lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 1 Mar 2020 07:39:22 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Patricia Alfonso <trishalfonso@...gle.com>,
        Kees Cook <keescook@...gle.com>
Cc:     Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Brendan Higgins <brendanhiggins@...gle.com>,
        David Gow <davidgow@...gle.com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Juri Lelli <juri.lelli@...hat.com>,
        Vincent Guittot <vincent.guittot@...aro.org>,
        LKML <linux-kernel@...r.kernel.org>,
        kasan-dev <kasan-dev@...glegroups.com>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>, kunit-dev@...glegroups.com
Subject: Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit

On Sat, Feb 29, 2020 at 2:56 AM Patricia Alfonso
<trishalfonso@...gle.com> wrote:
> On Thu, Feb 27, 2020 at 6:19 AM Dmitry Vyukov <dvyukov@...gle.com> wrote:
> >
> > .On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
> > > -       pr_info("out-of-bounds in copy_from_user()\n");
> > > -       unused = copy_from_user(kmem, usermem, size + 1);
> >
> > Why is all of this removed?
> > Most of these tests are hard earned and test some special corner cases.
> >
> I just moved it inside IS_MODULE(CONFIG_TEST_KASAN) instead because I
> don't think there is a way to rewrite this without it being a module.

You mean these are unconditionally crashing the machine? If yes,
please add a comment about this.

Theoretically we could have a notion of "death tests" similar to gunit:
https://stackoverflow.com/questions/3698718/what-are-google-test-death-tests
KUnit test runner wrapper would need to spawn a separete process per
each such test. Under non-KUnit test runner these should probably be
disabled by default and only run if specifically requested (a-la
--gunit_filter/--gunit_also_run_disabled_tests).
Could also be used to test other things that unconditionally panic,
e.g. +Kees may be happy for unit tests for some of the
hardening/fortification features.
I am not asking to bundle this with this change of course.

Powered by blists - more mailing lists