Re: [PATCH] kasan/test: only do kmalloc_double_kzfree for generic mode

[wangwensheng]

On 5/21/26 02:19, Andrey Konovalov wrote:
> On Sun, May 17, 2026 at 9:17 AM Wang Wensheng <wsw9603@xxxxxxx> wrote:
> > kmalloc_double_kzfree() would corrupt kernel memory when the just
> > freed memory were allocated by another thread before the second
> > call to kfree_sensitive().
> >
> > This could not happen in GENERIC mode as it uses quarantine.
> Quite unfortunate to disable this test for HW_TAGS, but I don't see an
> easy way to resolve the issue otherwise.
>
> > Signed-off-by: Wang Wensheng <wsw9603@xxxxxxx>
> > ---
> >   mm/kasan/kasan_test_c.c | 6 ++++++
> >   1 file changed, 6 insertions(+)
> >
> > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
> > index 32d06cbf6a31..02e43ccc9f21 100644
> > --- a/mm/kasan/kasan_test_c.c
> > +++ b/mm/kasan/kasan_test_c.c
> > @@ -874,6 +874,12 @@ static void kmalloc_double_kzfree(struct kunit *test)
> >          char *ptr;
> >          size_t size = 16;
> >
> > +       /*
> > +        * Only generic KASAN uses quarantine, which could prevent the just freed
> > +        * memory from being allocated soon.
> > +        */
> Let's reword this to:
>
> With the tag-based KASAN modes, if the memory happens to be
> reallocated between the two frees and the new allocation tag happens
> to match the old one, the second free will cause a memory corruption.
> Resolving https://bugzilla.kernel.org/show_bug.cgi?id=212177 would
> help to deal with this. With Generic KASAN, it's effectively
> impossible for the memory to get reallocated due to the quarantine.
Thanks for your nice comment. I have sent a second version.
> > +       KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
> > +
> >          ptr = kmalloc(size, GFP_KERNEL);
> >          KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
> >
> > --
> > 2.43.0
> >
> > --
> > You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@xxxxxxxxxxxxxxxx.
> > To view this discussion visit https://groups.google.com/d/msgid/kasan-dev/20260517071713.353579-1-wsw9603%40163.com.
> With the comment rewording:
>
> Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx>