Bug 213335

Summary: KASAN: vmalloc_oob KUnit test fails
Product: Memory Management Reporter: David Gow (davidgow)
Component: SanitizersAssignee: MM/Sanitizers virtual assignee (mm_sanitizers)
Status: RESOLVED CODE_FIX    
Severity: normal CC: andreyknvl, dvyukov, kasan-dev
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: git master (5.13-rc4+, commit f88cd3fb9df228e5ce4e13ec3dbad671ddb2146e) Tree: Mainline
Regression: No

Description David Gow 2021-06-04 05:39:06 UTC
The 'vmalloc_oob' test is failing.

The "KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)area)[3100]);" line is not triggering a KASAN error.

I reproduced this using the qemu patchset[1] for KUnit, but it also showed up when compiling and running the kernel manually under qemu, with the test built-in.


The failure message (once [2] has been applied to make it useful) is:
[22:04:04] [FAILED] vmalloc_oob
[22:04:04]     # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:993
[22:04:04]     KASAN failure expected in "((volatile char *)area)[3100]", but none occurred
[22:04:04]     not ok 45 - vmalloc_oob

I did try randomly changing the 3100 to other values just outside the 3000-byte array, but wasn't able to get a KASAN failure.

I'm yet to try bisecting this properly, though...


[1]: https://patchwork.kernel.org/project/linux-kselftest/list/?series=489179
[2]: https://groups.google.com/g/kasan-dev/c/CbabdwoXGlE
Comment 1 Dmitry Vyukov 2021-06-04 07:36:22 UTC
Stupid question, but to rule out simple things: it may require CONFIG_KASAN_VMALLOC, do you have it enabled?
Comment 2 David Gow 2021-06-04 08:35:55 UTC
Yeah, CONFIG_KASAN_VMALLOC=y, otherwise that line is never reached (and therefore no expectation failure occurs) due to the KASAN_TEST_NEEDS_CONFIG_ON() earlier.
Comment 3 Andrey Konovalov 2021-06-06 09:56:16 UTC
I bisected this to 121e6f3258fe ("mm/vmalloc: hugepage vmalloc mappings"). Haven't yet looked into what the issue is.
Comment 4 Daniel Axtens 2021-06-16 07:37:44 UTC
> I bisected this to 121e6f3258fe ("mm/vmalloc: hugepage vmalloc mappings").
> Haven't yet looked into what the issue is.

Thanks for the bisect, I'll have a look ... I have the advantage of
being able to bug Nick via Slack if I get stuck :P

Kind regards,
Daniel