lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231115152312.GA51310@dev-arch.thelio-3990X>
Date: Wed, 15 Nov 2023 08:23:12 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: David Gow <davidgow@...gle.com>
Cc: Kees Cook <keescook@...omium.org>,
	Brendan Higgins <brendan.higgins@...ux.dev>,
	Rae Moar <rmoar@...gle.com>, dlatypov@...gle.com,
	Maxime Ripard <mripard@...nel.org>,
	Arthur Grillo <arthurgrillo@...eup.net>,
	Shuah Khan <skhan@...uxfoundation.org>,
	MaĆ­ra Canal <mairacanal@...eup.net>,
	Sami Tolvanen <samitolvanen@...gle.com>, kunit-dev@...glegroups.com,
	llvm@...ts.linux.dev, linux-hardening@...r.kernel.org,
	linux-kselftest@...r.kernel.org,
	Benjamin Berg <benjamin.berg@...el.com>,
	Richard Fitzgerald <rf@...nsource.cirrus.com>,
	linux-kernel@...r.kernel.org,
	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
	Thomas Zimmermann <tzimmermann@...e.de>,
	Emma Anholt <emma@...olt.net>, David Airlie <airlied@...il.com>,
	Daniel Vetter <daniel@...ll.ch>, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH 1/3] kunit: Add a macro to wrap a deferred action function

Hi David,

On Sat, Nov 11, 2023 at 04:08:26AM +0800, David Gow wrote:
> KUnit's deferred action API accepts a void(*)(void *) function pointer
> which is called when the test is exited. However, we very frequently
> want to use existing functions which accept a single pointer, but which
> may not be of type void*. While this is probably dodgy enough to be on
> the wrong side of the C standard, it's been often used for similar
> callbacks, and gcc's -Wcast-function-type seems to ignore cases where
> the only difference is the type of the argument, assuming it's
> compatible (i.e., they're both pointers to data).
> 
> However, clang 16 has introduced -Wcast-function-type-strict, which no
> longer permits any deviation in function pointer type. This seems to be
> because it'd break CFI, which validates the type of function calls.
> 
> This rather ruins our attempts to cast functions to defer them, and
> leaves us with a few options. The one we've chosen is to implement a
> macro which will generate a wrapper function which accepts a void*, and
> casts the argument to the appropriate type.
> 
> For example, if you were trying to wrap:
> void foo_close(struct foo *handle);
> you could use:
> KUNIT_DEFINE_ACTION_WRAPPER(kunit_action_foo_close,
> 			    foo_close,
> 			    struct foo *);
> 
> This would create a new kunit_action_foo_close() function, of type
> kunit_action_t, which could be passed into kunit_add_action() and
> similar functions.
> 
> In addition to defining this macro, update KUnit and its tests to use
> it.
> 
> Link: https://github.com/ClangBuiltLinux/linux/issues/1750
> Signed-off-by: David Gow <davidgow@...gle.com>
> ---
> 
> This is a follow-up to the RFC here:
> https://lore.kernel.org/linux-kselftest/20230915050125.3609689-1-davidgow@google.com/
> 
> There's no difference in the macro implementation, just an update to the
> KUnit tests to use it. This version is intended to complement:
> https://lore.kernel.org/all/20231106172557.2963-1-rf@opensource.cirrus.com/
> 
> There are also two follow-up patches in the series to use this macro in
> various DRM tests.
> 
> Hopefully this will solve any CFI issues that show up with KUnit.
> 
> Thanks,
> -- David
> 
> ---

Prior to this series, there is indeed a crash when running the KUnit
tests with CONFIG_CFI_CLANG=y:

$ tools/testing/kunit/kunit.py run \
    --alltests \
    --arch x86_64 \
    --kconfig_add CONFIG_CFI_CLANG=y \
    --make_options LLVM=1 \
    --timeout 30
...
[08:06:03] [ERROR] Test: sysctl_test: missing subtest result line!
[08:06:03]     # module: sysctl_test
[08:06:03]     1..10
[08:06:03] CFI failure at __kunit_action_free+0x18/0x20 (target: kfree+0x0/0x80; expected type: 0xe82c6923)
[08:06:03] invalid opcode: 0000 [#1] PREEMPT NOPTI
[08:06:03] CPU: 0 PID: 53 Comm: kunit_try_catch Tainted: G                 N 6.7.0-rc1-00019-gc42d9eeef8e5 #3
[08:06:03] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-14-g1e1da7a96300-prebuilt.qemu.org 04/01/2014
[08:06:03] RIP: 0010:__kunit_action_free+0x18/0x20
[08:06:03] Code: 00 00 b8 ae 55 f1 4d 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 5f 38 48 8b 7f 40 41 ba dd 96 d3 17 45 03 53 f1 74 02 <0f> 0b 2e e9 f0 b5 46 00 b8 fa f1 06 5e 90 90 90 90 90 90 90 90 90
[08:06:03] RSP: 0018:ffffb0d2c00ebea0 EFLAGS: 00000292
[08:06:03] RAX: 0000000000000001 RBX: ffff993d41949a80 RCX: ffff993d41949aa0
[08:06:03] RDX: 0000000000000282 RSI: ffff993d41949a80 RDI: ffff993d4186b6b0
[08:06:03] RBP: ffffb0d2c0013ad8 R08: ffffffffc9c84000 R09: 0000000000000400
[08:06:03] R10: 00000000f707d502 R11: ffffffff8f33aa40 R12: ffff993d418d2e00
[08:06:03] R13: ffff993d41a05600 R14: ffffb0d2c0013cc0 R15: ffff993d41949ae0
[08:06:03] FS:  0000000000000000(0000) GS:ffffffff90049000(0000) knlGS:0000000000000000
[08:06:03] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[08:06:03] CR2: ffff993d55c01000 CR3: 000000001563e000 CR4: 00000000000006f0
[08:06:03] Call Trace:
[08:06:03]  <TASK>
[08:06:03]  ? __die+0xd6/0x120
[08:06:03]  ? die+0x5f/0xa0
[08:06:03]  ? do_trap+0x9b/0x180
[08:06:03]  ? __kunit_action_free+0x18/0x20
[08:06:03]  ? __kunit_action_free+0x18/0x20
[08:06:03]  ? handle_invalid_op+0x64/0x80
[08:06:03]  ? __kunit_action_free+0x18/0x20
[08:06:03]  ? exc_invalid_op+0x38/0x60
[08:06:03]  ? asm_exc_invalid_op+0x1a/0x20
[08:06:03]  ? __cfi_kfree+0x10/0x10
[08:06:03]  ? __kunit_action_free+0x18/0x20
[08:06:03]  kunit_remove_resource+0x8f/0xf0
[08:06:03]  kunit_cleanup+0x60/0xe0
[08:06:03]  kunit_generic_run_threadfn_adapter+0x24/0x30
[08:06:03]  ? __cfi_kunit_generic_run_threadfn_adapter+0x10/0x10
[08:06:03]  kthread+0xd9/0xf0
[08:06:03]  ? __cfi_kthread+0x10/0x10
[08:06:03]  ret_from_fork+0x43/0x50
[08:06:03]  ? __cfi_kthread+0x10/0x10
[08:06:03]  ret_from_fork_asm+0x1a/0x30
[08:06:03]  </TASK>
[08:06:03] ---[ end trace 0000000000000000 ]---
[08:06:03] RIP: 0010:__kunit_action_free+0x18/0x20
...

With this series applied with
https://lore.kernel.org/20231106172557.2963-1-rf@opensource.cirrus.com/,
all the tests pass for arm64 and x86_64 on my machine. I see no
remaining casts in the tree in this state. It seems like the
documentation in Documentation/dev-tools/kunit/usage.rst may want to be
updated to remove mention of casting to kunit_action_t as well?
Regardless:

Reviewed-by: Nathan Chancellor <nathan@...nel.org>
Tested-by: Nathan Chancellor <nathan@...nel.org>

>  include/kunit/resource.h | 9 +++++++++
>  lib/kunit/kunit-test.c   | 5 +----
>  lib/kunit/test.c         | 6 ++++--
>  3 files changed, 14 insertions(+), 6 deletions(-)
> 
> diff --git a/include/kunit/resource.h b/include/kunit/resource.h
> index c7383e90f5c9..4110e13970dc 100644
> --- a/include/kunit/resource.h
> +++ b/include/kunit/resource.h
> @@ -390,6 +390,15 @@ void kunit_remove_resource(struct kunit *test, struct kunit_resource *res);
>  /* A 'deferred action' function to be used with kunit_add_action. */
>  typedef void (kunit_action_t)(void *);
>  
> +/* We can't cast function pointers to kunit_action_t if CFI is enabled. */
> +#define KUNIT_DEFINE_ACTION_WRAPPER(wrapper, orig, arg_type) \
> +	static void wrapper(void *in) \
> +	{ \
> +		arg_type arg = (arg_type)in; \
> +		orig(arg); \
> +	}
> +
> +
>  /**
>   * kunit_add_action() - Call a function when the test ends.
>   * @test: Test case to associate the action with.
> diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
> index de2113a58fa0..ee6927c60979 100644
> --- a/lib/kunit/kunit-test.c
> +++ b/lib/kunit/kunit-test.c
> @@ -538,10 +538,7 @@ static struct kunit_suite kunit_resource_test_suite = {
>  #if IS_BUILTIN(CONFIG_KUNIT_TEST)
>  
>  /* This avoids a cast warning if kfree() is passed direct to kunit_add_action(). */
> -static void kfree_wrapper(void *p)
> -{
> -	kfree(p);
> -}
> +KUNIT_DEFINE_ACTION_WRAPPER(kfree_wrapper, kfree, const void *);
>  
>  static void kunit_log_test(struct kunit *test)
>  {
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index f2eb71f1a66c..0308865194bb 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -772,6 +772,8 @@ static struct notifier_block kunit_mod_nb = {
>  };
>  #endif
>  
> +KUNIT_DEFINE_ACTION_WRAPPER(kfree_action_wrapper, kfree, const void *)
> +
>  void *kunit_kmalloc_array(struct kunit *test, size_t n, size_t size, gfp_t gfp)
>  {
>  	void *data;
> @@ -781,7 +783,7 @@ void *kunit_kmalloc_array(struct kunit *test, size_t n, size_t size, gfp_t gfp)
>  	if (!data)
>  		return NULL;
>  
> -	if (kunit_add_action_or_reset(test, (kunit_action_t *)kfree, data) != 0)
> +	if (kunit_add_action_or_reset(test, kfree_action_wrapper, data) != 0)
>  		return NULL;
>  
>  	return data;
> @@ -793,7 +795,7 @@ void kunit_kfree(struct kunit *test, const void *ptr)
>  	if (!ptr)
>  		return;
>  
> -	kunit_release_action(test, (kunit_action_t *)kfree, (void *)ptr);
> +	kunit_release_action(test, kfree_action_wrapper, (void *)ptr);
>  }
>  EXPORT_SYMBOL_GPL(kunit_kfree);
>  
> -- 
> 2.42.0.869.gea05f2083d-goog
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ