mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 10:45:49 +00:00
cac39b0706
Guenter Roeck reports that the new slub kunit tests added by commit4e1c44b3db
("kunit, slub: add test_kfree_rcu() and test_leak_destroy()") cause a lockup on boot on several architectures when the kunit tests are configured to be built-in and not modules. The test_kfree_rcu test invokes kfree_rcu() and boot sequence inspection showed the runner for built-in kunit tests kunit_run_all_tests() is called before setting system_state to SYSTEM_RUNNING and calling rcu_end_inkernel_boot(), so this seems like a likely cause. So while I was unable to reproduce the problem myself, skipping the test when the slub_kunit module is built-in should avoid the issue. An alternative fix that was moving the call to kunit_run_all_tests() a bit later in the boot was tried, but has broken tests with functions marked as __init due to free_initmem() already being done. Fixes:4e1c44b3db
("kunit, slub: add test_kfree_rcu() and test_leak_destroy()") Reported-by: Guenter Roeck <linux@roeck-us.net> Closes: https://lore.kernel.org/all/6fcb1252-7990-4f0d-8027-5e83f0fb9409@roeck-us.net/ Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Boqun Feng <boqun.feng@gmail.com> Cc: Uladzislau Rezki <urezki@gmail.com> Cc: rcu@vger.kernel.org Cc: Brendan Higgins <brendanhiggins@google.com> Cc: David Gow <davidgow@google.com> Cc: Rae Moar <rmoar@google.com> Cc: linux-kselftest@vger.kernel.org Cc: kunit-dev@googlegroups.com Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
228 lines
5.2 KiB
C
228 lines
5.2 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <kunit/test.h>
|
|
#include <kunit/test-bug.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/module.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/rcupdate.h>
|
|
#include "../mm/slab.h"
|
|
|
|
static struct kunit_resource resource;
|
|
static int slab_errors;
|
|
|
|
/*
|
|
* Wrapper function for kmem_cache_create(), which reduces 2 parameters:
|
|
* 'align' and 'ctor', and sets SLAB_SKIP_KFENCE flag to avoid getting an
|
|
* object from kfence pool, where the operation could be caught by both
|
|
* our test and kfence sanity check.
|
|
*/
|
|
static struct kmem_cache *test_kmem_cache_create(const char *name,
|
|
unsigned int size, slab_flags_t flags)
|
|
{
|
|
struct kmem_cache *s = kmem_cache_create(name, size, 0,
|
|
(flags | SLAB_NO_USER_FLAGS), NULL);
|
|
s->flags |= SLAB_SKIP_KFENCE;
|
|
return s;
|
|
}
|
|
|
|
static void test_clobber_zone(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_RZ_alloc", 64,
|
|
SLAB_RED_ZONE);
|
|
u8 *p = kmem_cache_alloc(s, GFP_KERNEL);
|
|
|
|
kasan_disable_current();
|
|
p[64] = 0x12;
|
|
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
|
|
kasan_enable_current();
|
|
kmem_cache_free(s, p);
|
|
kmem_cache_destroy(s);
|
|
}
|
|
|
|
#ifndef CONFIG_KASAN
|
|
static void test_next_pointer(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_next_ptr_free",
|
|
64, SLAB_POISON);
|
|
u8 *p = kmem_cache_alloc(s, GFP_KERNEL);
|
|
unsigned long tmp;
|
|
unsigned long *ptr_addr;
|
|
|
|
kmem_cache_free(s, p);
|
|
|
|
ptr_addr = (unsigned long *)(p + s->offset);
|
|
tmp = *ptr_addr;
|
|
p[s->offset] = ~p[s->offset];
|
|
|
|
/*
|
|
* Expecting three errors.
|
|
* One for the corrupted freechain and the other one for the wrong
|
|
* count of objects in use. The third error is fixing broken cache.
|
|
*/
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 3, slab_errors);
|
|
|
|
/*
|
|
* Try to repair corrupted freepointer.
|
|
* Still expecting two errors. The first for the wrong count
|
|
* of objects in use.
|
|
* The second error is for fixing broken cache.
|
|
*/
|
|
*ptr_addr = tmp;
|
|
slab_errors = 0;
|
|
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
|
|
/*
|
|
* Previous validation repaired the count of objects in use.
|
|
* Now expecting no error.
|
|
*/
|
|
slab_errors = 0;
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 0, slab_errors);
|
|
|
|
kmem_cache_destroy(s);
|
|
}
|
|
|
|
static void test_first_word(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_1th_word_free",
|
|
64, SLAB_POISON);
|
|
u8 *p = kmem_cache_alloc(s, GFP_KERNEL);
|
|
|
|
kmem_cache_free(s, p);
|
|
*p = 0x78;
|
|
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
|
|
kmem_cache_destroy(s);
|
|
}
|
|
|
|
static void test_clobber_50th_byte(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_50th_word_free",
|
|
64, SLAB_POISON);
|
|
u8 *p = kmem_cache_alloc(s, GFP_KERNEL);
|
|
|
|
kmem_cache_free(s, p);
|
|
p[50] = 0x9a;
|
|
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
|
|
kmem_cache_destroy(s);
|
|
}
|
|
#endif
|
|
|
|
static void test_clobber_redzone_free(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_RZ_free", 64,
|
|
SLAB_RED_ZONE);
|
|
u8 *p = kmem_cache_alloc(s, GFP_KERNEL);
|
|
|
|
kasan_disable_current();
|
|
kmem_cache_free(s, p);
|
|
p[64] = 0xab;
|
|
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
|
|
kasan_enable_current();
|
|
kmem_cache_destroy(s);
|
|
}
|
|
|
|
static void test_kmalloc_redzone_access(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_RZ_kmalloc", 32,
|
|
SLAB_KMALLOC|SLAB_STORE_USER|SLAB_RED_ZONE);
|
|
u8 *p = __kmalloc_cache_noprof(s, GFP_KERNEL, 18);
|
|
|
|
kasan_disable_current();
|
|
|
|
/* Suppress the -Warray-bounds warning */
|
|
OPTIMIZER_HIDE_VAR(p);
|
|
p[18] = 0xab;
|
|
p[19] = 0xab;
|
|
|
|
validate_slab_cache(s);
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
|
|
kasan_enable_current();
|
|
kmem_cache_free(s, p);
|
|
kmem_cache_destroy(s);
|
|
}
|
|
|
|
struct test_kfree_rcu_struct {
|
|
struct rcu_head rcu;
|
|
};
|
|
|
|
static void test_kfree_rcu(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s;
|
|
struct test_kfree_rcu_struct *p;
|
|
|
|
if (IS_BUILTIN(CONFIG_SLUB_KUNIT_TEST))
|
|
kunit_skip(test, "can't do kfree_rcu() when test is built-in");
|
|
|
|
s = test_kmem_cache_create("TestSlub_kfree_rcu",
|
|
sizeof(struct test_kfree_rcu_struct),
|
|
SLAB_NO_MERGE);
|
|
p = kmem_cache_alloc(s, GFP_KERNEL);
|
|
|
|
kfree_rcu(p, rcu);
|
|
kmem_cache_destroy(s);
|
|
|
|
KUNIT_EXPECT_EQ(test, 0, slab_errors);
|
|
}
|
|
|
|
static void test_leak_destroy(struct kunit *test)
|
|
{
|
|
struct kmem_cache *s = test_kmem_cache_create("TestSlub_leak_destroy",
|
|
64, SLAB_NO_MERGE);
|
|
kmem_cache_alloc(s, GFP_KERNEL);
|
|
|
|
kmem_cache_destroy(s);
|
|
|
|
KUNIT_EXPECT_EQ(test, 2, slab_errors);
|
|
}
|
|
|
|
static int test_init(struct kunit *test)
|
|
{
|
|
slab_errors = 0;
|
|
|
|
kunit_add_named_resource(test, NULL, NULL, &resource,
|
|
"slab_errors", &slab_errors);
|
|
return 0;
|
|
}
|
|
|
|
static struct kunit_case test_cases[] = {
|
|
KUNIT_CASE(test_clobber_zone),
|
|
|
|
#ifndef CONFIG_KASAN
|
|
KUNIT_CASE(test_next_pointer),
|
|
KUNIT_CASE(test_first_word),
|
|
KUNIT_CASE(test_clobber_50th_byte),
|
|
#endif
|
|
|
|
KUNIT_CASE(test_clobber_redzone_free),
|
|
KUNIT_CASE(test_kmalloc_redzone_access),
|
|
KUNIT_CASE(test_kfree_rcu),
|
|
KUNIT_CASE(test_leak_destroy),
|
|
{}
|
|
};
|
|
|
|
static struct kunit_suite test_suite = {
|
|
.name = "slub_test",
|
|
.init = test_init,
|
|
.test_cases = test_cases,
|
|
};
|
|
kunit_test_suite(test_suite);
|
|
|
|
MODULE_LICENSE("GPL");
|