Re: [PATCH v3 2/2] usercopy: Convert test_user_copy to KUnit test

On 6/12/24 13:59, Kees Cook wrote:

Convert the runtime tests of hardened usercopy to standard KUnit tests.

Additionally disable usercopy_test_invalid() for systems with separate address spaces (or no MMU) since it's not sensible to test for address confusion there (e.g. m68k).

Co-developed-by: Vitor Massaru Iha vitor@massaru.org Signed-off-by: Vitor Massaru Iha vitor@massaru.org Link: https://lore.kernel.org/r/20200721174654.72132-1-vitor@massaru.org Tested-by: Ivan Orlov ivan.orlov0322@gmail.com Reviewed-by: David Gow davidgow@google.com Signed-off-by: Kees Cook kees@kernel.org

---

MAINTAINERS | 1 + lib/Kconfig.debug | 21 +- lib/Makefile | 2 +- lib/{test_user_copy.c => usercopy_kunit.c} | 282 ++++++++++----------- 4 files changed, 151 insertions(+), 155 deletions(-) rename lib/{test_user_copy.c => usercopy_kunit.c} (46%)

diff --git a/MAINTAINERS b/MAINTAINERS index 8754ac2c259d..0cd171ec6010 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11962,6 +11962,7 @@ F: arch/*/configs/hardening.config F: include/linux/overflow.h F: include/linux/randomize_kstack.h F: kernel/configs/hardening.config +F: lib/usercopy_kunit.c F: mm/usercopy.c K: \b(add|choose)_random_kstack_offset\b K: \b__check_(object_size|heap_object)\b diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 59b6765d86b8..561e346f5cb0 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2505,18 +2505,6 @@ config TEST_VMALLOC If unsure, say N. -config TEST_USER_COPY

• tristate "Test user/kernel boundary protections"
• depends on m
• help

•  This builds the "test_user_copy" module that runs sanity checks
  

•  on the copy_to/from_user infrastructure, making sure basic
  

•  user/kernel boundary testing is working. If it fails to load,
  

•  a regression has been detected in the user/kernel memory boundary
  

•  protections.
  

•  If unsure, say N.
  

• config TEST_BPF tristate "Test BPF filter functionality" depends on m && NET

@@ -2814,6 +2802,15 @@ config SIPHASH_KUNIT_TEST This is intended to help people writing architecture-specific optimized versions. If unsure, say N. +config USERCOPY_KUNIT_TEST

• tristate "KUnit Test for user/kernel boundary protections"
• depends on KUNIT
• default KUNIT_ALL_TESTS
• help

•  This builds the "usercopy_kunit" module that runs sanity checks
  

•  on the copy_to/from_user infrastructure, making sure basic
  

•  user/kernel boundary testing is working.
  

Please carry the following line forward as well to be complete assuming it is relevant.

If unsure, say N.

thanks, -- Shuah