| Message ID | 20210920180853.1825195-3-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | overflow: Implement size_t saturating arithmetic helpers | expand |
On Mon, Sep 20, 2021 at 11:09 AM Kees Cook <keescook@chromium.org> wrote: > > Report test run summaries more regularly, so it's easier to understand > the output: > - Remove noisy "ok" reports for shift and allocator tests. > - Reorganize per-type output to the end of each type's tests. > - Replace redundant vmalloc tests with __vmalloc so that __GFP_NO_WARN > can be used to keep the expected failure warnings out of dmesg, > similar to commit 8e060c21ae2c ("lib/test_overflow.c: avoid tainting > the kernel and fix wrap size") > > Resulting output: > > test_overflow: 18 u8 arithmetic tests finished > test_overflow: 19 s8 arithmetic tests finished > test_overflow: 17 u16 arithmetic tests finished > test_overflow: 17 s16 arithmetic tests finished > test_overflow: 17 u32 arithmetic tests finished > test_overflow: 17 s32 arithmetic tests finished > test_overflow: 17 u64 arithmetic tests finished > test_overflow: 21 s64 arithmetic tests finished > test_overflow: 113 shift tests finished > test_overflow: 17 overflow size helper tests finished > test_overflow: 11 allocation overflow tests finished > test_overflow: all tests passed > > Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> > Signed-off-by: Kees Cook <keescook@chromium.org> Much appreciated! Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> > --- > lib/test_overflow.c | 50 +++++++++++++++++++++++---------------------- > 1 file changed, 26 insertions(+), 24 deletions(-) > > diff --git a/lib/test_overflow.c b/lib/test_overflow.c > index 01a469ff7ff6..e1fd2d72dc61 100644 > --- a/lib/test_overflow.c > +++ b/lib/test_overflow.c > @@ -252,10 +252,10 @@ static int __init test_ ## t ## _overflow(void) { \ > int err = 0; \ > unsigned i; \ > \ > - pr_info("%-3s: %zu arithmetic tests\n", #t, \ > - ARRAY_SIZE(t ## _tests)); \ > for (i = 0; i < ARRAY_SIZE(t ## _tests); ++i) \ > err |= do_test_ ## t(&t ## _tests[i]); \ > + pr_info("%zu %s arithmetic tests finished\n", \ > + ARRAY_SIZE(t ## _tests), #t); \ > return err; \ > } > > @@ -291,6 +291,7 @@ static int __init test_overflow_calculation(void) > static int __init test_overflow_shift(void) > { > int err = 0; > + int count = 0; > > /* Args are: value, shift, type, expected result, overflow expected */ > #define TEST_ONE_SHIFT(a, s, t, expect, of) ({ \ > @@ -313,9 +314,7 @@ static int __init test_overflow_shift(void) > pr_warn("got %llu\n", (u64)__d); \ > __failed = 1; \ > } \ > - if (!__failed) \ > - pr_info("ok: (%s)(%s << %s) == %s\n", #t, #a, #s, \ > - of ? "overflow" : #expect); \ > + count++; \ > __failed; \ > }) > > @@ -479,6 +478,8 @@ static int __init test_overflow_shift(void) > err |= TEST_ONE_SHIFT(0, 31, s32, 0, false); > err |= TEST_ONE_SHIFT(0, 63, s64, 0, false); > > + pr_info("%d shift tests finished\n", count); > + > return err; > } > > @@ -530,7 +531,6 @@ static int __init test_ ## func (void *arg) \ > free ## want_arg (free_func, arg, ptr); \ > return 1; \ > } \ > - pr_info(#func " detected saturation\n"); \ > return 0; \ > } > > @@ -544,10 +544,7 @@ DEFINE_TEST_ALLOC(kmalloc, kfree, 0, 1, 0); > DEFINE_TEST_ALLOC(kmalloc_node, kfree, 0, 1, 1); > DEFINE_TEST_ALLOC(kzalloc, kfree, 0, 1, 0); > DEFINE_TEST_ALLOC(kzalloc_node, kfree, 0, 1, 1); > -DEFINE_TEST_ALLOC(vmalloc, vfree, 0, 0, 0); > -DEFINE_TEST_ALLOC(vmalloc_node, vfree, 0, 0, 1); > -DEFINE_TEST_ALLOC(vzalloc, vfree, 0, 0, 0); > -DEFINE_TEST_ALLOC(vzalloc_node, vfree, 0, 0, 1); > +DEFINE_TEST_ALLOC(__vmalloc, vfree, 0, 1, 0); > DEFINE_TEST_ALLOC(kvmalloc, kvfree, 0, 1, 0); > DEFINE_TEST_ALLOC(kvmalloc_node, kvfree, 0, 1, 1); > DEFINE_TEST_ALLOC(kvzalloc, kvfree, 0, 1, 0); > @@ -559,8 +556,14 @@ static int __init test_overflow_allocation(void) > { > const char device_name[] = "overflow-test"; > struct device *dev; > + int count = 0; > int err = 0; > > +#define check_allocation_overflow(alloc) ({ \ > + count++; \ > + test_ ## alloc(dev); \ > +}) > + > /* Create dummy device for devm_kmalloc()-family tests. */ > dev = root_device_register(device_name); > if (IS_ERR(dev)) { > @@ -568,23 +571,22 @@ static int __init test_overflow_allocation(void) > return 1; > } > > - err |= test_kmalloc(NULL); > - err |= test_kmalloc_node(NULL); > - err |= test_kzalloc(NULL); > - err |= test_kzalloc_node(NULL); > - err |= test_kvmalloc(NULL); > - err |= test_kvmalloc_node(NULL); > - err |= test_kvzalloc(NULL); > - err |= test_kvzalloc_node(NULL); > - err |= test_vmalloc(NULL); > - err |= test_vmalloc_node(NULL); > - err |= test_vzalloc(NULL); > - err |= test_vzalloc_node(NULL); > - err |= test_devm_kmalloc(dev); > - err |= test_devm_kzalloc(dev); > + err |= check_allocation_overflow(kmalloc); > + err |= check_allocation_overflow(kmalloc_node); > + err |= check_allocation_overflow(kzalloc); > + err |= check_allocation_overflow(kzalloc_node); > + err |= check_allocation_overflow(__vmalloc); > + err |= check_allocation_overflow(kvmalloc); > + err |= check_allocation_overflow(kvmalloc_node); > + err |= check_allocation_overflow(kvzalloc); > + err |= check_allocation_overflow(kvzalloc_node); > + err |= check_allocation_overflow(devm_kmalloc); > + err |= check_allocation_overflow(devm_kzalloc); > > device_unregister(dev); > > + pr_info("%d allocation overflow tests finished\n", count); > + > return err; > } > > -- > 2.30.2 >
On 21/09/2021 00.10, Nick Desaulniers wrote: > On Mon, Sep 20, 2021 at 11:09 AM Kees Cook <keescook@chromium.org> wrote: >> >> @@ -544,10 +544,7 @@ DEFINE_TEST_ALLOC(kmalloc, kfree, 0, 1, 0); >> DEFINE_TEST_ALLOC(kmalloc_node, kfree, 0, 1, 1); >> DEFINE_TEST_ALLOC(kzalloc, kfree, 0, 1, 0); >> DEFINE_TEST_ALLOC(kzalloc_node, kfree, 0, 1, 1); >> -DEFINE_TEST_ALLOC(vmalloc, vfree, 0, 0, 0); >> -DEFINE_TEST_ALLOC(vmalloc_node, vfree, 0, 0, 1); >> -DEFINE_TEST_ALLOC(vzalloc, vfree, 0, 0, 0); >> -DEFINE_TEST_ALLOC(vzalloc_node, vfree, 0, 0, 1); >> +DEFINE_TEST_ALLOC(__vmalloc, vfree, 0, 1, 0); >> DEFINE_TEST_ALLOC(kvmalloc, kvfree, 0, 1, 0); >> DEFINE_TEST_ALLOC(kvmalloc_node, kvfree, 0, 1, 1); >> DEFINE_TEST_ALLOC(kvzalloc, kvfree, 0, 1, 0); >> @@ -559,8 +556,14 @@ static int __init test_overflow_allocation(void) >> { >> const char device_name[] = "overflow-test"; >> struct device *dev; >> + int count = 0; >> int err = 0; >> >> +#define check_allocation_overflow(alloc) ({ \ >> + count++; \ >> + test_ ## alloc(dev); \ >> +}) >> + >> /* Create dummy device for devm_kmalloc()-family tests. */ >> dev = root_device_register(device_name); >> if (IS_ERR(dev)) { >> @@ -568,23 +571,22 @@ static int __init test_overflow_allocation(void) >> return 1; >> } >> >> - err |= test_kmalloc(NULL); >> - err |= test_kmalloc_node(NULL); >> - err |= test_kzalloc(NULL); >> - err |= test_kzalloc_node(NULL); >> - err |= test_kvmalloc(NULL); >> - err |= test_kvmalloc_node(NULL); >> - err |= test_kvzalloc(NULL); >> - err |= test_kvzalloc_node(NULL); >> - err |= test_vmalloc(NULL); >> - err |= test_vmalloc_node(NULL); >> - err |= test_vzalloc(NULL); >> - err |= test_vzalloc_node(NULL); >> - err |= test_devm_kmalloc(dev); >> - err |= test_devm_kzalloc(dev); >> + err |= check_allocation_overflow(kmalloc); >> + err |= check_allocation_overflow(kmalloc_node); >> + err |= check_allocation_overflow(kzalloc); >> + err |= check_allocation_overflow(kzalloc_node); >> + err |= check_allocation_overflow(__vmalloc); >> + err |= check_allocation_overflow(kvmalloc); >> + err |= check_allocation_overflow(kvmalloc_node); >> + err |= check_allocation_overflow(kvzalloc); >> + err |= check_allocation_overflow(kvzalloc_node); >> + err |= check_allocation_overflow(devm_kmalloc); >> + err |= check_allocation_overflow(devm_kzalloc); >> >> device_unregister(dev); I'd prefer if such a local helper macro was defined immediately prior to the sequence of uses, and then #undef'ed at the end. Other than that: Acked-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
diff --git a/lib/test_overflow.c b/lib/test_overflow.c index 01a469ff7ff6..e1fd2d72dc61 100644 --- a/lib/test_overflow.c +++ b/lib/test_overflow.c @@ -252,10 +252,10 @@ static int __init test_ ## t ## _overflow(void) { \ int err = 0; \ unsigned i; \ \ - pr_info("%-3s: %zu arithmetic tests\n", #t, \ - ARRAY_SIZE(t ## _tests)); \ for (i = 0; i < ARRAY_SIZE(t ## _tests); ++i) \ err |= do_test_ ## t(&t ## _tests[i]); \ + pr_info("%zu %s arithmetic tests finished\n", \ + ARRAY_SIZE(t ## _tests), #t); \ return err; \ } @@ -291,6 +291,7 @@ static int __init test_overflow_calculation(void) static int __init test_overflow_shift(void) { int err = 0; + int count = 0; /* Args are: value, shift, type, expected result, overflow expected */ #define TEST_ONE_SHIFT(a, s, t, expect, of) ({ \ @@ -313,9 +314,7 @@ static int __init test_overflow_shift(void) pr_warn("got %llu\n", (u64)__d); \ __failed = 1; \ } \ - if (!__failed) \ - pr_info("ok: (%s)(%s << %s) == %s\n", #t, #a, #s, \ - of ? "overflow" : #expect); \ + count++; \ __failed; \ }) @@ -479,6 +478,8 @@ static int __init test_overflow_shift(void) err |= TEST_ONE_SHIFT(0, 31, s32, 0, false); err |= TEST_ONE_SHIFT(0, 63, s64, 0, false); + pr_info("%d shift tests finished\n", count); + return err; } @@ -530,7 +531,6 @@ static int __init test_ ## func (void *arg) \ free ## want_arg (free_func, arg, ptr); \ return 1; \ } \ - pr_info(#func " detected saturation\n"); \ return 0; \ } @@ -544,10 +544,7 @@ DEFINE_TEST_ALLOC(kmalloc, kfree, 0, 1, 0); DEFINE_TEST_ALLOC(kmalloc_node, kfree, 0, 1, 1); DEFINE_TEST_ALLOC(kzalloc, kfree, 0, 1, 0); DEFINE_TEST_ALLOC(kzalloc_node, kfree, 0, 1, 1); -DEFINE_TEST_ALLOC(vmalloc, vfree, 0, 0, 0); -DEFINE_TEST_ALLOC(vmalloc_node, vfree, 0, 0, 1); -DEFINE_TEST_ALLOC(vzalloc, vfree, 0, 0, 0); -DEFINE_TEST_ALLOC(vzalloc_node, vfree, 0, 0, 1); +DEFINE_TEST_ALLOC(__vmalloc, vfree, 0, 1, 0); DEFINE_TEST_ALLOC(kvmalloc, kvfree, 0, 1, 0); DEFINE_TEST_ALLOC(kvmalloc_node, kvfree, 0, 1, 1); DEFINE_TEST_ALLOC(kvzalloc, kvfree, 0, 1, 0); @@ -559,8 +556,14 @@ static int __init test_overflow_allocation(void) { const char device_name[] = "overflow-test"; struct device *dev; + int count = 0; int err = 0; +#define check_allocation_overflow(alloc) ({ \ + count++; \ + test_ ## alloc(dev); \ +}) + /* Create dummy device for devm_kmalloc()-family tests. */ dev = root_device_register(device_name); if (IS_ERR(dev)) { @@ -568,23 +571,22 @@ static int __init test_overflow_allocation(void) return 1; } - err |= test_kmalloc(NULL); - err |= test_kmalloc_node(NULL); - err |= test_kzalloc(NULL); - err |= test_kzalloc_node(NULL); - err |= test_kvmalloc(NULL); - err |= test_kvmalloc_node(NULL); - err |= test_kvzalloc(NULL); - err |= test_kvzalloc_node(NULL); - err |= test_vmalloc(NULL); - err |= test_vmalloc_node(NULL); - err |= test_vzalloc(NULL); - err |= test_vzalloc_node(NULL); - err |= test_devm_kmalloc(dev); - err |= test_devm_kzalloc(dev); + err |= check_allocation_overflow(kmalloc); + err |= check_allocation_overflow(kmalloc_node); + err |= check_allocation_overflow(kzalloc); + err |= check_allocation_overflow(kzalloc_node); + err |= check_allocation_overflow(__vmalloc); + err |= check_allocation_overflow(kvmalloc); + err |= check_allocation_overflow(kvmalloc_node); + err |= check_allocation_overflow(kvzalloc); + err |= check_allocation_overflow(kvzalloc_node); + err |= check_allocation_overflow(devm_kmalloc); + err |= check_allocation_overflow(devm_kzalloc); device_unregister(dev); + pr_info("%d allocation overflow tests finished\n", count); + return err; }
Report test run summaries more regularly, so it's easier to understand the output: - Remove noisy "ok" reports for shift and allocator tests. - Reorganize per-type output to the end of each type's tests. - Replace redundant vmalloc tests with __vmalloc so that __GFP_NO_WARN can be used to keep the expected failure warnings out of dmesg, similar to commit 8e060c21ae2c ("lib/test_overflow.c: avoid tainting the kernel and fix wrap size") Resulting output: test_overflow: 18 u8 arithmetic tests finished test_overflow: 19 s8 arithmetic tests finished test_overflow: 17 u16 arithmetic tests finished test_overflow: 17 s16 arithmetic tests finished test_overflow: 17 u32 arithmetic tests finished test_overflow: 17 s32 arithmetic tests finished test_overflow: 17 u64 arithmetic tests finished test_overflow: 21 s64 arithmetic tests finished test_overflow: 113 shift tests finished test_overflow: 17 overflow size helper tests finished test_overflow: 11 allocation overflow tests finished test_overflow: all tests passed Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Kees Cook <keescook@chromium.org> --- lib/test_overflow.c | 50 +++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 24 deletions(-)