On 6/17/24 13:00, Kees Cook wrote:
On Fri, Jun 14, 2024 at 09:50:05AM -0600, Shuah Khan wrote:
On 6/12/24 13:59, Kees Cook wrote:
Convert the runtime tests of hardened usercopy to standard KUnit tests.
Additionally disable usercopy_test_invalid() for systems with separate address spaces (or no MMU) since it's not sensible to test for address confusion there (e.g. m68k).
Co-developed-by: Vitor Massaru Iha vitor@massaru.org Signed-off-by: Vitor Massaru Iha vitor@massaru.org Link: https://lore.kernel.org/r/20200721174654.72132-1-vitor@massaru.org Tested-by: Ivan Orlov ivan.orlov0322@gmail.com Reviewed-by: David Gow davidgow@google.com Signed-off-by: Kees Cook kees@kernel.org
MAINTAINERS | 1 + lib/Kconfig.debug | 21 +- lib/Makefile | 2 +- lib/{test_user_copy.c => usercopy_kunit.c} | 282 ++++++++++----------- 4 files changed, 151 insertions(+), 155 deletions(-) rename lib/{test_user_copy.c => usercopy_kunit.c} (46%)
diff --git a/MAINTAINERS b/MAINTAINERS index 8754ac2c259d..0cd171ec6010 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11962,6 +11962,7 @@ F: arch/*/configs/hardening.config F: include/linux/overflow.h F: include/linux/randomize_kstack.h F: kernel/configs/hardening.config +F: lib/usercopy_kunit.c F: mm/usercopy.c K: \b(add|choose)_random_kstack_offset\b K: \b__check_(object_size|heap_object)\b diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 59b6765d86b8..561e346f5cb0 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2505,18 +2505,6 @@ config TEST_VMALLOC If unsure, say N. -config TEST_USER_COPY
- tristate "Test user/kernel boundary protections"
- depends on m
- help
This builds the "test_user_copy" module that runs sanity checkson the copy_to/from_user infrastructure, making sure basicuser/kernel boundary testing is working. If it fails to load,a regression has been detected in the user/kernel memory boundaryprotections.If unsure, say N.- config TEST_BPF tristate "Test BPF filter functionality" depends on m && NET
@@ -2814,6 +2802,15 @@ config SIPHASH_KUNIT_TEST This is intended to help people writing architecture-specific optimized versions. If unsure, say N. +config USERCOPY_KUNIT_TEST
- tristate "KUnit Test for user/kernel boundary protections"
- depends on KUNIT
- default KUNIT_ALL_TESTS
- help
This builds the "usercopy_kunit" module that runs sanity checkson the copy_to/from_user infrastructure, making sure basicuser/kernel boundary testing is working.Please carry the following line forward as well to be complete assuming it is relevant.
If unsure, say N.
I've explicitly removed that because it would be repetitive if it were included for all KUnit tests.
Thanks for the explanation.
thanks, -- Shuah