1 files changed, 41 insertions, 0 deletions
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index b63b367a94e8..49cc4d570a40 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -18,6 +18,9 @@
 #include <linux/slab.h>
 #include <linux/string.h>
 #include <linux/uaccess.h>
+#include <linux/io.h>
+#include <asm/page.h>
 /*
 * Note: test functions are marked noinline so that their names appear in
@@ -337,6 +340,42 @@ static noinline void __init kmalloc_uaf2(void)
        kfree(ptr2);
 }
+static noinline void __init kfree_via_page(void)
+{
+        char *ptr;
+        size_t size = 8;
+        struct page *page;
+        unsigned long offset;
+        pr_info("invalid-free false positive (via page)\n");
+        ptr = kmalloc(size, GFP_KERNEL);
+        if (!ptr) {
+                pr_err("Allocation failed\n");
+                return;
+        }
+        page = virt_to_page(ptr);
+        offset = offset_in_page(ptr);
+        kfree(page_address(page) + offset);
+}
+static noinline void __init kfree_via_phys(void)
+{
+        char *ptr;
+        size_t size = 8;
+        phys_addr_t phys;
+        pr_info("invalid-free false positive (via phys)\n");
+        ptr = kmalloc(size, GFP_KERNEL);
+        if (!ptr) {
+                pr_err("Allocation failed\n");
+                return;
+        }
+        phys = virt_to_phys(ptr);
+        kfree(phys_to_virt(phys));
+}
 static noinline void __init kmem_cache_oob(void)
 {
        char *p;
@@ -737,6 +776,8 @@ static int __init kmalloc_tests_init(void)
        kmalloc_uaf();
        kmalloc_uaf_memset();
        kmalloc_uaf2();
+        kfree_via_page();
+        kfree_via_phys();
        kmem_cache_oob();
        memcg_accounted_kmem_cache();
        kasan_stack_oob();

diff --git a/lib/test_kasan.c b/lib/test_kasan.c index b63b367a94e8..49cc4d570a40 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c
@@ -18,6 +18,9 @@
18	#include <linux/slab.h>	18	#include <linux/slab.h>
19	#include <linux/string.h>	19	#include <linux/string.h>
20	#include <linux/uaccess.h>	20	#include <linux/uaccess.h>
		21	#include <linux/io.h>
		22
		23	#include <asm/page.h>
21		24
22	/*	25	/*
23	* Note: test functions are marked noinline so that their names appear in	26	* Note: test functions are marked noinline so that their names appear in
@@ -337,6 +340,42 @@ static noinline void __init kmalloc_uaf2(void)
337	kfree(ptr2);	340	kfree(ptr2);
338	}	341	}
339		342
		343	static noinline void __init kfree_via_page(void)
		344	{
		345	char *ptr;
		346	size_t size = 8;
		347	struct page *page;
		348	unsigned long offset;
		349
		350	pr_info("invalid-free false positive (via page)\n");
		351	ptr = kmalloc(size, GFP_KERNEL);
		352	if (!ptr) {
		353	pr_err("Allocation failed\n");
		354	return;
		355	}
		356
		357	page = virt_to_page(ptr);
		358	offset = offset_in_page(ptr);
		359	kfree(page_address(page) + offset);
		360	}
		361
		362	static noinline void __init kfree_via_phys(void)
		363	{
		364	char *ptr;
		365	size_t size = 8;
		366	phys_addr_t phys;
		367
		368	pr_info("invalid-free false positive (via phys)\n");
		369	ptr = kmalloc(size, GFP_KERNEL);
		370	if (!ptr) {
		371	pr_err("Allocation failed\n");
		372	return;
		373	}
		374
		375	phys = virt_to_phys(ptr);
		376	kfree(phys_to_virt(phys));
		377	}
		378
340	static noinline void __init kmem_cache_oob(void)	379	static noinline void __init kmem_cache_oob(void)
341	{	380	{
342	char *p;	381	char *p;
@@ -737,6 +776,8 @@ static int __init kmalloc_tests_init(void)
737	kmalloc_uaf();	776	kmalloc_uaf();
738	kmalloc_uaf_memset();	777	kmalloc_uaf_memset();
739	kmalloc_uaf2();	778	kmalloc_uaf2();
		779	kfree_via_page();
		780	kfree_via_phys();
740	kmem_cache_oob();	781	kmem_cache_oob();
741	memcg_accounted_kmem_cache();	782	memcg_accounted_kmem_cache();
742	kasan_stack_oob();	783	kasan_stack_oob();