Lines Matching +full:cache +full:- +full:size
33 size_t size = 123; in kmalloc_oob_right() local
35 pr_info("out-of-bounds to right\n"); in kmalloc_oob_right()
36 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_right()
42 ptr[size] = 'x'; in kmalloc_oob_right()
49 size_t size = 15; in kmalloc_oob_left() local
51 pr_info("out-of-bounds to left\n"); in kmalloc_oob_left()
52 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_left()
58 *ptr = *(ptr - 1); in kmalloc_oob_left()
65 size_t size = 4096; in kmalloc_node_oob_right() local
67 pr_info("kmalloc_node(): out-of-bounds to right\n"); in kmalloc_node_oob_right()
68 ptr = kmalloc_node(size, GFP_KERNEL, 0); in kmalloc_node_oob_right()
74 ptr[size] = 0; in kmalloc_node_oob_right()
82 size_t size = KMALLOC_MAX_CACHE_SIZE + 10; in kmalloc_pagealloc_oob_right() local
84 /* Allocate a chunk that does not fit into a SLUB cache to trigger in kmalloc_pagealloc_oob_right()
87 pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n"); in kmalloc_pagealloc_oob_right()
88 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_pagealloc_oob_right()
94 ptr[size] = 0; in kmalloc_pagealloc_oob_right()
101 size_t size = KMALLOC_MAX_CACHE_SIZE + 10; in kmalloc_pagealloc_uaf() local
103 pr_info("kmalloc pagealloc allocation: use-after-free\n"); in kmalloc_pagealloc_uaf()
104 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_pagealloc_uaf()
117 size_t size = KMALLOC_MAX_CACHE_SIZE + 10; in kmalloc_pagealloc_invalid_free() local
119 pr_info("kmalloc pagealloc allocation: invalid-free\n"); in kmalloc_pagealloc_invalid_free()
120 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_pagealloc_invalid_free()
133 size_t size = KMALLOC_MAX_CACHE_SIZE - 256; in kmalloc_large_oob_right() local
137 pr_info("kmalloc large allocation: out-of-bounds to right\n"); in kmalloc_large_oob_right()
138 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_large_oob_right()
144 ptr[size] = 0; in kmalloc_large_oob_right()
154 pr_info("out-of-bounds after krealloc more\n"); in kmalloc_oob_krealloc_more()
174 pr_info("out-of-bounds after krealloc less\n"); in kmalloc_oob_krealloc_less()
192 pr_info("kmalloc out-of-bounds for 16-bytes access\n"); in kmalloc_oob_16()
193 ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL); in kmalloc_oob_16()
209 size_t size = 8; in kmalloc_oob_memset_2() local
211 pr_info("out-of-bounds in memset2\n"); in kmalloc_oob_memset_2()
212 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_memset_2()
225 size_t size = 8; in kmalloc_oob_memset_4() local
227 pr_info("out-of-bounds in memset4\n"); in kmalloc_oob_memset_4()
228 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_memset_4()
242 size_t size = 8; in kmalloc_oob_memset_8() local
244 pr_info("out-of-bounds in memset8\n"); in kmalloc_oob_memset_8()
245 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_memset_8()
258 size_t size = 16; in kmalloc_oob_memset_16() local
260 pr_info("out-of-bounds in memset16\n"); in kmalloc_oob_memset_16()
261 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_memset_16()
274 size_t size = 666; in kmalloc_oob_in_memset() local
276 pr_info("out-of-bounds in memset\n"); in kmalloc_oob_in_memset()
277 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_oob_in_memset()
283 memset(ptr, 0, size+5); in kmalloc_oob_in_memset()
290 size_t size = 10; in kmalloc_uaf() local
292 pr_info("use-after-free\n"); in kmalloc_uaf()
293 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_uaf()
306 size_t size = 33; in kmalloc_uaf_memset() local
308 pr_info("use-after-free in memset\n"); in kmalloc_uaf_memset()
309 ptr = kmalloc(size, GFP_KERNEL); in kmalloc_uaf_memset()
316 memset(ptr, 0, size); in kmalloc_uaf_memset()
322 size_t size = 43; in kmalloc_uaf2() local
324 pr_info("use-after-free after another kmalloc\n"); in kmalloc_uaf2()
325 ptr1 = kmalloc(size, GFP_KERNEL); in kmalloc_uaf2()
332 ptr2 = kmalloc(size, GFP_KERNEL); in kmalloc_uaf2()
340 pr_err("Could not detect use-after-free: ptr1 == ptr2\n"); in kmalloc_uaf2()
347 size_t size = 200; in kmem_cache_oob() local
348 struct kmem_cache *cache = kmem_cache_create("test_cache", in kmem_cache_oob() local
349 size, 0, in kmem_cache_oob()
351 if (!cache) { in kmem_cache_oob()
352 pr_err("Cache allocation failed\n"); in kmem_cache_oob()
355 pr_info("out-of-bounds in kmem_cache_alloc\n"); in kmem_cache_oob()
356 p = kmem_cache_alloc(cache, GFP_KERNEL); in kmem_cache_oob()
359 kmem_cache_destroy(cache); in kmem_cache_oob()
363 *p = p[size]; in kmem_cache_oob()
364 kmem_cache_free(cache, p); in kmem_cache_oob()
365 kmem_cache_destroy(cache); in kmem_cache_oob()
372 size_t size = 200; in memcg_accounted_kmem_cache() local
373 struct kmem_cache *cache; in memcg_accounted_kmem_cache() local
375 cache = kmem_cache_create("test_cache", size, 0, SLAB_ACCOUNT, NULL); in memcg_accounted_kmem_cache()
376 if (!cache) { in memcg_accounted_kmem_cache()
377 pr_err("Cache allocation failed\n"); in memcg_accounted_kmem_cache()
384 * cache creation. in memcg_accounted_kmem_cache()
387 p = kmem_cache_alloc(cache, GFP_KERNEL); in memcg_accounted_kmem_cache()
391 kmem_cache_free(cache, p); in memcg_accounted_kmem_cache()
396 kmem_cache_destroy(cache); in memcg_accounted_kmem_cache()
406 pr_info("out-of-bounds global variable\n"); in kasan_global_oob()
416 pr_info("out-of-bounds on stack\n"); in kasan_stack_oob()
423 size_t size = 123, real_size; in ksize_unpoisons_memory() local
426 ptr = kmalloc(size, GFP_KERNEL); in ksize_unpoisons_memory()
433 ptr[size] = 'x'; in ksize_unpoisons_memory()
443 size_t size = 10; in copy_user_test() local
446 kmem = kmalloc(size, GFP_KERNEL); in copy_user_test()
459 pr_info("out-of-bounds in copy_from_user()\n"); in copy_user_test()
460 unused = copy_from_user(kmem, usermem, size + 1); in copy_user_test()
462 pr_info("out-of-bounds in copy_to_user()\n"); in copy_user_test()
463 unused = copy_to_user(usermem, kmem, size + 1); in copy_user_test()
465 pr_info("out-of-bounds in __copy_from_user()\n"); in copy_user_test()
466 unused = __copy_from_user(kmem, usermem, size + 1); in copy_user_test()
468 pr_info("out-of-bounds in __copy_to_user()\n"); in copy_user_test()
469 unused = __copy_to_user(usermem, kmem, size + 1); in copy_user_test()
471 pr_info("out-of-bounds in __copy_from_user_inatomic()\n"); in copy_user_test()
472 unused = __copy_from_user_inatomic(kmem, usermem, size + 1); in copy_user_test()
474 pr_info("out-of-bounds in __copy_to_user_inatomic()\n"); in copy_user_test()
475 unused = __copy_to_user_inatomic(usermem, kmem, size + 1); in copy_user_test()
477 pr_info("out-of-bounds in strncpy_from_user()\n"); in copy_user_test()
478 unused = strncpy_from_user(kmem, usermem, size + 1); in copy_user_test()
488 pr_info("use-after-scope on int\n"); in use_after_scope_test()
497 pr_info("use-after-scope on array\n"); in use_after_scope_test()
511 char *p = alloca_array - 1; in kasan_alloca_oob_left()
513 pr_info("out-of-bounds to left on alloca\n"); in kasan_alloca_oob_left()
523 pr_info("out-of-bounds to right on alloca\n"); in kasan_alloca_oob_right()
530 size_t size = 200; in kmem_cache_double_free() local
531 struct kmem_cache *cache; in kmem_cache_double_free() local
533 cache = kmem_cache_create("test_cache", size, 0, 0, NULL); in kmem_cache_double_free()
534 if (!cache) { in kmem_cache_double_free()
535 pr_err("Cache allocation failed\n"); in kmem_cache_double_free()
538 pr_info("double-free on heap object\n"); in kmem_cache_double_free()
539 p = kmem_cache_alloc(cache, GFP_KERNEL); in kmem_cache_double_free()
542 kmem_cache_destroy(cache); in kmem_cache_double_free()
546 kmem_cache_free(cache, p); in kmem_cache_double_free()
547 kmem_cache_free(cache, p); in kmem_cache_double_free()
548 kmem_cache_destroy(cache); in kmem_cache_double_free()
554 size_t size = 200; in kmem_cache_invalid_free() local
555 struct kmem_cache *cache; in kmem_cache_invalid_free() local
557 cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU, in kmem_cache_invalid_free()
559 if (!cache) { in kmem_cache_invalid_free()
560 pr_err("Cache allocation failed\n"); in kmem_cache_invalid_free()
563 pr_info("invalid-free of heap object\n"); in kmem_cache_invalid_free()
564 p = kmem_cache_alloc(cache, GFP_KERNEL); in kmem_cache_invalid_free()
567 kmem_cache_destroy(cache); in kmem_cache_invalid_free()
572 kmem_cache_free(cache, p + 1); in kmem_cache_invalid_free()
578 kmem_cache_free(cache, p); in kmem_cache_invalid_free()
580 kmem_cache_destroy(cache); in kmem_cache_invalid_free()
586 * Temporarily enable multi-shot mode. Otherwise, we'd only get a in kmalloc_tests_init()
625 return -EAGAIN; in kmalloc_tests_init()