Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp802493imi; Thu, 21 Jul 2022 11:13:50 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vAkkm3l4P8pRXCB64ozO3Qoc2wXNhO0+dWMntPuTDZumc+zYg3ibVUJvs5sD266+MqscWe X-Received: by 2002:a05:6870:178d:b0:10b:e0fd:c27a with SMTP id r13-20020a056870178d00b0010be0fdc27amr5576859oae.64.1658427230447; Thu, 21 Jul 2022 11:13:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658427230; cv=none; d=google.com; s=arc-20160816; b=vzEj7lduTuEq/yCEDvfnkBVpYTgOom3icflDzOud+AyrKlpn39HvdubcT1G8m2aHM/ XHFgVnxNUqqtsWUPNkwnw3AVyAqdZT450xt9YEtbMN3DlJkFieovkS6rDDTvLBKi/x6g w9yEQTx4cD0bmhPGiNvQlLuJscublli29O7wKbfb0VfL4F+1IP+aSWkJc3IYZgn72eOD mK67M5l6Y9Fna3/HhFwaLQCyFR4vi+ts3kuqjmcqUkjSQJpMcOSEHIb8rVPZOyEyPQBw T9KYAQGk6Olo96PjFht4KFKzZEKfTiBQQhhohtGVu8/0hA5A23ES/C3evYsn73Wgyf5Q K/gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=0YIjNYIeyOZDc9A5uuO9JNEVyn7b9iKJjntQZNv0C9w=; b=RovY7FOrabgmMCYIuU0rCCWbgSiDf38HX4DpYlEIgA2pVihZ5oNuzzxECQLA00aiIy 7aefqWOL0TpaJZYTQiv5cu+V9Y1UvO8IXDBTdze76b7mKBKfEljRyJFYU00vomSmeqw4 46AEgYInyAjUmsCURIpPQvxliErlkvC3Oa0XUcie0yrdF8P+1y4IUsV8za/bPbl6aNui AIfNDXfc4uWgAlPACFiPM2b0LtCY77zBwmIZNqEcvgbyjGyEG0LRvb+SFMhqAOKQtTMp deeWtifZJiIsnwlu/hZcUk8Z2EiHYRRp+CHcYrylXuUH6kIWwmVbPdT5HceVEBi5yeWm 0Rgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=m7P5LBC6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m12-20020a0568301e6c00b0061cad646023si2428129otr.31.2022.07.21.11.13.37; Thu, 21 Jul 2022 11:13:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=m7P5LBC6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232197AbiGUSCi (ORCPT + 99 others); Thu, 21 Jul 2022 14:02:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52770 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232457AbiGUSC3 (ORCPT ); Thu, 21 Jul 2022 14:02:29 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 478608C3F9 for ; Thu, 21 Jul 2022 11:02:27 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id c14-20020a17090abf0e00b001f2096d876bso1141022pjs.4 for ; Thu, 21 Jul 2022 11:02:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=0YIjNYIeyOZDc9A5uuO9JNEVyn7b9iKJjntQZNv0C9w=; b=m7P5LBC6qwAkLeVUmaZQT9OiQ2KDu1X8mjVgXdx2Rw0fFg2K3Z3YuPCbkKIHZTph48 /FR24RvEBnNmlwVIjFpoY5uPxK5w+teFs9H8Xnwv7HSzRTguJrw/fcD0w60PgPPChCzX GAFjLCQfqd1ZwxWyOpcd6BpWZ4BD7b4qF/mKqtFAZn7AO+gGo3VEXY0ZBf51MfnaCIuq BPnjFWSieuCCazgqznNpIFdpmnXNrDkRlUBOiLm3f5QWczrLiZQUMz3m+uAy5tvnbx7I 34WJ0kxPhEJdpO2DpsiAgmvxas99sKHw4QzR652r7uxuPq3j/luoKtU1YYdHWIpbs493 DCUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=0YIjNYIeyOZDc9A5uuO9JNEVyn7b9iKJjntQZNv0C9w=; b=BEcS6acFCwKLLhl+x3TrpEWSTsFEkhJocz+6ATBPYDvZT4FAdDBSkQmi9HS0zJxn6R 9lxzzpKuXhnu9XAMogQDdRAvHPiFNcxa8Tq3eZn4yyS2ARCyQCbZpeZTYhwfYCCHv2Kp EuMFB44tZW1c9hnyTZsJaEWnCpzD0xY82eBBzQ13gf2Cw0M1uJGNiR1+QibKyMXjjZLn KtzLt6ERkc18yBEKKb7pcHtQtvJ94l3A7PSnhwg9Oxo6EIZeHnLRVJk0DMOePGQDdWMX Gz6EAOjtWwLBwu7XxEPUoD32GRCcCgtGpmXA6WpsmpZCP1P/1xFtgJhhXXgwcHY7NM/W /g9w== X-Gm-Message-State: AJIora+v7pPlRrVFe9qI9RUjaNCzGaPPy6s9V8K+dO4bgXhQQS3MPAAP CmLrEfA0L5oG5I7LvUg4dPkvYO9EX/mlfQ== X-Received: from dlatypov-spec.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:3f35]) (user=dlatypov job=sendgmr) by 2002:a17:902:d48a:b0:16b:f101:b28b with SMTP id c10-20020a170902d48a00b0016bf101b28bmr45958440plg.148.1658426546834; Thu, 21 Jul 2022 11:02:26 -0700 (PDT) Date: Thu, 21 Jul 2022 18:02:14 +0000 In-Reply-To: <20220721180214.3223778-1-dlatypov@google.com> Message-Id: <20220721180214.3223778-4-dlatypov@google.com> Mime-Version: 1.0 References: <20220721180214.3223778-1-dlatypov@google.com> X-Mailer: git-send-email 2.37.1.359.gd136c6c3e2-goog Subject: [PATCH 4/4] kunit: make knuit_kfree() not segfault on invalid inputs From: Daniel Latypov To: brendanhiggins@google.com, davidgow@google.com Cc: linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, skhan@linuxfoundation.org, Daniel Latypov Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org kunit_kfree() can only work on data ("resources") allocated by KUnit. Currently for code like this, > void *ptr = kmalloc(4, GFP_KERNEL); > kunit_kfree(test, ptr); kunit_kfree() will segfault. It'll try and look up the kunit_resource associated with `ptr` and get a NULL back, but it won't check for this. This means we also segfault if you double-free. Change kunit_kfree() so it'll notice these invalid pointers and respond by failing the test. Implementation: kunit_destroy_resource() does what kunit_kfree() does, but is more generic and returns -ENOENT when it can't find the resource. Sadly, unlike just letting it crash, this means we don't get a stack trace. But kunit_kfree() is so infrequently used it shouldn't be hard to track down the bad callsite anyways. After this change, the above code gives: > # example_simple_test: EXPECTATION FAILED at lib/kunit/test.c:702 > kunit_kfree: 00000000626ec200 already freed or not allocated by kunit Signed-off-by: Daniel Latypov --- lib/kunit/test.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 82019a78462e..c7ca87484968 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -698,18 +698,8 @@ static inline bool kunit_kfree_match(struct kunit *test, void kunit_kfree(struct kunit *test, const void *ptr) { - struct kunit_resource *res; - - res = kunit_find_resource(test, kunit_kfree_match, (void *)ptr); - - /* - * Removing the resource from the list of resources drops the - * reference count to 1; the final put will trigger the free. - */ - kunit_remove_resource(test, res); - - kunit_put_resource(res); - + if (kunit_destroy_resource(test, kunit_kfree_match, (void *)ptr)) + KUNIT_FAIL(test, "kunit_kfree: %px already freed or not allocated by kunit", ptr); } EXPORT_SYMBOL_GPL(kunit_kfree); -- 2.37.1.359.gd136c6c3e2-goog