| Message ID | 2b43049e25dcd04850ba6c205cd6dcc7caa4a886.1610554432.git.andreyknvl@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kasan: HW_TAGS tests support and fixes | expand |
On Wed, 13 Jan 2021 at 17:21, Andrey Konovalov <andreyknvl@google.com> wrote: > > Clarify and update comments in KASAN tests. > > Link: https://linux-review.googlesource.com/id/I6c816c51fa1e0eb7aa3dead6bda1f339d2af46c8 > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Marco Elver <elver@google.com> > --- > lib/test_kasan.c | 59 +++++++++++++++++++++++++---------------- > lib/test_kasan_module.c | 5 ++-- > 2 files changed, 39 insertions(+), 25 deletions(-) > > diff --git a/lib/test_kasan.c b/lib/test_kasan.c > index 2947274cc2d3..6f46e27c2af7 100644 > --- a/lib/test_kasan.c > +++ b/lib/test_kasan.c > @@ -28,10 +28,9 @@ > #define OOB_TAG_OFF (IS_ENABLED(CONFIG_KASAN_GENERIC) ? 0 : KASAN_GRANULE_SIZE) > > /* > - * We assign some test results to these globals to make sure the tests > - * are not eliminated as dead code. > + * Some tests use these global variables to store return values from function > + * calls that could otherwise be eliminated by the compiler as dead code. > */ > - > void *kasan_ptr_result; > int kasan_int_result; > > @@ -39,14 +38,13 @@ static struct kunit_resource resource; > static struct kunit_kasan_expectation fail_data; > static bool multishot; > > +/* > + * Temporarily enable multi-shot mode. Otherwise, KASAN would only report the > + * first detected bug and panic the kernel if panic_on_warn is enabled. > + */ > static int kasan_test_init(struct kunit *test) > { > - /* > - * Temporarily enable multi-shot mode and set panic_on_warn=0. > - * Otherwise, we'd only get a report for the first case. > - */ > multishot = kasan_save_enable_multi_shot(); > - > return 0; > } > > @@ -56,12 +54,12 @@ static void kasan_test_exit(struct kunit *test) > } > > /** > - * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does > - * not cause a KASAN error. This uses a KUnit resource named "kasan_data." Do > - * Do not use this name for a KUnit resource outside here. > - * > + * KUNIT_EXPECT_KASAN_FAIL() - check that the executed expression produces a > + * KASAN report; causes a test failure otherwise. This relies on a KUnit > + * resource named "kasan_data". Do not use this name for KUnit resources > + * outside of KASAN tests. > */ > -#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do { \ > +#define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \ > fail_data.report_expected = true; \ > fail_data.report_found = false; \ > kunit_add_named_resource(test, \ > @@ -69,7 +67,7 @@ static void kasan_test_exit(struct kunit *test) > NULL, \ > &resource, \ > "kasan_data", &fail_data); \ > - condition; \ > + expression; \ > KUNIT_EXPECT_EQ(test, \ > fail_data.report_expected, \ > fail_data.report_found); \ > @@ -121,7 +119,8 @@ static void kmalloc_pagealloc_oob_right(struct kunit *test) > return; > } > > - /* Allocate a chunk that does not fit into a SLUB cache to trigger > + /* > + * Allocate a chunk that does not fit into a SLUB cache to trigger > * the page allocator fallback. > */ > ptr = kmalloc(size, GFP_KERNEL); > @@ -168,7 +167,9 @@ static void kmalloc_large_oob_right(struct kunit *test) > { > char *ptr; > size_t size = KMALLOC_MAX_CACHE_SIZE - 256; > - /* Allocate a chunk that is large enough, but still fits into a slab > + > + /* > + * Allocate a chunk that is large enough, but still fits into a slab > * and does not trigger the page allocator fallback in SLUB. > */ > ptr = kmalloc(size, GFP_KERNEL); > @@ -469,10 +470,13 @@ static void ksize_unpoisons_memory(struct kunit *test) > ptr = kmalloc(size, GFP_KERNEL); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); > real_size = ksize(ptr); > - /* This access doesn't trigger an error. */ > + > + /* This access shouldn't trigger a KASAN report. */ > ptr[size] = 'x'; > - /* This one does. */ > + > + /* This one must. */ > KUNIT_EXPECT_KASAN_FAIL(test, ptr[real_size] = 'y'); > + > kfree(ptr); > } > > @@ -568,7 +572,7 @@ static void kmem_cache_invalid_free(struct kunit *test) > return; > } > > - /* Trigger invalid free, the object doesn't get freed */ > + /* Trigger invalid free, the object doesn't get freed. */ > KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1)); > > /* > @@ -585,7 +589,10 @@ static void kasan_memchr(struct kunit *test) > char *ptr; > size_t size = 24; > > - /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */ > + /* > + * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT. > + * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details. > + */ > if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { > kunit_info(test, > "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT"); > @@ -610,7 +617,10 @@ static void kasan_memcmp(struct kunit *test) > size_t size = 24; > int arr[9]; > > - /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */ > + /* > + * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT. > + * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details. > + */ > if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { > kunit_info(test, > "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT"); > @@ -634,7 +644,10 @@ static void kasan_strings(struct kunit *test) > char *ptr; > size_t size = 24; > > - /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */ > + /* > + * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT. > + * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details. > + */ > if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { > kunit_info(test, > "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT"); > @@ -706,7 +719,7 @@ static void kasan_bitops_generic(struct kunit *test) > } > > /* > - * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes; > + * Allocate 1 more byte, which causes kzalloc to round up to 16 bytes; > * this way we do not actually corrupt other memory. > */ > bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL); > diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c > index 3b4cc77992d2..eee017ff8980 100644 > --- a/lib/test_kasan_module.c > +++ b/lib/test_kasan_module.c > @@ -123,8 +123,9 @@ static noinline void __init kasan_workqueue_uaf(void) > static int __init test_kasan_module_init(void) > { > /* > - * Temporarily enable multi-shot mode. Otherwise, we'd only get a > - * report for the first case. > + * Temporarily enable multi-shot mode. Otherwise, KASAN would only > + * report the first detected bug and panic the kernel if panic_on_warn > + * is enabled. > */ > bool multishot = kasan_save_enable_multi_shot(); > > -- > 2.30.0.284.gd98b1dd5eaa7-goog >
diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 2947274cc2d3..6f46e27c2af7 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -28,10 +28,9 @@ #define OOB_TAG_OFF (IS_ENABLED(CONFIG_KASAN_GENERIC) ? 0 : KASAN_GRANULE_SIZE) /* - * We assign some test results to these globals to make sure the tests - * are not eliminated as dead code. + * Some tests use these global variables to store return values from function + * calls that could otherwise be eliminated by the compiler as dead code. */ - void *kasan_ptr_result; int kasan_int_result; @@ -39,14 +38,13 @@ static struct kunit_resource resource; static struct kunit_kasan_expectation fail_data; static bool multishot; +/* + * Temporarily enable multi-shot mode. Otherwise, KASAN would only report the + * first detected bug and panic the kernel if panic_on_warn is enabled. + */ static int kasan_test_init(struct kunit *test) { - /* - * Temporarily enable multi-shot mode and set panic_on_warn=0. - * Otherwise, we'd only get a report for the first case. - */ multishot = kasan_save_enable_multi_shot(); - return 0; } @@ -56,12 +54,12 @@ static void kasan_test_exit(struct kunit *test) } /** - * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does - * not cause a KASAN error. This uses a KUnit resource named "kasan_data." Do - * Do not use this name for a KUnit resource outside here. - * + * KUNIT_EXPECT_KASAN_FAIL() - check that the executed expression produces a + * KASAN report; causes a test failure otherwise. This relies on a KUnit + * resource named "kasan_data". Do not use this name for KUnit resources + * outside of KASAN tests. */ -#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do { \ +#define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \ fail_data.report_expected = true; \ fail_data.report_found = false; \ kunit_add_named_resource(test, \ @@ -69,7 +67,7 @@ static void kasan_test_exit(struct kunit *test) NULL, \ &resource, \ "kasan_data", &fail_data); \ - condition; \ + expression; \ KUNIT_EXPECT_EQ(test, \ fail_data.report_expected, \ fail_data.report_found); \ @@ -121,7 +119,8 @@ static void kmalloc_pagealloc_oob_right(struct kunit *test) return; } - /* Allocate a chunk that does not fit into a SLUB cache to trigger + /* + * Allocate a chunk that does not fit into a SLUB cache to trigger * the page allocator fallback. */ ptr = kmalloc(size, GFP_KERNEL); @@ -168,7 +167,9 @@ static void kmalloc_large_oob_right(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE - 256; - /* Allocate a chunk that is large enough, but still fits into a slab + + /* + * Allocate a chunk that is large enough, but still fits into a slab * and does not trigger the page allocator fallback in SLUB. */ ptr = kmalloc(size, GFP_KERNEL); @@ -469,10 +470,13 @@ static void ksize_unpoisons_memory(struct kunit *test) ptr = kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); real_size = ksize(ptr); - /* This access doesn't trigger an error. */ + + /* This access shouldn't trigger a KASAN report. */ ptr[size] = 'x'; - /* This one does. */ + + /* This one must. */ KUNIT_EXPECT_KASAN_FAIL(test, ptr[real_size] = 'y'); + kfree(ptr); } @@ -568,7 +572,7 @@ static void kmem_cache_invalid_free(struct kunit *test) return; } - /* Trigger invalid free, the object doesn't get freed */ + /* Trigger invalid free, the object doesn't get freed. */ KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1)); /* @@ -585,7 +589,10 @@ static void kasan_memchr(struct kunit *test) char *ptr; size_t size = 24; - /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */ + /* + * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT. + * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details. + */ if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { kunit_info(test, "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT"); @@ -610,7 +617,10 @@ static void kasan_memcmp(struct kunit *test) size_t size = 24; int arr[9]; - /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */ + /* + * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT. + * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details. + */ if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { kunit_info(test, "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT"); @@ -634,7 +644,10 @@ static void kasan_strings(struct kunit *test) char *ptr; size_t size = 24; - /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */ + /* + * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT. + * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details. + */ if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) { kunit_info(test, "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT"); @@ -706,7 +719,7 @@ static void kasan_bitops_generic(struct kunit *test) } /* - * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes; + * Allocate 1 more byte, which causes kzalloc to round up to 16 bytes; * this way we do not actually corrupt other memory. */ bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL); diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c index 3b4cc77992d2..eee017ff8980 100644 --- a/lib/test_kasan_module.c +++ b/lib/test_kasan_module.c @@ -123,8 +123,9 @@ static noinline void __init kasan_workqueue_uaf(void) static int __init test_kasan_module_init(void) { /* - * Temporarily enable multi-shot mode. Otherwise, we'd only get a - * report for the first case. + * Temporarily enable multi-shot mode. Otherwise, KASAN would only + * report the first detected bug and panic the kernel if panic_on_warn + * is enabled. */ bool multishot = kasan_save_enable_multi_shot();
Clarify and update comments in KASAN tests. Link: https://linux-review.googlesource.com/id/I6c816c51fa1e0eb7aa3dead6bda1f339d2af46c8 Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- lib/test_kasan.c | 59 +++++++++++++++++++++++++---------------- lib/test_kasan_module.c | 5 ++-- 2 files changed, 39 insertions(+), 25 deletions(-)