[Bug 212205] New: KASAN: port all tests to KUnit

0 views
Skip to first unread message

bugzill...@bugzilla.kernel.org

unread,
Mar 9, 2021, 11:37:41 AM3/9/21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205

Bug ID: 212205
Summary: KASAN: port all tests to KUnit
Product: Memory Management
Version: 2.5
Kernel Version: upstream
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Sanitizers
Assignee: mm_san...@kernel-bugs.kernel.org
Reporter: andre...@gmail.com
CC: kasa...@googlegroups.com
Regression: No

There are three tests remaining in lib/kasan_test_module.c:

1. kasan_rcu_uaf() and 2. kasan_workqueue_uaf() that trigger KASAN bug reports
in a different task than where the test is run. Porting those should be easy
once tests start using tracepoints instead of a per-task flag to check for bug
reports:

https://bugzilla.kernel.org/show_bug.cgi?id=212203

3. copy_user_test(). The issue with this one is that it requires a user context
to work. It's unclear what's the best/easiest approach to port this one to
KUnit.

--
You may reply to this email to add a comment.

You are receiving this mail because:
You are on the CC list for the bug.

bugzill...@bugzilla.kernel.org

unread,
Mar 9, 2021, 11:39:47 AM3/9/21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205

--- Comment #1 from Andrey Konovalov (andre...@gmail.com) ---
Some options for #3:

- Spawning a user task from the kernel.
- Creating fake mm structs.
- Using kernel memory as arguments to copy_to/from_user. (It might make sense
to add tests for this in either case.)

bugzill...@bugzilla.kernel.org

unread,
Mar 9, 2021, 11:42:02 AM3/9/21
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205

--- Comment #2 from Andrey Konovalov (andre...@gmail.com) ---
Note: currently, lib/kasan_test_module.c doesn't work with HW_TAGS KASAN. When
the tests are ported to KUnit, they should be explicitly checked with that
KASAN mode.

bugzill...@kernel.org

unread,
Sep 25, 2022, 4:20:22 PMSep 25
to kasa...@googlegroups.com
https://bugzilla.kernel.org/show_bug.cgi?id=212205

--- Comment #3 from Andrey Konovalov (andre...@gmail.com) ---
Posted patches porting #1 and #2 to KUnit [1].

For #3, another potential approach is to hijack a userspace process via
tracepoints, and execute the test there. However, this can only be done when
userspace processes are launched (=> when KUnit tests are loaded as a module)
and also requires the faultable tracepoints patchset [2].

[1]
https://lore.kernel.org/linux-mm/653d43e9a6d9aad2ae148a941dab048cb...@google.com/T/
[2] https://lore.kernel.org/bpf/20210218222125....@efficios.com/T/
Reply all
Reply to author
Forward
0 new messages