Hi Marco, On Mon, Jul 07, 2025 at 09:08:29PM +0200, Marco Elver wrote: > > > > > Did you run the tests? Do they pass? > > > > > > > > I don't know how to run them. I've only built the kernel. If you point > > > > me to instructions on how to run them, I'll do so. Thanks! > > > > > > Should just be CONFIG_KFENCE_KUNIT_TEST=y -- then boot kernel and > > > check that the test reports "ok". > > > > Hmmm, I can't see the results. Did I miss anything? > > > > alx@debian:~$ uname -a > > Linux debian 6.15.0-seprintf-mm+ #5 SMP PREEMPT_DYNAMIC Mon Jul 7 > > 19:16:40 CEST 2025 x86_64 GNU/Linux > > alx@debian:~$ cat /boot/config-6.15.0-seprintf-mm+ | grep KFENCE > > CONFIG_HAVE_ARCH_KFENCE=y > > CONFIG_KFENCE=y > > CONFIG_KFENCE_SAMPLE_INTERVAL=0 > > ^^ This means KFENCE is off. > > Not sure why it's 0 (distro default config?), but if you switch it to > something like:
Yup, Debian default config plus what you told me. :)
>
> CONFIG_KFENCE_SAMPLE_INTERVAL=10
Thanks! Now I see the tests.
I see no regressions. I've tested both v6.15 and my branch, and see no
differences:
This was generated with the kernel built from my branch:
$ sudo dmesg | grep -inC2 kfence | sed 's/^....//' > tmp/log_after
This was generated with a v6.15 kernel with the same exact config:
$ sudo dmesg | grep -inC2 kfence | sed 's/^....//' > tmp/log_before
And here's a diff, ignoring some numbers that were easy to filter out:
$ diff -U999 \
<(cat tmp/log_before \
| sed 's/0x[0-9a-f]*/0x????/g' \
| sed 's/[[:digit:]]\.[[:digit:]]\+/?.?/g' \
| sed 's/#[[:digit:]]\+/#???/g') \
<(cat tmp/log_after \
| sed 's/0x[0-9a-f]*/0x????/g' \
| sed 's/[[:digit:]]\.[[:digit:]]\+/?.?/g' \
| sed 's/#[[:digit:]]\+/#???/g');
--- /dev/fd/63 2025-07-07 22:47:37.395608776 +0200
+++ /dev/fd/62 2025-07-07 22:47:37.395608776 +0200
@@ -1,303 +1,303 @@
[ ?.?] NR_IRQS: 524544, nr_irqs: 1096, preallocated irqs: 16
[ ?.?] rcu: srcu_init: Setting srcu_struct sizes based on
contention.
[ ?.?] kfence: initialized - using 2097152 bytes for 255 objects at
0x????(____ptrval____)-0x????(____ptrval____)
[ ?.?] Console: colour dummy device 80x????
[ ?.?] printk: legacy console [tty0] enabled
--
[ ?.?] ok 7 sysctl_test
[ ?.?] KTAP version 1
[ ?.?] # Subtest: kfence
[ ?.?] 1..27
[ ?.?] # test_out_of_bounds_read: test_alloc: size=32, gfp=cc0,
policy=left, cache=0
[ ?.?]
==================================================================
[ ?.?] BUG: KFENCE: out-of-bounds read in
test_out_of_bounds_read+0x????/0x????
[ ?.?] Out-of-bounds read at 0x???? (1B left of kfence-#???):
[ ?.?] test_out_of_bounds_read+0x????/0x????
[ ?.?] kunit_try_run_case+0x????/0x????
--
[ ?.?] ret_from_fork_asm+0x????/0x????
[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-[ ?.?] allocated by task 281 on cpu 6 at ?.?s (?.?s ago):
+[ ?.?] allocated by task 286 on cpu 8 at ?.?s (?.?s ago):
--
[ ?.?] # test_out_of_bounds_read: test_alloc: size=32, gfp=cc0,
policy=right, cache=0
[ ?.?]
==================================================================
[ ?.?] BUG: KFENCE: out-of-bounds read in
test_out_of_bounds_read.cold+0x????/0x????
[ ?.?] Out-of-bounds read at 0x???? (32B right of kfence-#???):
[ ?.?] test_out_of_bounds_read.cold+0x????/0x????
[ ?.?] kunit_try_run_case+0x????/0x????
--
[ ?.?] ret_from_fork_asm+0x????/0x????
[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-[ ?.?] allocated by task 281 on cpu 6 at ?.?s (?.?s ago):
+[ ?.?] allocated by task 286 on cpu 11 at ?.?s (?.?s ago):
--
[ ?.?] # test_out_of_bounds_read-memcache: test_alloc: size=32,
gfp=cc0, policy=left, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: out-of-bounds read in
test_out_of_bounds_read+0x????/0x????
-
:[ ?.?] Out-of-bounds read at 0x???? (1B left of kfence-#???):
-[ ?.?] test_out_of_bounds_read+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 284 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 289 on cpu 8 at ?.?s (?.?s ago):
--
-[ ?.?] # test_out_of_bounds_read-memcache: test_alloc:
size=32, gfp=cc0, policy=right, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: out-of-bounds read in
test_out_of_bounds_read.cold+0x????/0x????
-
:[ ?.?] Out-of-bounds read at 0x???? (32B right of kfence-#???):
-[ ?.?] test_out_of_bounds_read.cold+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 284 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 289 on cpu 8 at ?.?s (?.?s ago):
--
-[ ?.?] # test_out_of_bounds_write: test_alloc: size=32,
gfp=cc0, policy=left, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: out-of-bounds write in
test_out_of_bounds_write+0x????/0x????
-
:[ ?.?] Out-of-bounds write at 0x???? (1B left of kfence-#???):
-[ ?.?] test_out_of_bounds_write+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 288 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 291 on cpu 6 at ?.?s (?.?s ago):
--
--[ ?.?] # test_out_of_bounds_write-memcache: test_alloc:
size=32, gfp=cc0, policy=left, cache=1
-[ ?.?]
==================================================================
+-[ ?.?] clocksource: tsc: mask: 0x???? max_cycles: 0x????,
max_idle_ns: 881590599626 ns
:[ ?.?] BUG: KFENCE: out-of-bounds write in
test_out_of_bounds_write+0x????/0x????
-
:[ ?.?] Out-of-bounds write at 0x???? (1B left of kfence-#???):
-[ ?.?] test_out_of_bounds_write+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 290 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 293 on cpu 10 at ?.?s (?.?s ago):
--
-[ ?.?] # test_use_after_free_read: test_alloc: size=32,
gfp=cc0, policy=any, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: use-after-free read in
test_use_after_free_read+0x????/0x????
-
:[ ?.?] Use-after-free read at 0x???? (in kfence-#???):
-[ ?.?] test_use_after_free_read+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 292 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 296 on cpu 10 at ?.?s (?.?s ago):
--
-[ ?.?] # test_use_after_free_read-memcache: test_alloc:
size=32, gfp=cc0, policy=any, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: use-after-free read in
test_use_after_free_read+0x????/0x????
-
:[ ?.?] Use-after-free read at 0x???? (in kfence-#???):
-[ ?.?] test_use_after_free_read+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 294 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 298 on cpu 10 at ?.?s (?.?s ago):
--
-[ ?.?] # test_double_free: test_alloc: size=32, gfp=cc0,
policy=any, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: invalid free in test_double_free+0x????/0x????
-
:[ ?.?] Invalid free of 0x???? (in kfence-#???):
-[ ?.?] test_double_free+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 300 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 304 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_double_free-memcache: test_alloc: size=32,
gfp=cc0, policy=any, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: invalid free in test_double_free+0x????/0x????
-
:[ ?.?] Invalid free of 0x???? (in kfence-#???):
-[ ?.?] test_double_free+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 302 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 306 on cpu 8 at ?.?s (?.?s ago):
--
-[ ?.?] # test_invalid_addr_free: test_alloc: size=32, gfp=cc0,
policy=any, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: invalid free in
test_invalid_addr_free+0x????/0x????
-
:[ ?.?] Invalid free of 0x???? (in kfence-#???):
-[ ?.?] test_invalid_addr_free+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 304 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 308 on cpu 8 at ?.?s (?.?s ago):
--
-[ ?.?] # test_invalid_addr_free-memcache: test_alloc: size=32,
gfp=cc0, policy=any, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: invalid free in
test_invalid_addr_free+0x????/0x????
-
:[ ?.?] Invalid free of 0x???? (in kfence-#???):
-[ ?.?] test_invalid_addr_free+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 306 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 310 on cpu 8 at ?.?s (?.?s ago):
--
-[ ?.?] # test_corruption: test_alloc: size=32, gfp=cc0,
policy=left, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: memory corruption in
test_corruption+0x????/0x????
-
:[ ?.?] Corrupted memory at 0x???? [ ! . . . . . . . . . . . . . .
. ] (in kfence-#???):
-[ ?.?] test_corruption+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 308 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 312 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_corruption: test_alloc: size=32, gfp=cc0,
policy=right, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: memory corruption in
test_corruption+0x????/0x????
-
:[ ?.?] Corrupted memory at 0x???? [ ! ] (in kfence-#???):
-[ ?.?] test_corruption+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 308 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 312 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_corruption-memcache: test_alloc: size=32,
gfp=cc0, policy=left, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: memory corruption in
test_corruption+0x????/0x????
-
:[ ?.?] Corrupted memory at 0x???? [ ! . . . . . . . . . . . . . .
. ] (in kfence-#???):
-[ ?.?] test_corruption+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 310 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 314 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_corruption-memcache: test_alloc: size=32,
gfp=cc0, policy=right, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: memory corruption in
test_corruption+0x????/0x????
-
:[ ?.?] Corrupted memory at 0x???? [ ! ] (in kfence-#???):
-[ ?.?] test_corruption+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 310 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 314 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_kmalloc_aligned_oob_read: test_alloc: size=73,
gfp=cc0, policy=right, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: out-of-bounds read in
test_kmalloc_aligned_oob_read+0x????/0x????
-
:[ ?.?] Out-of-bounds read at 0x???? (105B right of kfence-#???):
-[ ?.?] test_kmalloc_aligned_oob_read+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=73, cache=kmalloc-96
-
--[ ?.?] allocated by task 320 on cpu 10 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 326 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_kmalloc_aligned_oob_write: test_alloc: size=73,
gfp=cc0, policy=right, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: memory corruption in
test_kmalloc_aligned_oob_write+0x????/0x????
-
:[ ?.?] Corrupted memory at 0x???? [ ! . . . . . . . . . . . . . .
. ] (in kfence-#???):
-[ ?.?] test_kmalloc_aligned_oob_write+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=73, cache=kmalloc-96
-
--[ ?.?] allocated by task 326 on cpu 8 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 328 on cpu 4 at ?.?s (?.?s ago):
--
-[ ?.?] ok 22 test_memcache_ctor
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: invalid read in
test_invalid_access+0x????/0x????
-
-[ ?.?] Invalid read at 0x????:
--
-[ ?.?] # test_memcache_typesafe_by_rcu: test_alloc: size=32,
gfp=cc0, policy=any, cache=1
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: use-after-free read in
test_memcache_typesafe_by_rcu.cold+0x????/0x????
-
:[ ?.?] Use-after-free read at 0x???? (in kfence-#???):
-[ ?.?] test_memcache_typesafe_by_rcu.cold+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=test
-
--[ ?.?] allocated by task 336 on cpu 6 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 338 on cpu 10 at ?.?s (?.?s ago):
--
-[ ?.?] # test_krealloc: test_alloc: size=32, gfp=cc0,
policy=any, cache=0
-[ ?.?]
==================================================================
:[ ?.?] BUG: KFENCE: use-after-free read in
test_krealloc+0x????/0x????
-
:[ ?.?] Use-after-free read at 0x???? (in kfence-#???):
-[ ?.?] test_krealloc+0x????/0x????
-[ ?.?] kunit_try_run_case+0x????/0x????
--
-[ ?.?] ret_from_fork_asm+0x????/0x????
-
:[ ?.?] kfence-#???: 0x????-0x????, size=32, cache=kmalloc-32
-
--[ ?.?] allocated by task 338 on cpu 4 at ?.?s (?.?s ago):
+-[ ?.?] allocated by task 340 on cpu 6 at ?.?s (?.?s ago):
--
-[ ?.?] # test_memcache_alloc_bulk: setup_test_cache: size=32,
ctor=0x????
-[ ?.?] ok 27 test_memcache_alloc_bulk
:[ ?.?] # kfence: pass:25 fail:0 skip:2 total:27
-[ ?.?] # Totals: pass:25 fail:0 skip:2 total:27
:[ ?.?] ok 8 kfence
-[ ?.?] KTAP version 1
-[ ?.?] # Subtest: damon
If you'd like me to grep for something more specific, please let me
know.
Cheers,
Alex
--
<https://www.alejandro-colomar.es/>
signature.asc
Description: PGP signature
