UPSTREAM: lib/test_kasan.c: add tests for several string/memory API functions

	kmem_cache_destroy(cache);

}

static noinline void __init kasan_memchr(void)

{

	char *ptr;

	size_t size = 24;

	pr_info("out-of-bounds in memchr\n");

	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);

	if (!ptr)

		return;

	memchr(ptr, '1', size + 1);

	kfree(ptr);

}

static noinline void __init kasan_memcmp(void)

{

	char *ptr;

	size_t size = 24;

	int arr[9];

	pr_info("out-of-bounds in memcmp\n");

	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);

	if (!ptr)

		return;

	memset(arr, 0, sizeof(arr));

	memcmp(ptr, arr, size+1);

	kfree(ptr);

}

static noinline void __init kasan_strings(void)

{

	char *ptr;

	size_t size = 24;

	pr_info("use-after-free in strchr\n");

	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);

	if (!ptr)

		return;

	kfree(ptr);

	/*

	 * Try to cause only 1 invalid access (less spam in dmesg).

	 * For that we need ptr to point to zeroed byte.

	 * Skip metadata that could be stored in freed object so ptr

	 * will likely point to zeroed byte.

	 */

	ptr += 16;

	strchr(ptr, '1');

	pr_info("use-after-free in strrchr\n");

	strrchr(ptr, '1');

	pr_info("use-after-free in strcmp\n");

	strcmp(ptr, "2");

	pr_info("use-after-free in strncmp\n");

	strncmp(ptr, "2", 1);

	pr_info("use-after-free in strlen\n");

	strlen(ptr);

	pr_info("use-after-free in strnlen\n");

	strnlen(ptr, 1);

}

static int __init kmalloc_tests_init(void)

{

	/*

	use_after_scope_test();

	kmem_cache_double_free();

	kmem_cache_invalid_free();

	kasan_memchr();

	kasan_memcmp();

	kasan_strings();

	kasan_restore_multi_shot(multishot);