lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5j+AY_gS5+=DJjH+efosikdf6ab8aU6v+KJmyTAnFbS2Ew@mail.gmail.com>
Date:   Thu, 8 Dec 2016 12:24:35 -0800
From:   Kees Cook <keescook@...omium.org>
To:     "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc:     shuah@...nel.org, Jessica Yu <jeyu@...hat.com>,
        Rusty Russell <rusty@...tcorp.com.au>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        Jonathan Corbet <corbet@....net>, martin.wilck@...e.com,
        Michal Marek <mmarek@...e.com>, Petr Mladek <pmladek@...e.com>,
        hare@...e.com, rwright@....com, Jeff Mahoney <jeffm@...e.com>,
        DSterba@...e.com, fdmanana@...e.com, neilb@...e.com,
        rgoldwyn@...e.com, subashab@...eaurora.org,
        Heinrich Schuchardt <xypron.glpk@....de>,
        Aaron Tomlin <atomlin@...hat.com>, mbenes@...e.cz,
        "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        "David S. Miller" <davem@...emloft.net>,
        Ingo Molnar <mingo@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-kselftest@...r.kernel.org,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC 01/10] kmod: add test driver to stress test the module loader

On Thu, Dec 8, 2016 at 10:47 AM, Luis R. Rodriguez <mcgrof@...nel.org> wrote:
> This adds a new stress test driver for kmod: the kernel module loader.
> The new stress test driver, test_kmod, is only enabled as a module right
> now. It should be possible to load this as built-in and load tests early
> (refer to the force_init_test module parameter), however since a lot of
> test can get a system out of memory fast we leave this disabled for now.
>
> Using a system with 1024 MiB of RAM can *easily* get your kernel
> OOM fast with this test driver.
>
> The test_kmod driver exposes API knobs for us to fine tune simple
> request_module() and get_fs_type() calls. Since these API calls
> only allow each one parameter a test driver for these is rather
> simple. Other factors that can help out test driver though are
> the number of calls we issue and knowing current limitations of
> each. This exposes configuration as much as possible through
> userspace to be able to build tests directly from userspace.
>
> Since it allows multiple misc devices its will eventually (once we
> add a knob to let us create new devices at will) also be possible to
> perform more tests in parallel, provided you have enough memory.
>
> We only enable tests we know work as of right now.
>
> Demo screenshots:
>
>  # tools/testing/selftests/kmod/kmod.sh
> kmod_test_0001_driver: OK! - loading kmod test
> kmod_test_0001_driver: OK! - Return value: 256 (MODULE_NOT_FOUND), expected MODULE_NOT_FOUND
> kmod_test_0001_fs: OK! - loading kmod test
> kmod_test_0001_fs: OK! - Return value: -22 (-EINVAL), expected -EINVAL
> kmod_test_0002_driver: OK! - loading kmod test
> kmod_test_0002_driver: OK! - Return value: 256 (MODULE_NOT_FOUND), expected MODULE_NOT_FOUND
> kmod_test_0002_fs: OK! - loading kmod test
> kmod_test_0002_fs: OK! - Return value: -22 (-EINVAL), expected -EINVAL
> kmod_test_0003: OK! - loading kmod test
> kmod_test_0003: OK! - Return value: 0 (SUCCESS), expected SUCCESS
> kmod_test_0004: OK! - loading kmod test
> kmod_test_0004: OK! - Return value: 0 (SUCCESS), expected SUCCESS
> kmod_test_0005: OK! - loading kmod test
> kmod_test_0005: OK! - Return value: 0 (SUCCESS), expected SUCCESS
> kmod_test_0006: OK! - loading kmod test
> kmod_test_0006: OK! - Return value: 0 (SUCCESS), expected SUCCESS
> kmod_test_0005: OK! - loading kmod test
> kmod_test_0005: OK! - Return value: 0 (SUCCESS), expected SUCCESS
> kmod_test_0006: OK! - loading kmod test
> kmod_test_0006: OK! - Return value: 0 (SUCCESS), expected SUCCESS
> Test completed
>
> You can also request for specific tests:
>
>  # tools/testing/selftests/kmod/kmod.sh -t 0001
> kmod_test_0001_driver: OK! - loading kmod test
> kmod_test_0001_driver: OK! - Return value: 256 (MODULE_NOT_FOUND), expected MODULE_NOT_FOUND
> kmod_test_0001_fs: OK! - loading kmod test
> kmod_test_0001_fs: OK! - Return value: -22 (-EINVAL), expected -EINVAL
> Test completed
>
> Lastly, the current available number of tests:
>
>  # tools/testing/selftests/kmod/kmod.sh --help
> Usage: tools/testing/selftests/kmod/kmod.sh [ -t <4-number-digit> ]
> Valid tests: 0001-0009
>
> 0001 - Simple test - 1 thread  for empty string
> 0002 - Simple test - 1 thread  for modules/filesystems that do not exist
> 0003 - Simple test - 1 thread  for get_fs_type() only
> 0004 - Simple test - 2 threads for get_fs_type() only
> 0005 - multithreaded tests with default setup - request_module() only
> 0006 - multithreaded tests with default setup - get_fs_type() only
> 0007 - multithreaded tests with default setup test request_module() and get_fs_type()
> 0008 - multithreaded - push kmod_concurrent over max_modprobes for request_module()
> 0009 - multithreaded - push kmod_concurrent over max_modprobes for get_fs_type()
>
> The following test cases currently fail, as such they are not currently
> enabled by default:
>
>  # tools/testing/selftests/kmod/kmod.sh -t 0007
>  # tools/testing/selftests/kmod/kmod.sh -t 0008
>  # tools/testing/selftests/kmod/kmod.sh -t 0009
>  # tools/testing/selftests/kmod/kmod.sh -t 0010
>  # tools/testing/selftests/kmod/kmod.sh -t 0011
>
> To be sure to run them as intended please unload both of the modules:
>
>   o test_module
>   o xfs
>
> And ensure they are not loaded on your system prior to testing them.
> If you use these paritions for your rootfs you can change the default
> test driver used for get_fs_type() by exporting it into your
> environment. For example of other test defaults you can override
> refer to kmod.sh allow_user_defaults().
>
> Behind the scenes this is how we fine tune at a test case prior to
> hitting a trigger to run it:
>
> cat /sys/devices/virtual/misc/test_kmod0/config
> echo -n "2" > /sys/devices/virtual/misc/test_kmod0/config_test_case
> echo -n "ext4" > /sys/devices/virtual/misc/test_kmod0/config_test_fs
> echo -n "80" > /sys/devices/virtual/misc/test_kmod0/config_num_threads
> cat /sys/devices/virtual/misc/test_kmod0/config
> echo -n "1" > /sys/devices/virtual/misc/test_kmod0/config_num_threads
>
> Finally to trigger:
>
> echo -n "1" > /sys/devices/virtual/misc/test_kmod0/trigger_config
>
> The kmod.sh script uses the above constructs to build differnt test cases.

Typo: different

> A bit of interpretation of the current failures follows, first two
> premises:
>
> a) When request_module() is used userspace figures out an optimized version of
> module order for us. Once it finds the modules it needs, as per depmod
> symbol dep map, it will finit_module() the respective modules which
> are needed for the original request_module() request.
>
> b) We have an optimization in place whereby if a kernel uses
> request_module() on a module already loaded we never bother
> userspace as the module already is loaded. This is all handled by
> kernel/kmod.c.
>
> A few things to consider to help identify root causes of issues:
>
> 0) kmod 19 has a broken heuristic for modules being assumed to be
> built-in to your kernel and will return 0 even though request_module()
> failed. Upgrade to a newer version of kmod.
>
> 1) A get_fs_type() call for "xfs" will request_module() for
> "fs-xfs", not for "xfs". The optimization in kernel described in b)
> fails to catch if we have a lot of consecutive get_fs_type() calls.
> The reason is the optimization in place does not look for aliases. This
> means two consecutive get_fs_type() calls will bump kmod_concurrent, whereas
> request_module() will not.
>
> This one explanation why test case 0009 fails at least once for
> get_fs_type().
>
> 2) If a module fails to load --- for whatever reason (kmod_concurrent
> limit reached, file not yet present due to rootfs switch, out of memory)
> we have a period of time during which module request for the same name
> either with request_module() or get_fs_type() will *also* fail to load
> even if the file for the module is ready.
>
> This explains why *multiple* NULLs are possible on test 0009.
>
> 3) finit_module() consumes quite a bit of memory.

Is this due to reading the module into kernel memory or something else?

> 4) Filesystems typically also have more dependent modules than other
> modules, its important to note though that even though a get_fs_type() call
> does not incur additional kmod_concurrent bumps, since userspace
> loads dependencies it finds it needs via finit_module_fd(), it *will*
> take much more memory to load a module with a lot of dependencies.
>
> Because of 3) and 4) we will easily run into out of memory failures
> with certain tests. For instance test 0006 fails on qemu with 1024 MiB
> of RAM. It panics a box after reaping all userspace processes and still
> not having enough memory to reap.

Are the buffers not released until after all the dependent modules are
loaded? I thought it would load one by one?

> Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>

This is a great selftest, thanks for working on it!

Notes below...

> ---
>  lib/Kconfig.debug                     |   25 +
>  lib/Makefile                          |    1 +
>  lib/test_kmod.c                       | 1248 +++++++++++++++++++++++++++++++++
>  tools/testing/selftests/kmod/Makefile |   11 +
>  tools/testing/selftests/kmod/config   |    7 +
>  tools/testing/selftests/kmod/kmod.sh  |  449 ++++++++++++
>  6 files changed, 1741 insertions(+)
>  create mode 100644 lib/test_kmod.c
>  create mode 100644 tools/testing/selftests/kmod/Makefile
>  create mode 100644 tools/testing/selftests/kmod/config
>  create mode 100755 tools/testing/selftests/kmod/kmod.sh
>
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 7446097f72bd..6cad548e0682 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -1994,6 +1994,31 @@ config BUG_ON_DATA_CORRUPTION
>
>           If unsure, say N.
>
> +config TEST_KMOD
> +       tristate "kmod stress tester"
> +       default n
> +       depends on m
> +       select TEST_LKM
> +       select XFS_FS
> +       select TUN
> +       select BTRFS_FS

Since the desired FS can be changed at runtime, maybe these selects
aren't needed?

> +       help
> +         Test the kernel's module loading mechanism: kmod. kmod implements
> +         support to load modules using the Linux kernel's usermode helper.
> +         This test provides a series of tests against kmod.
> +
> +         Although technically you can either build test_kmod as a module or
> +         into the kernel we disallow building it into the kernel since
> +         it stress tests request_module() and this will very likely cause
> +         some issues by taking over precious threads available from other
> +         module load requests, ultimately this could be fatal.
> +
> +         To run tests run:
> +
> +         tools/testing/selftests/kmod/kmod.sh --help
> +
> +         If unsure, say N.
> +
>  source "samples/Kconfig"
>
>  source "lib/Kconfig.kgdb"
> diff --git a/lib/Makefile b/lib/Makefile
> index d15e235f72ea..3c5a14821e16 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -55,6 +55,7 @@ obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_key_base.o
>  obj-$(CONFIG_TEST_PRINTF) += test_printf.o
>  obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o
>  obj-$(CONFIG_TEST_UUID) += test_uuid.o
> +obj-$(CONFIG_TEST_KMOD) += test_kmod.o
>
>  ifeq ($(CONFIG_DEBUG_KOBJECT),y)
>  CFLAGS_kobject.o += -DDEBUG
> diff --git a/lib/test_kmod.c b/lib/test_kmod.c
> new file mode 100644
> index 000000000000..63fded83b9b6
> --- /dev/null
> +++ b/lib/test_kmod.c
> @@ -0,0 +1,1248 @@
> +/*
> + * kmod stress test driver
> + *
> + * Copyright (C) 2016 Luis R. Rodriguez <mcgrof@...nel.org>
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of copyleft-next (version 0.3.1 or later) as published
> + * at http://copyleft-next.org/.
> + */
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +/*
> + * This driver provides an interface to trigger and test the kernel's
> + * module loader through a series of configurations and a few triggers.
> + * To test this driver use the following script as root:
> + *
> + * tools/testing/selftests/kmod/kmod.sh --help
> + */
> +
> +#include <linux/kernel.h>
> +#include <linux/module.h>
> +#include <linux/kmod.h>
> +#include <linux/printk.h>
> +#include <linux/kthread.h>
> +#include <linux/sched.h>
> +#include <linux/fs.h>
> +#include <linux/miscdevice.h>
> +#include <linux/vmalloc.h>
> +#include <linux/slab.h>
> +#include <linux/device.h>
> +
> +#define TEST_START_NUM_THREADS 50
> +#define TEST_START_DRIVER      "test_module"
> +#define TEST_START_TEST_FS     "xfs"
> +#define TEST_START_TEST_CASE   TEST_KMOD_DRIVER
> +
> +
> +static bool force_init_test = false;
> +module_param(force_init_test, bool_enable_only, 0644);
> +MODULE_PARM_DESC(force_init_test,
> +                "Force kicking a test immediatley after driver loads");

Typo: immediately

> +
> +/*
> + * For device allocation / registration
> + */
> +static DEFINE_MUTEX(reg_dev_mutex);
> +static LIST_HEAD(reg_test_devs);
> +
> +/*
> + * num_test_devs actually represents the *next* ID of the next
> + * device we will allow to create.
> + */
> +static int num_test_devs;
> +
> +/**
> + * enum kmod_test_case - linker table test case
> + *
> + * If you add a  test case, please be sure to review if you need to se
> + * @need_mod_put for your tests case.
> + *
> + * @TEST_KMOD_DRIVER: stress tests request_module()
> + * @TEST_KMOD_FS_TYPE: stress tests get_fs_type()
> + */
> +enum kmod_test_case {
> +       __TEST_KMOD_INVALID = 0,
> +
> +       TEST_KMOD_DRIVER,
> +       TEST_KMOD_FS_TYPE,
> +
> +       __TEST_KMOD_MAX,
> +};
> +
> +struct test_config {
> +       char *test_driver;
> +       char *test_fs;
> +       unsigned int num_threads;
> +       enum kmod_test_case test_case;
> +       int test_result;
> +};
> +
> +struct kmod_test_device;
> +
> +/**
> + * kmod_test_device_info - thread info
> + *
> + * @ret_sync: return value if request_module() is used, sync request for
> + *     @TEST_KMOD_DRIVER
> + * @fs_sync: return value of get_fs_type() for @TEST_KMOD_FS_TYPE
> + * @thread_idx: thread ID
> + * @test_dev: test device test is being performed under
> + * @need_mod_put: Some tests (get_fs_type() is one) requires putting the module
> + *     (module_put(fs_sync->owner)) when done, otherwise you will not be able
> + *     to unload the respective modules and re-test. We use this to keep
> + *     accounting of when we need this and to help out in case we need to
> + *     error out and deal with module_put() on error.
> + */
> +struct kmod_test_device_info {
> +       int ret_sync;
> +       struct file_system_type *fs_sync;
> +       struct task_struct *task_sync;
> +       unsigned int thread_idx;
> +       struct kmod_test_device *test_dev;
> +       bool need_mod_put;
> +};
> +
> +/**
> + * kmod_test_device - test device to help test kmod
> + *
> + * @dev_idx: unique ID for test device
> + * @config: configuration for the test
> + * @misc_dev: we use a misc device under the hood
> + * @dev: pointer to misc_dev's own struct device
> + * @config_mutex: protects configuration of test
> + * @trigger_mutex: the test trigger can only be fired once at a time
> + * @thread_lock: protects @done count, and the @info per each thread
> + * @done: number of threads which have completed or failed
> + * @test_is_oom: when we run out of memory, use this to halt moving forward
> + * @kthreads_done: completion used to signal when all work is done
> + * @list: needed to be part of the reg_test_devs
> + * @info: array of info for each thread
> + */
> +struct kmod_test_device {
> +       int dev_idx;
> +       struct test_config config;
> +       struct miscdevice misc_dev;
> +       struct device *dev;
> +       struct mutex config_mutex;
> +       struct mutex trigger_mutex;
> +       struct mutex thread_mutex;
> +
> +       unsigned int done;
> +
> +       bool test_is_oom;
> +       struct completion kthreads_done;
> +       struct list_head list;
> +
> +       struct kmod_test_device_info *info;
> +};
> +
> +static const char *test_case_str(enum kmod_test_case test_case)
> +{
> +       switch (test_case) {
> +       case TEST_KMOD_DRIVER:
> +               return "TEST_KMOD_DRIVER";
> +       case TEST_KMOD_FS_TYPE:
> +               return "TEST_KMOD_FS_TYPE";
> +       default:
> +               return "invalid";
> +       }
> +}
> +
> +static struct miscdevice *dev_to_misc_dev(struct device *dev)
> +{
> +       return dev_get_drvdata(dev);
> +}
> +
> +static struct kmod_test_device *misc_dev_to_test_dev(struct miscdevice *misc_dev)
> +{
> +       return container_of(misc_dev, struct kmod_test_device, misc_dev);
> +}
> +
> +static struct kmod_test_device *dev_to_test_dev(struct device *dev)
> +{
> +       struct miscdevice *misc_dev;
> +
> +       misc_dev = dev_to_misc_dev(dev);
> +
> +       return misc_dev_to_test_dev(misc_dev);
> +}
> +
> +/* Must run with thread_mutex held */
> +static void kmod_test_done_check(struct kmod_test_device *test_dev,
> +                                unsigned int idx)
> +{
> +       struct test_config *config = &test_dev->config;
> +
> +       test_dev->done++;
> +       dev_dbg(test_dev->dev, "Done thread count: %u\n", test_dev->done);
> +
> +       if (test_dev->done == config->num_threads) {
> +               dev_info(test_dev->dev, "Done: %u threads have all run now\n",
> +                        test_dev->done);
> +               dev_info(test_dev->dev, "Last thread to run: %u\n", idx);
> +               complete(&test_dev->kthreads_done);
> +       }
> +}
> +
> +static void test_kmod_put_module(struct kmod_test_device_info *info)
> +{
> +       struct kmod_test_device *test_dev = info->test_dev;
> +       struct test_config *config = &test_dev->config;
> +
> +       if (!info->need_mod_put)
> +               return;
> +
> +       switch (config->test_case) {
> +       case TEST_KMOD_DRIVER:
> +               break;
> +       case TEST_KMOD_FS_TYPE:
> +               if (info && info->fs_sync && info->fs_sync->owner)
> +                       module_put(info->fs_sync->owner);
> +               break;
> +       default:
> +               BUG();
> +       }
> +
> +       info->need_mod_put = true;
> +}
> +
> +static int run_request(void *data)
> +{
> +       struct kmod_test_device_info *info = data;
> +       struct kmod_test_device *test_dev = info->test_dev;
> +       struct test_config *config = &test_dev->config;
> +
> +       switch (config->test_case) {
> +       case TEST_KMOD_DRIVER:
> +               info->ret_sync = request_module("%s", config->test_driver);
> +               break;
> +       case TEST_KMOD_FS_TYPE:
> +               info->fs_sync = get_fs_type(config->test_fs);
> +               info->need_mod_put = true;
> +               break;
> +       default:
> +               /* __trigger_config_run() already checked for test sanity */
> +               BUG();
> +               return -EINVAL;
> +       }
> +
> +       dev_dbg(test_dev->dev, "Ran thread %u\n", info->thread_idx);
> +
> +       test_kmod_put_module(info);
> +
> +       mutex_lock(&test_dev->thread_mutex);
> +       info->task_sync = NULL;
> +       kmod_test_done_check(test_dev, info->thread_idx);
> +       mutex_unlock(&test_dev->thread_mutex);
> +
> +       return 0;
> +}
> +
> +static int tally_work_test(struct kmod_test_device_info *info)
> +{
> +       struct kmod_test_device *test_dev = info->test_dev;
> +       struct test_config *config = &test_dev->config;
> +       int err_ret = 0;
> +
> +       switch (config->test_case) {
> +       case TEST_KMOD_DRIVER:
> +               /*
> +                * Only capture errors, if one is found that's
> +                * enough, for now.
> +                */
> +               if (info->ret_sync != 0)
> +                       err_ret = info->ret_sync;
> +               dev_info(test_dev->dev,
> +                        "Sync thread %d return status: %d\n",
> +                        info->thread_idx, info->ret_sync);
> +               break;
> +       case TEST_KMOD_FS_TYPE:
> +               /* For now we make this simple */
> +               if (!info->fs_sync)
> +                       err_ret = -EINVAL;
> +               dev_info(test_dev->dev, "Sync thread %u fs: %s\n",
> +                        info->thread_idx, info->fs_sync ? config->test_fs :
> +                        "NULL");
> +               break;
> +       default:
> +               BUG();
> +       }
> +
> +       return err_ret;
> +}
> +
> +/*
> + * XXX: add result option to display if all errors did not match.
> + * For now we just keep any error code if one was found.
> + *
> + * If this ran it means *all* tasks were created fine and we
> + * are now just collecting results.
> + *
> + * Only propagate errors, do not override with a subsequent sucess case.
> + */
> +static void tally_up_work(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +       struct kmod_test_device_info *info;
> +       unsigned int idx;
> +       int err_ret = 0;
> +       int ret = 0;
> +
> +       mutex_lock(&test_dev->thread_mutex);
> +
> +       dev_info(test_dev->dev, "Results:\n");
> +
> +       for (idx=0; idx < config->num_threads; idx++) {
> +               info = &test_dev->info[idx];
> +               ret = tally_work_test(info);
> +               if (ret)
> +                       err_ret = ret;
> +       }
> +
> +       /*
> +        * Note: request_module() returns 256 for a module not found even
> +        * though modprobe itself returns 1.
> +        */
> +       config->test_result = err_ret;
> +
> +       mutex_unlock(&test_dev->thread_mutex);
> +}
> +
> +static int try_one_request(struct kmod_test_device *test_dev, unsigned int idx)
> +{
> +       struct kmod_test_device_info *info = &test_dev->info[idx];
> +       int fail_ret = -ENOMEM;
> +
> +       mutex_lock(&test_dev->thread_mutex);
> +
> +       info->thread_idx = idx;
> +       info->test_dev = test_dev;
> +       info->task_sync = kthread_run(run_request, info, "%s-%u",
> +                                     KBUILD_MODNAME, idx);
> +
> +       if (!info->task_sync || IS_ERR(info->task_sync)) {
> +               test_dev->test_is_oom = true;
> +               dev_err(test_dev->dev, "Setting up thread %u failed\n", idx);
> +               info->task_sync = NULL;
> +               goto err_out;
> +       } else
> +               dev_dbg(test_dev->dev, "Kicked off thread %u\n", idx);
> +
> +       mutex_unlock(&test_dev->thread_mutex);
> +
> +       return 0;
> +
> +err_out:
> +       info->ret_sync = fail_ret;
> +       mutex_unlock(&test_dev->thread_mutex);
> +
> +       return fail_ret;
> +}
> +
> +static void test_dev_kmod_stop_tests(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +       struct kmod_test_device_info *info;
> +       unsigned int i;
> +
> +       dev_info(test_dev->dev, "Ending request_module() tests\n");
> +
> +       mutex_lock(&test_dev->thread_mutex);
> +
> +       for (i=0; i < config->num_threads; i++) {
> +               info = &test_dev->info[i];
> +               if (info->task_sync && !IS_ERR(info->task_sync)) {
> +                       dev_info(test_dev->dev,
> +                                "Stopping still-running thread %i\n", i);
> +                       kthread_stop(info->task_sync);
> +               }
> +
> +               /*
> +                * info->task_sync is well protected, it can only be
> +                * NULL or a pointer to a struct. If its NULL we either
> +                * never ran, or we did and we completed the work. Completed
> +                * tasks *always* put the module for us. This is a sanity
> +                * check -- just in case.
> +                */
> +               if (info->task_sync && info->need_mod_put)
> +                       test_kmod_put_module(info);
> +       }
> +
> +       mutex_unlock(&test_dev->thread_mutex);
> +}
> +
> +/*
> + * Only wait *iff* we did not run into any errors during all of our thread
> + * set up. If run into any issues we stop threads and just bail out with
> + * an error to the trigger. This also means we don't need any tally work
> + * for any threads which fail.
> + */
> +static int try_requests(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +       unsigned int idx;
> +       int ret;
> +       bool any_error = false;
> +
> +       for (idx=0; idx < config->num_threads; idx++) {
> +               if (test_dev->test_is_oom) {
> +                       any_error = true;
> +                       break;
> +               }
> +
> +               ret = try_one_request(test_dev, idx);
> +               if (ret) {
> +                       any_error = true;
> +                       break;
> +               }
> +       }
> +
> +       if (!any_error) {
> +               test_dev->test_is_oom = false;
> +               dev_info(test_dev->dev,
> +                        "No errors were found while initializing threads\n");
> +               wait_for_completion(&test_dev->kthreads_done);
> +               tally_up_work(test_dev);
> +       } else {
> +               test_dev->test_is_oom = true;
> +               dev_info(test_dev->dev,
> +                        "At least one thread failed to start, stop all work\n");
> +               test_dev_kmod_stop_tests(test_dev);
> +               return -ENOMEM;
> +       }
> +
> +       return 0;
> +}
> +
> +static int run_test_driver(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +
> +       dev_info(test_dev->dev, "Test case: %s (%u)\n",
> +                test_case_str(config->test_case),
> +                config->test_case);
> +       dev_info(test_dev->dev, "Test driver to load: %s\n",
> +                config->test_driver);
> +       dev_info(test_dev->dev, "Number of threads to run: %u\n",
> +                config->num_threads);
> +       dev_info(test_dev->dev, "Thread IDs will range from 0 - %u\n",
> +                config->num_threads - 1);
> +
> +       return try_requests(test_dev);
> +}
> +
> +static int run_test_fs_type(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +
> +       dev_info(test_dev->dev, "Test case: %s (%u)\n",
> +                test_case_str(config->test_case),
> +                config->test_case);
> +       dev_info(test_dev->dev, "Test filesystem to load: %s\n",
> +                config->test_fs);
> +       dev_info(test_dev->dev, "Number of threads to run: %u\n",
> +                config->num_threads);
> +       dev_info(test_dev->dev, "Thread IDs will range from 0 - %u\n",
> +                config->num_threads - 1);
> +
> +       return try_requests(test_dev);
> +}
> +
> +static ssize_t config_show(struct device *dev,
> +                          struct device_attribute *attr,
> +                          char *buf)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +       int len = 0;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       len += sprintf(buf, "Custom trigger configuration for: %s\n",
> +                      dev_name(dev));
> +
> +       len += sprintf(buf+len, "Number of threads:\t%u\n",
> +                      config->num_threads);
> +
> +       len += sprintf(buf+len, "Test_case:\t%s (%u)\n",
> +                      test_case_str(config->test_case),
> +                      config->test_case);
> +
> +       if (config->test_driver)
> +               len += sprintf(buf+len, "driver:\t%s\n",
> +                              config->test_driver);
> +       else
> +               len += sprintf(buf+len, "driver:\tEMTPY\n");
> +
> +       if (config->test_fs)
> +               len += sprintf(buf+len, "fs:\t%s\n",
> +                              config->test_fs);
> +       else
> +               len += sprintf(buf+len, "fs:\tEMTPY\n");

These should all use snprintf...

> +
> +
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return len;
> +}
> +static DEVICE_ATTR_RO(config);
> +
> +/*
> + * This ensures we don't allow kicking threads through if our configuration
> + * is faulty.
> + */
> +static int __trigger_config_run(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +
> +       test_dev->done = 0;
> +
> +       switch (config->test_case) {
> +       case TEST_KMOD_DRIVER:
> +               return run_test_driver(test_dev);
> +       case TEST_KMOD_FS_TYPE:
> +               return run_test_fs_type(test_dev);
> +       default:
> +               dev_warn(test_dev->dev,
> +                        "Invalid test case requested: %u\n",
> +                        config->test_case);
> +               return -EINVAL;
> +       }
> +}
> +
> +static int trigger_config_run(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +       int ret;
> +
> +       mutex_lock(&test_dev->trigger_mutex);
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       ret = __trigger_config_run(test_dev);
> +       if (ret < 0)
> +               goto out;
> +       dev_info(test_dev->dev, "General test result: %d\n",
> +                config->test_result);
> +
> +       /*
> +        * We must return 0 after a trigger even unless something went
> +        * wrong with the setup of the test. If the test setup went fine
> +        * then userspace must just check the result of config->test_result.
> +        * One issue with relying on the return from a call in the kernel
> +        * is if the kernel returns a possitive value using this trigger
> +        * will not return the value to userspace, it would be lost.
> +        *
> +        * By not relying on capturing the return value of tests we are using
> +        * through the trigger it also us to run tests with set -e and only
> +        * fail when something went wrong with the driver upon trigger
> +        * requests.
> +        */
> +       ret = 0;
> +
> +out:
> +       mutex_unlock(&test_dev->config_mutex);
> +       mutex_unlock(&test_dev->trigger_mutex);
> +
> +       return ret;
> +}
> +
> +static ssize_t
> +trigger_config_store(struct device *dev,
> +                    struct device_attribute *attr,
> +                    const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       int ret;
> +
> +       if (test_dev->test_is_oom)
> +               return -ENOMEM;
> +
> +       /* For all intents and purposes we don't care what userspace
> +        * sent this trigger, we care only that we were triggered.
> +        * We treat the return value only for caputuring issues with
> +        * the test setup. At this point all the test variables should
> +        * have been allocated so typically this should never fail.
> +        */
> +       ret = trigger_config_run(test_dev);
> +       if (unlikely(ret < 0))
> +               goto out;
> +
> +       /*
> +        * Note: any return > 0 will be treated as success
> +        * and the error value will not be available to userspace.
> +        * Do not rely on trying to send to userspace a test value
> +        * return value as possitive return errors will be lost.
> +        */
> +       if (WARN_ON(ret > 0))
> +               return -EINVAL;
> +
> +       ret = count;
> +out:
> +       return ret;
> +}
> +static DEVICE_ATTR_WO(trigger_config);
> +
> +/*
> + * XXX: move to kstrncpy() once merged.
> + *
> + * Users should use kfree_const() when freeing these.
> + */
> +static int __kstrncpy(char **dst, const char *name, size_t count, gfp_t gfp)
> +{
> +       *dst = kstrndup(name, count, gfp);
> +       if (!*dst)
> +               return -ENOSPC;
> +       return count;
> +}
> +
> +static int config_copy_test_driver_name(struct test_config *config,
> +                                   const char *name,
> +                                   size_t count)
> +{
> +       return __kstrncpy(&config->test_driver, name, count, GFP_KERNEL);
> +}
> +
> +
> +static int config_copy_test_fs(struct test_config *config, const char *name,
> +                              size_t count)
> +{
> +       return __kstrncpy(&config->test_fs, name, count, GFP_KERNEL);
> +}
> +
> +static void __kmod_config_free(struct test_config *config)
> +{
> +       if (!config)
> +               return;
> +
> +       kfree_const(config->test_driver);
> +       config->test_driver = NULL;
> +
> +       kfree_const(config->test_fs);
> +       config->test_driver = NULL;
> +}
> +
> +static void kmod_config_free(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config;
> +
> +       if (!test_dev)
> +               return;
> +
> +       config = &test_dev->config;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       __kmod_config_free(config);
> +       mutex_unlock(&test_dev->config_mutex);
> +}
> +
> +static ssize_t config_test_driver_store(struct device *dev,
> +                                       struct device_attribute *attr,
> +                                       const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +       int copied;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       kfree_const(config->test_driver);
> +       config->test_driver = NULL;
> +
> +       copied = config_copy_test_driver_name(config, buf, count);
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return copied;
> +}
> +
> +static ssize_t config_test_driver_show(struct device *dev,
> +                                       struct device_attribute *attr,
> +                                       char *buf)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       strcpy(buf, config->test_driver);
> +       strcat(buf, "\n");

IIUC, the show/store API uses a max size of PAGE_SIZE. If that's
correct, it's possible that this show routine could write past the end
of buf, due to the end newline, etc. Best to use snprintf like you do
below for the other shows.

> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return strlen(buf) + 1;
> +}
> +static DEVICE_ATTR(config_test_driver, 0644, config_test_driver_show,
> +                  config_test_driver_store);
> +
> +static ssize_t config_test_fs_store(struct device *dev,
> +                                   struct device_attribute *attr,
> +                                   const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +       int copied;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       kfree_const(config->test_fs);
> +       config->test_fs = NULL;
> +
> +       copied = config_copy_test_fs(config, buf, count);
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return copied;
> +}
> +
> +static ssize_t config_test_fs_show(struct device *dev,
> +                                  struct device_attribute *attr,
> +                                  char *buf)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       strcpy(buf, config->test_fs);
> +       strcat(buf, "\n");
> +       mutex_unlock(&test_dev->config_mutex);

Same here... (which, btw, could likely use to be a helper function,
the show and store functions here are identical except for test_driver
vs test_fs).

> +
> +       return strlen(buf) + 1;
> +}
> +static DEVICE_ATTR(config_test_fs, 0644, config_test_fs_show,
> +                  config_test_fs_store);
> +
> +static int trigger_config_run_driver(struct kmod_test_device *test_dev,
> +                                    const char *test_driver)
> +{
> +       int copied;
> +       struct test_config *config = &test_dev->config;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       config->test_case = TEST_KMOD_DRIVER;
> +
> +       kfree_const(config->test_driver);
> +       config->test_driver = NULL;
> +
> +       copied = config_copy_test_driver_name(config, test_driver,
> +                                             strlen(test_driver));
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       if (copied != strlen(test_driver)) {

Can't these copied tests just check < 0? (i.e. avoid the repeated
strlen which can be fragile.)

> +               test_dev->test_is_oom = true;
> +               return -EINVAL;
> +       }
> +
> +       test_dev->test_is_oom = false;
> +
> +       return trigger_config_run(test_dev);
> +}
> +
> +static int trigger_config_run_fs(struct kmod_test_device *test_dev,
> +                                const char *fs_type)
> +{
> +       int copied;
> +       struct test_config *config = &test_dev->config;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       config->test_case = TEST_KMOD_FS_TYPE;
> +
> +       kfree_const(config->test_fs);
> +       config->test_driver = NULL;
> +
> +       copied = config_copy_test_fs(config, fs_type, strlen(fs_type));
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       if (copied != strlen(fs_type)) {
> +               test_dev->test_is_oom = true;
> +               return -EINVAL;
> +       }
> +
> +       test_dev->test_is_oom = false;
> +
> +       return trigger_config_run(test_dev);
> +}

These two functions are almost identical too. Only test_case and the
copy function change...

> +
> +static void free_test_dev_info(struct kmod_test_device *test_dev)
> +{
> +       if (test_dev->info) {
> +               vfree(test_dev->info);
> +               test_dev->info = NULL;
> +       }
> +}

vfree() already checks for NULL, you can drop the if.

> +
> +static int kmod_config_sync_info(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +
> +       free_test_dev_info(test_dev);
> +       test_dev->info = vzalloc(config->num_threads *
> +                                sizeof(struct kmod_test_device_info));
> +       if (!test_dev->info) {
> +               dev_err(test_dev->dev, "Cannot alloc test_dev info\n");
> +               return -ENOMEM;
> +       }
> +
> +       return 0;
> +}
> +
> +/*
> + * Old kernels may not have this, if you want to port this code to
> + * test it on older kernels.
> + */
> +#ifdef get_kmod_umh_limit
> +static unsigned int kmod_init_test_thread_limit(void)
> +{
> +       return get_kmod_umh_limit();
> +}
> +#else
> +static unsigned int kmod_init_test_thread_limit(void)
> +{
> +       return TEST_START_NUM_THREADS;
> +}
> +#endif
> +
> +static int __kmod_config_init(struct kmod_test_device *test_dev)
> +{
> +       struct test_config *config = &test_dev->config;
> +       int ret = -ENOMEM, copied;
> +
> +       __kmod_config_free(config);
> +
> +       copied = config_copy_test_driver_name(config, TEST_START_DRIVER,
> +                                             strlen(TEST_START_DRIVER));
> +       if (copied != strlen(TEST_START_DRIVER))
> +               goto err_out;
> +
> +       copied = config_copy_test_fs(config, TEST_START_TEST_FS,
> +                                    strlen(TEST_START_TEST_FS));
> +       if (copied != strlen(TEST_START_TEST_FS))
> +               goto err_out;
> +
> +       config->num_threads = kmod_init_test_thread_limit();
> +       config->test_result = 0;
> +       config->test_case = TEST_START_TEST_CASE;
> +
> +       ret = kmod_config_sync_info(test_dev);
> +       if (ret)
> +               goto err_out;
> +
> +       test_dev->test_is_oom = false;
> +
> +       return 0;
> +
> +err_out:
> +       test_dev->test_is_oom = true;
> +       WARN_ON(test_dev->test_is_oom);
> +
> +       __kmod_config_free(config);
> +
> +       return ret;
> +}
> +
> +static ssize_t reset_store(struct device *dev,
> +                          struct device_attribute *attr,
> +                          const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       int ret;
> +
> +       mutex_lock(&test_dev->trigger_mutex);
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       ret = __kmod_config_init(test_dev);
> +       if (ret < 0) {
> +               ret = -ENOMEM;
> +               dev_err(dev, "could not alloc settings for config trigger: %d\n",
> +                      ret);
> +               goto out;
> +       }
> +
> +       dev_info(dev, "reset\n");
> +       ret = count;
> +
> +out:
> +       mutex_unlock(&test_dev->config_mutex);
> +       mutex_unlock(&test_dev->trigger_mutex);
> +
> +       return ret;
> +}
> +static DEVICE_ATTR_WO(reset);
> +
> +static int test_dev_config_update_uint_sync(struct kmod_test_device *test_dev,
> +                                           const char *buf, size_t size,
> +                                           unsigned int *config,
> +                                           int (*test_sync)(struct kmod_test_device *test_dev))
> +{
> +       int ret;
> +       char *end;
> +       long new = simple_strtol(buf, &end, 0);
> +       unsigned int old_val;
> +       if (end == buf || new > UINT_MAX)
> +               return -EINVAL;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       old_val = *config;
> +       *(unsigned int *)config = new;
> +
> +       ret = test_sync(test_dev);
> +       if (ret) {
> +               *(unsigned int *)config = old_val;
> +
> +               ret = test_sync(test_dev);
> +               WARN_ON(ret);
> +
> +               mutex_unlock(&test_dev->config_mutex);
> +               return -EINVAL;
> +       }
> +
> +       mutex_unlock(&test_dev->config_mutex);
> +       /* Always return full write size even if we didn't consume all */
> +       return size;
> +}
> +
> +static int test_dev_config_update_uint_range(struct kmod_test_device *test_dev,
> +                                            const char *buf, size_t size,
> +                                            unsigned int *config,
> +                                            unsigned int min,
> +                                            unsigned int max)
> +{
> +       char *end;
> +       long new = simple_strtol(buf, &end, 0);
> +       if (end == buf || new < min || new >  max || new > UINT_MAX)
> +               return -EINVAL;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       *(unsigned int *)config = new;

config is already an unsigned int *, why cast?

> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       /* Always return full write size even if we didn't consume all */
> +       return size;
> +}
> +
> +static int test_dev_config_update_int(struct kmod_test_device *test_dev,
> +                                     const char *buf, size_t size,
> +                                     int *config)
> +{
> +       char *end;
> +       long new = simple_strtol(buf, &end, 0);
> +       if (end == buf || new > INT_MAX || new < INT_MIN)
> +               return -EINVAL;
> +       mutex_lock(&test_dev->config_mutex);
> +       *(int *)config = new;

config is already an int *, why cast?

> +       mutex_unlock(&test_dev->config_mutex);
> +       /* Always return full write size even if we didn't consume all */
> +       return size;
> +}
> +
> +static ssize_t test_dev_config_show_int(struct kmod_test_device *test_dev,
> +                                       char *buf,
> +                                       int config)
> +{
> +       int val;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       val = config;
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return snprintf(buf, PAGE_SIZE, "%d\n", val);
> +}
> +
> +static ssize_t test_dev_config_show_uint(struct kmod_test_device *test_dev,
> +                                        char *buf,
> +                                        unsigned int config)
> +{
> +       unsigned int val;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       val = config;
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return snprintf(buf, PAGE_SIZE, "%u\n", val);
> +}
> +
> +static ssize_t test_result_store(struct device *dev,
> +                                struct device_attribute *attr,
> +                                const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       return test_dev_config_update_int(test_dev, buf, count,
> +                                         &config->test_result);
> +}
> +
> +static ssize_t config_num_threads_store(struct device *dev,
> +                                       struct device_attribute *attr,
> +                                       const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       return test_dev_config_update_uint_sync(test_dev, buf, count,
> +                                               &config->num_threads,
> +                                               kmod_config_sync_info);
> +}
> +
> +static ssize_t config_num_threads_show(struct device *dev,
> +                                      struct device_attribute *attr,
> +                                      char *buf)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       return test_dev_config_show_int(test_dev, buf, config->num_threads);
> +}
> +static DEVICE_ATTR(config_num_threads, 0644, config_num_threads_show,
> +                  config_num_threads_store);
> +
> +static ssize_t config_test_case_store(struct device *dev,
> +                                     struct device_attribute *attr,
> +                                     const char *buf, size_t count)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       return test_dev_config_update_uint_range(test_dev, buf, count,
> +                                                &config->test_case,
> +                                                __TEST_KMOD_INVALID + 1,
> +                                                __TEST_KMOD_MAX - 1);
> +}
> +
> +static ssize_t config_test_case_show(struct device *dev,
> +                                    struct device_attribute *attr,
> +                                    char *buf)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       return test_dev_config_show_uint(test_dev, buf, config->test_case);
> +}
> +static DEVICE_ATTR(config_test_case, 0644, config_test_case_show,
> +                  config_test_case_store);
> +
> +static ssize_t test_result_show(struct device *dev,
> +                               struct device_attribute *attr,
> +                               char *buf)
> +{
> +       struct kmod_test_device *test_dev = dev_to_test_dev(dev);
> +       struct test_config *config = &test_dev->config;
> +
> +       return test_dev_config_show_int(test_dev, buf, config->test_result);
> +}
> +static DEVICE_ATTR(test_result, 0644, test_result_show, test_result_store);
> +
> +#define TEST_KMOD_DEV_ATTR(name)               &dev_attr_##name.attr
> +
> +static struct attribute *test_dev_attrs[] = {
> +       TEST_KMOD_DEV_ATTR(trigger_config),
> +       TEST_KMOD_DEV_ATTR(config),
> +       TEST_KMOD_DEV_ATTR(reset),
> +
> +       TEST_KMOD_DEV_ATTR(config_test_driver),
> +       TEST_KMOD_DEV_ATTR(config_test_fs),
> +       TEST_KMOD_DEV_ATTR(config_num_threads),
> +       TEST_KMOD_DEV_ATTR(config_test_case),
> +       TEST_KMOD_DEV_ATTR(test_result),
> +
> +       NULL,
> +};
> +
> +ATTRIBUTE_GROUPS(test_dev);
> +
> +static int kmod_config_init(struct kmod_test_device *test_dev)
> +{
> +       int ret;
> +
> +       mutex_lock(&test_dev->config_mutex);
> +       ret = __kmod_config_init(test_dev);
> +       mutex_unlock(&test_dev->config_mutex);
> +
> +       return ret;
> +}
> +
> +/*
> + * XXX: this could perhaps be made generic already too, but a hunt
> + * for actual users would be needed first. It could be generic
> + * if other test drivers end up using a similar mechanism.
> + */
> +const char *test_dev_get_name(const char *base, int idx, gfp_t gfp)
> +{
> +       const char *name_const;
> +       char *name;
> +
> +       if (!base)
> +               return NULL;
> +       if (strlen(base) > 30)
> +               return NULL;

why?

> +       name = kzalloc(1024, gfp);
> +       if (!name)
> +               return NULL;
> +
> +       strncat(name, base, strlen(base));
> +       sprintf(name+(strlen(base)), "%d", idx);
> +       name_const = kstrdup_const(name, gfp);
> +
> +       kfree(name);
> +
> +       return name_const;
> +}

What is going on here? Why not just:
    return kasprintf(gfp, "%s%d", base, idx);

For all of that code? And kstrdup_const is pointless here since it'll
always just do the dup (as the kmalloc source isn't in rodata).

> +
> +static struct kmod_test_device *alloc_test_dev_kmod(int idx)
> +{
> +       int ret;
> +       struct kmod_test_device *test_dev;
> +       struct miscdevice *misc_dev;
> +
> +       test_dev = vzalloc(sizeof(struct kmod_test_device));
> +       if (!test_dev) {
> +               pr_err("Cannot alloc test_dev\n");
> +               goto err_out;
> +       }
> +
> +       mutex_init(&test_dev->config_mutex);
> +       mutex_init(&test_dev->trigger_mutex);
> +       mutex_init(&test_dev->thread_mutex);
> +
> +       init_completion(&test_dev->kthreads_done);
> +
> +       ret = kmod_config_init(test_dev);
> +       if (ret < 0) {
> +               pr_err("Cannot alloc kmod_config_init()\n");
> +               goto err_out_free;
> +       }
> +
> +       test_dev->dev_idx = idx;
> +       misc_dev = &test_dev->misc_dev;
> +
> +       misc_dev->minor = MISC_DYNAMIC_MINOR;
> +       misc_dev->name = test_dev_get_name("test_kmod", test_dev->dev_idx,
> +                                          GFP_KERNEL);
> +       if (!misc_dev->name) {
> +               pr_err("Cannot alloc misc_dev->name\n");
> +               goto err_out_free_config;
> +       }
> +       misc_dev->groups = test_dev_groups;
> +
> +       return test_dev;
> +
> +err_out_free_config:
> +       free_test_dev_info(test_dev);
> +       kmod_config_free(test_dev);
> +err_out_free:
> +       vfree(test_dev);
> +       test_dev = NULL;
> +err_out:
> +       return NULL;
> +}
> +
> +static void free_test_dev_kmod(struct kmod_test_device *test_dev)
> +{
> +       if (test_dev) {
> +               kfree_const(test_dev->misc_dev.name);
> +               test_dev->misc_dev.name = NULL;
> +               free_test_dev_info(test_dev);
> +               kmod_config_free(test_dev);
> +               vfree(test_dev);
> +               test_dev = NULL;
> +       }
> +}
> +
> +static struct kmod_test_device *register_test_dev_kmod(void)
> +{
> +       struct kmod_test_device *test_dev = NULL;
> +       int ret;
> +
> +       mutex_unlock(&reg_dev_mutex);
> +
> +       /* int should suffice for number of devices, test for wrap */
> +       if (unlikely(num_test_devs + 1) < 0) {
> +               pr_err("reached limit of number of test devices\n");
> +               goto out;
> +       }
> +
> +       test_dev = alloc_test_dev_kmod(num_test_devs);
> +       if (!test_dev)
> +               goto out;
> +
> +       ret = misc_register(&test_dev->misc_dev);
> +       if (ret) {
> +               pr_err("could not register misc device: %d\n", ret);
> +               free_test_dev_kmod(test_dev);
> +               goto out;
> +       }
> +
> +       test_dev->dev = test_dev->misc_dev.this_device;
> +       list_add_tail(&test_dev->list, &reg_test_devs);
> +       dev_info(test_dev->dev, "interface ready\n");
> +
> +       num_test_devs++;
> +
> +out:
> +       mutex_unlock(&reg_dev_mutex);
> +
> +       return test_dev;
> +
> +}
> +
> +static int __init test_kmod_init(void)
> +{
> +       struct kmod_test_device *test_dev;
> +       int ret;
> +
> +       test_dev = register_test_dev_kmod();
> +       if (!test_dev) {
> +               pr_err("Cannot add first test kmod device\n");
> +               return -ENODEV;
> +       }
> +
> +       /*
> +        * With some work we might be able to gracefully enable
> +        * testing with this driver built-in, for now this seems
> +        * rather risky. For those willing to try have at it,
> +        * and enable the below. Good luck! If that works, try
> +        * lowering the init level for more fun.
> +        */
> +       if (force_init_test) {
> +               ret = trigger_config_run_driver(test_dev, "tun");
> +               if (WARN_ON(ret))
> +                       return ret;
> +               ret = trigger_config_run_fs(test_dev, "btrfs");
> +               if (WARN_ON(ret))
> +                       return ret;
> +       }
> +
> +       return 0;
> +}
> +late_initcall(test_kmod_init);
> +
> +static
> +void unregister_test_dev_kmod(struct kmod_test_device *test_dev)
> +{
> +       mutex_lock(&test_dev->trigger_mutex);
> +       mutex_lock(&test_dev->config_mutex);
> +
> +       test_dev_kmod_stop_tests(test_dev);
> +
> +       dev_info(test_dev->dev, "removing interface\n");
> +       misc_deregister(&test_dev->misc_dev);
> +
> +       mutex_unlock(&test_dev->config_mutex);
> +       mutex_unlock(&test_dev->trigger_mutex);
> +
> +       free_test_dev_kmod(test_dev);
> +}
> +
> +static void __exit test_kmod_exit(void)
> +{
> +       struct kmod_test_device *test_dev, *tmp;
> +
> +       mutex_lock(&reg_dev_mutex);
> +       list_for_each_entry_safe(test_dev, tmp, &reg_test_devs, list) {
> +               list_del(&test_dev->list);
> +               unregister_test_dev_kmod(test_dev);
> +       }
> +       mutex_unlock(&reg_dev_mutex);
> +}
> +module_exit(test_kmod_exit);
> +
> +MODULE_AUTHOR("Luis R. Rodriguez <mcgrof@...nel.org>");
> +MODULE_LICENSE("GPL");
> diff --git a/tools/testing/selftests/kmod/Makefile b/tools/testing/selftests/kmod/Makefile
> new file mode 100644
> index 000000000000..fa2ccc5fb3de
> --- /dev/null
> +++ b/tools/testing/selftests/kmod/Makefile
> @@ -0,0 +1,11 @@
> +# Makefile for kmod loading selftests
> +
> +# No binaries, but make sure arg-less "make" doesn't trigger "run_tests"
> +all:
> +
> +TEST_PROGS := kmod.sh
> +
> +include ../lib.mk
> +
> +# Nothing to clean up.
> +clean:
> diff --git a/tools/testing/selftests/kmod/config b/tools/testing/selftests/kmod/config
> new file mode 100644
> index 000000000000..259f4fd6b5e2
> --- /dev/null
> +++ b/tools/testing/selftests/kmod/config
> @@ -0,0 +1,7 @@
> +CONFIG_TEST_KMOD=m
> +CONFIG_TEST_LKM=m
> +CONFIG_XFS_FS=m
> +
> +# For the module parameter force_init_test is used
> +CONFIG_TUN=m
> +CONFIG_BTRFS_FS=m
> diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh
> new file mode 100755
> index 000000000000..9ea1864d8bae
> --- /dev/null
> +++ b/tools/testing/selftests/kmod/kmod.sh
> @@ -0,0 +1,449 @@
> +#!/bin/bash
> +#
> +# Copyright (C) 2016 Luis R. Rodriguez <mcgrof@...nel.org>
> +#
> +# This program is free software; you can redistribute it and/or modify it
> +# under the terms of copyleft-next (version 0.3.1 or later) as published
> +# at http://copyleft-next.org/.
> +
> +# This is a stress test script for kmod, the kernel module loader. It uses
> +# test_kmod which exposes a series of knobs for the API for us so we can
> +# tweak each test in userspace rather than in kernelspace.
> +#
> +# The way kmod works is it uses the kernel's usermode helper API to eventually
> +# call /sbin/modprobe. It has a limit of the number of concurrent calls
> +# possible. The kernel interface to load modules is request_module(), however
> +# mount uses get_fs_type(). Both behave slightly differently, but the
> +# differences are important enough to test each call separately. For this
> +# reason test_kmod starts by providing tests for both calls.
> +#
> +# The test driver test_kmod assumes a series of defaults which you can
> +# override by exporting to your environment prior running this script.
> +# For instance this script assumes you do not have xfs loaded upon boot.
> +# If this is false, export DEFAULT_KMOD_FS="ext4" prior to running this
> +# script if the filesyste module you don't have loaded upon bootup
> +# is ext4 instead. Refer to allow_user_defaults() for a list of user
> +# override variables possible.
> +#
> +# You'll want at least 4096 GiB of RAM to expect to run these tests

4TiB of RAM? I assume this was meant to be 4 GiB not 4096?

> +# without running out of memory on them. For other requirements refer
> +# to test_reqs()
> +
> +set -e
> +
> +TEST_DRIVER="test_kmod"
> +
> +function allow_user_defaults()
> +{
> +       if [ -z $DEFAULT_KMOD_DRIVER ]; then
> +               DEFAULT_KMOD_DRIVER="test_module"
> +       fi
> +
> +       if [ -z $DEFAULT_KMOD_FS ]; then
> +               DEFAULT_KMOD_FS="xfs"
> +       fi
> +
> +       if [ -z $PROC_DIR ]; then
> +               PROC_DIR="/proc/sys/kernel/"
> +       fi
> +
> +       if [ -z $MODPROBE_LIMIT ]; then
> +               MODPROBE_LIMIT=50
> +       fi
> +
> +       if [ -z $DIR ]; then
> +               DIR="/sys/devices/virtual/misc/${TEST_DRIVER}0/"
> +       fi
> +
> +       MODPROBE_LIMIT_FILE="${PROC_DIR}/kmod-limit"
> +}
> +
> +test_reqs()
> +{
> +       if ! which modprobe 2> /dev/null > /dev/null; then
> +               echo "$0: You need modprobe installed"

While not a huge deal, I prefer that error messages end up on stderr,
so adding >&2 to all the failure echos (or providing an err function)
would be nice. (This happens in later places...)

> +               exit 1
> +       fi
> +
> +       if ! which kmod 2> /dev/null > /dev/null; then
> +               echo "$0: You need kmod installed"
> +               exit 1
> +       fi
> +
> +       # kmod 19 has a bad bug where it returns 0 when modprobe
> +       # gets called *even* if the module was not loaded due to
> +       # some bad heuristics. For details see:
> +       #
> +       # A work around is possible in-kernel but its rather
> +       # complex.
> +       KMOD_VERSION=$(kmod --version | awk '{print $3}')
> +       if [[ $KMOD_VERSION  -le 19 ]]; then
> +               echo "$0: You need at least kmod 20"
> +               echo "kmod <= 19 is buggy, for details see:"
> +               echo "http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2eb5eb32161088954ab21e58e19dfc4"
> +               exit 1
> +       fi
> +}
> +
> +function load_req_mod()
> +{
> +       if [ ! -d $DIR ]; then
> +               # Alanis: "Oh isn't it ironic?"
> +               modprobe $TEST_DRIVER
> +               if [ ! -d $DIR ]; then
> +                       echo "$0: $DIR not present"
> +                       echo "You must have the following enabled in your kernel:"
> +                       cat $PWD/config

I like this (minimum config in the test directory). Are other tests
doing this too?

> +                       exit 1
> +               fi
> +       fi
> +}
> +
> +test_finish()
> +{
> +       echo "Test completed"
> +}
> +
> +errno_name_to_val()
> +{
> +       case "$1" in
> +       # kmod calls modprobe and upon of a module not found
> +       # modprobe returns just 1... However in the kernel we
> +       # *sometimes* see 256...
> +       MODULE_NOT_FOUND)
> +               echo 256;;
> +       SUCCESS)
> +               echo 0;;
> +       -EPERM)
> +               echo -1;;
> +       -ENOENT)
> +               echo -2;;
> +       -EINVAL)
> +               echo -22;;
> +       -ERR_ANY)
> +               echo -123456;;
> +       *)
> +               echo invalid;;
> +       esac
> +}
> +
> +errno_val_to_name()
> +       case "$1" in
> +       256)
> +               echo MODULE_NOT_FOUND;;
> +       0)
> +               echo SUCCESS;;
> +       -1)
> +               echo -EPERM;;
> +       -2)
> +               echo -ENOENT;;
> +       -22)
> +               echo -EINVAL;;
> +       -123456)
> +               echo -ERR_ANY;;
> +       *)
> +               echo invalid;;
> +       esac
> +
> +config_set_test_case_driver()
> +{
> +       if ! echo -n 1 >$DIR/config_test_case; then
> +               echo "$0: Unable to set to test case to driver" >&2
> +               exit 1
> +       fi
> +}
> +
> +config_set_test_case_fs()
> +{
> +       if ! echo -n 2 >$DIR/config_test_case; then
> +               echo "$0: Unable to set to test case to fs" >&2
> +               exit 1
> +       fi
> +}
> +
> +config_num_threads()
> +{
> +       if ! echo -n $1 >$DIR/config_num_threads; then
> +               echo "$0: Unable to set to number of threads" >&2
> +               exit 1
> +       fi
> +}
> +
> +config_get_modprobe_limit()
> +{
> +       if [[ -f ${MODPROBE_LIMIT_FILE} ]] ; then
> +               MODPROBE_LIMIT=$(cat $MODPROBE_LIMIT_FILE)
> +       fi
> +       echo $MODPROBE_LIMIT
> +}
> +
> +config_num_thread_limit_extra()
> +{
> +       MODPROBE_LIMIT=$(config_get_modprobe_limit)
> +       let EXTRA_LIMIT=$MODPROBE_LIMIT+$1
> +       config_num_threads $EXTRA_LIMIT
> +}
> +
> +# For special characters use printf directly,
> +# refer to kmod_test_0001
> +config_set_driver()
> +{
> +       if ! echo -n $1 >$DIR/config_test_driver; then
> +               echo "$0: Unable to set driver" >&2
> +               exit 1
> +       fi
> +}
> +
> +config_set_fs()
> +{
> +       if ! echo -n $1 >$DIR/config_test_fs; then
> +               echo "$0: Unable to set driver" >&2
> +               exit 1
> +       fi
> +}
> +
> +config_get_driver()
> +{
> +       cat $DIR/config_test_driver
> +}
> +
> +config_get_test_result()
> +{
> +       cat $DIR/test_result
> +}
> +
> +config_reset()
> +{
> +       if ! echo -n "1" >"$DIR"/reset; then
> +               echo "$0: reset shuld have worked" >&2
> +               exit 1
> +       fi
> +}
> +
> +config_show_config()
> +{
> +       echo "----------------------------------------------------"
> +       cat "$DIR"/config
> +       echo "----------------------------------------------------"
> +}
> +
> +config_trigger()
> +{
> +       if ! echo -n "1" >"$DIR"/trigger_config 2>/dev/null; then
> +               echo "$1: FAIL - loading should have worked"
> +               config_show_config
> +               exit 1
> +       fi
> +       echo "$1: OK! - loading kmod test"
> +}
> +
> +config_trigger_want_fail()
> +{
> +       if echo "1" > $DIR/trigger_config 2>/dev/null; then
> +               echo "$1: FAIL - test case was expected to fail"
> +               config_show_config
> +               exit 1
> +       fi
> +       echo "$1: OK! - kmod test case failed as expected"
> +}
> +
> +config_expect_result()
> +{
> +       RC=$(config_get_test_result)
> +       RC_NAME=$(errno_val_to_name $RC)
> +
> +       ERRNO_NAME=$2
> +       ERRNO=$(errno_name_to_val $ERRNO_NAME)
> +
> +       if [[ $ERRNO_NAME = "-ERR_ANY" ]]; then
> +               if [[ $RC -ge 0 ]]; then
> +                       echo "$1: FAIL, test expects $ERRNO_NAME - got $RC_NAME ($RC)" >&2
> +                       config_show_config
> +                       exit 1
> +               fi
> +       elif [[ $RC != $ERRNO ]]; then
> +               echo "$1: FAIL, test expects $ERRNO_NAME ($ERRNO) - got $RC_NAME ($RC)" >&2
> +               config_show_config
> +               exit 1
> +       fi
> +       echo "$1: OK! - Return value: $RC ($RC_NAME), expected $ERRNO_NAME"
> +}
> +
> +kmod_defaults_driver()
> +{
> +       config_reset
> +       modprobe -r $DEFAULT_KMOD_DRIVER
> +       config_set_driver $DEFAULT_KMOD_DRIVER
> +}
> +
> +kmod_defaults_fs()
> +{
> +       config_reset
> +       modprobe -r $DEFAULT_KMOD_FS
> +       config_set_fs $DEFAULT_KMOD_FS
> +       config_set_test_case_fs
> +}
> +
> +kmod_test_0001_driver()
> +{
> +       NAME='\000'
> +
> +       kmod_defaults_driver
> +       config_num_threads 1
> +       printf '\000' >"$DIR"/config_test_driver
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} MODULE_NOT_FOUND
> +}
> +
> +kmod_test_0001_fs()
> +{
> +       NAME='\000'
> +
> +       kmod_defaults_fs
> +       config_num_threads 1
> +       printf '\000' >"$DIR"/config_test_fs
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} -EINVAL
> +}
> +
> +kmod_test_0001()
> +{
> +       kmod_test_0001_driver
> +       kmod_test_0001_fs
> +}
> +
> +kmod_test_0002_driver()
> +{
> +       NAME="nope-$DEFAULT_KMOD_DRIVER"
> +
> +       kmod_defaults_driver
> +       config_set_driver $NAME
> +       config_num_threads 1
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} MODULE_NOT_FOUND
> +}
> +
> +kmod_test_0002_fs()
> +{
> +       NAME="nope-$DEFAULT_KMOD_FS"
> +
> +       kmod_defaults_fs
> +       config_set_fs $NAME
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} -EINVAL
> +}
> +
> +kmod_test_0002()
> +{
> +       kmod_test_0002_driver
> +       kmod_test_0002_fs
> +}
> +
> +kmod_test_0003()
> +{
> +       kmod_defaults_fs
> +       config_num_threads 1
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} SUCCESS
> +}
> +
> +kmod_test_0004()
> +{
> +       kmod_defaults_fs
> +       config_num_threads 2
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} SUCCESS
> +}
> +
> +kmod_test_0005()
> +{
> +       kmod_defaults_driver
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} SUCCESS
> +}
> +
> +kmod_test_0006()
> +{
> +       kmod_defaults_fs
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} SUCCESS
> +}
> +
> +kmod_test_0007()
> +{
> +       kmod_test_0005
> +       kmod_test_0006
> +}
> +
> +kmod_test_0008()
> +{
> +       kmod_defaults_driver
> +       MODPROBE_LIMIT=$(config_get_modprobe_limit)
> +       let EXTRA=$MODPROBE_LIMIT/2
> +       config_num_thread_limit_extra $EXTRA
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} -EINVAL
> +}
> +
> +kmod_test_0009()
> +{
> +       kmod_defaults_fs
> +       #MODPROBE_LIMIT=$(config_get_modprobe_limit)
> +       #let EXTRA=$MODPROBE_LIMIT/3
> +       config_num_thread_limit_extra 5
> +       config_trigger ${FUNCNAME[0]}
> +       config_expect_result ${FUNCNAME[0]} -EINVAL
> +}
> +
> +trap "test_finish" EXIT
> +test_reqs
> +allow_user_defaults
> +load_req_mod
> +
> +usage()
> +{
> +       echo "Usage: $0 [ -t <4-number-digit> ]"
> +       echo "Valid tests: 0001-0011"
> +       echo
> +       echo "0001 - Simple test - 1 thread  for empty string"
> +       echo "0002 - Simple test - 1 thread  for modules/filesystems that do not exist"
> +       echo "0003 - Simple test - 1 thread  for get_fs_type() only"
> +       echo "0004 - Simple test - 2 threads for get_fs_type() only"
> +       echo "0005 - multithreaded tests with default setup - request_module() only"
> +       echo "0006 - multithreaded tests with default setup - get_fs_type() only"
> +       echo "0007 - multithreaded tests with default setup test request_module() and get_fs_type()"
> +       echo "0008 - multithreaded - push kmod_concurrent over max_modprobes for request_module()"
> +       echo "0009 - multithreaded - push kmod_concurrent over max_modprobes for get_fs_type()"
> +       exit 1
> +}
> +
> +# You can ask for a specific test:
> +if [[ $# > 0 ]] ; then
> +       if [[ $1 != "-t" ]]; then
> +               usage
> +       fi
> +
> +       re='^[0-9]+$'
> +       if ! [[ $2 =~ $re ]]; then
> +               usage
> +       fi
> +
> +       RUN_TEST=kmod_test_$2
> +       $RUN_TEST
> +       exit 0
> +fi
> +
> +# Once tese are enabled please leave them as-is. Write your own test,
> +# we have tons of space.
> +kmod_test_0001
> +kmod_test_0002
> +kmod_test_0003
> +kmod_test_0004
> +kmod_test_0005
> +kmod_test_0006
> +kmod_test_0007
> +
> +#kmod_test_0008
> +#kmod_test_0009

While it's documented in the commit log, I think a short note for each
disabled test should be added here too.

> +
> +exit 0
> --
> 2.10.1
>

-Kees

-- 
Kees Cook
Nexus Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ