Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1765327pxb; Fri, 1 Oct 2021 19:35:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx5OReTFNvbLp2LMVN7XwfCRzLtVEjVXL671y/lNqjDmIkUMc/0ih+FXKSCh3yPdi3OZ8LH X-Received: by 2002:a17:906:32d6:: with SMTP id k22mr1690032ejk.228.1633142116260; Fri, 01 Oct 2021 19:35:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633142116; cv=none; d=google.com; s=arc-20160816; b=USpsIViD72p1aAunR3Qe4y7z6Jey9Ufw/lQ2iLlLh1shpkb7ZjMseraA8XOY7LOq2t 2Z/3pcgGoqhANv7ld+G1i5DFR1laheY8of5OuwOtTiqP19Km0s082P5EgYVITvJOszGF wXaHIp82f0hsqix46CH4ywnnVbcdj4SNrncNG6eh8qfg2OqPIm2SV+xY6ILklbM291+b IssNxzK0LOW5Uawe8gU5sAR9jRLhWXIZ5K5O1AEvlXHQMeXRuetzdA/q45YpJA3zOY+A Dg+pIasN+zb28r7ptUtcyRAmQxbIurfNNyueMbWKCW46sulXIW7OmuKN8m8glSZEaLpr O0Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=UMh51B3b6FYmnb33I2GV5L8AvSN4pCytU6644sWrlfk=; b=BWKaaFEpkyJEcOcF+ssbQ2wuObV9BR5tZDAme+Rxo6DuL1dh6WxBa8XYRRhe7thR7p UyobPHIYOU4RSLKMreb8Pi4apvH0q/7xdzb8F76uK2skxb6dE5rOGkoQm4JyG9zCCz7M 6JTlRj4AQ9/25sKeb4ltwfyiTEyV17Cq3tm/cb9GYaMUKGjfdvgUUvAniXuvffr1v0bZ LEWIH/y1g52UFGNxdNRaajA7sfKvURm/SdM68IvZMeSPLOm+h7qXULe2LiVMUauUOR6/ wbGEJf8zXoVO/wWAH+OXlRT+eIMIdjqjVUg+oxVRk8WOWXF/qa6m1wup2rN4KjabBfv4 nqYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=b9aUfOdA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m23si295438eje.259.2021.10.01.19.34.51; Fri, 01 Oct 2021 19:35:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=b9aUfOdA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232456AbhJBCcV (ORCPT + 99 others); Fri, 1 Oct 2021 22:32:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232453AbhJBCcV (ORCPT ); Fri, 1 Oct 2021 22:32:21 -0400 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18F42C061775 for ; Fri, 1 Oct 2021 19:30:36 -0700 (PDT) Received: by mail-wr1-x436.google.com with SMTP id r10so1747734wra.12 for ; Fri, 01 Oct 2021 19:30:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UMh51B3b6FYmnb33I2GV5L8AvSN4pCytU6644sWrlfk=; b=b9aUfOdAGzeBOtL59sbNQYcBBj8Udk3c4xNexPYPvyy8Aosh2spdF2LuYQ+GNzRAyo 00Hl6SQ5l+zSXyaIq6KvtRiFJqPuhqY+VLM+w0Ut1L823QaG/xlB8qLZpmSD1JK6c5G9 OrOoWXBPGNJT9lvzFCorPOroOIGmjre6tIzkXkbq4rbP85cRzh8dfXvS8GzvZBLSq4So YuPQsP5+aqVcXfG0dC87dPnqh5NQdyk6MFlZrw3huSdy9tUB4yiylRTAC87I9ioHmpwD SExNwupv+zwhwosAv4ATwlq55GXFMrbHL3gXj2cNctrrU/ML4nF9PxA/2IIOdoXNd2xd 0M0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UMh51B3b6FYmnb33I2GV5L8AvSN4pCytU6644sWrlfk=; b=TKhSYBjeSHP1k5/u4w0OGwausOr0Qaa6VIgfoCL4iAYXW8lxOqiFU3o55edHcQHMyA 7CCyoHlSFcBm2osu2hgDd60oh+kHGeMrtky+EdutqLHeu9NwssaXQiKRrGdVjXNyRGvD 3TkOnAhTKuLD6EnVNgzC30fPgz5sJi7ro3Jg18FFjGWgOZ9bxuXgs0X+WfStM2p+79oE 84MD0qM0ZYMb4L5RhGn9XsuT0z/5IJG/DtR7J0b+SDizR2uCsqIp+CLgOwajavBm8gp8 d0CMRDEsLWo6y5dkr3pYxbCuNTDRVuy8y9ELi4YCgaZmJbmV7OE4wtXSTFDmMiykZnOU b0bw== X-Gm-Message-State: AOAM531S7RmZA5YhnEYA/saws1RUV0gVD0c3hMyVySE4aRmudpF5eHPh ztO1xZs0lFq2yMEfCerjIakVDKoqKW9BUkmUZMTZ1g== X-Received: by 2002:a5d:4882:: with SMTP id g2mr1110886wrq.399.1633141834469; Fri, 01 Oct 2021 19:30:34 -0700 (PDT) MIME-Version: 1.0 References: <20211002013635.2076371-1-dlatypov@google.com> In-Reply-To: <20211002013635.2076371-1-dlatypov@google.com> From: David Gow Date: Sat, 2 Oct 2021 10:30:23 +0800 Message-ID: Subject: Re: [PATCH] kunit: fix too small allocation when using suite-only kunit.filter_glob To: Daniel Latypov Cc: Brendan Higgins , Linux Kernel Mailing List , KUnit Development , "open list:KERNEL SELFTEST FRAMEWORK" , Shuah Khan , kernel test robot Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 2, 2021 at 9:36 AM Daniel Latypov wrote: > > When a user filters by a suite and not a test, e.g. > $ ./tools/testing/kunit/kunit.py run 'suite_name' > > it hits this code > const int len = strlen(filter_glob); > ... > parsed->suite_glob = kmalloc(len, GFP_KERNEL); > which fails to allocate space for the terminating NULL. > > Somehow, it seems like we can't easily reproduce this under UML, so the > existing `parse_filter_test()` didn't catch this. > > Fix this by allocating `len + 1` and switch to kzalloc() just to be a > bit more defensive. We're only going to run this code once per kernel > boot, and it should never be very long. > > Also update the unit tests to be a bit more cautious. > This bug showed up as a NULL pointer dereference here: > > KUNIT_EXPECT_STREQ(test, (const char *)filtered.start[0][0]->name, "suite0"); > `filtered.start[0][0]` was NULL, and `name` is at offset 0 in the struct, > so `...->name` was also NULL. > > Fixes: 3b29021ddd10 ("kunit: tool: allow filtering test cases via glob") > Reported-by: kernel test robot > Signed-off-by: Daniel Latypov > --- Nice catch. I guess this is why we're all going to be switching to rust one day. :-) The fix looks good, and I ran it under KASAN just to be sure, and it passed. Reviewed-by: David Gow -- David > lib/kunit/executor.c | 2 +- > lib/kunit/executor_test.c | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c > index bab3ab940acc..1d7fecd33261 100644 > --- a/lib/kunit/executor.c > +++ b/lib/kunit/executor.c > @@ -33,7 +33,7 @@ static void kunit_parse_filter_glob(struct kunit_test_filter *parsed, > const char *period = strchr(filter_glob, '.'); > > if (!period) { > - parsed->suite_glob = kmalloc(len, GFP_KERNEL); > + parsed->suite_glob = kzalloc(len + 1, GFP_KERNEL); > parsed->test_glob = NULL; > strcpy(parsed->suite_glob, filter_glob); > return; > diff --git a/lib/kunit/executor_test.c b/lib/kunit/executor_test.c > index e6323f398dfa..7d2b8dc668b1 100644 > --- a/lib/kunit/executor_test.c > +++ b/lib/kunit/executor_test.c > @@ -149,6 +149,7 @@ static void filter_suites_test(struct kunit *test) > > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start[0]); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start[0][0]); > KUNIT_EXPECT_STREQ(test, (const char *)filtered.start[0][0]->name, "suite0"); > } > > > base-commit: 3b29021ddd10cfb6b2565c623595bd3b02036f33 > -- > 2.33.0.800.g4c38ced690-goog >