lib/strncpy_from_user.c | 3 +- mm/kasan/kasan_test_c.c | 39 +++++++++++++++++ mm/kasan/kasan_test_module.c | 81 ------------------------------------ 3 files changed, 41 insertions(+), 82 deletions(-) delete mode 100644 mm/kasan/kasan_test_module.c
Migrate the copy_user_test to the KUnit framework to verify out-of-bound
detection via KASAN reports in copy_from_user(), copy_to_user() and
their static functions.
This is the last migrated test in kasan_test_module.c, therefore delete
the file.
In order to detect OOB access in strncpy_from_user(), we need to move
kasan_check_write() to the function beginning to cover
if (can_do_masked_user_access()) {...} branch as well.
Reported-by: Andrey Konovalov <andreyknvl@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=212205
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
lib/strncpy_from_user.c | 3 +-
mm/kasan/kasan_test_c.c | 39 +++++++++++++++++
mm/kasan/kasan_test_module.c | 81 ------------------------------------
3 files changed, 41 insertions(+), 82 deletions(-)
delete mode 100644 mm/kasan/kasan_test_module.c
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 989a12a67872..55c33e4f3c70 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -120,6 +120,8 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (unlikely(count <= 0))
return 0;
+ kasan_check_write(dst, count);
+
if (can_do_masked_user_access()) {
long retval;
@@ -142,7 +144,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (max > count)
max = count;
- kasan_check_write(dst, count);
check_object_size(dst, count, false);
if (user_read_access_begin(src, max)) {
retval = do_strncpy_from_user(dst, src, count, max);
diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
index a181e4780d9d..e71a16d0dfb9 100644
--- a/mm/kasan/kasan_test_c.c
+++ b/mm/kasan/kasan_test_c.c
@@ -1954,6 +1954,44 @@ static void rust_uaf(struct kunit *test)
KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
}
+static void copy_user_test_oob(struct kunit *test)
+{
+ char *kmem;
+ char __user *usermem;
+ unsigned long useraddr;
+ size_t size = 128 - KASAN_GRANULE_SIZE;
+ int __maybe_unused unused;
+
+ kmem = kunit_kmalloc(test, size, GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem);
+
+ useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_ANONYMOUS | MAP_PRIVATE, 0);
+ KUNIT_ASSERT_NE_MSG(test, useraddr, 0,
+ "Could not create userspace mm");
+ KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE,
+ "Failed to allocate user memory");
+
+ OPTIMIZER_HIDE_VAR(size);
+ usermem = (char __user *)useraddr;
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user_inatomic(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user_inatomic(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = strncpy_from_user(kmem, usermem, size + 1));
+}
+
static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(kmalloc_oob_right),
KUNIT_CASE(kmalloc_oob_left),
@@ -2028,6 +2066,7 @@ static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(match_all_ptr_tag),
KUNIT_CASE(match_all_mem_tag),
KUNIT_CASE(rust_uaf),
+ KUNIT_CASE(copy_user_test_oob),
{}
};
diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c
deleted file mode 100644
index 27ec22767e42..000000000000
--- a/mm/kasan/kasan_test_module.c
+++ /dev/null
@@ -1,81 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- *
- * Copyright (c) 2014 Samsung Electronics Co., Ltd.
- * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
- */
-
-#define pr_fmt(fmt) "kasan: test: " fmt
-
-#include <linux/mman.h>
-#include <linux/module.h>
-#include <linux/printk.h>
-#include <linux/slab.h>
-#include <linux/uaccess.h>
-
-#include "kasan.h"
-
-static noinline void __init copy_user_test(void)
-{
- char *kmem;
- char __user *usermem;
- size_t size = 128 - KASAN_GRANULE_SIZE;
- int __maybe_unused unused;
-
- kmem = kmalloc(size, GFP_KERNEL);
- if (!kmem)
- return;
-
- usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
- PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_ANONYMOUS | MAP_PRIVATE, 0);
- if (IS_ERR(usermem)) {
- pr_err("Failed to allocate user memory\n");
- kfree(kmem);
- return;
- }
-
- OPTIMIZER_HIDE_VAR(size);
-
- pr_info("out-of-bounds in copy_from_user()\n");
- unused = copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in copy_to_user()\n");
- unused = copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user()\n");
- unused = __copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user()\n");
- unused = __copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
- unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
- unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in strncpy_from_user()\n");
- unused = strncpy_from_user(kmem, usermem, size + 1);
-
- vm_munmap((unsigned long)usermem, PAGE_SIZE);
- kfree(kmem);
-}
-
-static int __init kasan_test_module_init(void)
-{
- /*
- * Temporarily enable multi-shot mode. Otherwise, KASAN would only
- * report the first detected bug and panic the kernel if panic_on_warn
- * is enabled.
- */
- bool multishot = kasan_save_enable_multi_shot();
-
- copy_user_test();
-
- kasan_restore_multi_shot(multishot);
- return -EAGAIN;
-}
-
-module_init(kasan_test_module_init);
-MODULE_LICENSE("GPL");
--
2.34.1
On Fri, Oct 11, 2024 at 9:16 AM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > detection via KASAN reports in copy_from_user(), copy_to_user() and > their static functions. > > This is the last migrated test in kasan_test_module.c, therefore delete > the file. > > In order to detect OOB access in strncpy_from_user(), we need to move > kasan_check_write() to the function beginning to cover > if (can_do_masked_user_access()) {...} branch as well. > > Reported-by: Andrey Konovalov <andreyknvl@gmail.com> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=212205 > Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com> > --- > lib/strncpy_from_user.c | 3 +- > mm/kasan/kasan_test_c.c | 39 +++++++++++++++++ > mm/kasan/kasan_test_module.c | 81 ------------------------------------ > 3 files changed, 41 insertions(+), 82 deletions(-) > delete mode 100644 mm/kasan/kasan_test_module.c > > diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c > index 989a12a67872..55c33e4f3c70 100644 > --- a/lib/strncpy_from_user.c > +++ b/lib/strncpy_from_user.c > @@ -120,6 +120,8 @@ long strncpy_from_user(char *dst, const char __user *src, long count) > if (unlikely(count <= 0)) > return 0; > > + kasan_check_write(dst, count); > + > if (can_do_masked_user_access()) { > long retval; > > @@ -142,7 +144,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count) > if (max > count) > max = count; > > - kasan_check_write(dst, count); > check_object_size(dst, count, false); I think we better put both kasan_check_write and check_object_size into do_strncpy_from_user, as the latter is now (post 2865baf54077) called from two different places. Also, please put this change into a separate commit with a Fixes: 2865baf54077 tag. > if (user_read_access_begin(src, max)) { > retval = do_strncpy_from_user(dst, src, count, max); > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c > index a181e4780d9d..e71a16d0dfb9 100644 > --- a/mm/kasan/kasan_test_c.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1954,6 +1954,44 @@ static void rust_uaf(struct kunit *test) > KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > } > > +static void copy_user_test_oob(struct kunit *test) > +{ > + char *kmem; > + char __user *usermem; > + unsigned long useraddr; > + size_t size = 128 - KASAN_GRANULE_SIZE; > + int __maybe_unused unused; > + > + kmem = kunit_kmalloc(test, size, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem); > + > + useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE, > + PROT_READ | PROT_WRITE | PROT_EXEC, > + MAP_ANONYMOUS | MAP_PRIVATE, 0); > + KUNIT_ASSERT_NE_MSG(test, useraddr, 0, > + "Could not create userspace mm"); > + KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE, > + "Failed to allocate user memory"); > + > + OPTIMIZER_HIDE_VAR(size); > + usermem = (char __user *)useraddr; > + > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user_inatomic(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user_inatomic(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = strncpy_from_user(kmem, usermem, size + 1)); > +} > + > static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(kmalloc_oob_right), > KUNIT_CASE(kmalloc_oob_left), > @@ -2028,6 +2066,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > KUNIT_CASE(rust_uaf), > + KUNIT_CASE(copy_user_test_oob), > {} > }; > > diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c > deleted file mode 100644 > index 27ec22767e42..000000000000 > --- a/mm/kasan/kasan_test_module.c > +++ /dev/null > @@ -1,81 +0,0 @@ > -// SPDX-License-Identifier: GPL-2.0-only > -/* > - * > - * Copyright (c) 2014 Samsung Electronics Co., Ltd. > - * Author: Andrey Ryabinin <a.ryabinin@samsung.com> > - */ > - > -#define pr_fmt(fmt) "kasan: test: " fmt > - > -#include <linux/mman.h> > -#include <linux/module.h> > -#include <linux/printk.h> > -#include <linux/slab.h> > -#include <linux/uaccess.h> > - > -#include "kasan.h" > - > -static noinline void __init copy_user_test(void) > -{ > - char *kmem; > - char __user *usermem; > - size_t size = 128 - KASAN_GRANULE_SIZE; > - int __maybe_unused unused; > - > - kmem = kmalloc(size, GFP_KERNEL); > - if (!kmem) > - return; > - > - usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE, > - PROT_READ | PROT_WRITE | PROT_EXEC, > - MAP_ANONYMOUS | MAP_PRIVATE, 0); > - if (IS_ERR(usermem)) { > - pr_err("Failed to allocate user memory\n"); > - kfree(kmem); > - return; > - } > - > - OPTIMIZER_HIDE_VAR(size); > - > - pr_info("out-of-bounds in copy_from_user()\n"); > - unused = copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in copy_to_user()\n"); > - unused = copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user()\n"); > - unused = __copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user()\n"); > - unused = __copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user_inatomic()\n"); > - unused = __copy_from_user_inatomic(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user_inatomic()\n"); > - unused = __copy_to_user_inatomic(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in strncpy_from_user()\n"); > - unused = strncpy_from_user(kmem, usermem, size + 1); > - > - vm_munmap((unsigned long)usermem, PAGE_SIZE); > - kfree(kmem); > -} > - > -static int __init kasan_test_module_init(void) > -{ > - /* > - * Temporarily enable multi-shot mode. Otherwise, KASAN would only > - * report the first detected bug and panic the kernel if panic_on_warn > - * is enabled. > - */ > - bool multishot = kasan_save_enable_multi_shot(); > - > - copy_user_test(); > - > - kasan_restore_multi_shot(multishot); > - return -EAGAIN; > -} > - > -module_init(kasan_test_module_init); > -MODULE_LICENSE("GPL"); Please also remove the corresponding entries from mm/kasan/Makefile and lib/Kconfig.kasan and update Documentation/dev-tools/kasan.rst. > -- > 2.34.1 >
copy_user_test() is the last KUnit-incompatible test with CONFIG_KASAN_MODULE_TEST requirement, which we are going to migrate to KUnit framework and delete the former test and Kconfig as well. In this patch series: - [1/3] move kasan_check_write() and check_object_size() to do_strncpy_from_user() to cover with KASAN checks with multiple conditions in strncpy_from_user(). - [2/3] migrated copy_user_test() to KUnit, where we can also test strncpy_from_user() due to [1/4]. KUnits have been tested on: - x86_64 with CONFIG_KASAN_GENERIC. Passed - arm64 with CONFIG_KASAN_SW_TAGS. 1 fail. See [1] - arm64 with CONFIG_KASAN_HW_TAGS. 1 fail. See [1] [1] https://lore.kernel.org/linux-mm/CACzwLxj21h7nCcS2-KA_q7ybe+5pxH0uCDwu64q_9pPsydneWQ@mail.gmail.com/ - [3/3] delete CONFIG_KASAN_MODULE_TEST and documentation occurrences. Changes v1 -> v2: - moved the sanitization to do_strncpy_from_user and as the separate commit per Andrey's review. - deleted corresponding entries of kasan_test_module.o in Makefile - deleted CONFIG_KASAN_MODULE_TEST at all with the documentation in separate commit. - added Documentation maintainers in CC. Sabyrzhan Tasbolatov (3): kasan: move checks to do_strncpy_from_user kasan: migrate copy_user_test to kunit kasan: delete CONFIG_KASAN_MODULE_TEST Documentation/dev-tools/kasan.rst | 9 +-- .../translations/zh_CN/dev-tools/kasan.rst | 6 +- .../translations/zh_TW/dev-tools/kasan.rst | 6 +- lib/Kconfig.kasan | 7 -- lib/strncpy_from_user.c | 5 +- mm/kasan/Makefile | 2 - mm/kasan/kasan.h | 2 +- mm/kasan/kasan_test_c.c | 39 +++++++++ mm/kasan/kasan_test_module.c | 81 ------------------- mm/kasan/report.c | 2 +- 10 files changed, 48 insertions(+), 111 deletions(-) delete mode 100644 mm/kasan/kasan_test_module.c -- 2.34.1
Since in the commit 2865baf54077("x86: support user address masking instead
of non-speculative conditional") do_strncpy_from_user() is called from
multiple places, we should sanitize the kernel *dst memory and size
which were done in strncpy_from_user() previously.
Fixes: 2865baf54077 ("x86: support user address masking instead of non-speculative conditional")
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
lib/strncpy_from_user.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 989a12a6787..f36ad821176 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -31,6 +31,9 @@ static __always_inline long do_strncpy_from_user(char *dst, const char __user *s
const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
unsigned long res = 0;
+ kasan_check_write(dst, count);
+ check_object_size(dst, count, false);
+
if (IS_UNALIGNED(src, dst))
goto byte_at_a_time;
@@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (max > count)
max = count;
- kasan_check_write(dst, count);
- check_object_size(dst, count, false);
if (user_read_access_begin(src, max)) {
retval = do_strncpy_from_user(dst, src, count, max);
user_read_access_end();
--
2.34.1
On Sun, Oct 13, 2024 at 3:01 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > Since in the commit 2865baf54077("x86: support user address masking instead > of non-speculative conditional") do_strncpy_from_user() is called from > multiple places, we should sanitize the kernel *dst memory and size > which were done in strncpy_from_user() previously. > > Fixes: 2865baf54077 ("x86: support user address masking instead of non-speculative conditional") > Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com> > --- > lib/strncpy_from_user.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c > index 989a12a6787..f36ad821176 100644 > --- a/lib/strncpy_from_user.c > +++ b/lib/strncpy_from_user.c > @@ -31,6 +31,9 @@ static __always_inline long do_strncpy_from_user(char *dst, const char __user *s > const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; > unsigned long res = 0; > > + kasan_check_write(dst, count); > + check_object_size(dst, count, false); > + > if (IS_UNALIGNED(src, dst)) > goto byte_at_a_time; > > @@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count) > if (max > count) > max = count; > > - kasan_check_write(dst, count); > - check_object_size(dst, count, false); > if (user_read_access_begin(src, max)) { > retval = do_strncpy_from_user(dst, src, count, max); > user_read_access_end(); > -- > 2.34.1 > Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Migrate the copy_user_test to the KUnit framework to verify out-of-bound
detection via KASAN reports in copy_from_user(), copy_to_user() and
their static functions.
This is the last migrated test in kasan_test_module.c, therefore delete
the file.
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
mm/kasan/Makefile | 2 -
mm/kasan/kasan_test_c.c | 39 +++++++++++++++++
mm/kasan/kasan_test_module.c | 81 ------------------------------------
3 files changed, 39 insertions(+), 83 deletions(-)
delete mode 100644 mm/kasan/kasan_test_module.c
diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index b88543e5c0c..1a958e7c8a4 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -46,7 +46,6 @@ endif
CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
-CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST)
obj-y := common.o report.o
obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
@@ -59,4 +58,3 @@ ifdef CONFIG_RUST
endif
obj-$(CONFIG_KASAN_KUNIT_TEST) += kasan_test.o
-obj-$(CONFIG_KASAN_MODULE_TEST) += kasan_test_module.o
diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
index a181e4780d9..e71a16d0dfb 100644
--- a/mm/kasan/kasan_test_c.c
+++ b/mm/kasan/kasan_test_c.c
@@ -1954,6 +1954,44 @@ static void rust_uaf(struct kunit *test)
KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
}
+static void copy_user_test_oob(struct kunit *test)
+{
+ char *kmem;
+ char __user *usermem;
+ unsigned long useraddr;
+ size_t size = 128 - KASAN_GRANULE_SIZE;
+ int __maybe_unused unused;
+
+ kmem = kunit_kmalloc(test, size, GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem);
+
+ useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_ANONYMOUS | MAP_PRIVATE, 0);
+ KUNIT_ASSERT_NE_MSG(test, useraddr, 0,
+ "Could not create userspace mm");
+ KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE,
+ "Failed to allocate user memory");
+
+ OPTIMIZER_HIDE_VAR(size);
+ usermem = (char __user *)useraddr;
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user_inatomic(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user_inatomic(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = strncpy_from_user(kmem, usermem, size + 1));
+}
+
static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(kmalloc_oob_right),
KUNIT_CASE(kmalloc_oob_left),
@@ -2028,6 +2066,7 @@ static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(match_all_ptr_tag),
KUNIT_CASE(match_all_mem_tag),
KUNIT_CASE(rust_uaf),
+ KUNIT_CASE(copy_user_test_oob),
{}
};
diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c
deleted file mode 100644
index 27ec22767e4..00000000000
--- a/mm/kasan/kasan_test_module.c
+++ /dev/null
@@ -1,81 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- *
- * Copyright (c) 2014 Samsung Electronics Co., Ltd.
- * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
- */
-
-#define pr_fmt(fmt) "kasan: test: " fmt
-
-#include <linux/mman.h>
-#include <linux/module.h>
-#include <linux/printk.h>
-#include <linux/slab.h>
-#include <linux/uaccess.h>
-
-#include "kasan.h"
-
-static noinline void __init copy_user_test(void)
-{
- char *kmem;
- char __user *usermem;
- size_t size = 128 - KASAN_GRANULE_SIZE;
- int __maybe_unused unused;
-
- kmem = kmalloc(size, GFP_KERNEL);
- if (!kmem)
- return;
-
- usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
- PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_ANONYMOUS | MAP_PRIVATE, 0);
- if (IS_ERR(usermem)) {
- pr_err("Failed to allocate user memory\n");
- kfree(kmem);
- return;
- }
-
- OPTIMIZER_HIDE_VAR(size);
-
- pr_info("out-of-bounds in copy_from_user()\n");
- unused = copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in copy_to_user()\n");
- unused = copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user()\n");
- unused = __copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user()\n");
- unused = __copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
- unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
- unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in strncpy_from_user()\n");
- unused = strncpy_from_user(kmem, usermem, size + 1);
-
- vm_munmap((unsigned long)usermem, PAGE_SIZE);
- kfree(kmem);
-}
-
-static int __init kasan_test_module_init(void)
-{
- /*
- * Temporarily enable multi-shot mode. Otherwise, KASAN would only
- * report the first detected bug and panic the kernel if panic_on_warn
- * is enabled.
- */
- bool multishot = kasan_save_enable_multi_shot();
-
- copy_user_test();
-
- kasan_restore_multi_shot(multishot);
- return -EAGAIN;
-}
-
-module_init(kasan_test_module_init);
-MODULE_LICENSE("GPL");
--
2.34.1
On Sun, Oct 13, 2024 at 3:02 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > detection via KASAN reports in copy_from_user(), copy_to_user() and > their static functions. > > This is the last migrated test in kasan_test_module.c, therefore delete > the file. > > Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com> > --- > mm/kasan/Makefile | 2 - > mm/kasan/kasan_test_c.c | 39 +++++++++++++++++ > mm/kasan/kasan_test_module.c | 81 ------------------------------------ > 3 files changed, 39 insertions(+), 83 deletions(-) > delete mode 100644 mm/kasan/kasan_test_module.c > > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile > index b88543e5c0c..1a958e7c8a4 100644 > --- a/mm/kasan/Makefile > +++ b/mm/kasan/Makefile > @@ -46,7 +46,6 @@ endif > > CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST) > RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN) > -CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST) > > obj-y := common.o report.o > obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o > @@ -59,4 +58,3 @@ ifdef CONFIG_RUST > endif > > obj-$(CONFIG_KASAN_KUNIT_TEST) += kasan_test.o > -obj-$(CONFIG_KASAN_MODULE_TEST) += kasan_test_module.o > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c > index a181e4780d9..e71a16d0dfb 100644 > --- a/mm/kasan/kasan_test_c.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1954,6 +1954,44 @@ static void rust_uaf(struct kunit *test) > KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > } > > +static void copy_user_test_oob(struct kunit *test) > +{ > + char *kmem; > + char __user *usermem; > + unsigned long useraddr; > + size_t size = 128 - KASAN_GRANULE_SIZE; > + int __maybe_unused unused; > + > + kmem = kunit_kmalloc(test, size, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem); > + > + useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE, > + PROT_READ | PROT_WRITE | PROT_EXEC, > + MAP_ANONYMOUS | MAP_PRIVATE, 0); > + KUNIT_ASSERT_NE_MSG(test, useraddr, 0, > + "Could not create userspace mm"); > + KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE, > + "Failed to allocate user memory"); > + > + OPTIMIZER_HIDE_VAR(size); > + usermem = (char __user *)useraddr; > + > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user_inatomic(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user_inatomic(usermem, kmem, size + 1)); Here, add: + + /* + * Prepare a long string in usermem to avoid the strncpy_from_user test + * bailing out on '\0' before it reaches out-of-bounds. + */ + memset(kmem, 'a', size); + KUNIT_EXPECT_EQ(test, copy_to_user(usermem, kmem, size), 0); + This fixes the last test. > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = strncpy_from_user(kmem, usermem, size + 1)); > +} > + > static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(kmalloc_oob_right), > KUNIT_CASE(kmalloc_oob_left), > @@ -2028,6 +2066,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > KUNIT_CASE(rust_uaf), > + KUNIT_CASE(copy_user_test_oob), > {} > }; > > diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c > deleted file mode 100644 > index 27ec22767e4..00000000000 > --- a/mm/kasan/kasan_test_module.c > +++ /dev/null > @@ -1,81 +0,0 @@ > -// SPDX-License-Identifier: GPL-2.0-only > -/* > - * > - * Copyright (c) 2014 Samsung Electronics Co., Ltd. > - * Author: Andrey Ryabinin <a.ryabinin@samsung.com> > - */ > - > -#define pr_fmt(fmt) "kasan: test: " fmt > - > -#include <linux/mman.h> > -#include <linux/module.h> > -#include <linux/printk.h> > -#include <linux/slab.h> > -#include <linux/uaccess.h> > - > -#include "kasan.h" > - > -static noinline void __init copy_user_test(void) > -{ > - char *kmem; > - char __user *usermem; > - size_t size = 128 - KASAN_GRANULE_SIZE; > - int __maybe_unused unused; > - > - kmem = kmalloc(size, GFP_KERNEL); > - if (!kmem) > - return; > - > - usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE, > - PROT_READ | PROT_WRITE | PROT_EXEC, > - MAP_ANONYMOUS | MAP_PRIVATE, 0); > - if (IS_ERR(usermem)) { > - pr_err("Failed to allocate user memory\n"); > - kfree(kmem); > - return; > - } > - > - OPTIMIZER_HIDE_VAR(size); > - > - pr_info("out-of-bounds in copy_from_user()\n"); > - unused = copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in copy_to_user()\n"); > - unused = copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user()\n"); > - unused = __copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user()\n"); > - unused = __copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user_inatomic()\n"); > - unused = __copy_from_user_inatomic(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user_inatomic()\n"); > - unused = __copy_to_user_inatomic(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in strncpy_from_user()\n"); > - unused = strncpy_from_user(kmem, usermem, size + 1); > - > - vm_munmap((unsigned long)usermem, PAGE_SIZE); > - kfree(kmem); > -} > - > -static int __init kasan_test_module_init(void) > -{ > - /* > - * Temporarily enable multi-shot mode. Otherwise, KASAN would only > - * report the first detected bug and panic the kernel if panic_on_warn > - * is enabled. > - */ > - bool multishot = kasan_save_enable_multi_shot(); > - > - copy_user_test(); > - > - kasan_restore_multi_shot(multishot); > - return -EAGAIN; > -} > - > -module_init(kasan_test_module_init); > -MODULE_LICENSE("GPL"); > -- > 2.34.1 >
Migrate the copy_user_test to the KUnit framework to verify out-of-bound
detection via KASAN reports in copy_from_user(), copy_to_user() and
their static functions.
This is the last migrated test in kasan_test_module.c, therefore delete
the file.
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Changes v2 -> v3:
- added a long string in usermem for strncpy_from_user. Suggested by Andrey.
---
mm/kasan/Makefile | 2 -
mm/kasan/kasan_test_c.c | 47 +++++++++++++++++++++
mm/kasan/kasan_test_module.c | 81 ------------------------------------
3 files changed, 47 insertions(+), 83 deletions(-)
delete mode 100644 mm/kasan/kasan_test_module.c
diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index b88543e5c0c..1a958e7c8a4 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -46,7 +46,6 @@ endif
CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
-CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST)
obj-y := common.o report.o
obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
@@ -59,4 +58,3 @@ ifdef CONFIG_RUST
endif
obj-$(CONFIG_KASAN_KUNIT_TEST) += kasan_test.o
-obj-$(CONFIG_KASAN_MODULE_TEST) += kasan_test_module.o
diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
index a181e4780d9..382bc64e42d 100644
--- a/mm/kasan/kasan_test_c.c
+++ b/mm/kasan/kasan_test_c.c
@@ -1954,6 +1954,52 @@ static void rust_uaf(struct kunit *test)
KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
}
+static void copy_user_test_oob(struct kunit *test)
+{
+ char *kmem;
+ char __user *usermem;
+ unsigned long useraddr;
+ size_t size = 128 - KASAN_GRANULE_SIZE;
+ int __maybe_unused unused;
+
+ kmem = kunit_kmalloc(test, size, GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem);
+
+ useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_ANONYMOUS | MAP_PRIVATE, 0);
+ KUNIT_ASSERT_NE_MSG(test, useraddr, 0,
+ "Could not create userspace mm");
+ KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE,
+ "Failed to allocate user memory");
+
+ OPTIMIZER_HIDE_VAR(size);
+ usermem = (char __user *)useraddr;
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user_inatomic(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user_inatomic(usermem, kmem, size + 1));
+
+ /*
+ * Prepare a long string in usermem to avoid the strncpy_from_user test
+ * bailing out on '\0' before it reaches out-of-bounds.
+ */
+ memset(kmem, 'a', size);
+ KUNIT_EXPECT_EQ(test, copy_to_user(usermem, kmem, size), 0);
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = strncpy_from_user(kmem, usermem, size + 1));
+}
+
static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(kmalloc_oob_right),
KUNIT_CASE(kmalloc_oob_left),
@@ -2028,6 +2074,7 @@ static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(match_all_ptr_tag),
KUNIT_CASE(match_all_mem_tag),
KUNIT_CASE(rust_uaf),
+ KUNIT_CASE(copy_user_test_oob),
{}
};
diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c
deleted file mode 100644
index 27ec22767e4..00000000000
--- a/mm/kasan/kasan_test_module.c
+++ /dev/null
@@ -1,81 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- *
- * Copyright (c) 2014 Samsung Electronics Co., Ltd.
- * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
- */
-
-#define pr_fmt(fmt) "kasan: test: " fmt
-
-#include <linux/mman.h>
-#include <linux/module.h>
-#include <linux/printk.h>
-#include <linux/slab.h>
-#include <linux/uaccess.h>
-
-#include "kasan.h"
-
-static noinline void __init copy_user_test(void)
-{
- char *kmem;
- char __user *usermem;
- size_t size = 128 - KASAN_GRANULE_SIZE;
- int __maybe_unused unused;
-
- kmem = kmalloc(size, GFP_KERNEL);
- if (!kmem)
- return;
-
- usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
- PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_ANONYMOUS | MAP_PRIVATE, 0);
- if (IS_ERR(usermem)) {
- pr_err("Failed to allocate user memory\n");
- kfree(kmem);
- return;
- }
-
- OPTIMIZER_HIDE_VAR(size);
-
- pr_info("out-of-bounds in copy_from_user()\n");
- unused = copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in copy_to_user()\n");
- unused = copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user()\n");
- unused = __copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user()\n");
- unused = __copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
- unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
- unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in strncpy_from_user()\n");
- unused = strncpy_from_user(kmem, usermem, size + 1);
-
- vm_munmap((unsigned long)usermem, PAGE_SIZE);
- kfree(kmem);
-}
-
-static int __init kasan_test_module_init(void)
-{
- /*
- * Temporarily enable multi-shot mode. Otherwise, KASAN would only
- * report the first detected bug and panic the kernel if panic_on_warn
- * is enabled.
- */
- bool multishot = kasan_save_enable_multi_shot();
-
- copy_user_test();
-
- kasan_restore_multi_shot(multishot);
- return -EAGAIN;
-}
-
-module_init(kasan_test_module_init);
-MODULE_LICENSE("GPL");
--
2.34.1
On Sun, Oct 13, 2024 at 8:19 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > detection via KASAN reports in copy_from_user(), copy_to_user() and > their static functions. > > This is the last migrated test in kasan_test_module.c, therefore delete > the file. > > Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com> > --- > Changes v2 -> v3: > - added a long string in usermem for strncpy_from_user. Suggested by Andrey. > --- > mm/kasan/Makefile | 2 - > mm/kasan/kasan_test_c.c | 47 +++++++++++++++++++++ > mm/kasan/kasan_test_module.c | 81 ------------------------------------ > 3 files changed, 47 insertions(+), 83 deletions(-) > delete mode 100644 mm/kasan/kasan_test_module.c > > diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile > index b88543e5c0c..1a958e7c8a4 100644 > --- a/mm/kasan/Makefile > +++ b/mm/kasan/Makefile > @@ -46,7 +46,6 @@ endif > > CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST) > RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN) > -CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST) > > obj-y := common.o report.o > obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o > @@ -59,4 +58,3 @@ ifdef CONFIG_RUST > endif > > obj-$(CONFIG_KASAN_KUNIT_TEST) += kasan_test.o > -obj-$(CONFIG_KASAN_MODULE_TEST) += kasan_test_module.o > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c > index a181e4780d9..382bc64e42d 100644 > --- a/mm/kasan/kasan_test_c.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1954,6 +1954,52 @@ static void rust_uaf(struct kunit *test) > KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > } > > +static void copy_user_test_oob(struct kunit *test) > +{ > + char *kmem; > + char __user *usermem; > + unsigned long useraddr; > + size_t size = 128 - KASAN_GRANULE_SIZE; > + int __maybe_unused unused; > + > + kmem = kunit_kmalloc(test, size, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem); > + > + useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE, > + PROT_READ | PROT_WRITE | PROT_EXEC, > + MAP_ANONYMOUS | MAP_PRIVATE, 0); > + KUNIT_ASSERT_NE_MSG(test, useraddr, 0, > + "Could not create userspace mm"); > + KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE, > + "Failed to allocate user memory"); > + > + OPTIMIZER_HIDE_VAR(size); > + usermem = (char __user *)useraddr; > + > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user_inatomic(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user_inatomic(usermem, kmem, size + 1)); > + > + /* > + * Prepare a long string in usermem to avoid the strncpy_from_user test > + * bailing out on '\0' before it reaches out-of-bounds. > + */ > + memset(kmem, 'a', size); > + KUNIT_EXPECT_EQ(test, copy_to_user(usermem, kmem, size), 0); > + > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = strncpy_from_user(kmem, usermem, size + 1)); > +} > + > static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(kmalloc_oob_right), > KUNIT_CASE(kmalloc_oob_left), > @@ -2028,6 +2074,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > KUNIT_CASE(rust_uaf), > + KUNIT_CASE(copy_user_test_oob), > {} > }; > > diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c > deleted file mode 100644 > index 27ec22767e4..00000000000 > --- a/mm/kasan/kasan_test_module.c > +++ /dev/null > @@ -1,81 +0,0 @@ > -// SPDX-License-Identifier: GPL-2.0-only > -/* > - * > - * Copyright (c) 2014 Samsung Electronics Co., Ltd. > - * Author: Andrey Ryabinin <a.ryabinin@samsung.com> > - */ > - > -#define pr_fmt(fmt) "kasan: test: " fmt > - > -#include <linux/mman.h> > -#include <linux/module.h> > -#include <linux/printk.h> > -#include <linux/slab.h> > -#include <linux/uaccess.h> > - > -#include "kasan.h" > - > -static noinline void __init copy_user_test(void) > -{ > - char *kmem; > - char __user *usermem; > - size_t size = 128 - KASAN_GRANULE_SIZE; > - int __maybe_unused unused; > - > - kmem = kmalloc(size, GFP_KERNEL); > - if (!kmem) > - return; > - > - usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE, > - PROT_READ | PROT_WRITE | PROT_EXEC, > - MAP_ANONYMOUS | MAP_PRIVATE, 0); > - if (IS_ERR(usermem)) { > - pr_err("Failed to allocate user memory\n"); > - kfree(kmem); > - return; > - } > - > - OPTIMIZER_HIDE_VAR(size); > - > - pr_info("out-of-bounds in copy_from_user()\n"); > - unused = copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in copy_to_user()\n"); > - unused = copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user()\n"); > - unused = __copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user()\n"); > - unused = __copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user_inatomic()\n"); > - unused = __copy_from_user_inatomic(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user_inatomic()\n"); > - unused = __copy_to_user_inatomic(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in strncpy_from_user()\n"); > - unused = strncpy_from_user(kmem, usermem, size + 1); > - > - vm_munmap((unsigned long)usermem, PAGE_SIZE); > - kfree(kmem); > -} > - > -static int __init kasan_test_module_init(void) > -{ > - /* > - * Temporarily enable multi-shot mode. Otherwise, KASAN would only > - * report the first detected bug and panic the kernel if panic_on_warn > - * is enabled. > - */ > - bool multishot = kasan_save_enable_multi_shot(); > - > - copy_user_test(); > - > - kasan_restore_multi_shot(multishot); > - return -EAGAIN; > -} > - > -module_init(kasan_test_module_init); > -MODULE_LICENSE("GPL"); > -- > 2.34.1 > Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> However, I didn't get a cover letter for v3. Normally, when sending a new version of a patch series, you need to resend all patches with the new version tag (even if not all of them were changed). Since you didn't resend them all, as it seems, at this point, I would recommend to resend the whole v3 series tagged as [PATCH RESEND v3]. Thank you!
copy_user_test() is the last KUnit-incompatible test with CONFIG_KASAN_MODULE_TEST requirement, which we are going to migrate to KUnit framework and delete the former test and Kconfig as well. In this patch series: - [1/3] move kasan_check_write() and check_object_size() to do_strncpy_from_user() to cover with KASAN checks with multiple conditions in strncpy_from_user(). - [2/3] migrated copy_user_test() to KUnit, where we can also test strncpy_from_user() due to [1/4]. KUnits have been tested on: - x86_64 with CONFIG_KASAN_GENERIC. Passed - arm64 with CONFIG_KASAN_SW_TAGS. 1 fail. See [1] - arm64 with CONFIG_KASAN_HW_TAGS. 1 fail. See [1] [1] https://lore.kernel.org/linux-mm/CACzwLxj21h7nCcS2-KA_q7ybe+5pxH0uCDwu64q_9pPsydneWQ@mail.gmail.com/ - [3/3] delete CONFIG_KASAN_MODULE_TEST and documentation occurrences. Changes v2 -> v3: - added in [1/3] Reviewed-by: Andrey Konovalov. - added a long string in usermem for strncpy_from_user. Suggested by Andrey. - applied Andrey's patch to modify further kasan.rst. Changes v1 -> v2: - moved the sanitization to do_strncpy_from_user and as the separate commit per Andrey's review. - deleted corresponding entries of kasan_test_module.o in Makefile - deleted CONFIG_KASAN_MODULE_TEST at all with the documentation in separate commit. - added Documentation maintainers in CC. Sabyrzhan Tasbolatov (3): kasan: move checks to do_strncpy_from_user kasan: migrate copy_user_test to kunit kasan: delete CONFIG_KASAN_MODULE_TEST Documentation/dev-tools/kasan.rst | 9 +-- .../translations/zh_CN/dev-tools/kasan.rst | 6 +- .../translations/zh_TW/dev-tools/kasan.rst | 6 +- lib/Kconfig.kasan | 7 -- lib/strncpy_from_user.c | 5 +- mm/kasan/Makefile | 2 - mm/kasan/kasan.h | 2 +- mm/kasan/kasan_test_c.c | 39 +++++++++ mm/kasan/kasan_test_module.c | 81 ------------------- mm/kasan/report.c | 2 +- 10 files changed, 48 insertions(+), 111 deletions(-) delete mode 100644 mm/kasan/kasan_test_module.c -- 2.34.1
Since in the commit 2865baf54077("x86: support user address masking instead
of non-speculative conditional") do_strncpy_from_user() is called from
multiple places, we should sanitize the kernel *dst memory and size
which were done in strncpy_from_user() previously.
Fixes: 2865baf54077 ("x86: support user address masking instead of non-speculative conditional")
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
lib/strncpy_from_user.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 989a12a6787..f36ad821176 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -31,6 +31,9 @@ static __always_inline long do_strncpy_from_user(char *dst, const char __user *s
const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
unsigned long res = 0;
+ kasan_check_write(dst, count);
+ check_object_size(dst, count, false);
+
if (IS_UNALIGNED(src, dst))
goto byte_at_a_time;
@@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (max > count)
max = count;
- kasan_check_write(dst, count);
- check_object_size(dst, count, false);
if (user_read_access_begin(src, max)) {
retval = do_strncpy_from_user(dst, src, count, max);
user_read_access_end();
--
2.34.1
Migrate the copy_user_test to the KUnit framework to verify out-of-bound
detection via KASAN reports in copy_from_user(), copy_to_user() and
their static functions.
This is the last migrated test in kasan_test_module.c, therefore delete
the file.
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Changes v2 -> v3:
- added a long string in usermem for strncpy_from_user. Suggested by Andrey.
---
mm/kasan/Makefile | 2 -
mm/kasan/kasan_test_c.c | 47 +++++++++++++++++++++
mm/kasan/kasan_test_module.c | 81 ------------------------------------
3 files changed, 47 insertions(+), 83 deletions(-)
delete mode 100644 mm/kasan/kasan_test_module.c
diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index b88543e5c0c..1a958e7c8a4 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -46,7 +46,6 @@ endif
CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
-CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST)
obj-y := common.o report.o
obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
@@ -59,4 +58,3 @@ ifdef CONFIG_RUST
endif
obj-$(CONFIG_KASAN_KUNIT_TEST) += kasan_test.o
-obj-$(CONFIG_KASAN_MODULE_TEST) += kasan_test_module.o
diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
index a181e4780d9..382bc64e42d 100644
--- a/mm/kasan/kasan_test_c.c
+++ b/mm/kasan/kasan_test_c.c
@@ -1954,6 +1954,52 @@ static void rust_uaf(struct kunit *test)
KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
}
+static void copy_user_test_oob(struct kunit *test)
+{
+ char *kmem;
+ char __user *usermem;
+ unsigned long useraddr;
+ size_t size = 128 - KASAN_GRANULE_SIZE;
+ int __maybe_unused unused;
+
+ kmem = kunit_kmalloc(test, size, GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem);
+
+ useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_ANONYMOUS | MAP_PRIVATE, 0);
+ KUNIT_ASSERT_NE_MSG(test, useraddr, 0,
+ "Could not create userspace mm");
+ KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE,
+ "Failed to allocate user memory");
+
+ OPTIMIZER_HIDE_VAR(size);
+ usermem = (char __user *)useraddr;
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user_inatomic(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user_inatomic(usermem, kmem, size + 1));
+
+ /*
+ * Prepare a long string in usermem to avoid the strncpy_from_user test
+ * bailing out on '\0' before it reaches out-of-bounds.
+ */
+ memset(kmem, 'a', size);
+ KUNIT_EXPECT_EQ(test, copy_to_user(usermem, kmem, size), 0);
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = strncpy_from_user(kmem, usermem, size + 1));
+}
+
static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(kmalloc_oob_right),
KUNIT_CASE(kmalloc_oob_left),
@@ -2028,6 +2074,7 @@ static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(match_all_ptr_tag),
KUNIT_CASE(match_all_mem_tag),
KUNIT_CASE(rust_uaf),
+ KUNIT_CASE(copy_user_test_oob),
{}
};
diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c
deleted file mode 100644
index 27ec22767e4..00000000000
--- a/mm/kasan/kasan_test_module.c
+++ /dev/null
@@ -1,81 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- *
- * Copyright (c) 2014 Samsung Electronics Co., Ltd.
- * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
- */
-
-#define pr_fmt(fmt) "kasan: test: " fmt
-
-#include <linux/mman.h>
-#include <linux/module.h>
-#include <linux/printk.h>
-#include <linux/slab.h>
-#include <linux/uaccess.h>
-
-#include "kasan.h"
-
-static noinline void __init copy_user_test(void)
-{
- char *kmem;
- char __user *usermem;
- size_t size = 128 - KASAN_GRANULE_SIZE;
- int __maybe_unused unused;
-
- kmem = kmalloc(size, GFP_KERNEL);
- if (!kmem)
- return;
-
- usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
- PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_ANONYMOUS | MAP_PRIVATE, 0);
- if (IS_ERR(usermem)) {
- pr_err("Failed to allocate user memory\n");
- kfree(kmem);
- return;
- }
-
- OPTIMIZER_HIDE_VAR(size);
-
- pr_info("out-of-bounds in copy_from_user()\n");
- unused = copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in copy_to_user()\n");
- unused = copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user()\n");
- unused = __copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user()\n");
- unused = __copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
- unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
- unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in strncpy_from_user()\n");
- unused = strncpy_from_user(kmem, usermem, size + 1);
-
- vm_munmap((unsigned long)usermem, PAGE_SIZE);
- kfree(kmem);
-}
-
-static int __init kasan_test_module_init(void)
-{
- /*
- * Temporarily enable multi-shot mode. Otherwise, KASAN would only
- * report the first detected bug and panic the kernel if panic_on_warn
- * is enabled.
- */
- bool multishot = kasan_save_enable_multi_shot();
-
- copy_user_test();
-
- kasan_restore_multi_shot(multishot);
- return -EAGAIN;
-}
-
-module_init(kasan_test_module_init);
-MODULE_LICENSE("GPL");
--
2.34.1
On Mon, 14 Oct 2024 07:57:00 +0500 Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > detection via KASAN reports in copy_from_user(), copy_to_user() and > their static functions. > > This is the last migrated test in kasan_test_module.c, therefore delete > the file. > x86_64 allmodconfig produces: vmlinux.o: warning: objtool: strncpy_from_user+0x8a: call to __check_object_size() with UACCESS enabled
On Tue, Oct 15, 2024 at 1:10 AM Andrew Morton <akpm@linux-foundation.org> wrote: > > On Mon, 14 Oct 2024 07:57:00 +0500 Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > > detection via KASAN reports in copy_from_user(), copy_to_user() and > > their static functions. > > > > This is the last migrated test in kasan_test_module.c, therefore delete > > the file. > > > > x86_64 allmodconfig produces: > > vmlinux.o: warning: objtool: strncpy_from_user+0x8a: call to __check_object_size() with UACCESS enabled Too bad. I guess we have to duplicate both kasan_check_write and check_object_size before both do_strncpy_from_user calls in strncpy_from_user.
On Tue, Oct 15, 2024 at 6:18 AM Andrey Konovalov <andreyknvl@gmail.com> wrote: > > On Tue, Oct 15, 2024 at 1:10 AM Andrew Morton <akpm@linux-foundation.org> wrote: > > > > On Mon, 14 Oct 2024 07:57:00 +0500 Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > > > > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > > > detection via KASAN reports in copy_from_user(), copy_to_user() and > > > their static functions. > > > > > > This is the last migrated test in kasan_test_module.c, therefore delete > > > the file. > > > > > > > x86_64 allmodconfig produces: > > > > vmlinux.o: warning: objtool: strncpy_from_user+0x8a: call to __check_object_size() with UACCESS enabled I've missed this warning during x86_64 build, sorry. > > Too bad. I guess we have to duplicate both kasan_check_write and > check_object_size before both do_strncpy_from_user calls in > strncpy_from_user. Shall we do it once in strncpy_from_user() as I did in v1? Please let me know as I've tested in x86_64 and arm64 - there is no warning during kernel build with the diff below. These checks are for kernel pointer *dst only and size: kasan_check_write(dst, count); check_object_size(dst, count, false); And there are 2 calls of do_strncpy_from_user, which are implemented in x86 atm per commit 2865baf54077, and they are relevant to __user *src address, AFAIU. long strncpy_from_user() if (can_do_masked_user_access()) { src = masked_user_access_begin(src); retval = do_strncpy_from_user(dst, src, count, count); user_read_access_end(); } if (likely(src_addr < max_addr)) { if (user_read_access_begin(src, max)) { retval = do_strncpy_from_user(dst, src, count, max); user_read_access_end(); --- diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index 989a12a6787..6dc234913dd 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -120,6 +120,9 @@ long strncpy_from_user(char *dst, const char __user *src, long count) if (unlikely(count <= 0)) return 0; + kasan_check_write(dst, count); + check_object_size(dst, count, false); + if (can_do_masked_user_access()) { long retval; @@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count) if (max > count) max = count; - kasan_check_write(dst, count); - check_object_size(dst, count, false); if (user_read_access_begin(src, max)) { retval = do_strncpy_from_user(dst, src, count, max); user_read_access_end();
On Tue, Oct 15, 2024 at 12:52 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > > Too bad. I guess we have to duplicate both kasan_check_write and > > check_object_size before both do_strncpy_from_user calls in > > strncpy_from_user. > > Shall we do it once in strncpy_from_user() as I did in v1? > Please let me know as I've tested in x86_64 and arm64 - > there is no warning during kernel build with the diff below. > > These checks are for kernel pointer *dst only and size: > kasan_check_write(dst, count); > check_object_size(dst, count, false); > > And there are 2 calls of do_strncpy_from_user, > which are implemented in x86 atm per commit 2865baf54077, > and they are relevant to __user *src address, AFAIU. > > long strncpy_from_user() > if (can_do_masked_user_access()) { > src = masked_user_access_begin(src); > retval = do_strncpy_from_user(dst, src, count, count); > user_read_access_end(); > } > > if (likely(src_addr < max_addr)) { > if (user_read_access_begin(src, max)) { > retval = do_strncpy_from_user(dst, src, count, max); > user_read_access_end(); > > --- > diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c > index 989a12a6787..6dc234913dd 100644 > --- a/lib/strncpy_from_user.c > +++ b/lib/strncpy_from_user.c > @@ -120,6 +120,9 @@ long strncpy_from_user(char *dst, const char > __user *src, long count) > if (unlikely(count <= 0)) > return 0; > > + kasan_check_write(dst, count); > + check_object_size(dst, count, false); > + > if (can_do_masked_user_access()) { > long retval; > > @@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char > __user *src, long count) > if (max > count) > max = count; > > - kasan_check_write(dst, count); > - check_object_size(dst, count, false); > if (user_read_access_begin(src, max)) { > retval = do_strncpy_from_user(dst, src, count, max); > user_read_access_end(); Ok, let's do this. (What looked concerning to me with this approach was doing the KASAN/userscopy checks outside of the src_addr < max_addr, but I suppose that should be fine.) Thank you!
copy_user_test() is the last KUnit-incompatible test with CONFIG_KASAN_MODULE_TEST requirement, which we are going to migrate to KUnit framework and delete the former test and Kconfig as well. In this patch series: - [1/3] move kasan_check_write() and check_object_size() to do_strncpy_from_user() to cover with KASAN checks with multiple conditions in strncpy_from_user(). - [2/3] migrated copy_user_test() to KUnit, where we can also test strncpy_from_user() due to [1/4]. KUnits have been tested on: - x86_64 with CONFIG_KASAN_GENERIC. Passed - arm64 with CONFIG_KASAN_SW_TAGS. 1 fail. See [1] - arm64 with CONFIG_KASAN_HW_TAGS. 1 fail. See [1] [1] https://lore.kernel.org/linux-mm/CACzwLxj21h7nCcS2-KA_q7ybe+5pxH0uCDwu64q_9pPsydneWQ@mail.gmail.com/ - [3/3] delete CONFIG_KASAN_MODULE_TEST and documentation occurrences. Changes v3 -> v4: - moved checks from do_strncpy_from_user to strncpy_from_user due to "call to __check_object_size() with UACCESS enabled" warning, during the kernel build. Changes v2 -> v3: - added in [1/3] Reviewed-by: Andrey Konovalov. - added a long string in usermem for strncpy_from_user. Suggested by Andrey. - applied Andrey's patch to modify further kasan.rst. Changes v1 -> v2: - moved the sanitization to do_strncpy_from_user and as the separate commit per Andrey's review. - deleted corresponding entries of kasan_test_module.o in Makefile - deleted CONFIG_KASAN_MODULE_TEST at all with the documentation in separate commit. - added Documentation maintainers in CC. Sabyrzhan Tasbolatov (3): kasan: move checks to do_strncpy_from_user kasan: migrate copy_user_test to kunit kasan: delete CONFIG_KASAN_MODULE_TEST Documentation/dev-tools/kasan.rst | 9 +-- .../translations/zh_CN/dev-tools/kasan.rst | 6 +- .../translations/zh_TW/dev-tools/kasan.rst | 6 +- lib/Kconfig.kasan | 7 -- lib/strncpy_from_user.c | 5 +- mm/kasan/Makefile | 2 - mm/kasan/kasan.h | 2 +- mm/kasan/kasan_test_c.c | 39 +++++++++ mm/kasan/kasan_test_module.c | 81 ------------------- mm/kasan/report.c | 2 +- 10 files changed, 48 insertions(+), 111 deletions(-) delete mode 100644 mm/kasan/kasan_test_module.c -- 2.34.1
Since in the commit 2865baf54077("x86: support user address masking instead
of non-speculative conditional") do_strncpy_from_user() is called from
multiple places, we should sanitize the kernel *dst memory and size
which were done in strncpy_from_user() previously.
Fixes: 2865baf54077 ("x86: support user address masking instead of non-speculative conditional")
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
lib/strncpy_from_user.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 989a12a6787..6dc234913dd 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -120,6 +120,9 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (unlikely(count <= 0))
return 0;
+ kasan_check_write(dst, count);
+ check_object_size(dst, count, false);
+
if (can_do_masked_user_access()) {
long retval;
@@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (max > count)
max = count;
- kasan_check_write(dst, count);
- check_object_size(dst, count, false);
if (user_read_access_begin(src, max)) {
retval = do_strncpy_from_user(dst, src, count, max);
user_read_access_end();
--
2.34.1
Migrate the copy_user_test to the KUnit framework to verify out-of-bound
detection via KASAN reports in copy_from_user(), copy_to_user() and
their static functions.
This is the last migrated test in kasan_test_module.c, therefore delete
the file.
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Changes v2 -> v3:
- added a long string in usermem for strncpy_from_user. Suggested by Andrey.
---
mm/kasan/Makefile | 2 -
mm/kasan/kasan_test_c.c | 47 +++++++++++++++++++++
mm/kasan/kasan_test_module.c | 81 ------------------------------------
3 files changed, 47 insertions(+), 83 deletions(-)
delete mode 100644 mm/kasan/kasan_test_module.c
diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index b88543e5c0c..1a958e7c8a4 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -46,7 +46,6 @@ endif
CFLAGS_kasan_test_c.o := $(CFLAGS_KASAN_TEST)
RUSTFLAGS_kasan_test_rust.o := $(RUSTFLAGS_KASAN)
-CFLAGS_kasan_test_module.o := $(CFLAGS_KASAN_TEST)
obj-y := common.o report.o
obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
@@ -59,4 +58,3 @@ ifdef CONFIG_RUST
endif
obj-$(CONFIG_KASAN_KUNIT_TEST) += kasan_test.o
-obj-$(CONFIG_KASAN_MODULE_TEST) += kasan_test_module.o
diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
index a181e4780d9..382bc64e42d 100644
--- a/mm/kasan/kasan_test_c.c
+++ b/mm/kasan/kasan_test_c.c
@@ -1954,6 +1954,52 @@ static void rust_uaf(struct kunit *test)
KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
}
+static void copy_user_test_oob(struct kunit *test)
+{
+ char *kmem;
+ char __user *usermem;
+ unsigned long useraddr;
+ size_t size = 128 - KASAN_GRANULE_SIZE;
+ int __maybe_unused unused;
+
+ kmem = kunit_kmalloc(test, size, GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem);
+
+ useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC,
+ MAP_ANONYMOUS | MAP_PRIVATE, 0);
+ KUNIT_ASSERT_NE_MSG(test, useraddr, 0,
+ "Could not create userspace mm");
+ KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE,
+ "Failed to allocate user memory");
+
+ OPTIMIZER_HIDE_VAR(size);
+ usermem = (char __user *)useraddr;
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user(usermem, kmem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_from_user_inatomic(kmem, usermem, size + 1));
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = __copy_to_user_inatomic(usermem, kmem, size + 1));
+
+ /*
+ * Prepare a long string in usermem to avoid the strncpy_from_user test
+ * bailing out on '\0' before it reaches out-of-bounds.
+ */
+ memset(kmem, 'a', size);
+ KUNIT_EXPECT_EQ(test, copy_to_user(usermem, kmem, size), 0);
+
+ KUNIT_EXPECT_KASAN_FAIL(test,
+ unused = strncpy_from_user(kmem, usermem, size + 1));
+}
+
static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(kmalloc_oob_right),
KUNIT_CASE(kmalloc_oob_left),
@@ -2028,6 +2074,7 @@ static struct kunit_case kasan_kunit_test_cases[] = {
KUNIT_CASE(match_all_ptr_tag),
KUNIT_CASE(match_all_mem_tag),
KUNIT_CASE(rust_uaf),
+ KUNIT_CASE(copy_user_test_oob),
{}
};
diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c
deleted file mode 100644
index 27ec22767e4..00000000000
--- a/mm/kasan/kasan_test_module.c
+++ /dev/null
@@ -1,81 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- *
- * Copyright (c) 2014 Samsung Electronics Co., Ltd.
- * Author: Andrey Ryabinin <a.ryabinin@samsung.com>
- */
-
-#define pr_fmt(fmt) "kasan: test: " fmt
-
-#include <linux/mman.h>
-#include <linux/module.h>
-#include <linux/printk.h>
-#include <linux/slab.h>
-#include <linux/uaccess.h>
-
-#include "kasan.h"
-
-static noinline void __init copy_user_test(void)
-{
- char *kmem;
- char __user *usermem;
- size_t size = 128 - KASAN_GRANULE_SIZE;
- int __maybe_unused unused;
-
- kmem = kmalloc(size, GFP_KERNEL);
- if (!kmem)
- return;
-
- usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
- PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_ANONYMOUS | MAP_PRIVATE, 0);
- if (IS_ERR(usermem)) {
- pr_err("Failed to allocate user memory\n");
- kfree(kmem);
- return;
- }
-
- OPTIMIZER_HIDE_VAR(size);
-
- pr_info("out-of-bounds in copy_from_user()\n");
- unused = copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in copy_to_user()\n");
- unused = copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user()\n");
- unused = __copy_from_user(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user()\n");
- unused = __copy_to_user(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
- unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
-
- pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
- unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
-
- pr_info("out-of-bounds in strncpy_from_user()\n");
- unused = strncpy_from_user(kmem, usermem, size + 1);
-
- vm_munmap((unsigned long)usermem, PAGE_SIZE);
- kfree(kmem);
-}
-
-static int __init kasan_test_module_init(void)
-{
- /*
- * Temporarily enable multi-shot mode. Otherwise, KASAN would only
- * report the first detected bug and panic the kernel if panic_on_warn
- * is enabled.
- */
- bool multishot = kasan_save_enable_multi_shot();
-
- copy_user_test();
-
- kasan_restore_multi_shot(multishot);
- return -EAGAIN;
-}
-
-module_init(kasan_test_module_init);
-MODULE_LICENSE("GPL");
--
2.34.1
Since we've migrated all tests to the KUnit framework,
we can delete CONFIG_KASAN_MODULE_TEST and mentioning of it in the
documentation as well.
I've used the online translator to modify the non-English documentation.
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Changes v2 -> v3:
- applied Andrey's patch to modify further kasan.rst.
---
Documentation/dev-tools/kasan.rst | 23 ++++++++-----------
.../translations/zh_CN/dev-tools/kasan.rst | 20 +++++++---------
.../translations/zh_TW/dev-tools/kasan.rst | 21 ++++++++---------
lib/Kconfig.kasan | 7 ------
mm/kasan/kasan.h | 2 +-
mm/kasan/report.c | 2 +-
6 files changed, 28 insertions(+), 47 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index d7de44f5339..0a1418ab72f 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -511,19 +511,14 @@ Tests
~~~~~
There are KASAN tests that allow verifying that KASAN works and can detect
-certain types of memory corruptions. The tests consist of two parts:
+certain types of memory corruptions.
-1. Tests that are integrated with the KUnit Test Framework. Enabled with
-``CONFIG_KASAN_KUNIT_TEST``. These tests can be run and partially verified
+All KASAN tests are integrated with the KUnit Test Framework and can be enabled
+via ``CONFIG_KASAN_KUNIT_TEST``. The tests can be run and partially verified
automatically in a few different ways; see the instructions below.
-2. Tests that are currently incompatible with KUnit. Enabled with
-``CONFIG_KASAN_MODULE_TEST`` and can only be run as a module. These tests can
-only be verified manually by loading the kernel module and inspecting the
-kernel log for KASAN reports.
-
-Each KUnit-compatible KASAN test prints one of multiple KASAN reports if an
-error is detected. Then the test prints its number and status.
+Each KASAN test prints one of multiple KASAN reports if an error is detected.
+Then the test prints its number and status.
When a test passes::
@@ -550,16 +545,16 @@ Or, if one of the tests failed::
not ok 1 - kasan
-There are a few ways to run KUnit-compatible KASAN tests.
+There are a few ways to run the KASAN tests.
1. Loadable module
- With ``CONFIG_KUNIT`` enabled, KASAN-KUnit tests can be built as a loadable
- module and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``.
+ With ``CONFIG_KUNIT`` enabled, the tests can be built as a loadable module
+ and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``.
2. Built-In
- With ``CONFIG_KUNIT`` built-in, KASAN-KUnit tests can be built-in as well.
+ With ``CONFIG_KUNIT`` built-in, the tests can be built-in as well.
In this case, the tests will run at boot as a late-init call.
3. Using kunit_tool
diff --git a/Documentation/translations/zh_CN/dev-tools/kasan.rst b/Documentation/translations/zh_CN/dev-tools/kasan.rst
index 4491ad2830e..fd2e3afbdfa 100644
--- a/Documentation/translations/zh_CN/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_CN/dev-tools/kasan.rst
@@ -422,16 +422,12 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
~~~~
有一些KASAN测试可以验证KASAN是否正常工作并可以检测某些类型的内存损坏。
-测试由两部分组成:
-1. 与KUnit测试框架集成的测试。使用 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
-这些测试可以通过几种不同的方式自动运行和部分验证;请参阅下面的说明。
+所有 KASAN 测试都与 KUnit 测试框架集成,可通过 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
+测试可以通过几种不同的方式自动运行和部分验证;请参阅以下说明。
-2. 与KUnit不兼容的测试。使用 ``CONFIG_KASAN_MODULE_TEST`` 启用并且只能作为模块
-运行。这些测试只能通过加载内核模块并检查内核日志以获取KASAN报告来手动验证。
-
-如果检测到错误,每个KUnit兼容的KASAN测试都会打印多个KASAN报告之一,然后测试打印
-其编号和状态。
+如果检测到错误,每个 KASAN 测试都会打印多份 KASAN 报告中的一份。
+然后测试会打印其编号和状态。
当测试通过::
@@ -458,16 +454,16 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
not ok 1 - kasan
-有几种方法可以运行与KUnit兼容的KASAN测试。
+有几种方法可以运行 KASAN 测试。
1. 可加载模块
- 启用 ``CONFIG_KUNIT`` 后,KASAN-KUnit测试可以构建为可加载模块,并通过使用
- ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。
+ 启用 ``CONFIG_KUNIT`` 后,可以将测试构建为可加载模块
+ 并通过使用 ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。
2. 内置
- 通过内置 ``CONFIG_KUNIT`` ,也可以内置KASAN-KUnit测试。在这种情况下,
+ 通过内置 ``CONFIG_KUNIT``,测试也可以内置。
测试将在启动时作为后期初始化调用运行。
3. 使用kunit_tool
diff --git a/Documentation/translations/zh_TW/dev-tools/kasan.rst b/Documentation/translations/zh_TW/dev-tools/kasan.rst
index ed342e67d8e..35b7fd18aa4 100644
--- a/Documentation/translations/zh_TW/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_TW/dev-tools/kasan.rst
@@ -404,16 +404,13 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
~~~~
有一些KASAN測試可以驗證KASAN是否正常工作並可以檢測某些類型的內存損壞。
-測試由兩部分組成:
-1. 與KUnit測試框架集成的測試。使用 ``CONFIG_KASAN_KUNIT_TEST`` 啓用。
-這些測試可以通過幾種不同的方式自動運行和部分驗證;請參閱下面的說明。
+所有 KASAN 測試均與 KUnit 測試框架集成,並且可以啟用
+透過 ``CONFIG_KASAN_KUNIT_TEST``。可以運行測試並進行部分驗證
+ 以幾種不同的方式自動進行;請參閱下面的說明。
-2. 與KUnit不兼容的測試。使用 ``CONFIG_KASAN_MODULE_TEST`` 啓用並且只能作爲模塊
-運行。這些測試只能通過加載內核模塊並檢查內核日誌以獲取KASAN報告來手動驗證。
-
-如果檢測到錯誤,每個KUnit兼容的KASAN測試都會打印多個KASAN報告之一,然後測試打印
-其編號和狀態。
+如果偵測到錯誤,每個 KASAN 測試都會列印多個 KASAN 報告之一。
+然後測試列印其編號和狀態。
當測試通過::
@@ -440,16 +437,16 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
not ok 1 - kasan
-有幾種方法可以運行與KUnit兼容的KASAN測試。
+有幾種方法可以執行 KASAN 測試。
1. 可加載模塊
- 啓用 ``CONFIG_KUNIT`` 後,KASAN-KUnit測試可以構建爲可加載模塊,並通過使用
- ``insmod`` 或 ``modprobe`` 加載 ``kasan_test.ko`` 來運行。
+ 啟用 ``CONFIG_KUNIT`` 後,測試可以建置為可載入模組
+ 並且透過使用 ``insmod`` 或 ``modprobe`` 來載入 ``kasan_test.ko`` 來運作。
2. 內置
- 通過內置 ``CONFIG_KUNIT`` ,也可以內置KASAN-KUnit測試。在這種情況下,
+ 透過內建 ``CONFIG_KUNIT``,測試也可以內建。
測試將在啓動時作爲後期初始化調用運行。
3. 使用kunit_tool
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 98016e137b7..f82889a830f 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -195,13 +195,6 @@ config KASAN_KUNIT_TEST
For more information on KUnit and unit tests in general, please refer
to the KUnit documentation in Documentation/dev-tools/kunit/.
-config KASAN_MODULE_TEST
- tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
- depends on m && KASAN && !KASAN_HW_TAGS
- help
- A part of the KASAN test suite that is not integrated with KUnit.
- Incompatible with Hardware Tag-Based KASAN.
-
config KASAN_EXTRA_INFO
bool "Record and report more information"
depends on KASAN
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index f438a6cdc96..b7e4b81421b 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -568,7 +568,7 @@ static inline void kasan_kunit_test_suite_end(void) { }
#endif /* CONFIG_KASAN_KUNIT_TEST */
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void);
void kasan_restore_multi_shot(bool enabled);
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index b48c768acc8..3e48668c3e4 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -132,7 +132,7 @@ static bool report_enabled(void)
return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
}
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void)
{
--
2.34.1
Fix the warning in linux-next (htmldocs):
> Documentation/translations/zh_TW/dev-tools/kasan.rst:410:
> ERROR: Unexpected indentation.
This is based on -mm tree (linux-mm-unstable branch).
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Documentation/translations/zh_TW/dev-tools/kasan.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/translations/zh_TW/dev-tools/kasan.rst b/Documentation/translations/zh_TW/dev-tools/kasan.rst
index 35b7fd18a..27fb76451 100644
--- a/Documentation/translations/zh_TW/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_TW/dev-tools/kasan.rst
@@ -407,7 +407,7 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
所有 KASAN 測試均與 KUnit 測試框架集成,並且可以啟用
透過 ``CONFIG_KASAN_KUNIT_TEST``。可以運行測試並進行部分驗證
- 以幾種不同的方式自動進行;請參閱下面的說明。
+以幾種不同的方式自動進行;請參閱下面的說明。
如果偵測到錯誤,每個 KASAN 測試都會列印多個 KASAN 報告之一。
然後測試列印其編號和狀態。
--
2.34.1
Since we've migrated all tests to the KUnit framework,
we can delete CONFIG_KASAN_MODULE_TEST and mentioning of it in the
documentation as well.
I've used the online translator to modify the non-English documentation.
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Changes v2 -> v3:
- applied Andrey's patch to modify further kasan.rst.
---
Documentation/dev-tools/kasan.rst | 23 ++++++++-----------
.../translations/zh_CN/dev-tools/kasan.rst | 20 +++++++---------
.../translations/zh_TW/dev-tools/kasan.rst | 21 ++++++++---------
lib/Kconfig.kasan | 7 ------
mm/kasan/kasan.h | 2 +-
mm/kasan/report.c | 2 +-
6 files changed, 28 insertions(+), 47 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index d7de44f5339..0a1418ab72f 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -511,19 +511,14 @@ Tests
~~~~~
There are KASAN tests that allow verifying that KASAN works and can detect
-certain types of memory corruptions. The tests consist of two parts:
+certain types of memory corruptions.
-1. Tests that are integrated with the KUnit Test Framework. Enabled with
-``CONFIG_KASAN_KUNIT_TEST``. These tests can be run and partially verified
+All KASAN tests are integrated with the KUnit Test Framework and can be enabled
+via ``CONFIG_KASAN_KUNIT_TEST``. The tests can be run and partially verified
automatically in a few different ways; see the instructions below.
-2. Tests that are currently incompatible with KUnit. Enabled with
-``CONFIG_KASAN_MODULE_TEST`` and can only be run as a module. These tests can
-only be verified manually by loading the kernel module and inspecting the
-kernel log for KASAN reports.
-
-Each KUnit-compatible KASAN test prints one of multiple KASAN reports if an
-error is detected. Then the test prints its number and status.
+Each KASAN test prints one of multiple KASAN reports if an error is detected.
+Then the test prints its number and status.
When a test passes::
@@ -550,16 +545,16 @@ Or, if one of the tests failed::
not ok 1 - kasan
-There are a few ways to run KUnit-compatible KASAN tests.
+There are a few ways to run the KASAN tests.
1. Loadable module
- With ``CONFIG_KUNIT`` enabled, KASAN-KUnit tests can be built as a loadable
- module and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``.
+ With ``CONFIG_KUNIT`` enabled, the tests can be built as a loadable module
+ and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``.
2. Built-In
- With ``CONFIG_KUNIT`` built-in, KASAN-KUnit tests can be built-in as well.
+ With ``CONFIG_KUNIT`` built-in, the tests can be built-in as well.
In this case, the tests will run at boot as a late-init call.
3. Using kunit_tool
diff --git a/Documentation/translations/zh_CN/dev-tools/kasan.rst b/Documentation/translations/zh_CN/dev-tools/kasan.rst
index 4491ad2830e..fd2e3afbdfa 100644
--- a/Documentation/translations/zh_CN/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_CN/dev-tools/kasan.rst
@@ -422,16 +422,12 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
~~~~
有一些KASAN测试可以验证KASAN是否正常工作并可以检测某些类型的内存损坏。
-测试由两部分组成:
-1. 与KUnit测试框架集成的测试。使用 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
-这些测试可以通过几种不同的方式自动运行和部分验证;请参阅下面的说明。
+所有 KASAN 测试都与 KUnit 测试框架集成,可通过 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
+测试可以通过几种不同的方式自动运行和部分验证;请参阅以下说明。
-2. 与KUnit不兼容的测试。使用 ``CONFIG_KASAN_MODULE_TEST`` 启用并且只能作为模块
-运行。这些测试只能通过加载内核模块并检查内核日志以获取KASAN报告来手动验证。
-
-如果检测到错误,每个KUnit兼容的KASAN测试都会打印多个KASAN报告之一,然后测试打印
-其编号和状态。
+如果检测到错误,每个 KASAN 测试都会打印多份 KASAN 报告中的一份。
+然后测试会打印其编号和状态。
当测试通过::
@@ -458,16 +454,16 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
not ok 1 - kasan
-有几种方法可以运行与KUnit兼容的KASAN测试。
+有几种方法可以运行 KASAN 测试。
1. 可加载模块
- 启用 ``CONFIG_KUNIT`` 后,KASAN-KUnit测试可以构建为可加载模块,并通过使用
- ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。
+ 启用 ``CONFIG_KUNIT`` 后,可以将测试构建为可加载模块
+ 并通过使用 ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。
2. 内置
- 通过内置 ``CONFIG_KUNIT`` ,也可以内置KASAN-KUnit测试。在这种情况下,
+ 通过内置 ``CONFIG_KUNIT``,测试也可以内置。
测试将在启动时作为后期初始化调用运行。
3. 使用kunit_tool
diff --git a/Documentation/translations/zh_TW/dev-tools/kasan.rst b/Documentation/translations/zh_TW/dev-tools/kasan.rst
index ed342e67d8e..35b7fd18aa4 100644
--- a/Documentation/translations/zh_TW/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_TW/dev-tools/kasan.rst
@@ -404,16 +404,13 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
~~~~
有一些KASAN測試可以驗證KASAN是否正常工作並可以檢測某些類型的內存損壞。
-測試由兩部分組成:
-1. 與KUnit測試框架集成的測試。使用 ``CONFIG_KASAN_KUNIT_TEST`` 啓用。
-這些測試可以通過幾種不同的方式自動運行和部分驗證;請參閱下面的說明。
+所有 KASAN 測試均與 KUnit 測試框架集成,並且可以啟用
+透過 ``CONFIG_KASAN_KUNIT_TEST``。可以運行測試並進行部分驗證
+ 以幾種不同的方式自動進行;請參閱下面的說明。
-2. 與KUnit不兼容的測試。使用 ``CONFIG_KASAN_MODULE_TEST`` 啓用並且只能作爲模塊
-運行。這些測試只能通過加載內核模塊並檢查內核日誌以獲取KASAN報告來手動驗證。
-
-如果檢測到錯誤,每個KUnit兼容的KASAN測試都會打印多個KASAN報告之一,然後測試打印
-其編號和狀態。
+如果偵測到錯誤,每個 KASAN 測試都會列印多個 KASAN 報告之一。
+然後測試列印其編號和狀態。
當測試通過::
@@ -440,16 +437,16 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
not ok 1 - kasan
-有幾種方法可以運行與KUnit兼容的KASAN測試。
+有幾種方法可以執行 KASAN 測試。
1. 可加載模塊
- 啓用 ``CONFIG_KUNIT`` 後,KASAN-KUnit測試可以構建爲可加載模塊,並通過使用
- ``insmod`` 或 ``modprobe`` 加載 ``kasan_test.ko`` 來運行。
+ 啟用 ``CONFIG_KUNIT`` 後,測試可以建置為可載入模組
+ 並且透過使用 ``insmod`` 或 ``modprobe`` 來載入 ``kasan_test.ko`` 來運作。
2. 內置
- 通過內置 ``CONFIG_KUNIT`` ,也可以內置KASAN-KUnit測試。在這種情況下,
+ 透過內建 ``CONFIG_KUNIT``,測試也可以內建。
測試將在啓動時作爲後期初始化調用運行。
3. 使用kunit_tool
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 98016e137b7..f82889a830f 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -195,13 +195,6 @@ config KASAN_KUNIT_TEST
For more information on KUnit and unit tests in general, please refer
to the KUnit documentation in Documentation/dev-tools/kunit/.
-config KASAN_MODULE_TEST
- tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
- depends on m && KASAN && !KASAN_HW_TAGS
- help
- A part of the KASAN test suite that is not integrated with KUnit.
- Incompatible with Hardware Tag-Based KASAN.
-
config KASAN_EXTRA_INFO
bool "Record and report more information"
depends on KASAN
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index f438a6cdc96..b7e4b81421b 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -568,7 +568,7 @@ static inline void kasan_kunit_test_suite_end(void) { }
#endif /* CONFIG_KASAN_KUNIT_TEST */
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void);
void kasan_restore_multi_shot(bool enabled);
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index b48c768acc8..3e48668c3e4 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -132,7 +132,7 @@ static bool report_enabled(void)
return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
}
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void)
{
--
2.34.1
Since we've migrated all tests to the KUnit framework,
we can delete CONFIG_KASAN_MODULE_TEST and mentioning of it in the
documentation as well.
I've used the online translator to modify the non-English documentation.
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Documentation/dev-tools/kasan.rst | 9 ++-------
Documentation/translations/zh_CN/dev-tools/kasan.rst | 6 +-----
Documentation/translations/zh_TW/dev-tools/kasan.rst | 6 +-----
lib/Kconfig.kasan | 7 -------
mm/kasan/kasan.h | 2 +-
mm/kasan/report.c | 2 +-
6 files changed, 6 insertions(+), 26 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index d7de44f5339..52fdd6b5ef6 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -511,17 +511,12 @@ Tests
~~~~~
There are KASAN tests that allow verifying that KASAN works and can detect
-certain types of memory corruptions. The tests consist of two parts:
+certain types of memory corruptions.
-1. Tests that are integrated with the KUnit Test Framework. Enabled with
+Tests that are integrated with the KUnit Test Framework. Enabled with
``CONFIG_KASAN_KUNIT_TEST``. These tests can be run and partially verified
automatically in a few different ways; see the instructions below.
-2. Tests that are currently incompatible with KUnit. Enabled with
-``CONFIG_KASAN_MODULE_TEST`` and can only be run as a module. These tests can
-only be verified manually by loading the kernel module and inspecting the
-kernel log for KASAN reports.
-
Each KUnit-compatible KASAN test prints one of multiple KASAN reports if an
error is detected. Then the test prints its number and status.
diff --git a/Documentation/translations/zh_CN/dev-tools/kasan.rst b/Documentation/translations/zh_CN/dev-tools/kasan.rst
index 4491ad2830e..f968d262be1 100644
--- a/Documentation/translations/zh_CN/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_CN/dev-tools/kasan.rst
@@ -422,14 +422,10 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
~~~~
有一些KASAN测试可以验证KASAN是否正常工作并可以检测某些类型的内存损坏。
-测试由两部分组成:
-1. 与KUnit测试框架集成的测试。使用 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
+与KUnit测试框架集成的测试。使用 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
这些测试可以通过几种不同的方式自动运行和部分验证;请参阅下面的说明。
-2. 与KUnit不兼容的测试。使用 ``CONFIG_KASAN_MODULE_TEST`` 启用并且只能作为模块
-运行。这些测试只能通过加载内核模块并检查内核日志以获取KASAN报告来手动验证。
-
如果检测到错误,每个KUnit兼容的KASAN测试都会打印多个KASAN报告之一,然后测试打印
其编号和状态。
diff --git a/Documentation/translations/zh_TW/dev-tools/kasan.rst b/Documentation/translations/zh_TW/dev-tools/kasan.rst
index ed342e67d8e..19457860486 100644
--- a/Documentation/translations/zh_TW/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_TW/dev-tools/kasan.rst
@@ -404,14 +404,10 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
~~~~
有一些KASAN測試可以驗證KASAN是否正常工作並可以檢測某些類型的內存損壞。
-測試由兩部分組成:
-1. 與KUnit測試框架集成的測試。使用 ``CONFIG_KASAN_KUNIT_TEST`` 啓用。
+與KUnit測試框架集成的測試。使用 ``CONFIG_KASAN_KUNIT_TEST`` 啓用。
這些測試可以通過幾種不同的方式自動運行和部分驗證;請參閱下面的說明。
-2. 與KUnit不兼容的測試。使用 ``CONFIG_KASAN_MODULE_TEST`` 啓用並且只能作爲模塊
-運行。這些測試只能通過加載內核模塊並檢查內核日誌以獲取KASAN報告來手動驗證。
-
如果檢測到錯誤,每個KUnit兼容的KASAN測試都會打印多個KASAN報告之一,然後測試打印
其編號和狀態。
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 98016e137b7..f82889a830f 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -195,13 +195,6 @@ config KASAN_KUNIT_TEST
For more information on KUnit and unit tests in general, please refer
to the KUnit documentation in Documentation/dev-tools/kunit/.
-config KASAN_MODULE_TEST
- tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
- depends on m && KASAN && !KASAN_HW_TAGS
- help
- A part of the KASAN test suite that is not integrated with KUnit.
- Incompatible with Hardware Tag-Based KASAN.
-
config KASAN_EXTRA_INFO
bool "Record and report more information"
depends on KASAN
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index f438a6cdc96..b7e4b81421b 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -568,7 +568,7 @@ static inline void kasan_kunit_test_suite_end(void) { }
#endif /* CONFIG_KASAN_KUNIT_TEST */
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void);
void kasan_restore_multi_shot(bool enabled);
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index b48c768acc8..3e48668c3e4 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -132,7 +132,7 @@ static bool report_enabled(void)
return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
}
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void)
{
--
2.34.1
On Sun, Oct 13, 2024 at 3:02 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst > index d7de44f5339..52fdd6b5ef6 100644 > --- a/Documentation/dev-tools/kasan.rst > +++ b/Documentation/dev-tools/kasan.rst > @@ -511,17 +511,12 @@ Tests > ~~~~~ > > There are KASAN tests that allow verifying that KASAN works and can detect > -certain types of memory corruptions. The tests consist of two parts: > +certain types of memory corruptions. > > -1. Tests that are integrated with the KUnit Test Framework. Enabled with > +Tests that are integrated with the KUnit Test Framework. Enabled with > ``CONFIG_KASAN_KUNIT_TEST``. These tests can be run and partially verified > automatically in a few different ways; see the instructions below. > > -2. Tests that are currently incompatible with KUnit. Enabled with > -``CONFIG_KASAN_MODULE_TEST`` and can only be run as a module. These tests can > -only be verified manually by loading the kernel module and inspecting the > -kernel log for KASAN reports. > - > Each KUnit-compatible KASAN test prints one of multiple KASAN reports if an > error is detected. Then the test prints its number and status. Let's reword these parts even more, please see the attached file.
Since we've migrated all tests to the KUnit framework,
we can delete CONFIG_KASAN_MODULE_TEST and mentioning of it in the
documentation as well.
I've used the online translator to modify the non-English documentation.
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
---
Changes v2 -> v3:
- applied Andrey's patch to modify further kasan.rst.
---
Documentation/dev-tools/kasan.rst | 23 ++++++++-----------
.../translations/zh_CN/dev-tools/kasan.rst | 20 +++++++---------
.../translations/zh_TW/dev-tools/kasan.rst | 21 ++++++++---------
lib/Kconfig.kasan | 7 ------
mm/kasan/kasan.h | 2 +-
mm/kasan/report.c | 2 +-
6 files changed, 28 insertions(+), 47 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index d7de44f5339..0a1418ab72f 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -511,19 +511,14 @@ Tests
~~~~~
There are KASAN tests that allow verifying that KASAN works and can detect
-certain types of memory corruptions. The tests consist of two parts:
+certain types of memory corruptions.
-1. Tests that are integrated with the KUnit Test Framework. Enabled with
-``CONFIG_KASAN_KUNIT_TEST``. These tests can be run and partially verified
+All KASAN tests are integrated with the KUnit Test Framework and can be enabled
+via ``CONFIG_KASAN_KUNIT_TEST``. The tests can be run and partially verified
automatically in a few different ways; see the instructions below.
-2. Tests that are currently incompatible with KUnit. Enabled with
-``CONFIG_KASAN_MODULE_TEST`` and can only be run as a module. These tests can
-only be verified manually by loading the kernel module and inspecting the
-kernel log for KASAN reports.
-
-Each KUnit-compatible KASAN test prints one of multiple KASAN reports if an
-error is detected. Then the test prints its number and status.
+Each KASAN test prints one of multiple KASAN reports if an error is detected.
+Then the test prints its number and status.
When a test passes::
@@ -550,16 +545,16 @@ Or, if one of the tests failed::
not ok 1 - kasan
-There are a few ways to run KUnit-compatible KASAN tests.
+There are a few ways to run the KASAN tests.
1. Loadable module
- With ``CONFIG_KUNIT`` enabled, KASAN-KUnit tests can be built as a loadable
- module and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``.
+ With ``CONFIG_KUNIT`` enabled, the tests can be built as a loadable module
+ and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``.
2. Built-In
- With ``CONFIG_KUNIT`` built-in, KASAN-KUnit tests can be built-in as well.
+ With ``CONFIG_KUNIT`` built-in, the tests can be built-in as well.
In this case, the tests will run at boot as a late-init call.
3. Using kunit_tool
diff --git a/Documentation/translations/zh_CN/dev-tools/kasan.rst b/Documentation/translations/zh_CN/dev-tools/kasan.rst
index 4491ad2830e..fd2e3afbdfa 100644
--- a/Documentation/translations/zh_CN/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_CN/dev-tools/kasan.rst
@@ -422,16 +422,12 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
~~~~
有一些KASAN测试可以验证KASAN是否正常工作并可以检测某些类型的内存损坏。
-测试由两部分组成:
-1. 与KUnit测试框架集成的测试。使用 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
-这些测试可以通过几种不同的方式自动运行和部分验证;请参阅下面的说明。
+所有 KASAN 测试都与 KUnit 测试框架集成,可通过 ``CONFIG_KASAN_KUNIT_TEST`` 启用。
+测试可以通过几种不同的方式自动运行和部分验证;请参阅以下说明。
-2. 与KUnit不兼容的测试。使用 ``CONFIG_KASAN_MODULE_TEST`` 启用并且只能作为模块
-运行。这些测试只能通过加载内核模块并检查内核日志以获取KASAN报告来手动验证。
-
-如果检测到错误,每个KUnit兼容的KASAN测试都会打印多个KASAN报告之一,然后测试打印
-其编号和状态。
+如果检测到错误,每个 KASAN 测试都会打印多份 KASAN 报告中的一份。
+然后测试会打印其编号和状态。
当测试通过::
@@ -458,16 +454,16 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。
not ok 1 - kasan
-有几种方法可以运行与KUnit兼容的KASAN测试。
+有几种方法可以运行 KASAN 测试。
1. 可加载模块
- 启用 ``CONFIG_KUNIT`` 后,KASAN-KUnit测试可以构建为可加载模块,并通过使用
- ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。
+ 启用 ``CONFIG_KUNIT`` 后,可以将测试构建为可加载模块
+ 并通过使用 ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。
2. 内置
- 通过内置 ``CONFIG_KUNIT`` ,也可以内置KASAN-KUnit测试。在这种情况下,
+ 通过内置 ``CONFIG_KUNIT``,测试也可以内置。
测试将在启动时作为后期初始化调用运行。
3. 使用kunit_tool
diff --git a/Documentation/translations/zh_TW/dev-tools/kasan.rst b/Documentation/translations/zh_TW/dev-tools/kasan.rst
index ed342e67d8e..35b7fd18aa4 100644
--- a/Documentation/translations/zh_TW/dev-tools/kasan.rst
+++ b/Documentation/translations/zh_TW/dev-tools/kasan.rst
@@ -404,16 +404,13 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
~~~~
有一些KASAN測試可以驗證KASAN是否正常工作並可以檢測某些類型的內存損壞。
-測試由兩部分組成:
-1. 與KUnit測試框架集成的測試。使用 ``CONFIG_KASAN_KUNIT_TEST`` 啓用。
-這些測試可以通過幾種不同的方式自動運行和部分驗證;請參閱下面的說明。
+所有 KASAN 測試均與 KUnit 測試框架集成,並且可以啟用
+透過 ``CONFIG_KASAN_KUNIT_TEST``。可以運行測試並進行部分驗證
+ 以幾種不同的方式自動進行;請參閱下面的說明。
-2. 與KUnit不兼容的測試。使用 ``CONFIG_KASAN_MODULE_TEST`` 啓用並且只能作爲模塊
-運行。這些測試只能通過加載內核模塊並檢查內核日誌以獲取KASAN報告來手動驗證。
-
-如果檢測到錯誤,每個KUnit兼容的KASAN測試都會打印多個KASAN報告之一,然後測試打印
-其編號和狀態。
+如果偵測到錯誤,每個 KASAN 測試都會列印多個 KASAN 報告之一。
+然後測試列印其編號和狀態。
當測試通過::
@@ -440,16 +437,16 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。
not ok 1 - kasan
-有幾種方法可以運行與KUnit兼容的KASAN測試。
+有幾種方法可以執行 KASAN 測試。
1. 可加載模塊
- 啓用 ``CONFIG_KUNIT`` 後,KASAN-KUnit測試可以構建爲可加載模塊,並通過使用
- ``insmod`` 或 ``modprobe`` 加載 ``kasan_test.ko`` 來運行。
+ 啟用 ``CONFIG_KUNIT`` 後,測試可以建置為可載入模組
+ 並且透過使用 ``insmod`` 或 ``modprobe`` 來載入 ``kasan_test.ko`` 來運作。
2. 內置
- 通過內置 ``CONFIG_KUNIT`` ,也可以內置KASAN-KUnit測試。在這種情況下,
+ 透過內建 ``CONFIG_KUNIT``,測試也可以內建。
測試將在啓動時作爲後期初始化調用運行。
3. 使用kunit_tool
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 98016e137b7..f82889a830f 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -195,13 +195,6 @@ config KASAN_KUNIT_TEST
For more information on KUnit and unit tests in general, please refer
to the KUnit documentation in Documentation/dev-tools/kunit/.
-config KASAN_MODULE_TEST
- tristate "KUnit-incompatible tests of KASAN bug detection capabilities"
- depends on m && KASAN && !KASAN_HW_TAGS
- help
- A part of the KASAN test suite that is not integrated with KUnit.
- Incompatible with Hardware Tag-Based KASAN.
-
config KASAN_EXTRA_INFO
bool "Record and report more information"
depends on KASAN
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index f438a6cdc96..b7e4b81421b 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -568,7 +568,7 @@ static inline void kasan_kunit_test_suite_end(void) { }
#endif /* CONFIG_KASAN_KUNIT_TEST */
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void);
void kasan_restore_multi_shot(bool enabled);
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index b48c768acc8..3e48668c3e4 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -132,7 +132,7 @@ static bool report_enabled(void)
return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
}
-#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST)
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
bool kasan_save_enable_multi_shot(void)
{
--
2.34.1
On Sun, Oct 13, 2024 at 8:20 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > Since we've migrated all tests to the KUnit framework, > we can delete CONFIG_KASAN_MODULE_TEST and mentioning of it in the > documentation as well. > > I've used the online translator to modify the non-English documentation. > > Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com> > --- > Changes v2 -> v3: > - applied Andrey's patch to modify further kasan.rst. > --- > Documentation/dev-tools/kasan.rst | 23 ++++++++----------- > .../translations/zh_CN/dev-tools/kasan.rst | 20 +++++++--------- > .../translations/zh_TW/dev-tools/kasan.rst | 21 ++++++++--------- > lib/Kconfig.kasan | 7 ------ > mm/kasan/kasan.h | 2 +- > mm/kasan/report.c | 2 +- > 6 files changed, 28 insertions(+), 47 deletions(-) > > diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst > index d7de44f5339..0a1418ab72f 100644 > --- a/Documentation/dev-tools/kasan.rst > +++ b/Documentation/dev-tools/kasan.rst > @@ -511,19 +511,14 @@ Tests > ~~~~~ > > There are KASAN tests that allow verifying that KASAN works and can detect > -certain types of memory corruptions. The tests consist of two parts: > +certain types of memory corruptions. > > -1. Tests that are integrated with the KUnit Test Framework. Enabled with > -``CONFIG_KASAN_KUNIT_TEST``. These tests can be run and partially verified > +All KASAN tests are integrated with the KUnit Test Framework and can be enabled > +via ``CONFIG_KASAN_KUNIT_TEST``. The tests can be run and partially verified > automatically in a few different ways; see the instructions below. > > -2. Tests that are currently incompatible with KUnit. Enabled with > -``CONFIG_KASAN_MODULE_TEST`` and can only be run as a module. These tests can > -only be verified manually by loading the kernel module and inspecting the > -kernel log for KASAN reports. > - > -Each KUnit-compatible KASAN test prints one of multiple KASAN reports if an > -error is detected. Then the test prints its number and status. > +Each KASAN test prints one of multiple KASAN reports if an error is detected. > +Then the test prints its number and status. > > When a test passes:: > > @@ -550,16 +545,16 @@ Or, if one of the tests failed:: > > not ok 1 - kasan > > -There are a few ways to run KUnit-compatible KASAN tests. > +There are a few ways to run the KASAN tests. > > 1. Loadable module > > - With ``CONFIG_KUNIT`` enabled, KASAN-KUnit tests can be built as a loadable > - module and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``. > + With ``CONFIG_KUNIT`` enabled, the tests can be built as a loadable module > + and run by loading ``kasan_test.ko`` with ``insmod`` or ``modprobe``. > > 2. Built-In > > - With ``CONFIG_KUNIT`` built-in, KASAN-KUnit tests can be built-in as well. > + With ``CONFIG_KUNIT`` built-in, the tests can be built-in as well. > In this case, the tests will run at boot as a late-init call. > > 3. Using kunit_tool > diff --git a/Documentation/translations/zh_CN/dev-tools/kasan.rst b/Documentation/translations/zh_CN/dev-tools/kasan.rst > index 4491ad2830e..fd2e3afbdfa 100644 > --- a/Documentation/translations/zh_CN/dev-tools/kasan.rst > +++ b/Documentation/translations/zh_CN/dev-tools/kasan.rst > @@ -422,16 +422,12 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。 > ~~~~ > > 有一些KASAN测试可以验证KASAN是否正常工作并可以检测某些类型的内存损坏。 > -测试由两部分组成: > > -1. 与KUnit测试框架集成的测试。使用 ``CONFIG_KASAN_KUNIT_TEST`` 启用。 > -这些测试可以通过几种不同的方式自动运行和部分验证;请参阅下面的说明。 > +所有 KASAN 测试都与 KUnit 测试框架集成,可通过 ``CONFIG_KASAN_KUNIT_TEST`` 启用。 > +测试可以通过几种不同的方式自动运行和部分验证;请参阅以下说明。 > > -2. 与KUnit不兼容的测试。使用 ``CONFIG_KASAN_MODULE_TEST`` 启用并且只能作为模块 > -运行。这些测试只能通过加载内核模块并检查内核日志以获取KASAN报告来手动验证。 > - > -如果检测到错误,每个KUnit兼容的KASAN测试都会打印多个KASAN报告之一,然后测试打印 > -其编号和状态。 > +如果检测到错误,每个 KASAN 测试都会打印多份 KASAN 报告中的一份。 > +然后测试会打印其编号和状态。 > > 当测试通过:: > > @@ -458,16 +454,16 @@ KASAN连接到vmap基础架构以懒清理未使用的影子内存。 > > not ok 1 - kasan > > -有几种方法可以运行与KUnit兼容的KASAN测试。 > +有几种方法可以运行 KASAN 测试。 > > 1. 可加载模块 > > - 启用 ``CONFIG_KUNIT`` 后,KASAN-KUnit测试可以构建为可加载模块,并通过使用 > - ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。 > + 启用 ``CONFIG_KUNIT`` 后,可以将测试构建为可加载模块 > + 并通过使用 ``insmod`` 或 ``modprobe`` 加载 ``kasan_test.ko`` 来运行。 > > 2. 内置 > > - 通过内置 ``CONFIG_KUNIT`` ,也可以内置KASAN-KUnit测试。在这种情况下, > + 通过内置 ``CONFIG_KUNIT``,测试也可以内置。 > 测试将在启动时作为后期初始化调用运行。 > > 3. 使用kunit_tool > diff --git a/Documentation/translations/zh_TW/dev-tools/kasan.rst b/Documentation/translations/zh_TW/dev-tools/kasan.rst > index ed342e67d8e..35b7fd18aa4 100644 > --- a/Documentation/translations/zh_TW/dev-tools/kasan.rst > +++ b/Documentation/translations/zh_TW/dev-tools/kasan.rst > @@ -404,16 +404,13 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。 > ~~~~ > > 有一些KASAN測試可以驗證KASAN是否正常工作並可以檢測某些類型的內存損壞。 > -測試由兩部分組成: > > -1. 與KUnit測試框架集成的測試。使用 ``CONFIG_KASAN_KUNIT_TEST`` 啓用。 > -這些測試可以通過幾種不同的方式自動運行和部分驗證;請參閱下面的說明。 > +所有 KASAN 測試均與 KUnit 測試框架集成,並且可以啟用 > +透過 ``CONFIG_KASAN_KUNIT_TEST``。可以運行測試並進行部分驗證 > + 以幾種不同的方式自動進行;請參閱下面的說明。 > > -2. 與KUnit不兼容的測試。使用 ``CONFIG_KASAN_MODULE_TEST`` 啓用並且只能作爲模塊 > -運行。這些測試只能通過加載內核模塊並檢查內核日誌以獲取KASAN報告來手動驗證。 > - > -如果檢測到錯誤,每個KUnit兼容的KASAN測試都會打印多個KASAN報告之一,然後測試打印 > -其編號和狀態。 > +如果偵測到錯誤,每個 KASAN 測試都會列印多個 KASAN 報告之一。 > +然後測試列印其編號和狀態。 > > 當測試通過:: > > @@ -440,16 +437,16 @@ KASAN連接到vmap基礎架構以懶清理未使用的影子內存。 > > not ok 1 - kasan > > -有幾種方法可以運行與KUnit兼容的KASAN測試。 > +有幾種方法可以執行 KASAN 測試。 > > 1. 可加載模塊 > > - 啓用 ``CONFIG_KUNIT`` 後,KASAN-KUnit測試可以構建爲可加載模塊,並通過使用 > - ``insmod`` 或 ``modprobe`` 加載 ``kasan_test.ko`` 來運行。 > + 啟用 ``CONFIG_KUNIT`` 後,測試可以建置為可載入模組 > + 並且透過使用 ``insmod`` 或 ``modprobe`` 來載入 ``kasan_test.ko`` 來運作。 > > 2. 內置 > > - 通過內置 ``CONFIG_KUNIT`` ,也可以內置KASAN-KUnit測試。在這種情況下, > + 透過內建 ``CONFIG_KUNIT``,測試也可以內建。 > 測試將在啓動時作爲後期初始化調用運行。 > > 3. 使用kunit_tool > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan > index 98016e137b7..f82889a830f 100644 > --- a/lib/Kconfig.kasan > +++ b/lib/Kconfig.kasan > @@ -195,13 +195,6 @@ config KASAN_KUNIT_TEST > For more information on KUnit and unit tests in general, please refer > to the KUnit documentation in Documentation/dev-tools/kunit/. > > -config KASAN_MODULE_TEST > - tristate "KUnit-incompatible tests of KASAN bug detection capabilities" > - depends on m && KASAN && !KASAN_HW_TAGS > - help > - A part of the KASAN test suite that is not integrated with KUnit. > - Incompatible with Hardware Tag-Based KASAN. > - > config KASAN_EXTRA_INFO > bool "Record and report more information" > depends on KASAN > diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h > index f438a6cdc96..b7e4b81421b 100644 > --- a/mm/kasan/kasan.h > +++ b/mm/kasan/kasan.h > @@ -568,7 +568,7 @@ static inline void kasan_kunit_test_suite_end(void) { } > > #endif /* CONFIG_KASAN_KUNIT_TEST */ > > -#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST) > +#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) > > bool kasan_save_enable_multi_shot(void); > void kasan_restore_multi_shot(bool enabled); > diff --git a/mm/kasan/report.c b/mm/kasan/report.c > index b48c768acc8..3e48668c3e4 100644 > --- a/mm/kasan/report.c > +++ b/mm/kasan/report.c > @@ -132,7 +132,7 @@ static bool report_enabled(void) > return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags); > } > > -#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) || IS_ENABLED(CONFIG_KASAN_MODULE_TEST) > +#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) > > bool kasan_save_enable_multi_shot(void) > { > -- > 2.34.1 > Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
On Fri, Oct 11, 2024 at 12:16 PM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > Migrate the copy_user_test to the KUnit framework to verify out-of-bound > detection via KASAN reports in copy_from_user(), copy_to_user() and > their static functions. > > This is the last migrated test in kasan_test_module.c, therefore delete > the file. > > In order to detect OOB access in strncpy_from_user(), we need to move > kasan_check_write() to the function beginning to cover > if (can_do_masked_user_access()) {...} branch as well. > > Reported-by: Andrey Konovalov <andreyknvl@gmail.com> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=212205 > Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com> > --- > lib/strncpy_from_user.c | 3 +- > mm/kasan/kasan_test_c.c | 39 +++++++++++++++++ > mm/kasan/kasan_test_module.c | 81 ------------------------------------ > 3 files changed, 41 insertions(+), 82 deletions(-) > delete mode 100644 mm/kasan/kasan_test_module.c > > diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c > index 989a12a67872..55c33e4f3c70 100644 > --- a/lib/strncpy_from_user.c > +++ b/lib/strncpy_from_user.c > @@ -120,6 +120,8 @@ long strncpy_from_user(char *dst, const char __user *src, long count) > if (unlikely(count <= 0)) > return 0; > > + kasan_check_write(dst, count); > + > if (can_do_masked_user_access()) { > long retval; > > @@ -142,7 +144,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count) > if (max > count) > max = count; > > - kasan_check_write(dst, count); > check_object_size(dst, count, false); > if (user_read_access_begin(src, max)) { > retval = do_strncpy_from_user(dst, src, count, max); > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c > index a181e4780d9d..e71a16d0dfb9 100644 > --- a/mm/kasan/kasan_test_c.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1954,6 +1954,44 @@ static void rust_uaf(struct kunit *test) > KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > } > > +static void copy_user_test_oob(struct kunit *test) > +{ > + char *kmem; > + char __user *usermem; > + unsigned long useraddr; > + size_t size = 128 - KASAN_GRANULE_SIZE; > + int __maybe_unused unused; > + > + kmem = kunit_kmalloc(test, size, GFP_KERNEL); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, kmem); > + > + useraddr = kunit_vm_mmap(test, NULL, 0, PAGE_SIZE, > + PROT_READ | PROT_WRITE | PROT_EXEC, > + MAP_ANONYMOUS | MAP_PRIVATE, 0); > + KUNIT_ASSERT_NE_MSG(test, useraddr, 0, > + "Could not create userspace mm"); > + KUNIT_ASSERT_LT_MSG(test, useraddr, (unsigned long)TASK_SIZE, > + "Failed to allocate user memory"); > + > + OPTIMIZER_HIDE_VAR(size); > + usermem = (char __user *)useraddr; > + > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_from_user_inatomic(kmem, usermem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = __copy_to_user_inatomic(usermem, kmem, size + 1)); > + KUNIT_EXPECT_KASAN_FAIL(test, > + unused = strncpy_from_user(kmem, usermem, size + 1)); > +} > + > static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(kmalloc_oob_right), > KUNIT_CASE(kmalloc_oob_left), > @@ -2028,6 +2066,7 @@ static struct kunit_case kasan_kunit_test_cases[] = { > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > KUNIT_CASE(rust_uaf), > + KUNIT_CASE(copy_user_test_oob), > {} > }; > > diff --git a/mm/kasan/kasan_test_module.c b/mm/kasan/kasan_test_module.c > deleted file mode 100644 > index 27ec22767e42..000000000000 > --- a/mm/kasan/kasan_test_module.c > +++ /dev/null > @@ -1,81 +0,0 @@ > -// SPDX-License-Identifier: GPL-2.0-only > -/* > - * > - * Copyright (c) 2014 Samsung Electronics Co., Ltd. > - * Author: Andrey Ryabinin <a.ryabinin@samsung.com> > - */ > - > -#define pr_fmt(fmt) "kasan: test: " fmt > - > -#include <linux/mman.h> > -#include <linux/module.h> > -#include <linux/printk.h> > -#include <linux/slab.h> > -#include <linux/uaccess.h> > - > -#include "kasan.h" > - > -static noinline void __init copy_user_test(void) > -{ > - char *kmem; > - char __user *usermem; > - size_t size = 128 - KASAN_GRANULE_SIZE; > - int __maybe_unused unused; > - > - kmem = kmalloc(size, GFP_KERNEL); > - if (!kmem) > - return; > - > - usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE, > - PROT_READ | PROT_WRITE | PROT_EXEC, > - MAP_ANONYMOUS | MAP_PRIVATE, 0); > - if (IS_ERR(usermem)) { > - pr_err("Failed to allocate user memory\n"); > - kfree(kmem); > - return; > - } > - > - OPTIMIZER_HIDE_VAR(size); > - > - pr_info("out-of-bounds in copy_from_user()\n"); > - unused = copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in copy_to_user()\n"); > - unused = copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user()\n"); > - unused = __copy_from_user(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user()\n"); > - unused = __copy_to_user(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in __copy_from_user_inatomic()\n"); > - unused = __copy_from_user_inatomic(kmem, usermem, size + 1); > - > - pr_info("out-of-bounds in __copy_to_user_inatomic()\n"); > - unused = __copy_to_user_inatomic(usermem, kmem, size + 1); > - > - pr_info("out-of-bounds in strncpy_from_user()\n"); > - unused = strncpy_from_user(kmem, usermem, size + 1); > - > - vm_munmap((unsigned long)usermem, PAGE_SIZE); > - kfree(kmem); > -} > - > -static int __init kasan_test_module_init(void) > -{ > - /* > - * Temporarily enable multi-shot mode. Otherwise, KASAN would only > - * report the first detected bug and panic the kernel if panic_on_warn > - * is enabled. > - */ > - bool multishot = kasan_save_enable_multi_shot(); > - > - copy_user_test(); > - > - kasan_restore_multi_shot(multishot); > - return -EAGAIN; > -} > - > -module_init(kasan_test_module_init); > -MODULE_LICENSE("GPL"); > -- > 2.34.1 > This has been tested on: - x86_64 with CONFIG_KASAN_GENERIC - arm64 with CONFIG_KASAN_SW_TAGS - arm64 with CONFIG_KASAN_HW_TAGS - arm64 SW_TAGS has 1 failing test which is in the mainline, will try to address it in different patch, not related to changes in this PR: [ 9.480716] # vmalloc_percpu: EXPECTATION FAILED at mm/kasan/kasan_test_c.c:1830 [ 9.480716] Expected (u8)(__u8)((u64)(c_ptr) >> 56) < (u8)0xFF, but [ 9.480716] (u8)(__u8)((u64)(c_ptr) >> 56) == 255 (0xff) [ 9.480716] (u8)0xFF == 255 (0xff) [ 9.481936] # vmalloc_percpu: EXPECTATION FAILED at mm/kasan/kasan_test_c.c:1830 [ 9.481936] Expected (u8)(__u8)((u64)(c_ptr) >> 56) < (u8)0xFF, but [ 9.481936] (u8)(__u8)((u64)(c_ptr) >> 56) == 255 (0xff) [ 9.481936] (u8)0xFF == 255 (0xff) Here is my full console log of arm64-sw.log: https://gist.githubusercontent.com/novitoll/7ab93edca1f7d71925735075e84fc2ec/raw/6ef05758bcc396cd2f5796a5bcb5e41a091224cf/arm64-sw.log - arm64 HW_TAGS has 1 failing test related to new changes and AFAIU, it's known issue related to HW_TAGS: [ 11.167324] # copy_user_test_oob: EXPECTATION FAILED at mm/kasan/kasan_test_c.c:1992 [ 11.167324] KASAN failure expected in "unused = strncpy_from_user(kmem, usermem, size + 1)", but none occurred Here is the console log of arm64-hw.log: https://gist.github.com/novitoll/7ab93edca1f7d71925735075e84fc2ec#file-arm64-hw-log-L11208
On Fri, Oct 11, 2024 at 11:12 AM Sabyrzhan Tasbolatov <snovitoll@gmail.com> wrote: > > This has been tested on: > - x86_64 with CONFIG_KASAN_GENERIC > - arm64 with CONFIG_KASAN_SW_TAGS > - arm64 with CONFIG_KASAN_HW_TAGS > > - arm64 SW_TAGS has 1 failing test which is in the mainline, > will try to address it in different patch, not related to changes in this PR: > [ 9.480716] # vmalloc_percpu: EXPECTATION FAILED at > mm/kasan/kasan_test_c.c:1830 > [ 9.480716] Expected (u8)(__u8)((u64)(c_ptr) >> 56) < (u8)0xFF, but > [ 9.480716] (u8)(__u8)((u64)(c_ptr) >> 56) == 255 (0xff) > [ 9.480716] (u8)0xFF == 255 (0xff) > [ 9.481936] # vmalloc_percpu: EXPECTATION FAILED at > mm/kasan/kasan_test_c.c:1830 > [ 9.481936] Expected (u8)(__u8)((u64)(c_ptr) >> 56) < (u8)0xFF, but > [ 9.481936] (u8)(__u8)((u64)(c_ptr) >> 56) == 255 (0xff) > [ 9.481936] (u8)0xFF == 255 (0xff) Could you share the kernel config that you use to get this failure? This test works for me with my config... > Here is my full console log of arm64-sw.log: > https://gist.githubusercontent.com/novitoll/7ab93edca1f7d71925735075e84fc2ec/raw/6ef05758bcc396cd2f5796a5bcb5e41a091224cf/arm64-sw.log > > - arm64 HW_TAGS has 1 failing test related to new changes > and AFAIU, it's known issue related to HW_TAGS: > > [ 11.167324] # copy_user_test_oob: EXPECTATION FAILED at > mm/kasan/kasan_test_c.c:1992 > [ 11.167324] KASAN failure expected in "unused = > strncpy_from_user(kmem, usermem, size + 1)", but none occurred > > Here is the console log of arm64-hw.log: > https://gist.github.com/novitoll/7ab93edca1f7d71925735075e84fc2ec#file-arm64-hw-log-L11208 I don't remember seeing this issue before, did you manage to figure out why this happens? Thank you for working on this!
On Sun, Oct 13, 2024 at 3:49 AM Andrey Konovalov <andreyknvl@gmail.com> wrote: > > On Fri, Oct 11, 2024 at 11:12 AM Sabyrzhan Tasbolatov > <snovitoll@gmail.com> wrote: > > > > This has been tested on: > > - x86_64 with CONFIG_KASAN_GENERIC > > - arm64 with CONFIG_KASAN_SW_TAGS > > - arm64 with CONFIG_KASAN_HW_TAGS > > > > - arm64 SW_TAGS has 1 failing test which is in the mainline, > > will try to address it in different patch, not related to changes in this PR: > > [ 9.480716] # vmalloc_percpu: EXPECTATION FAILED at > > mm/kasan/kasan_test_c.c:1830 > > [ 9.480716] Expected (u8)(__u8)((u64)(c_ptr) >> 56) < (u8)0xFF, but > > [ 9.480716] (u8)(__u8)((u64)(c_ptr) >> 56) == 255 (0xff) > > [ 9.480716] (u8)0xFF == 255 (0xff) > > [ 9.481936] # vmalloc_percpu: EXPECTATION FAILED at > > mm/kasan/kasan_test_c.c:1830 > > [ 9.481936] Expected (u8)(__u8)((u64)(c_ptr) >> 56) < (u8)0xFF, but > > [ 9.481936] (u8)(__u8)((u64)(c_ptr) >> 56) == 255 (0xff) > > [ 9.481936] (u8)0xFF == 255 (0xff) > > Could you share the kernel config that you use to get this failure? > This test works for me with my config... > Here is config for arm64 with SW_TAGS: https://gist.githubusercontent.com/novitoll/7ab93edca1f7d71925735075e84fc2ec/raw/7da07ae3c06009ad80dba87a0ba188934e31b8af/config-arm64-sw , config for arm64 with HW_TAGS: https://gist.githubusercontent.com/novitoll/7ab93edca1f7d71925735075e84fc2ec/raw/7da07ae3c06009ad80dba87a0ba188934e31b8af/config-arm64-hw I've built them with defconfig, then chose in menuconfig KASAN, enabled KUnit tests. $ make CC=clang LD=ld.lld AR=llvm-ar NM=llvm-nm STRIP=llvm-strip OBJCOPY=llvm-objcopy \ OBJDUMP=llvm-objdump READELF=llvm-readelf HOSTCC=clang HOSTCXX=clang++ \ HOSTAR=llvm-ar HOSTLD=ld.lld ARCH=arm64 defconfig $ clang --version ClangBuiltLinux clang version 14.0.6 (https://github.com/llvm/llvm-project.git f28c006a5895fc0e329fe15fead81e37457cb1d1) Target: x86_64-unknown-linux-gnu Thread model: posix $ qemu-system-aarch64 \ -machine virt,mte=on \ -cpu max \ -smp 2 \ -m 2048 \ -hda $IMAGE \ -kernel $KERNEL/arch/arm64/boot/Image \ -append "console=ttyAMA0 root=/dev/vda debug earlyprintk=serial net.iframes=0 slub_debug=UZ oops=panic panic_on_warn=1 panic=-1 ftrace_dump_on_oops=orig_cpu" \ -net user,hostfwd=tcp::10023-:22 -net nic \ -nographic \ -pidfile vm.pid \ 2>&1 > > Here is my full console log of arm64-sw.log: > > https://gist.githubusercontent.com/novitoll/7ab93edca1f7d71925735075e84fc2ec/raw/6ef05758bcc396cd2f5796a5bcb5e41a091224cf/arm64-sw.log > > > > - arm64 HW_TAGS has 1 failing test related to new changes > > and AFAIU, it's known issue related to HW_TAGS: > > > > [ 11.167324] # copy_user_test_oob: EXPECTATION FAILED at > > mm/kasan/kasan_test_c.c:1992 > > [ 11.167324] KASAN failure expected in "unused = > > strncpy_from_user(kmem, usermem, size + 1)", but none occurred > > > > Here is the console log of arm64-hw.log: > > https://gist.github.com/novitoll/7ab93edca1f7d71925735075e84fc2ec#file-arm64-hw-log-L11208 > > I don't remember seeing this issue before, did you manage to figure > out why this happens? > I haven't figured it out yet. All I've understood that for HW_TAGS, KASAN_GRANULE_SIZE is MTE_GRANULE_SIZE (16), and I've tried to tweak the buffer size in kunit test, where it's 128 - KASAN_GRANULE_SIZE, I've also tried to understand the if branches in: #define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \ ... if (IS_ENABLED(CONFIG_KASAN_HW_TAGS) && \ , haven't made any progress on it. I've faced a similar issue with HW_TAGS in: https://lore.kernel.org/all/20241011035310.2982017-1-snovitoll@gmail.com/ and also see the comment from you (perhaps, not related): https://bugzilla.kernel.org/show_bug.cgi?id=212205#c2 > Thank you for working on this! Thanks, I'll address your comments in another reply.
© 2016 - 2024 Red Hat, Inc.