger the page allocator fallback in SLUB.
 136         */
 137        pr_info("kmalloc large allocation: out-of-bounds to right\n");
 138        ptr = kmalloc(size, GFP_KERNEL);
 139        if (!ptr) {
 140                pr_err("Allocation failed\n");
 141                return;
 142        }
 143
 144        ptr[size] = 0;
 145        kfree(ptr);
 146}
 147
 148static noinline void __init kmalloc_oob_krealloc_more(void)
 149{
 150        char *ptr1, *ptr2;
 151        size_t size1 = 17;
 152        size_t size2 = 19;
 153
 154        pr_info("out-of-bounds after krealloc more\n");
 155        ptr1 = kmalloc(size1, GFP_KERNEL);
 156        ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
 157        if (!ptr1 || !ptr2) {
 158                pr_err("Allocation failed\n");
 159                kfree(ptr1);
 160                return;
 161        }
 162
 163        ptr2[size2] = 'x';
 164        kfree(ptr2);
 165}
 166
 167static noinline void __init kmalloc_oob_krealloc_less(void)
 168{
 169        char *ptr1, *ptr2;
 170        size_t size1 = 17;
 171        size_t size2 = 15;
 172
 173        pr_info("out-of-bounds after krealloc less\n");
 174        ptr1 = kmalloc(size1, GFP_KERNEL);
 175        ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
 176        if (!ptr1 || !ptr2) {
 177                pr_err("Allocation failed\n");
 178                kfree(ptr1);
 179                return;
 180        }
 181        ptr2[size2] = 'x';
 182        kfree(ptr2);
 183}
 184
 185static noinline void __init kmalloc_oob_16(void)
 186{
 187        struct {
 188                u64 words[2];
 189        } *ptr1, *ptr2;
 190
 191        pr_info("kmalloc out-of-bounds for 16-bytes access\n");
 192        ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
 193        ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
 194        if (!ptr1 || !ptr2) {
 195                pr_err("Allocation failed\n");
 196                kfree(ptr1);
 197                kfree(ptr2);
 198                return;
 199        }
 200        *ptr1 = *ptr2;
 201        kfree(ptr1);
 202        kfree(ptr2);
 203}
 204
 205static noinline void __init kmalloc_oob_memset_2(void)
 206{
 207        char *ptr;
 208        size_t size = 8;
 209
 210        pr_info("out-of-bounds in memset2\n");
 211        ptr = kmalloc(size, GFP_KERNEL);
 212        if (!ptr) {
 213                pr_err("Allocation failed\n");
 214                return;
 215        }
 216
 217        memset(ptr+7, 0, 2);
 218        kfree(ptr);
 219}
 220
 221static noinline void __init kmalloc_oob_memset_4(void)
 222{
 223        char *ptr;
 224        size_t size = 8;
 225
 226        pr_info("out-of-bounds in memset4\n");
 227        ptr = kmalloc(size, GFP_KERNEL);
 228        if (!ptr) {
 229                pr_err("Allocation failed\n");
 230                return;
 231        }
 232
 233        memset(ptr+5, 0, 4);
 234        kfree(ptr);
 235}
 236
 237
 238static noinline void __init kmalloc_oob_memset_8(void)
 239{
 240        char *ptr;
 241        size_t size = 8;
 242
 243        pr_info("out-of-bounds in memset8\n");
 244        ptr = kmalloc(size, GFP_KERNEL);
 245        if (!ptr) {
 246                pr_err("Allocation failed\n");
 247                return;
 248        }
 249
 250        memset(ptr+1, 0, 8);
 251        kfree(ptr);
 252}
 253
 254static noinline void __init kmalloc_oob_memset_16(void)
 255{
 256        char *ptr;
 257        size_t size = 16;
 258
 259        pr_info("out-of-bounds in memset16\n");
 260        ptr = kmalloc(size, GFP_KERNEL);
 261        if (!ptr) {
 262                pr_err("Allocation failed\n");
 263                return;
 264        }
 265
 266        memset(ptr+1, 0, 16);
 267        kfree(ptr);
 268}
 269
 270static noinline void __init kmalloc_oob_in_memset(void)
 271{
 272        char *ptr;
 273        size_t size = 666;
 274
 275        pr_info("out-of-bounds in memset\n");
 276        ptr = kmalloc(size, GFP_KERNEL);
 277        if (!ptr) {
 278                pr_err("Allocation failed\n");
 279                return;
 280        }
 281
 282        memset(ptr, 0, size+5);
 283        kfree(ptr);
 284}
 285
 286static noinline void __init kmalloc_uaf(void)
 287{
 288        char *ptr;
 289        size_t size = 10;
 290
 291        pr_info("use-after-free\n");
 292        ptr = kmalloc(size, GFP_KERNEL);
 293        if (!ptr) {
 294                pr_err("Allocation failed\n");
 295                return;
 296        }
 297
 298        kfree(ptr);
 299        *(ptr + 8) = 'x';
 300}
 301
 302static noinline void __init kmalloc_uaf_memset(void)
 303{
 304        char *ptr;
 305        size_t size = 33;
 306
 307        pr_info("use-after-free in memset\n");
 308        ptr = kmalloc(size, GFP_KERNEL);
 309        if (!ptr) {
 310                pr_err("Allocation failed\n");
 311                return;
 312        }
 313
 314        kfree(ptr);
 315        memset(ptr, 0, size);
 316}
 317
 318static noinline void __init kmalloc_uaf2(void)
 319{
 320        char *ptr1, *ptr2;
 321        size_t size = 43;
 322
 323        pr_info("use-after-free after another kmalloc\n");
 324        ptr1 = kmalloc(size, GFP_KERNEL);
 325        if (!ptr1) {
 326                pr_err("Allocation failed\n");
 327                return;
 328        }
 329
 330        kfree(ptr1);
 331        ptr2 = kmalloc(size, GFP_KERNEL);
 332        if (!ptr2) {
 333                pr_err("Allocation failed\n");
 334                return;
 335        }
 336
 337        ptr1[40] = 'x';
 338        if (ptr1 == ptr2)
 339                pr_err("Could not detect use-after-free: ptr1 == ptr2\n");
 340        kfree(ptr2);
 341}
 342
 343static noinline void __init kfree_via_page(void)
 344{
 345        char *ptr;
 346        size_t size = 8;
 347        struct page *page;
 348        unsigned long offset;
 349
 350        pr_info("invalid-free false positive (via page)\n");
 351        ptr = kmalloc(size, GFP_KERNEL);
 352        if (!ptr) {
 353                pr_err("Allocation failed\n");
 354                return;
 355        }
 356
 357        page = virt_to_page(ptr);
 358        offset = offset_in_page(ptr);
 359        kfree(page_address(page) + offset);
 360}
 361
 362static noinline void __init kfree_via_phys(void)
 363{
 364        char *ptr;
 365        size_t size = 8;
 366        phys_addr_t phys;
 367
 368        pr_info("invalid-free false positive (via phys)\n");
 369        ptr = kmalloc(size, GFP_KERNEL);
 370        if (!ptr) {
 371                pr_err("Allocation failed\n");
 372                return;
 373        }
 374
 375        phys = virt_to_phys(ptr);
 376        kfree(phys_to_virt(phys));
 377}
 378
 379static noinline void __init kmem_cache_oob(void)
 380{
 381        char *p;
 382        size_t size = 200;
 383        struct kmem_cache *cache = kmem_cache_create("test_cache",
 384                                                size, 0,
 385                                                0, NULL);
 386        if (!cache) {
 387                pr_err("Cache allocation failed\n");
 388                return;
 389        }
 390        pr_info("out-of-bounds in kmem_cache_alloc\n");
 391        p = kmem_cache_alloc(cache, GFP_KERNEL);
 392        if (!p) {
 393                pr_err("Allocation failed\n");
 394                kmem_cache_destroy(cache);
 395                return;
 396        }
 397
 398        *p = p[size];
 399        kmem_cache_free(cache, p);
 400        kmem_cache_destroy(cache);
 401}
 402
 403static noinline void __init memcg_accounted_kmem_cache(void)
 404{
 405        int i;
 406        char *p;
 407        size_t size = 200;
 408        struct kmem_cache *cache;
 409
 410        cache = kmem_cache_create("test_cache", size, 0, SLAB_ACCOUNT, NULL);
 411        if (!cache) {
 412                pr_err("Cache allocation failed\n");
 413                return;
 414        }
 415
 416        pr_info("allocate memcg accounted object\n");
 417        /*
 418         * Several allocations with a delay to allow for lazy per memcg kmem
 419         * cache creation.
 420         */
 421        for (i = 0; i < 5; i++) {
 422                p = kmem_cache_alloc(cache, GFP_KERNEL);
 423                if (!p)
 424                        goto free_cache;
 425
 426                kmem_cache_free(cache, p);
 427                msleep(100);
 428        }
 429
 430free_cache:
 431        kmem_cache_destroy(cache);
 432}
 433
 434static char global_array[10];
 435
 436static noinline void __init kasan_global_oob(void)
 437{
 438        volatile int i = 3;
 439        char *p = &global_array[ARRAY_SIZE(global_array) + i];
 440
 441        pr_info("out-of-bounds global variable\n");
 442        *(volatile char *)p;
 443}
 444
 445static noinline void __init kasan_stack_oob(void)
 446{
 447        char stack_array[10];
 448        volatile int i = 0;
 449        char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
 450
 451        pr_info("out-of-bounds on stack\n");
 452        *(volatile char *)p;
 453}
 454
 455static noinline void __init ksize_unpoisons_memory(void)
 456{
 457        char *ptr;
 458        size_t size = 123, real_size;
 459
 460        pr_info("ksize() unpoisons the whole allocated chunk\n");
 461        ptr = kmalloc(size, GFP_KERNEL);
 462        if (!ptr) {
 463                pr_err("Allocation failed\n");
 464                return;
 465        }
 466        real_size = ksize(ptr);
 467        /* This access doesn't trigger an error. */
 468        ptr[size] = 'x';
 469        /* This one does. */
 470        ptr[real_size] = 'y';
 471        kfree(ptr);
 472}
 473
 474static noinline void __init copy_user_test(void)
 475{
 476        char *kmem;
 477        char __user *usermem;
 478        size_t size = 10;
 479        int unused;
 480
 481        kmem = kmalloc(size, GFP_KERNEL);
 482        if (!kmem)
 483                return;
 484
 485        usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
 486                            PROT_READ | PROT_WRITE | PROT_EXEC,
 487                            MAP_ANONYMOUS | MAP_PRIVATE, 0);
 488        if (IS_ERR(usermem)) {
 489                pr_err("Failed to allocate user memory\n");
 490                kfree(kmem);
 491                return;
 492        }
 493
 494        pr_info("out-of-bounds in copy_from_user()\n");
 495        unused = copy_from_user(kmem, usermem, size + 1);
 496
 497        pr_info("out-of-bounds in copy_to_user()\n");
 498        unused = copy_to_user(usermem, kmem, size + 1);
 499
 500        pr_info("out-of-bounds in __copy_from_user()\n");
 501        unused = __copy_from_user(kmem, usermem, size + 1);
 502
 503        pr_info("out-of-bounds in __copy_to_user()\n");
 504        unused = __copy_to_user(usermem, kmem, size + 1);
 505
 506        pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
 507        unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
 508
 509        pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
 510        unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
 511
 512        pr_info("out-of-bounds in strncpy_from_user()\n");
 513        unused = strncpy_from_user(kmem, usermem, size + 1);
 514
 515        vm_munmap((unsigned long)usermem, PAGE_SIZE);
 516        kfree(kmem);
 517}
 518
 519static noinline void __init kasan_alloca_oob_left(void)
 520{
 521        volatile int i = 10;
 522        char alloca_array[i];
 523        char *p = alloca_array - 1;
 524
 525        pr_info("out-of-bounds to left on alloca\n");
 526        *(volatile char *)p;
 527}
 528
 529static noinline void __init kasan_alloca_oob_right(void)
 530{
 531        volatile int i = 10;
 532        char alloca_array[i];
 533        char *p = alloca_array + i;
 534
 535        pr_info("out-of-bounds to right on alloca\n");
 536        *(volatile char *)p;
 537}
 538
 539static noinline void __init kmem_cache_double_free(void)
 540{
 541        char *p;
 542        size_t size = 200;
 543        struct kmem_cache *cache;
 544
 545        cache = kmem_cache_create("test_cache", size, 0, 0, NULL);
 546        if (!cache) {
 547                pr_err("Cache allocation failed\n");
 548                return;
 549        }
 550        pr_info("double-free on heap object\n");
 551        p = kmem_cache_alloc(cache, GFP_KERNEL);
 552        if (!p) {
 553                pr_err("Allocation failed\n");
 554                kmem_cache_destroy(cache);
 555                return;
 556        }
 557
 558        kmem_cache_free(cache, p);
 559        kmem_cache_free(cache, p);
 560        kmem_cache_destroy(cache);
 561}
 562
 563static noinline void __init kmem_cache_invalid_free(void)
 564{
 565        char *p;
 566        size_t size = 200;
 567        struct kmem_cache *cache;
 568
 569        cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU,
 570                                  NULL);
 571        if (!cache) {
 572                pr_err("Cache allocation failed\n");
 573                return;
 574        }
 575        pr_info("invalid-free of heap object\n");
 576        p = kmem_cache_alloc(cache, GFP_KERNEL);
 577        if (!p) {
 578                pr_err("Allocation failed\n");
 579                kmem_cache_destroy(cache);
 580                return;
 581        }
 582
 583        /* Trigger invalid free, the object doesn't get freed */
 584        kmem_cache_free(cache, p + 1);
 585
 586        /*
 587         * Properly free the object to prevent the "Objects remaining in
 588         * test_cache on __kmem_cache_shutdown" BUG failure.
 589         */
 590        kmem_cache_free(cache, p);
 591
 592        kmem_cache_destroy(cache);
 593}
 594
 595static noinline void __init kasan_memchr(void)
 596{
 597        char *ptr;
 598        size_t size = 24;
 599
 600        pr_info("out-of-bounds in memchr\n");
 601        ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
 602        if (!ptr)
 603                return;
 604
 605        memchr(ptr, '1', size + 1);
 606        kfree(ptr);
 607}
 608
 609static noinline void __init kasan_memcmp(void)
 610{
 611        char *ptr;
 612        size_t size = 24;
 613        int arr[9];
 614
 615        pr_info("out-of-bounds in memcmp\n");
 616        ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
 617        if (!ptr)
 618                return;
 619
 620        memset(arr, 0, sizeof(arr));
 621        memcmp(ptr, arr, size+1);
 622        kfree(ptr);
 623}
 624
 625static noinline void __init kasan_strings(void)
 626{
 627        char *ptr;
 628        size_t size = 24;
 629
 630        pr_info("use-after-free in strchr\n");
 631        ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
 632        if (!ptr)
 633                return;
 634
 635        kfree(ptr);
 636
 637        /*
 638         * Try to cause only 1 invalid access (less spam in dmesg).
 639         * For that we need ptr to point to zeroed byte.
 640         * Skip metadata that could be stored in freed object so ptr
 641         * will likely point to zeroed byte.
 642         */
 643        ptr += 16;
 644        strchr(ptr, '1');
 645
 646        pr_info("use-after-free in strrchr\n");
 647        strrchr(ptr, '1');
 648
 649        pr_info("use-after-free in strcmp\n");
 650        strcmp(ptr, "2");
 651
 652        pr_info("use-after-free in strncmp\n");
 653        strncmp(ptr, "2", 1);
 654
 655        pr_info("use-after-free in strlen\n");
 656        strlen(ptr);
 657
 658        pr_info("use-after-free in strnlen\n");
 659        strnlen(ptr, 1);
 660}
 661
 662static noinline void __init kasan_bitops(void)
 663{
 664        /*
 665         * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
 666         * this way we do not actually corrupt other memory.
 667         */
 668        long *bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL);
 669        if (!bits)
 670                return;
 671
 672        /*
 673         * Below calls try to access bit within allocated memory; however, the
 674         * below accesses are still out-of-bounds, since bitops are defined to
 675         * operate on the whole long the bit is in.
 676         */
 677        pr_info("out-of-bounds in set_bit\n");
 678        set_bit(BITS_PER_LONG, bits);
 679
 680        pr_info("out-of-bounds in __set_bit\n");
 681        __set_bit(BITS_PER_LONG, bits);
 682
 683        pr_info("out-of-bounds in clear_bit\n");
 684        clear_bit(BITS_PER_LONG, bits);
 685
 686        pr_info("out-of-bounds in __clear_bit\n");
 687        __clear_bit(BITS_PER_LONG, bits);
 688
 689        pr_info("out-of-bounds in clear_bit_unlock\n");
 690        clear_bit_unlock(BITS_PER_LONG, bits);
 691
 692        pr_info("out-of-bounds in __clear_bit_unlock\n");
 693        __clear_bit_unlock(BITS_PER_LONG, bits);
 694
 695        pr_info("out-of-bounds in change_bit\n");
 696        change_bit(BITS_PER_LONG, bits);
 697
 698        pr_info("out-of-bounds in __change_bit\n");
 699        __change_bit(BITS_PER_LONG, bits);
 700
 701        /*
 702         * Below calls try to access bit beyond allocated memory.
 703         */
 704        pr_info("out-of-bounds in test_and_set_bit\n");
 705        test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 706
 707        pr_info("out-of-bounds in __test_and_set_bit\n");
 708        __test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 709
 710        pr_info("out-of-bounds in test_and_set_bit_lock\n");
 711        test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
 712
 713        pr_info("out-of-bounds in test_and_clear_bit\n");
 714        test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 715
 716        pr_info("out-of-bounds in __test_and_clear_bit\n");
 717        __test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 718
 719        pr_info("out-of-bounds in test_and_change_bit\n");
 720        test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 721
 722        pr_info("out-of-bounds in __test_and_change_bit\n");
 723        __test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 724
 725        pr_info("out-of-bounds in test_bit\n");
 726        (void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 727
 728#if defined(clear_bit_unlock_is_negative_byte)
 729        pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
 730        clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
 731#endif
 732        kfree(bits);
 733}
 734
 735static noinline void __init kmalloc_double_kzfree(void)
 736{
 737        char *ptr;
 738        size_t size = 16;
 739
 740        pr_info("double-free (kzfree)\n");
 741        ptr = kmalloc(size, GFP_KERNEL);
 742        if (!ptr) {
 743                pr_err("Allocation failed\n");
 744                return;
 745        }
 746
 747        kzfree(ptr);
 748        kzfree(ptr);
 749}
 750
 751static int __init kmalloc_tests_init(void)
 752{
 753        /*
 754         * Temporarily enable multi-shot mode. Otherwise, we'd only get a
 755         * report for the first case.
 756         */
 757        bool multishot = kasan_save_enable_multi_shot();
 758
 759        kmalloc_oob_right();
 760        kmalloc_oob_left();
 761        kmalloc_node_oob_right();
 762#ifdef CONFIG_SLUB
 763        kmalloc_pagealloc_oob_right();
 764        kmalloc_pagealloc_uaf();
 765        kmalloc_pagealloc_invalid_free();
 766#endif
 767        kmalloc_large_oob_right();
 768        kmalloc_oob_krealloc_more();
 769        kmalloc_oob_krealloc_less();
 770        kmalloc_oob_16();
 771        kmalloc_oob_in_memset();
 772        kmalloc_oob_memset_2();
 773        kmalloc_oob_memset_4();
 774        kmalloc_oob_memset_8();
 775        kmalloc_oob_memset_16();
 776        kmalloc_uaf();
 777        kmalloc_uaf_memset();
 778        kmalloc_uaf2();
 779        kfree_via_page();
 780        kfree_via_phys();
 781        kmem_cache_oob();
 782        memcg_accounted_kmem_cache();
 783        kasan_stack_oob();
 784        kasan_global_oob();
 785        kasan_alloca_oob_left();
 786        kasan_alloca_oob_right();
 787        ksize_unpoisons_memory();
 788        copy_user_test();
 789        kmem_cache_double_free();
 790        kmem_cache_invalid_free();
 791        kasan_memchr();
 792        kasan_memcmp();
 793        kasan_strings();
 794        kasan_bitops();
 795        kmalloc_double_kzfree();
 796
 797        kasan_restore_multi_shot(multishot);
 798
 799        return -EAGAIN;
 800}
 801
 802module_init(kmalloc_tests_init);
 803MODULE_LICENSE("GPL");
 804