Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp54665ybh; Tue, 21 Jul 2020 16:14:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwiSJdlK5wwCeIkkmVa5lpnFKLEFB6Vnd1+gDVMlKUbZxPe86C4GKrzSvwD2nar7cceb0jm X-Received: by 2002:aa7:d5cd:: with SMTP id d13mr28781365eds.370.1595373253768; Tue, 21 Jul 2020 16:14:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595373253; cv=none; d=google.com; s=arc-20160816; b=i0mnoosTWnGayVN61paWgFEiEEhygg/2d20J9IKBwwudSlJdb1GCM1W/4bcE8R8lJS GMYcZ/mQg7aXxsoiKGxH2o12+szAxC4uItiiP+Fx2bXS4N2XV6kbslPbwwflcAt0X4GA jLlvq8VTJvLB1Vq2998ORDtINAkIpLw2jy6Az1TORX3lcuy+s2IXWpy5g+rkDOMT5lp7 85juZ9e2W1+FHUuthettEW4zh/gCmdeHZbgu4G1ykvHO+cOtIg6376ho6T/o5CUbCH3T Vg37Bq6cl0fXBqHq4l+F45/R+dLEkkbwJ3TpDf6BCwR/2h/d+80T8WjW6Sblizg4GGig dl8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WaWlgf4cpkrkN1UMreBMB3ceQDo50R6RSy+/m31Oe1g=; b=VFcg7q/NbSlaIC37nfCI7p22JkhB61HZGh6wtcO1iABEepsnk8pTDF6U21MoergoQp LdOcNwDbAPFmn03l0Oe6jZ8Uz/yKAeYwxfW95mNFVphUukxml6TPb7Gr5wboPffVsryU xTFaHMtp0xd22aj9zSAB+ilh8lh7EBD45px9ea6w1TKq4kUK62w4Zg1RuPgBpc4ZmunI oTmn8wHFm09RcfDmO9Rw+0pYZTbw7+CJ9e3Tsv3qqetuVU61gjTjxEClBqcf2teBs+2A Q4MvOOBzVnPnMw89cn10Uyphbf9ZPJ1ByddMLKxz9UCsI6FIe9poPnIJa2M23LxFqS/X Lq+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@massaru-org.20150623.gappssmtp.com header.s=20150623 header.b=Ub1jwV1s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z6si12025690ejw.204.2020.07.21.16.13.49; Tue, 21 Jul 2020 16:14:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@massaru-org.20150623.gappssmtp.com header.s=20150623 header.b=Ub1jwV1s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731417AbgGUXMd (ORCPT + 99 others); Tue, 21 Jul 2020 19:12:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726148AbgGUXMc (ORCPT ); Tue, 21 Jul 2020 19:12:32 -0400 Received: from mail-yb1-xb41.google.com (mail-yb1-xb41.google.com [IPv6:2607:f8b0:4864:20::b41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12ABAC061794 for ; Tue, 21 Jul 2020 16:12:32 -0700 (PDT) Received: by mail-yb1-xb41.google.com with SMTP id j1so33414ybh.10 for ; Tue, 21 Jul 2020 16:12:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=massaru-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WaWlgf4cpkrkN1UMreBMB3ceQDo50R6RSy+/m31Oe1g=; b=Ub1jwV1sv6dQJyicuE5RmhHVUzNJ2xnJOjPndDoFWji1wKBvOq/1D2HaU5x2iP0OfS UoZrp3Rkp1Lqa3Dld/NiHMs3o6sksL4tXovtkajBm8kViWJxzXMt8USj8w7w5hrn+99t dOrGelBBFxujA3w4Buj0cdM1SIzxZpHfLHgTiGNX2rH2dArB1uqudS3QlZsZ3d51aX9b qFpjRRg68o+q+7GD8WN4vVUQ6cjPegnLeBT+yULtuDBW/X53O3YZT/YcqCLx4um+1im+ 7P6IGbB3Io+7KJZAt7l2dZAEQ2oOPtd95b5HQ8zfzh+kxbxAnBbIA14GSx07AbVdrv1f uuNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WaWlgf4cpkrkN1UMreBMB3ceQDo50R6RSy+/m31Oe1g=; b=iixbESA4gYo5iWLGvPpJ1g0Vrk7pCFyCheWpSOpJxnAWqekMB0pRIMZqXKaJ8mjLVq y/14Pl8VAZEZaMTcaIulymfY9ckHUx9vo8cMo1Qb6okzBz6hItL54DHrjha9OrTFJn9/ OJqcNfViZtN5X3z/bxhGsbeKzTbHy3BBQ+ze3JgXvTo+xpdXfZEo59qdyCfD8ktjd6eU Zfs4shftzfguHGKutcQjgZwABsOCCDlwjlsg0jtb5z/KejmrJOYA3Jp2tWgDHc0oJ/m4 ctgzRCiB86C6izlpeyLdnQAGmkHn2zzZ/RJGEcYT6DFL5LQkOKRvEhifsudY0Iv2SAV/ /rTA== X-Gm-Message-State: AOAM532zynPk3z6qIDAFXnYtVD6ayN2nvmCYAE3LLY02wke7n9bCOyqz puYZVGfmSS1CfddzIGoYhFSS7zB0SPj33wj6F2uDog== X-Received: by 2002:a25:bb0d:: with SMTP id z13mr43849156ybg.488.1595373151227; Tue, 21 Jul 2020 16:12:31 -0700 (PDT) MIME-Version: 1.0 References: <20200721174654.72132-1-vitor@massaru.org> <202007211207.5BAA9D8D@keescook> In-Reply-To: From: Vitor Massaru Iha Date: Tue, 21 Jul 2020 20:11:54 -0300 Message-ID: Subject: Re: [PATCH v3] lib: Convert test_user_copy to KUnit test To: Kees Cook Cc: KUnit Development , "open list:KERNEL SELFTEST FRAMEWORK" , Linux Kernel Mailing List , Brendan Higgins , David Gow , Shuah Khan , linux-kernel-mentees@lists.linuxfoundation.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 21, 2020 at 7:19 PM Vitor Massaru Iha wrote: > > On Tue, Jul 21, 2020 at 4:09 PM Kees Cook wrote: > > > > On Tue, Jul 21, 2020 at 02:46:54PM -0300, Vitor Massaru Iha wrote: > > > This adds the conversion of the runtime tests of test_user_copy fuctions, > > > from `lib/test_user_copy.c`to KUnit tests. > > > > > > Signed-off-by: Vitor Massaru Iha > > > --- > > > v2: > > > * splitted patch in 3: > > > - Allows to install and load modules in root filesystem; > > > - Provides an userspace memory context when tests are compiled > > > as module; > > > - Convert test_user_copy to KUnit test; > > > * removed entry for CONFIG_TEST_USER_COPY; > > > * replaced pr_warn to KUNIT_EXPECT_FALSE_MSG in test macro to > > > decrease the diff; > > > v3: > > > * rebased with last kunit branch > > > * Please apply this commit from kunit-fixes: > > > 3f37d14b8a3152441f36b6bc74000996679f0998 > > > And these from patchwork: > > > https://patchwork.kernel.org/patch/11676331/ > > > https://patchwork.kernel.org/patch/11676335/ > > > --- > > > lib/Kconfig.debug | 28 ++++++++------ > > > lib/Makefile | 2 +- > > > lib/{test_user_copy.c => user_copy_kunit.c} | 42 +++++++++------------ > > > 3 files changed, 35 insertions(+), 37 deletions(-) > > > rename lib/{test_user_copy.c => user_copy_kunit.c} (91%) > > > > > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > > > index 9ad9210d70a1..f699a3624ae7 100644 > > > --- a/lib/Kconfig.debug > > > +++ b/lib/Kconfig.debug > > > @@ -2078,18 +2078,6 @@ config TEST_VMALLOC > > > > > > If unsure, say N. > > > > > > -config TEST_USER_COPY > > > - tristate "Test user/kernel boundary protections" > > > - depends on m > > > - help > > > - This builds the "test_user_copy" module that runs sanity checks > > > - on the copy_to/from_user infrastructure, making sure basic > > > - user/kernel boundary testing is working. If it fails to load, > > > - a regression has been detected in the user/kernel memory boundary > > > - protections. > > > - > > > - If unsure, say N. > > > - > > > config TEST_BPF > > > tristate "Test BPF filter functionality" > > > depends on m && NET > > > @@ -2154,6 +2142,22 @@ config SYSCTL_KUNIT_TEST > > > > > > If unsure, say N. > > > > > > +config USER_COPY_KUNIT > > > + tristate "KUnit Test for user/kernel boundary protections" > > > + depends on KUNIT > > > + depends on m > > > + help > > > + This builds the "user_copy_kunit" module that runs sanity checks > > > + on the copy_to/from_user infrastructure, making sure basic > > > + user/kernel boundary testing is working. If it fails to load, > > > + a regression has been detected in the user/kernel memory boundary > > > + protections. > > > + > > > + For more information on KUnit and unit tests in general please refer > > > + to the KUnit documentation in Documentation/dev-tools/kunit/. > > > + > > > + If unsure, say N. > > > + > > > config LIST_KUNIT_TEST > > > tristate "KUnit Test for Kernel Linked-list structures" if !KUNIT_ALL_TESTS > > > depends on KUNIT > > > diff --git a/lib/Makefile b/lib/Makefile > > > index b1c42c10073b..8c145f85accc 100644 > > > --- a/lib/Makefile > > > +++ b/lib/Makefile > > > @@ -78,7 +78,6 @@ obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o > > > obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o > > > obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o > > > obj-$(CONFIG_TEST_SORT) += test_sort.o > > > -obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o > > > obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_keys.o > > > obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_key_base.o > > > obj-$(CONFIG_TEST_PRINTF) += test_printf.o > > > @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o > > > # KUnit tests > > > obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o > > > obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o > > > +obj-$(CONFIG_USER_COPY_KUNIT) += user_copy_kunit.o > > > diff --git a/lib/test_user_copy.c b/lib/user_copy_kunit.c > > > similarity index 91% > > > rename from lib/test_user_copy.c > > > rename to lib/user_copy_kunit.c > > > index 5ff04d8fe971..a10ddd15b4cd 100644 > > > --- a/lib/test_user_copy.c > > > +++ b/lib/user_copy_kunit.c > > > @@ -16,6 +16,7 @@ > > > #include > > > #include > > > #include > > > +#include > > > > > > /* > > > * Several 32-bit architectures support 64-bit {get,put}_user() calls. > > > @@ -35,7 +36,7 @@ > > > ({ \ > > > int cond = (condition); \ > > > if (cond) \ > > > - pr_warn("[%d] " msg "\n", __LINE__, ##__VA_ARGS__); \ > > > + KUNIT_EXPECT_FALSE_MSG(test, cond, msg, ##__VA_ARGS__); \ > > > > I'm surprised any of this compiles with both a macro and arg named > > "test". :) Can you change the arg to something with more clarity? > > "context" or "kunit" seems better. > > It will be out of the standard of the other tests in KUnit, but I agree that > I should not use the same name "test" in the argument and in the name > of the macro. > I'll replace it with "context" instead of "test" in arg. > > > > > > cond; \ > > > }) > > > > > > @@ -44,7 +45,7 @@ static bool is_zeroed(void *from, size_t size) > > > return memchr_inv(from, 0x0, size) == NULL; > > > } > > > > > > -static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) > > > +static int test_check_nonzero_user(struct kunit *test, char *kmem, char __user *umem, size_t size) > > > { > > > int ret = 0; > > > size_t start, end, i, zero_start, zero_end; > > > @@ -102,7 +103,7 @@ static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) > > > return ret; > > > } > > > > > > -static int test_copy_struct_from_user(char *kmem, char __user *umem, > > > +static int test_copy_struct_from_user(struct kunit *test, char *kmem, char __user *umem, > > > size_t size) > > > { > > > int ret = 0; > > > @@ -177,7 +178,7 @@ static int test_copy_struct_from_user(char *kmem, char __user *umem, > > > return ret; > > > } > > > > > > -static int __init test_user_copy_init(void) > > > +static void user_copy_test(struct kunit *test) > > > { > > > int ret = 0; > > > char *kmem; > > > @@ -192,16 +193,14 @@ static int __init test_user_copy_init(void) > > > #endif > > > > > > kmem = kmalloc(PAGE_SIZE * 2, GFP_KERNEL); > > > - if (!kmem) > > > - return -ENOMEM; > > > + KUNIT_EXPECT_FALSE_MSG(test, kmem == NULL, "kmalloc failed"); > > > > This would need to be an ASSERT, yes? > > Yep, I'll fix it. > > > > > > > > > user_addr = vm_mmap(NULL, 0, PAGE_SIZE * 2, > > > PROT_READ | PROT_WRITE | PROT_EXEC, > > > MAP_ANONYMOUS | MAP_PRIVATE, 0); > > > if (user_addr >= (unsigned long)(TASK_SIZE)) { > > > - pr_warn("Failed to allocate user memory\n"); > > > kfree(kmem); > > > - return -ENOMEM; > > > + KUNIT_FAIL(test, "Failed to allocate user memory"); > > > } > > > > Why FAIL instead of ASSERT? > > I did it this way so I wouldn't have to test twice if I had a memory > allocation problem, > once in the "if" and once in the ASSERT, so the memory of the other > kmalloc is freed > in case of memory allocation error in this memory allocation. Hm, In this case the test needs to stop, I'll fix it. > > > > > > > > > usermem = (char __user *)user_addr; > > > @@ -245,9 +244,9 @@ static int __init test_user_copy_init(void) > > > #undef test_legit > > > > > > /* Test usage of check_nonzero_user(). */ > > > - ret |= test_check_nonzero_user(kmem, usermem, 2 * PAGE_SIZE); > > > + ret |= test_check_nonzero_user(test, kmem, usermem, 2 * PAGE_SIZE); > > > /* Test usage of copy_struct_from_user(). */ > > > - ret |= test_copy_struct_from_user(kmem, usermem, 2 * PAGE_SIZE); > > > + ret |= test_copy_struct_from_user(test, kmem, usermem, 2 * PAGE_SIZE); > > > > > > /* > > > * Invalid usage: none of these copies should succeed. > > > @@ -309,23 +308,18 @@ static int __init test_user_copy_init(void) > > > > > > vm_munmap(user_addr, PAGE_SIZE * 2); > > > kfree(kmem); > > > - > > > - if (ret == 0) { > > > - pr_info("tests passed.\n"); > > > - return 0; > > > - } > > > - > > > - return -EINVAL; > > > > Does KUnit provide a end-of-test summary now? > > When you talk about end-of-test summary, is it what is written in > dmesg and not the kunit-tool? > > > > > > } > > > > > > -module_init(test_user_copy_init); > > > - > > > -static void __exit test_user_copy_exit(void) > > > -{ > > > - pr_info("unloaded.\n"); > > > -} > > > +static struct kunit_case user_copy_test_cases[] = { > > > + KUNIT_CASE(user_copy_test), > > > + {} > > > +}; > > > > > > -module_exit(test_user_copy_exit); > > > +static struct kunit_suite user_copy_test_suite = { > > > + .name = "user_copy", > > > + .test_cases = user_copy_test_cases, > > > +}; > > > > > > +kunit_test_suites(&user_copy_test_suite); > > > MODULE_AUTHOR("Kees Cook "); > > > MODULE_LICENSE("GPL"); > > > > > > base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 > > > -- > > > 2.26.2 > > > > > > > Otherwise, yes, looking good. > > > > -- > > Kees Cook > > Thanks for the review!