[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jKs7sTzd==6q1k+wti1eW0Dt7msgvHBupRNJv33CDPYWg@mail.gmail.com>
Date: Tue, 2 Apr 2019 14:36:06 -0700
From: Kees Cook <keescook@...omium.org>
To: "Tobin C. Harding" <tobin@...nel.org>
Cc: Shuah Khan <shuah@...nel.org>, Jann Horn <jannh@...gle.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Randy Dunlap <rdunlap@...radead.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Andy Lutomirski <luto@...capital.net>,
Daniel Micay <danielmicay@...il.com>,
Arnd Bergmann <arnd@...db.de>,
Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 7/7] lib: Add test module for strscpy_pad
On Wed, Mar 6, 2019 at 1:43 PM Tobin C. Harding <tobin@...nel.org> wrote:
>
> Add a test module for the new strscpy_pad() function. Tie it into the
> kselftest infrastructure for lib/ tests.
>
> Signed-off-by: Tobin C. Harding <tobin@...nel.org>
Yay! :)
Acked-by: Kees Cook <keescook@...omium.org>
-Kees
> ---
> lib/Kconfig.debug | 3 +
> lib/Makefile | 1 +
> lib/test_strscpy.c | 150 +++++++++++++++++++++++++
> tools/testing/selftests/lib/Makefile | 2 +-
> tools/testing/selftests/lib/config | 1 +
> tools/testing/selftests/lib/strscpy.sh | 17 +++
> 6 files changed, 173 insertions(+), 1 deletion(-)
> create mode 100644 lib/test_strscpy.c
> create mode 100755 tools/testing/selftests/lib/strscpy.sh
>
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index d4df5b24d75e..441c1571495c 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -1805,6 +1805,9 @@ config TEST_HEXDUMP
> config TEST_STRING_HELPERS
> tristate "Test functions located in the string_helpers module at runtime"
>
> +config TEST_STRSCPY
> + tristate "Test strscpy*() family of functions at runtime"
> +
> config TEST_KSTRTOX
> tristate "Test kstrto*() family of functions at runtime"
>
> diff --git a/lib/Makefile b/lib/Makefile
> index e1b59da71418..82e027f73a3e 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -68,6 +68,7 @@ obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_keys.o
> obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_key_base.o
> obj-$(CONFIG_TEST_PRINTF) += test_printf.o
> obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o
> +obj-$(CONFIG_TEST_STRSCPY) += test_strscpy.o
> obj-$(CONFIG_TEST_BITFIELD) += test_bitfield.o
> obj-$(CONFIG_TEST_UUID) += test_uuid.o
> obj-$(CONFIG_TEST_XARRAY) += test_xarray.o
> diff --git a/lib/test_strscpy.c b/lib/test_strscpy.c
> new file mode 100644
> index 000000000000..95665e8a0f97
> --- /dev/null
> +++ b/lib/test_strscpy.c
> @@ -0,0 +1,150 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/string.h>
> +
> +#include "../tools/testing/selftests/kselftest_module.h"
> +
> +/*
> + * Kernel module for testing 'strscpy' family of functions.
> + */
> +
> +KSTM_MODULE_GLOBALS();
> +
> +/*
> + * tc() - Run a specific test case.
> + * @src: Source string, argument to strscpy_pad()
> + * @count: Size of destination buffer, argument to strscpy_pad()
> + * @expected: Expected return value from call to strscpy_pad()
> + * @terminator: 1 if there should be a terminating null byte 0 otherwise.
> + * @chars: Number of characters from the src string expected to be
> + * written to the dst buffer.
> + * @pad: Number of pad characters expected (in the tail of dst buffer).
> + * (@pad does not include the null terminator byte.)
> + *
> + * Calls strscpy_pad() and verifies the return value and state of the
> + * destination buffer after the call returns.
> + */
> +static int __init tc(char *src, int count, int expected,
> + int chars, int terminator, int pad)
> +{
> + int nr_bytes_poison;
> + int max_expected;
> + int max_count;
> + int written;
> + char buf[6];
> + int index, i;
> + const char POISON = 'z';
> +
> + total_tests++;
> +
> + if (!src) {
> + pr_err("null source string not supported\n");
> + return -1;
> + }
> +
> + memset(buf, POISON, sizeof(buf));
> + /* Future proofing test suite, validate args */
> + max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
> + max_expected = count - 1; /* Space for the null */
> + if (count > max_count) {
> + pr_err("count (%d) is too big (%d) ... aborting", count, max_count);
> + return -1;
> + }
> + if (expected > max_expected) {
> + pr_warn("expected (%d) is bigger than can possibly be returned (%d)",
> + expected, max_expected);
> + }
> +
> + written = strscpy_pad(buf, src, count);
> + if ((written) != (expected)) {
> + pr_err("%d != %d (written, expected)\n", written, expected);
> + goto fail;
> + }
> +
> + if (count && written == -E2BIG) {
> + if (strncmp(buf, src, count - 1) != 0) {
> + pr_err("buffer state invalid for -E2BIG\n");
> + goto fail;
> + }
> + if (buf[count - 1] != '\0') {
> + pr_err("too big string is not null terminated correctly\n");
> + goto fail;
> + }
> + }
> +
> + for (i = 0; i < chars; i++) {
> + if (buf[i] != src[i]) {
> + pr_err("buf[i]==%c != src[i]==%c\n", buf[i], src[i]);
> + goto fail;
> + }
> + }
> +
> + if (terminator) {
> + if (buf[count - 1] != '\0') {
> + pr_err("string is not null terminated correctly\n");
> + goto fail;
> + }
> + }
> +
> + for (i = 0; i < pad; i++) {
> + index = chars + terminator + i;
> + if (buf[index] != '\0') {
> + pr_err("padding missing at index: %d\n", i);
> + goto fail;
> + }
> + }
> +
> + nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
> + for (i = 0; i < nr_bytes_poison; i++) {
> + index = sizeof(buf) - 1 - i; /* Check from the end back */
> + if (buf[index] != POISON) {
> + pr_err("poison value missing at index: %d\n", i);
> + goto fail;
> + }
> + }
> +
> + return 0;
> +fail:
> + failed_tests++;
> + return -1;
> +}
> +
> +static void __init selftest(void)
> +{
> + /*
> + * tc() uses a destination buffer of size 6 and needs at
> + * least 2 characters spare (one for null and one to check for
> + * overflow). This means we should only call tc() with
> + * strings up to a maximum of 4 characters long and 'count'
> + * should not exceed 4. To test with longer strings increase
> + * the buffer size in tc().
> + */
> +
> + /* tc(src, count, expected, chars, terminator, pad) */
> + KSTM_CHECK_ZERO(tc("a", 0, -E2BIG, 0, 0, 0));
> + KSTM_CHECK_ZERO(tc("", 0, -E2BIG, 0, 0, 0));
> +
> + KSTM_CHECK_ZERO(tc("a", 1, -E2BIG, 0, 1, 0));
> + KSTM_CHECK_ZERO(tc("", 1, 0, 0, 1, 0));
> +
> + KSTM_CHECK_ZERO(tc("ab", 2, -E2BIG, 1, 1, 0));
> + KSTM_CHECK_ZERO(tc("a", 2, 1, 1, 1, 0));
> + KSTM_CHECK_ZERO(tc("", 2, 0, 0, 1, 1));
> +
> + KSTM_CHECK_ZERO(tc("abc", 3, -E2BIG, 2, 1, 0));
> + KSTM_CHECK_ZERO(tc("ab", 3, 2, 2, 1, 0));
> + KSTM_CHECK_ZERO(tc("a", 3, 1, 1, 1, 1));
> + KSTM_CHECK_ZERO(tc("", 3, 0, 0, 1, 2));
> +
> + KSTM_CHECK_ZERO(tc("abcd", 4, -E2BIG, 3, 1, 0));
> + KSTM_CHECK_ZERO(tc("abc", 4, 3, 3, 1, 0));
> + KSTM_CHECK_ZERO(tc("ab", 4, 2, 2, 1, 1));
> + KSTM_CHECK_ZERO(tc("a", 4, 1, 1, 1, 2));
> + KSTM_CHECK_ZERO(tc("", 4, 0, 0, 1, 3));
> +}
> +
> +KSTM_MODULE_LOADERS(test_strscpy);
> +MODULE_AUTHOR("Tobin C. Harding <tobin@...nel.org>");
> +MODULE_LICENSE("GPL");
> diff --git a/tools/testing/selftests/lib/Makefile b/tools/testing/selftests/lib/Makefile
> index 70d5711e3ac8..9f26635f3e57 100644
> --- a/tools/testing/selftests/lib/Makefile
> +++ b/tools/testing/selftests/lib/Makefile
> @@ -3,6 +3,6 @@
> # No binaries, but make sure arg-less "make" doesn't trigger "run_tests"
> all:
>
> -TEST_PROGS := printf.sh bitmap.sh prime_numbers.sh
> +TEST_PROGS := printf.sh bitmap.sh prime_numbers.sh strscpy.sh
>
> include ../lib.mk
> diff --git a/tools/testing/selftests/lib/config b/tools/testing/selftests/lib/config
> index 126933bcc950..14a77ea4a8da 100644
> --- a/tools/testing/selftests/lib/config
> +++ b/tools/testing/selftests/lib/config
> @@ -1,3 +1,4 @@
> CONFIG_TEST_PRINTF=m
> CONFIG_TEST_BITMAP=m
> CONFIG_PRIME_NUMBERS=m
> +CONFIG_TEST_STRSCPY=m
> diff --git a/tools/testing/selftests/lib/strscpy.sh b/tools/testing/selftests/lib/strscpy.sh
> new file mode 100755
> index 000000000000..f3ba4b90e602
> --- /dev/null
> +++ b/tools/testing/selftests/lib/strscpy.sh
> @@ -0,0 +1,17 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0+
> +
> +module=test_strscpy
> +description="strscpy"
> +
> +#
> +# Shouldn't need to edit anything below here.
> +#
> +
> +file="kselftest_module.sh"
> +path="../$file"
> +if [[ ! $KBUILD_SRC == "" ]]; then
> + path="${KBUILD_SRC}/tools/testing/selftests/$file"
> +fi
> +
> +$path $module $description
> --
> 2.20.1
>
--
Kees Cook
Powered by blists - more mailing lists