Enabling a (modular) test should not silently enable additional kernel functionality, as that may increase the attack vector of a product.
Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS instead of selecting it.
After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build modules for all appropriate tests for ones system, without pulling in extra unwanted functionality, while still allowing a tester to manually enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in tools/testing/selftests/lib/config for the latter use case.
Fixes: 313b38a6ecb46db4 ("lib/prime_numbers: convert self-test to KUnit") Signed-off-by: Geert Uytterhoeven geert@linux-m68k.org Acked-by: Tamir Duberstein tamird@gmail.com --- v2: - Add Acked-by, - Resurrect CONFIG_PRIME_NUMBERS=m in tools/testing/selftests/lib/config. --- lib/Kconfig.debug | 2 +- tools/testing/selftests/lib/config | 1 + 2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 4060a89866626c0a..51722f5d041970aa 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -3326,7 +3326,7 @@ config GCD_KUNIT_TEST config PRIME_NUMBERS_KUNIT_TEST tristate "Prime number generator test" if !KUNIT_ALL_TESTS depends on KUNIT - select PRIME_NUMBERS + depends on PRIME_NUMBERS default KUNIT_ALL_TESTS help This option enables the KUnit test suite for the {is,next}_prime_number diff --git a/tools/testing/selftests/lib/config b/tools/testing/selftests/lib/config index 81a1f64a22e860a6..377b3699ff312933 100644 --- a/tools/testing/selftests/lib/config +++ b/tools/testing/selftests/lib/config @@ -1,2 +1,3 @@ CONFIG_TEST_BITMAP=m +CONFIG_PRIME_NUMBERS=m CONFIG_TEST_BITOPS=m
On Mon, 14 Apr 2025 16:35:00 +0200, Geert Uytterhoeven wrote:
Enabling a (modular) test should not silently enable additional kernel functionality, as that may increase the attack vector of a product.
Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS instead of selecting it.
After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build modules for all appropriate tests for ones system, without pulling in extra unwanted functionality, while still allowing a tester to manually enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in tools/testing/selftests/lib/config for the latter use case.
[...]
Applied to for-linus/hardening, thanks!
[1/1] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS https://git.kernel.org/kees/c/3f2925174f8b
Take care,
On Mon, Apr 14, 2025 at 04:35:00PM +0200, Geert Uytterhoeven wrote:
Enabling a (modular) test should not silently enable additional kernel functionality, as that may increase the attack vector of a product.
Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS instead of selecting it.
After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build modules for all appropriate tests for ones system, without pulling in extra unwanted functionality, while still allowing a tester to manually enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in tools/testing/selftests/lib/config for the latter use case.
This commit, which is now in mainline, causes the prime numbers test to vanish from my CI which is a regression - the selftests config fragment is obviously not picked up by the kunit runner when it builds the kernel. You should add any KUnit tests to one of the configs in tools/testing/kunit/configs/ - generally all_tests.config.
On Tue, Apr 22, 2025 at 01:10:47PM +0100, Mark Brown wrote:
On Mon, Apr 14, 2025 at 04:35:00PM +0200, Geert Uytterhoeven wrote:
Enabling a (modular) test should not silently enable additional kernel functionality, as that may increase the attack vector of a product.
Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS instead of selecting it.
After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build modules for all appropriate tests for ones system, without pulling in extra unwanted functionality, while still allowing a tester to manually enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in tools/testing/selftests/lib/config for the latter use case.
This commit, which is now in mainline, causes the prime numbers test to vanish from my CI which is a regression - the selftests config fragment is obviously not picked up by the kunit runner when it builds the kernel. You should add any KUnit tests to one of the configs in tools/testing/kunit/configs/ - generally all_tests.config.
Ah! Thanks -- I forgot about these (apparently my memory horizon is at most 2 years, considering commit 4d9060981f88 ("kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML").
Does this look like you're expecting?
diff --git a/tools/testing/kunit/configs/all_tests.config b/tools/testing/kunit/configs/all_tests.config index cdd9782f9646..554da9df02f2 100644 --- a/tools/testing/kunit/configs/all_tests.config +++ b/tools/testing/kunit/configs/all_tests.config @@ -51,3 +51,5 @@ CONFIG_SOUND=y CONFIG_SND=y CONFIG_SND_SOC=y CONFIG_SND_SOC_TOPOLOGY_BUILD=y + +CONFIG_PRIME_NUMBERS=y
On Tue, Apr 22, 2025 at 08:03:09AM -0700, Kees Cook wrote:
On Tue, Apr 22, 2025 at 01:10:47PM +0100, Mark Brown wrote:
This commit, which is now in mainline, causes the prime numbers test to vanish from my CI which is a regression - the selftests config fragment is obviously not picked up by the kunit runner when it builds the kernel. You should add any KUnit tests to one of the configs in tools/testing/kunit/configs/ - generally all_tests.config.
Ah! Thanks -- I forgot about these (apparently my memory horizon is at most 2 years, considering commit 4d9060981f88 ("kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML").
Does this look like you're expecting?
Yes, in fact I actually have roughly that patch in my CI already.
linux-kselftest-mirror@lists.linaro.org
-
Geert Uytterhoeven -
Kees Cook -
Mark Brown