Bug 213335

Summary:	KASAN: vmalloc_oob KUnit test fails
Product:	Memory Management	Reporter:	David Gow (davidgow)
Component:	Sanitizers	Assignee:	MM/Sanitizers virtual assignee (mm_sanitizers)
Status:	RESOLVED CODE_FIX
Severity:	normal	CC:	andreyknvl, dvyukov, kasan-dev
Priority:	P1
Hardware:	All
OS:	Linux
Kernel Version:	git master (5.13-rc4+, commit f88cd3fb9df228e5ce4e13ec3dbad671ddb2146e)	Subsystem:
Regression:	No	Bisected commit-id:

Description David Gow 2021-06-04 05:39:06 UTC

The 'vmalloc_oob' test is failing.

The "KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)area)[3100]);" line is not triggering a KASAN error.

I reproduced this using the qemu patchset[1] for KUnit, but it also showed up when compiling and running the kernel manually under qemu, with the test built-in.


The failure message (once [2] has been applied to make it useful) is:
[22:04:04] [FAILED] vmalloc_oob
[22:04:04]     # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:993
[22:04:04]     KASAN failure expected in "((volatile char *)area)[3100]", but none occurred
[22:04:04]     not ok 45 - vmalloc_oob

I did try randomly changing the 3100 to other values just outside the 3000-byte array, but wasn't able to get a KASAN failure.

I'm yet to try bisecting this properly, though...


[1]: https://patchwork.kernel.org/project/linux-kselftest/list/?series=489179
[2]: https://groups.google.com/g/kasan-dev/c/CbabdwoXGlE

Comment 1 Dmitry Vyukov 2021-06-04 07:36:22 UTC

Stupid question, but to rule out simple things: it may require CONFIG_KASAN_VMALLOC, do you have it enabled?

Comment 2 David Gow 2021-06-04 08:35:55 UTC

Yeah, CONFIG_KASAN_VMALLOC=y, otherwise that line is never reached (and therefore no expectation failure occurs) due to the KASAN_TEST_NEEDS_CONFIG_ON() earlier.

Comment 3 Andrey Konovalov 2021-06-06 09:56:16 UTC

I bisected this to 121e6f3258fe ("mm/vmalloc: hugepage vmalloc mappings"). Haven't yet looked into what the issue is.

Comment 4 Daniel Axtens 2021-06-16 07:37:44 UTC

> I bisected this to 121e6f3258fe ("mm/vmalloc: hugepage vmalloc mappings").
> Haven't yet looked into what the issue is.

Thanks for the bisect, I'll have a look ... I have the advantage of
being able to bug Nick via Slack if I get stuck :P

Kind regards,
Daniel

Comment 5 Daniel Axtens 2021-06-17 08:42:01 UTC

See https://lore.kernel.org/linux-mm/20210617081330.98629-1-dja@axtens.net/T/#u

Comment 6 David Gow 2021-06-29 22:57:15 UTC

Confirmed this is fixed by https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7ca3027b726be681c8e6292b5a81ebcde7581710 in 5.13, thanks!