[Bug 212205] New: KASAN: port all tests to KUnit
0 views
Skip to first unread message
bugzill...@bugzilla.kernel.org
Mar 9, 2021, 11:37:41 AM3/9/21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205
Bug ID: 212205
Summary: KASAN: port all tests to KUnit
Product: Memory Management
Version: 2.5
Kernel Version: upstream
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Sanitizers
Assignee: mm_san...@kernel-bugs.kernel.org
Reporter: andre...@gmail.com
CC: kasa...@googlegroups.com
Regression: No
There are three tests remaining in lib/kasan_test_module.c:
1. kasan_rcu_uaf() and 2. kasan_workqueue_uaf() that trigger KASAN bug reports
in a different task than where the test is run. Porting those should be easy
once tests start using tracepoints instead of a per-task flag to check for bug
reports:
https://bugzilla.kernel.org/show_bug.cgi?id=212203
3. copy_user_test(). The issue with this one is that it requires a user context
to work. It's unclear what's the best/easiest approach to port this one to
KUnit.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are on the CC list for the bug.
Bug ID: 212205
Summary: KASAN: port all tests to KUnit
Product: Memory Management
Version: 2.5
Kernel Version: upstream
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Sanitizers
Assignee: mm_san...@kernel-bugs.kernel.org
Reporter: andre...@gmail.com
CC: kasa...@googlegroups.com
Regression: No
There are three tests remaining in lib/kasan_test_module.c:
1. kasan_rcu_uaf() and 2. kasan_workqueue_uaf() that trigger KASAN bug reports
in a different task than where the test is run. Porting those should be easy
once tests start using tracepoints instead of a per-task flag to check for bug
reports:
https://bugzilla.kernel.org/show_bug.cgi?id=212203
3. copy_user_test(). The issue with this one is that it requires a user context
to work. It's unclear what's the best/easiest approach to port this one to
KUnit.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are on the CC list for the bug.
bugzill...@bugzilla.kernel.org
Mar 9, 2021, 11:39:47 AM3/9/21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205
--- Comment #1 from Andrey Konovalov (andre...@gmail.com) ---
Some options for #3:
- Spawning a user task from the kernel.
- Creating fake mm structs.
- Using kernel memory as arguments to copy_to/from_user. (It might make sense
to add tests for this in either case.)
--- Comment #1 from Andrey Konovalov (andre...@gmail.com) ---
Some options for #3:
- Spawning a user task from the kernel.
- Creating fake mm structs.
- Using kernel memory as arguments to copy_to/from_user. (It might make sense
to add tests for this in either case.)
bugzill...@bugzilla.kernel.org
Mar 9, 2021, 11:42:02 AM3/9/21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205
--- Comment #2 from Andrey Konovalov (andre...@gmail.com) ---
Note: currently, lib/kasan_test_module.c doesn't work with HW_TAGS KASAN. When
the tests are ported to KUnit, they should be explicitly checked with that
KASAN mode.
--- Comment #2 from Andrey Konovalov (andre...@gmail.com) ---
Note: currently, lib/kasan_test_module.c doesn't work with HW_TAGS KASAN. When
the tests are ported to KUnit, they should be explicitly checked with that
KASAN mode.
bugzill...@kernel.org
Sep 25, 2022, 4:20:22 PM9/25/22
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205
--- Comment #3 from Andrey Konovalov (andre...@gmail.com) ---
Posted patches porting #1 and #2 to KUnit [1].
For #3, another potential approach is to hijack a userspace process via
tracepoints, and execute the test there. However, this can only be done when
userspace processes are launched (=> when KUnit tests are loaded as a module)
and also requires the faultable tracepoints patchset [2].
[1]
https://lore.kernel.org/linux-mm/653d43e9a6d9aad2ae148a941dab048cb...@google.com/T/
[2] https://lore.kernel.org/bpf/20210218222125....@efficios.com/T/
--- Comment #3 from Andrey Konovalov (andre...@gmail.com) ---
Posted patches porting #1 and #2 to KUnit [1].
For #3, another potential approach is to hijack a userspace process via
tracepoints, and execute the test there. However, this can only be done when
userspace processes are launched (=> when KUnit tests are loaded as a module)
and also requires the faultable tracepoints patchset [2].
[1]
https://lore.kernel.org/linux-mm/653d43e9a6d9aad2ae148a941dab048cb...@google.com/T/
[2] https://lore.kernel.org/bpf/20210218222125....@efficios.com/T/
bugzill...@kernel.org
Dec 23, 2022, 8:42:32 PM12/23/22
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205
--- Comment #4 from Andrey Konovalov (andre...@gmail.com) ---
Non-copy_to/from_user tests have been ported to KUnit in [1] and [2].
For copy_to/from_user tests, we could keep them in a module, but nevertheless
integrate with KUnit. This won't allow easily running them during boot, but
other approaches seem overly complicated to implement.
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2c5bd4c69ce28500ed2176d11002a4e9b30da36
[2]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8516e837cab0b2c740b90603b66039aa7dcecda4
--- Comment #4 from Andrey Konovalov (andre...@gmail.com) ---
Non-copy_to/from_user tests have been ported to KUnit in [1] and [2].
For copy_to/from_user tests, we could keep them in a module, but nevertheless
integrate with KUnit. This won't allow easily running them during boot, but
other approaches seem overly complicated to implement.
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2c5bd4c69ce28500ed2176d11002a4e9b30da36
[2]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8516e837cab0b2c740b90603b66039aa7dcecda4
Reply all
Reply to author
Forward
0 new messages