Message ID | 20230407192717.636137-1-keescook@chromium.org (mailing list archive) |
---|---|
State | Changes Requested |
Headers | show |
Series | fortify: Add KUnit tests for runtime overflows | expand |
On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@chromium.org> wrote: > > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when > running with --altests to gain additional coverage, and by default under two L's in alltest? > UML. > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > tools/testing/kunit/configs/all_tests.config | 2 ++ > tools/testing/kunit/configs/arch_uml.config | 3 +++ > 2 files changed, 5 insertions(+) > > diff --git a/tools/testing/kunit/configs/all_tests.config b/tools/testing/kunit/configs/all_tests.config > index f990cbb73250..0393940c706a 100644 > --- a/tools/testing/kunit/configs/all_tests.config > +++ b/tools/testing/kunit/configs/all_tests.config > @@ -9,6 +9,8 @@ CONFIG_KUNIT=y > CONFIG_KUNIT_EXAMPLE_TEST=y > CONFIG_KUNIT_ALL_TESTS=y > > +CONFIG_FORTIFY_SOURCE=y > + > CONFIG_IIO=y > > CONFIG_EXT4_FS=y > diff --git a/tools/testing/kunit/configs/arch_uml.config b/tools/testing/kunit/configs/arch_uml.config > index e824ce43b05a..54ad8972681a 100644 > --- a/tools/testing/kunit/configs/arch_uml.config > +++ b/tools/testing/kunit/configs/arch_uml.config > @@ -3,3 +3,6 @@ > # Enable virtio/pci, as a lot of tests require it. > CONFIG_VIRTIO_UML=y > CONFIG_UML_PCI_OVER_VIRTIO=y > + > +# Enable FORTIFY_SOURCE for wider checking. > +CONFIG_FORTIFY_SOURCE=y > -- > 2.34.1 >
On Fri, Apr 7, 2023 at 4:33 PM Nick Desaulniers <ndesaulniers@google.com> wrote: > > On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@chromium.org> wrote: > > > > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible > > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when > > running with --altests to gain additional coverage, and by default under > > two L's in alltest? Also, while testing this series: ``` $ LLVM=1 ./tools/testing/kunit/kunit.py run ... [16:40:09] ================== fortify (24 subtests) =================== [16:40:09] [PASSED] known_sizes_test [16:40:09] [PASSED] control_flow_split_test [16:40:09] [PASSED] alloc_size_kmalloc_const_test [16:40:09] # alloc_size_kmalloc_dynamic_test: EXPECTATION FAILED at lib/fortify_kunit.c:249 [16:40:09] Expected __builtin_dynamic_object_size(p, 1) == expected, but [16:40:09] __builtin_dynamic_object_size(p, 1) == -1 (0xffffffffffffffff) [16:40:09] expected == 11 (0xb) [16:40:09] __alloc_size() not working with __bdos on kmemdup("hello there", len, gfp) [16:40:09] [FAILED] alloc_size_kmalloc_dynamic_test [16:40:09] [PASSED] alloc_size_vmalloc_const_test [16:40:09] [PASSED] alloc_size_vmalloc_dynamic_test [16:40:09] [PASSED] alloc_size_kvmalloc_const_test [16:40:09] [PASSED] alloc_size_kvmalloc_dynamic_test [16:40:09] [PASSED] alloc_size_devm_kmalloc_const_test [16:40:09] [PASSED] alloc_size_devm_kmalloc_dynamic_test [16:40:09] [PASSED] strlen_test [16:40:09] [PASSED] strnlen_test [16:40:09] [PASSED] strcpy_test [16:40:09] [PASSED] strncpy_test [16:40:09] [PASSED] strlcpy_test [16:40:09] [PASSED] strscpy_test [16:40:09] [PASSED] strcat_test [16:40:09] [PASSED] strncat_test [16:40:09] [PASSED] strlcat_test [16:40:09] [PASSED] memscan_test [16:40:09] [PASSED] memchr_test [16:40:09] [PASSED] memchr_inv_test [16:40:09] [PASSED] memcmp_test [16:40:09] [PASSED] kmemdup_test [16:40:09] # fortify: pass:23 fail:1 skip:0 total:24 [16:40:09] # Totals: pass:23 fail:1 skip:0 total:24 [16:40:09] ===================== [FAILED] fortify ===================== ``` It would be cool to understand that failure in BDOS BEFORE turning on these tests by default. > > > UML. > > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > --- > > tools/testing/kunit/configs/all_tests.config | 2 ++ > > tools/testing/kunit/configs/arch_uml.config | 3 +++ > > 2 files changed, 5 insertions(+) > > > > diff --git a/tools/testing/kunit/configs/all_tests.config b/tools/testing/kunit/configs/all_tests.config > > index f990cbb73250..0393940c706a 100644 > > --- a/tools/testing/kunit/configs/all_tests.config > > +++ b/tools/testing/kunit/configs/all_tests.config > > @@ -9,6 +9,8 @@ CONFIG_KUNIT=y > > CONFIG_KUNIT_EXAMPLE_TEST=y > > CONFIG_KUNIT_ALL_TESTS=y > > > > +CONFIG_FORTIFY_SOURCE=y > > + > > CONFIG_IIO=y > > > > CONFIG_EXT4_FS=y > > diff --git a/tools/testing/kunit/configs/arch_uml.config b/tools/testing/kunit/configs/arch_uml.config > > index e824ce43b05a..54ad8972681a 100644 > > --- a/tools/testing/kunit/configs/arch_uml.config > > +++ b/tools/testing/kunit/configs/arch_uml.config > > @@ -3,3 +3,6 @@ > > # Enable virtio/pci, as a lot of tests require it. > > CONFIG_VIRTIO_UML=y > > CONFIG_UML_PCI_OVER_VIRTIO=y > > + > > +# Enable FORTIFY_SOURCE for wider checking. > > +CONFIG_FORTIFY_SOURCE=y > > -- > > 2.34.1 > > > > > -- > Thanks, > ~Nick Desaulniers
On Fri, Apr 07, 2023 at 04:33:43PM -0700, Nick Desaulniers wrote: > On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@chromium.org> wrote: > > > > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible > > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when > > running with --altests to gain additional coverage, and by default under > > two L's in alltest? Oops. Fixed. :)
On Fri, Apr 07, 2023 at 04:42:27PM -0700, Nick Desaulniers wrote: > On Fri, Apr 7, 2023 at 4:33 PM Nick Desaulniers <ndesaulniers@google.com> wrote: > > > > On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@chromium.org> wrote: > > > > > > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible > > > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when > > > running with --altests to gain additional coverage, and by default under > > > > two L's in alltest? > > Also, while testing this series: > ``` > $ LLVM=1 ./tools/testing/kunit/kunit.py run > ... > [16:40:09] ================== fortify (24 subtests) =================== > [16:40:09] [PASSED] known_sizes_test > [16:40:09] [PASSED] control_flow_split_test > [16:40:09] [PASSED] alloc_size_kmalloc_const_test > [16:40:09] # alloc_size_kmalloc_dynamic_test: EXPECTATION FAILED > at lib/fortify_kunit.c:249 > [16:40:09] Expected __builtin_dynamic_object_size(p, 1) == expected, but > [16:40:09] __builtin_dynamic_object_size(p, 1) == -1 > (0xffffffffffffffff) > [16:40:09] expected == 11 (0xb) > [16:40:09] __alloc_size() not working with __bdos on kmemdup("hello > there", len, gfp) I'm still tracking this down. I'm not sure what's happening here, but it seems to be Clang-specific, and due to some interaction with the changes I made for Kunit examination. WHY it happens I haven't found yet.
On Wed, May 10, 2023 at 12:24 PM Kees Cook <keescook@chromium.org> wrote: > > On Fri, Apr 07, 2023 at 04:42:27PM -0700, Nick Desaulniers wrote: > > On Fri, Apr 7, 2023 at 4:33 PM Nick Desaulniers <ndesaulniers@google.com> wrote: > > > > > > On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@chromium.org> wrote: > > > > > > > > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible > > > > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when > > > > running with --altests to gain additional coverage, and by default under > > > > > > two L's in alltest? > > > > Also, while testing this series: > > ``` > > $ LLVM=1 ./tools/testing/kunit/kunit.py run > > ... > > [16:40:09] ================== fortify (24 subtests) =================== > > [16:40:09] [PASSED] known_sizes_test > > [16:40:09] [PASSED] control_flow_split_test > > [16:40:09] [PASSED] alloc_size_kmalloc_const_test > > [16:40:09] # alloc_size_kmalloc_dynamic_test: EXPECTATION FAILED > > at lib/fortify_kunit.c:249 > > [16:40:09] Expected __builtin_dynamic_object_size(p, 1) == expected, but > > [16:40:09] __builtin_dynamic_object_size(p, 1) == -1 > > (0xffffffffffffffff) > > [16:40:09] expected == 11 (0xb) > > [16:40:09] __alloc_size() not working with __bdos on kmemdup("hello > > there", len, gfp) > > I'm still tracking this down. I'm not sure what's happening here, but it > seems to be Clang-specific, and due to some interaction with the changes > I made for Kunit examination. WHY it happens I haven't found yet. Was this what exposed https://github.com/llvm/llvm-project/issues/62789?
On Mon, May 22, 2023 at 12:43:51PM -0700, Nick Desaulniers wrote: > On Wed, May 10, 2023 at 12:24 PM Kees Cook <keescook@chromium.org> wrote: > > > > On Fri, Apr 07, 2023 at 04:42:27PM -0700, Nick Desaulniers wrote: > > > On Fri, Apr 7, 2023 at 4:33 PM Nick Desaulniers <ndesaulniers@google.com> wrote: > > > > > > > > On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@chromium.org> wrote: > > > > > > > > > > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible > > > > > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when > > > > > running with --altests to gain additional coverage, and by default under > > > > > > > > two L's in alltest? > > > > > > Also, while testing this series: > > > ``` > > > $ LLVM=1 ./tools/testing/kunit/kunit.py run > > > ... > > > [16:40:09] ================== fortify (24 subtests) =================== > > > [16:40:09] [PASSED] known_sizes_test > > > [16:40:09] [PASSED] control_flow_split_test > > > [16:40:09] [PASSED] alloc_size_kmalloc_const_test > > > [16:40:09] # alloc_size_kmalloc_dynamic_test: EXPECTATION FAILED > > > at lib/fortify_kunit.c:249 > > > [16:40:09] Expected __builtin_dynamic_object_size(p, 1) == expected, but > > > [16:40:09] __builtin_dynamic_object_size(p, 1) == -1 > > > (0xffffffffffffffff) > > > [16:40:09] expected == 11 (0xb) > > > [16:40:09] __alloc_size() not working with __bdos on kmemdup("hello > > > there", len, gfp) > > > > I'm still tracking this down. I'm not sure what's happening here, but it > > seems to be Clang-specific, and due to some interaction with the changes > > I made for Kunit examination. WHY it happens I haven't found yet. > > Was this what exposed https://github.com/llvm/llvm-project/issues/62789? Nope -- I found this while working on: https://lore.kernel.org/lkml/20230517225838.never.965-kees@kernel.org/ i.e. I was surprised I could use static initializers with a flexible array, and then I went and verified various related behaviors between GCC and Clang.
diff --git a/tools/testing/kunit/configs/all_tests.config b/tools/testing/kunit/configs/all_tests.config index f990cbb73250..0393940c706a 100644 --- a/tools/testing/kunit/configs/all_tests.config +++ b/tools/testing/kunit/configs/all_tests.config @@ -9,6 +9,8 @@ CONFIG_KUNIT=y CONFIG_KUNIT_EXAMPLE_TEST=y CONFIG_KUNIT_ALL_TESTS=y +CONFIG_FORTIFY_SOURCE=y + CONFIG_IIO=y CONFIG_EXT4_FS=y diff --git a/tools/testing/kunit/configs/arch_uml.config b/tools/testing/kunit/configs/arch_uml.config index e824ce43b05a..54ad8972681a 100644 --- a/tools/testing/kunit/configs/arch_uml.config +++ b/tools/testing/kunit/configs/arch_uml.config @@ -3,3 +3,6 @@ # Enable virtio/pci, as a lot of tests require it. CONFIG_VIRTIO_UML=y CONFIG_UML_PCI_OVER_VIRTIO=y + +# Enable FORTIFY_SOURCE for wider checking. +CONFIG_FORTIFY_SOURCE=y
Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when running with --altests to gain additional coverage, and by default under UML. Signed-off-by: Kees Cook <keescook@chromium.org> --- tools/testing/kunit/configs/all_tests.config | 2 ++ tools/testing/kunit/configs/arch_uml.config | 3 +++ 2 files changed, 5 insertions(+)