kasan: fix invalid-free test crashing the kernel

When an invalid-free is triggered by one of the KASAN tests, the object doesn't actually get freed. This later leads to a BUG failure in kmem_cache_destroy that checks that there are no allocated objects in the cache that is being destroyed. Fix this by calling kmem_cache_free with the proper object address after the call that triggers invalid-free. Link: http://lkml.kernel.org/r/286eaefc0a6c3fa9b83b87e7d6dc0fbb5b5c9926.1519924383.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <[email protected]> Acked-by: Andrey Ryabinin <[email protected]> Cc: Alexander Potapenko <[email protected]> Cc: Dmitry Vyukov <[email protected]> Cc: Geert Uytterhoeven <[email protected]> Cc: Nick Terrell <[email protected]> Cc: Chris Mason <[email protected]> Cc: Yury Norov <[email protected]> Cc: Al Viro <[email protected]> Cc: "Luis R . Rodriguez" <[email protected]> Cc: Palmer Dabbelt <[email protected]> Cc: "Paul E . McKenney" <[email protected]> Cc: Jeff Layton <[email protected]> Cc: "Jason A . Donenfeld" <[email protected]> Cc: Kostya Serebryany <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
chewitt · Apr 11, 2018 · 91c93ed · 91c93ed
1 parent c389539
commit 91c93ed
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
@@ -567,7 +567,15 @@ static noinline void __init kmem_cache_invalid_free(void)
 		return;
 	}
 
+	/* Trigger invalid free, the object doesn't get freed */
 	kmem_cache_free(cache, p + 1);
+
+	/*
+	 * Properly free the object to prevent the "Objects remaining in
+	 * test_cache on __kmem_cache_shutdown" BUG failure.
+	 */
+	kmem_cache_free(cache, p);
+
 	kmem_cache_destroy(cache);
 }