Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp1251050pxm; Wed, 23 Feb 2022 22:29:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJye4G5DRn33gEjEvU5Ppo79tZQGIwN9V1ZlePUESSqlylJetQO+oqE43kI2xjs/onHtos9E X-Received: by 2002:a05:6402:10d5:b0:408:f881:f0f3 with SMTP id p21-20020a05640210d500b00408f881f0f3mr925590edu.112.1645684166503; Wed, 23 Feb 2022 22:29:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645684166; cv=none; d=google.com; s=arc-20160816; b=HBHrt0VqAjCvIWnlngrK7Vy2KMiu1Sadtye9BFiaWI2m1/g0V9Hnf9xdMJwDC9B/ci gclfONvE+Jztf6LCwO0CL5fHst6BrpS5/FRYFn7j9vaPOUpY9yLP555tpH1gyUPnV+uj QPdJ6hVMob5oFusRoXCMsvHH6v1fkbhxs7pJ9wArGg0tCTg/eJzJvMUNE6qC8NvzGvG2 5D2jlsyQLggQp8h6IUyB6rCzOypUCT1n2tyi/CRtjvur/169axZDkmo/6kgb7IIsAcAA ezU1ScMfDcB4ELyvgXo9tC89P8xy6oM+yeSDpOplG/Gl58nt43Wi8IxDzZIhXUPA3GQ0 FL0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=8OUhXa3gN3jKPfYHmyLPJirwnZOTLizffe7c+ejkQKg=; b=IWzbWjmcc2iBDL8FaVumA5sVR1eae4fkXZOlbQOqJbUM5AMUYF4gjcI31ZXzc3Ct8y GbPItByTKUfknpKrqq1uDDL87Rx9JT6rhb+8oU/Hni/sm7A86qlT8Im5rvn4Og5jRAYI 4bgTT+0skJtHcZEe5Y0V5LUFzZWjim4XqTzUifLrkp5uHpWI4lJ7E+phr5seOAJjQ29I EkxBgAhddFFj2A5UNy0XF7EXDrzE6Kl3wEPHiP4T3JL6dR0EqZKJwHcZFBixlSeeDOSl YOK2szdv8qZNVEy+dER/1OYcC5bkORjOjxXCZrMrqalavh2wsLqiWH9bBFY2vjZbbPBG aQjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="aEE/qtuf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b3si932326eds.472.2022.02.23.22.29.02; Wed, 23 Feb 2022 22:29:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="aEE/qtuf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230357AbiBXFoI (ORCPT + 99 others); Thu, 24 Feb 2022 00:44:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229786AbiBXFoH (ORCPT ); Thu, 24 Feb 2022 00:44:07 -0500 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8AD5E137005 for ; Wed, 23 Feb 2022 21:43:37 -0800 (PST) Received: by mail-pj1-x1036.google.com with SMTP id g7-20020a17090a708700b001bb78857ccdso4785829pjk.1 for ; Wed, 23 Feb 2022 21:43:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8OUhXa3gN3jKPfYHmyLPJirwnZOTLizffe7c+ejkQKg=; b=aEE/qtufOBv0isusSaD8SMvPgvKdArha1kY9OewfscqDpJGKqIiVdt7imXgRl4aBC+ 8d0mirSFwNQ8ORGF2ZpEZQ091IiiH8GYiKXEvLVIFZqsaEkWcz0WBm4iDHOQC7k+kG+8 SjajbIzMiVVzEBfq/XnEyYpedrG7eG/c3gst8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8OUhXa3gN3jKPfYHmyLPJirwnZOTLizffe7c+ejkQKg=; b=TwXTD3Zim2/u3hnMZWBAdzLHdXAiaesGqyKDkXu7ngLWuNAzc/COb1pmvmrhAWN1mO +iLKmdYS6v47x/+dioAR3TcpEft+JuZtYJti/+xYwHsvhmJDFT5noGqqkViB91F9P5tg zc8Ss9qMYHC3e6rIkBKYrVwyV7ms6qtD6mtEMpmm5AOfLFqbfDVsFrFJe/MOo5tPedNH j1R5pAntEADha5/FZChRx2t+uu0f6sxEpmXytKl/UamRkATNCjXZdca4ZzVTAX9zZLvb 3Zu1NgzKmnO31IlyQxn6E4kA/4+juIfV2RKvxDxDCuqBkmmpeDvvUtAFrDr4TtJ9QsNB z/lQ== X-Gm-Message-State: AOAM532B72NUaluOk4b7E/nzkeTn5U5Vf+6ZBntiZwd6BSRm0yVU1nwg O+rWolwRwTvDwpqIWczi2J6n9w== X-Received: by 2002:a17:902:aa8a:b0:14f:460d:bf2e with SMTP id d10-20020a170902aa8a00b0014f460dbf2emr1056110plr.144.1645681417049; Wed, 23 Feb 2022 21:43:37 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x14sm1196061pgc.60.2022.02.23.21.43.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Feb 2022 21:43:36 -0800 (PST) From: Kees Cook To: Eric Biederman Cc: Kees Cook , David Gow , Alexey Dobriyan , =?UTF-8?q?Magnus=20Gro=C3=9F?= , kunit-dev@googlegroups.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [PATCH] binfmt_elf: Introduce KUnit test Date: Wed, 23 Feb 2022 21:43:32 -0800 Message-Id: <20220224054332.1852813-1-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Developer-Signature: v=1; a=openpgp-sha256; l=5866; h=from:subject; bh=FRXKK5AYWSBmpPuYpDvqw2/TqIlXTauPBKsuJ6qHMW8=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBiFxsDRnzYzwVjs3Br0bkTjbBDYrU8HMqGQemoWVyd tK7jF4mJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYhcbAwAKCRCJcvTf3G3AJi8AD/ 44cs81v9Turyz+NeH4WqinDkGVPDQu9S0uIuOi8GniiSyXuF8KOI15roR8g7URTuDsQWEsrIeT7PiI PVt1/XOUcRovbl4BMWKA6vri4JwESBbgjRm6DNdZtncomSMBMw7cH+YLjLhPUHMW5ACH0ll/hVO1t7 LZo+kQBkcsExsKfVkTZzZozXLNCHrkQ0haN1GWKWWDAy7Y0t8ovviINJy9GZPwDqGvN6xYfFcB2hr7 lkLJlWae10aVyZIXXgsymQF+j4VUirIu3jBr5JDlj12GTh6LNRZBusEyojxzNaLGNRob4UxJil6QwX Oz2puniFjqRmkG2yyB+nouMuf/msHjFqkuJfB6zYJvgweic+sv+PdE9Jbhuqc4XLPqAg+ue6l3ASul G3paTm5QF1YRWOp0GfX6ML5aE+kYs+ClU6EOU8WsTNnTKFoP4agl2p0MtEpLAsL1bt4JV8G0K0tPbb 5BCGHNHdljAb0YyzQz6Z14nu3WUfyAU6uzzEWXrudZ04Nn4x/nJM872fqRYDeJ8sB5yKdVMfy9Cwo3 2hvBNkqHHptoNjs3Dgu1dFTxIfakbvs+VXvXwby3PC8I7+LsbArLBlEgSqDoqh6436oGCY5ffG6n68 WkjblT+rEzu7tRcSyNBOiLp8HTYkBICu2UGmJLGzGfi6xUs/coE02Kr1pjYQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Adds simple KUnit test for some binfmt_elf internals: specifically a regression test for the problem fixed by commit 8904d9cd90ee ("ELF: fix overflow in total mapping size calculation"). Cc: Eric Biederman Cc: David Gow Cc: Alexey Dobriyan Cc: "Magnus Groß" Cc: kunit-dev@googlegroups.com Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Kees Cook --- I'm exploring ways to mock copy_to_user() for more tests in here. kprobes doesn't seem to let me easily hijack a function... --- fs/Kconfig.binfmt | 17 +++++++++++ fs/binfmt_elf.c | 4 +++ fs/binfmt_elf_test.c | 64 ++++++++++++++++++++++++++++++++++++++++++ fs/compat_binfmt_elf.c | 2 ++ 4 files changed, 87 insertions(+) create mode 100644 fs/binfmt_elf_test.c diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index 4d5ae61580aa..8e14589ee9cc 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -28,6 +28,23 @@ config BINFMT_ELF ld.so (check the file for location and latest version). +config BINFMT_ELF_KUNIT_TEST + bool "Build KUnit tests for ELF binary support" if !KUNIT_ALL_TESTS + depends on KUNIT=y && BINFMT_ELF=y + default KUNIT_ALL_TESTS + help + This builds the ELF loader KUnit tests. + + KUnit tests run during boot and output the results to the debug log + in TAP format (https://testanything.org/). Only useful for kernel devs + running KUnit test harness and are not for inclusion into a + production build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config COMPAT_BINFMT_ELF def_bool y depends on COMPAT && BINFMT_ELF diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 76ff2af15ba5..9bea703ed1c2 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -2335,3 +2335,7 @@ static void __exit exit_elf_binfmt(void) core_initcall(init_elf_binfmt); module_exit(exit_elf_binfmt); MODULE_LICENSE("GPL"); + +#ifdef CONFIG_BINFMT_ELF_KUNIT_TEST +#include "binfmt_elf_test.c" +#endif diff --git a/fs/binfmt_elf_test.c b/fs/binfmt_elf_test.c new file mode 100644 index 000000000000..486ad419f763 --- /dev/null +++ b/fs/binfmt_elf_test.c @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include + +static void total_mapping_size_test(struct kunit *test) +{ + struct elf_phdr empty[] = { + { .p_type = PT_LOAD, .p_vaddr = 0, .p_memsz = 0, }, + { .p_type = PT_INTERP, .p_vaddr = 10, .p_memsz = 999999, }, + }; + /* + * readelf -lW /bin/mount | grep '^ .*0x0' | awk '{print "\t\t{ .p_type = PT_" \ + * $1 ", .p_vaddr = " $3 ", .p_memsz = " $6 ", },"}' + */ + struct elf_phdr mount[] = { + { .p_type = PT_PHDR, .p_vaddr = 0x00000040, .p_memsz = 0x0002d8, }, + { .p_type = PT_INTERP, .p_vaddr = 0x00000318, .p_memsz = 0x00001c, }, + { .p_type = PT_LOAD, .p_vaddr = 0x00000000, .p_memsz = 0x0033a8, }, + { .p_type = PT_LOAD, .p_vaddr = 0x00004000, .p_memsz = 0x005c91, }, + { .p_type = PT_LOAD, .p_vaddr = 0x0000a000, .p_memsz = 0x0022f8, }, + { .p_type = PT_LOAD, .p_vaddr = 0x0000d330, .p_memsz = 0x000d40, }, + { .p_type = PT_DYNAMIC, .p_vaddr = 0x0000d928, .p_memsz = 0x000200, }, + { .p_type = PT_NOTE, .p_vaddr = 0x00000338, .p_memsz = 0x000030, }, + { .p_type = PT_NOTE, .p_vaddr = 0x00000368, .p_memsz = 0x000044, }, + { .p_type = PT_GNU_PROPERTY, .p_vaddr = 0x00000338, .p_memsz = 0x000030, }, + { .p_type = PT_GNU_EH_FRAME, .p_vaddr = 0x0000b490, .p_memsz = 0x0001ec, }, + { .p_type = PT_GNU_STACK, .p_vaddr = 0x00000000, .p_memsz = 0x000000, }, + { .p_type = PT_GNU_RELRO, .p_vaddr = 0x0000d330, .p_memsz = 0x000cd0, }, + }; + size_t mount_size = 0xE070; + /* https://lore.kernel.org/lkml/YfF18Dy85mCntXrx@fractal.localdomain */ + struct elf_phdr unordered[] = { + { .p_type = PT_LOAD, .p_vaddr = 0x00000000, .p_memsz = 0x0033a8, }, + { .p_type = PT_LOAD, .p_vaddr = 0x0000d330, .p_memsz = 0x000d40, }, + { .p_type = PT_LOAD, .p_vaddr = 0x00004000, .p_memsz = 0x005c91, }, + { .p_type = PT_LOAD, .p_vaddr = 0x0000a000, .p_memsz = 0x0022f8, }, + }; + + /* No headers, no size. */ + KUNIT_EXPECT_EQ(test, total_mapping_size(NULL, 0), 0); + KUNIT_EXPECT_EQ(test, total_mapping_size(empty, 0), 0); + /* Empty headers, no size. */ + KUNIT_EXPECT_EQ(test, total_mapping_size(empty, 1), 0); + /* No PT_LOAD headers, no size. */ + KUNIT_EXPECT_EQ(test, total_mapping_size(&empty[1], 1), 0); + /* Empty PT_LOAD and non-PT_LOAD headers, no size. */ + KUNIT_EXPECT_EQ(test, total_mapping_size(empty, 2), 0); + + /* Normal set of PT_LOADS, and expected size. */ + KUNIT_EXPECT_EQ(test, total_mapping_size(mount, ARRAY_SIZE(mount)), mount_size); + /* Unordered PT_LOADs result in same size. */ + KUNIT_EXPECT_EQ(test, total_mapping_size(unordered, ARRAY_SIZE(unordered)), mount_size); +} + +static struct kunit_case binfmt_elf_test_cases[] = { + KUNIT_CASE(total_mapping_size_test), + {}, +}; + +static struct kunit_suite binfmt_elf_test_suite = { + .name = KBUILD_MODNAME, + .test_cases = binfmt_elf_test_cases, +}; + +kunit_test_suite(binfmt_elf_test_suite); diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c index 95e72d271b95..8f0af4f62631 100644 --- a/fs/compat_binfmt_elf.c +++ b/fs/compat_binfmt_elf.c @@ -135,6 +135,8 @@ #define elf_format compat_elf_format #define init_elf_binfmt init_compat_elf_binfmt #define exit_elf_binfmt exit_compat_elf_binfmt +#define binfmt_elf_test_cases compat_binfmt_elf_test_cases +#define binfmt_elf_test_suite compat_binfmt_elf_test_suite /* * We share all the actual code with the native (64-bit) version. -- 2.30.2