kasan/test: only do kmalloc_double_kzfree for generic mode

kmalloc_double_kzfree() would corrupt kernel memory when the just freed
memory were allocated by another thread before the second call to
kfree_sensitive() and the new allocation tag happened to match the old
one.

This could not happen in GENERIC mode as it uses quarantine.

Link: https://lore.kernel.org/20260524031053.381776-1-wsw9603@163.com
Signed-off-by: Wang Wensheng <wsw9603@163.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
index 32d06cbf6a31069c92ba343ba0b59ba0ab787634..3f4ed29178b3cbeea284d153a3fb3508396271ed 100644 (file)
--- a/mm/kasan/kasan_test_c.c
+++ b/mm/kasan/kasan_test_c.c
@@ -874,6 +874,16 @@ static void kmalloc_double_kzfree(struct kunit *test)
        char *ptr;
        size_t size = 16;
 
+       /*
+        * With the tag-based KASAN modes, if the memory happens to be
+        * reallocated between the two frees and the new allocation tag happens
+        * to match the old one, the second free will cause a memory corruption.
+        * Resolving https://bugzilla.kernel.org/show_bug.cgi?id=212177 would
+        * help to deal with this. With Generic KASAN, it's effectively
+        * impossible for the memory to get reallocated due to the quarantine.
+        */
+       KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
+
        ptr = kmalloc(size, GFP_KERNEL);
        KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);