Re: [PATCH] kasan/test: only do kmalloc_double_kzfree for generic mode
From: Andrey Konovalov
Date: Wed May 20 2026 - 14:25:22 EST
On Sun, May 17, 2026 at 9:17 AM Wang Wensheng <wsw9603@xxxxxxx> wrote:
>
> kmalloc_double_kzfree() would corrupt kernel memory when the just
> freed memory were allocated by another thread before the second
> call to kfree_sensitive().
>
> This could not happen in GENERIC mode as it uses quarantine.
Quite unfortunate to disable this test for HW_TAGS, but I don't see an
easy way to resolve the issue otherwise.
>
> Signed-off-by: Wang Wensheng <wsw9603@xxxxxxx>
> ---
> mm/kasan/kasan_test_c.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
> index 32d06cbf6a31..02e43ccc9f21 100644
> --- a/mm/kasan/kasan_test_c.c
> +++ b/mm/kasan/kasan_test_c.c
> @@ -874,6 +874,12 @@ static void kmalloc_double_kzfree(struct kunit *test)
> char *ptr;
> size_t size = 16;
>
> + /*
> + * Only generic KASAN uses quarantine, which could prevent the just freed
> + * memory from being allocated soon.
> + */
Let's reword this to:
With the tag-based KASAN modes, if the memory happens to be
reallocated between the two frees and the new allocation tag happens
to match the old one, the second free will cause a memory corruption.
Resolving https://bugzilla.kernel.org/show_bug.cgi?id=212177 would
help to deal with this. With Generic KASAN, it's effectively
impossible for the memory to get reallocated due to the quarantine.
> + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
> +
> ptr = kmalloc(size, GFP_KERNEL);
> KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
>
> --
> 2.43.0
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@xxxxxxxxxxxxxxxx.
> To view this discussion visit https://groups.google.com/d/msgid/kasan-dev/20260517071713.353579-1-wsw9603%40163.com.
With the comment rewording:
Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx>