lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 8 Aug 2020 11:26:58 +0800
From:   David Gow <davidgow@...gle.com>
To:     Andrey Konovalov <andreyknvl@...gle.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Patricia Alfonso <trishalfonso@...gle.com>,
        Brendan Higgins <brendanhiggins@...gle.com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Juri Lelli <juri.lelli@...hat.com>,
        Vincent Guittot <vincent.guittot@...aro.org>,
        Shuah Khan <shuah@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        kasan-dev <kasan-dev@...glegroups.com>,
        KUnit Development <kunit-dev@...glegroups.com>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>,
        Linux Memory Management List <linux-mm@...ck.org>
Subject: Re: [PATCH v11 0/6] KASAN-KUnit Integration

On Fri, Aug 7, 2020 at 9:15 PM 'Andrey Konovalov' via kasan-dev
<kasan-dev@...glegroups.com> wrote:
>
> On Wed, Aug 5, 2020 at 6:29 AM David Gow <davidgow@...gle.com> wrote:
> >
> > This patchset contains everything needed to integrate KASAN and KUnit.
> >
> > KUnit will be able to:
> > (1) Fail tests when an unexpected KASAN error occurs
> > (2) Pass tests when an expected KASAN error occurs
> >
> > Convert KASAN tests to KUnit with the exception of copy_user_test
> > because KUnit is unable to test those.
> >
> > Add documentation on how to run the KASAN tests with KUnit and what to
> > expect when running these tests.
> >
> > This patchset depends on:
> > - "kunit: extend kunit resources API" [1]
> >  - This is included in the KUnit 5.9-rci pull request[8]
> >
> > I'd _really_ like to get this into 5.9 if possible: we also have some
> > other changes which depend on some things here.
>
> Found a small issue in patch #3, but otherwise:
>
> Tested-by: Andrey Konovalov <andreyknvl@...gle.com>
>
> for the series.

Cheers! The issue in #3 looks to be a rebase issue: I'll send a fixed
version out soon.
>
> The patches apply cleanly on top of the latest linux-next/akpm branch.
>
> There are some tests that fail for tag-based mode, but those are
> unrelated to this series, and require KASAN improvements.
>
Do you think it's worth disabling these tests if tag-based mode is
disabled? Personally, I'm leaning "no", but if the planned support for
explicitly skipping tests existed, this could be a good case for it: a
test which is expected to fail due to a feature not existing in the
current config.

Thanks,
-- David

> >
> > Changes from v10:
> >  - Fixed some whitespace issues in patch 2.
> >  - Split out the renaming of the KUnit test suite into a separate patch.
> >
> > Changes from v9:
> >  - Rebased on top of linux-next (20200731) + kselftest/kunit and [7]
> >  - Note that the kasan_rcu_uaf test has not been ported to KUnit, and
> >    remains in test_kasan_module. This is because:
> >    (a) KUnit's expect failure will not check if the RCU stacktraces
> >        show.
> >    (b) KUnit is unable to link the failure to the test, as it occurs in
> >        an RCU callback.
> >
> > Changes from v8:
> >  - Rebased on top of kselftest/kunit
> >  - (Which, with this patchset, should rebase cleanly on 5.8-rc7)
> >  - Renamed the KUnit test suite, config name to patch the proposed
> >    naming guidelines for KUnit tests[6]
> >
> > Changes from v7:
> >  - Rebased on top of kselftest/kunit
> >  - Rebased on top of v4 of the kunit resources API[1]
> >  - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4]
> >  - Updated the Kconfig entry to support KUNIT_ALL_TESTS
> >
> > Changes from v6:
> >  - Rebased on top of kselftest/kunit
> >  - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE
> >    incompatibilites [2]
> >  - Removed a redundant report_enabled() check.
> >  - Fixed some places with out of date Kconfig names in the
> >    documentation.
> >
> > Changes from v5:
> >  - Split out the panic_on_warn changes to a separate patch.
> >  - Fix documentation to fewer to the new Kconfig names.
> >  - Fix some changes which were in the wrong patch.
> >  - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1)
> >
> > Changes from v4:
> >  - KASAN no longer will panic on errors if both panic_on_warn and
> >    kasan_multishot are enabled.
> >  - As a result, the KASAN tests will no-longer disable panic_on_warn.
> >  - This also means panic_on_warn no-longer needs to be exported.
> >  - The use of temporary "kasan_data" variables has been cleaned up
> >    somewhat.
> >  - A potential refcount/resource leak should multiple KASAN errors
> >    appear during an assertion was fixed.
> >  - Some wording changes to the KASAN test Kconfig entries.
> >
> > Changes from v3:
> >  - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been
> >  combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead.
> >  - Reordered logic in kasan_update_kunit_status() in report.c to be
> >  easier to read.
> >  - Added comment to not use the name "kasan_data" for any kunit tests
> >  outside of KUNIT_EXPECT_KASAN_FAIL().
> >
> > Changes since v2:
> >  - Due to Alan's changes in [1], KUnit can be built as a module.
> >  - The name of the tests that could not be run with KUnit has been
> >  changed to be more generic: test_kasan_module.
> >  - Documentation on how to run the new KASAN tests and what to expect
> >  when running them has been added.
> >  - Some variables and functions are now static.
> >  - Now save/restore panic_on_warn in a similar way to kasan_multi_shot
> >  and renamed the init/exit functions to be more generic to accommodate.
> >  - Due to [4] in kasan_strings, kasan_memchr, and
> >  kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return
> >  early and print message explaining this circumstance.
> >  - Changed preprocessor checks to C checks where applicable.
> >
> > Changes since v1:
> >  - Make use of Alan Maguire's suggestion to use his patch that allows
> >    static resources for integration instead of adding a new attribute to
> >    the kunit struct
> >  - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test
> >  - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the
> >    test_kasan.c file since it seems this is the only place this will
> >    be used.
> >  - Integration relies on KUnit being builtin
> >  - copy_user_test has been separated into its own file since KUnit
> >    is unable to test these. This can be run as a module just as before,
> >    using CONFIG_TEST_KASAN_USER
> >  - The addition to the current task has been separated into its own
> >    patch as this is a significant enough change to be on its own.
> >
> >
> > [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBnsd-k_CVy6bQUeU4Jw@mail.gmail.com/T/#t
> > [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/
> > [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=adb72ae1915db28f934e9e02c18bfcea2f3ed3b7
> > [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47227d27e2fcb01a9e8f5958d8997cf47a820afc
> > [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337
> > [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@google.com/
> > [7] https://lkml.org/lkml/2020/7/31/571
> > [8] https://lore.kernel.org/linux-kselftest/8d43e88e-1356-cd63-9152-209b81b16746@linuxfoundation.org/T/#u
> >
> >
> > David Gow (2):
> >   kasan: test: Make KASAN KUnit test comply with naming guidelines
> >   mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set
> >
> > Patricia Alfonso (4):
> >   Add KUnit Struct to Current Task
> >   KUnit: KASAN Integration
> >   KASAN: Port KASAN Tests to KUnit
> >   KASAN: Testing Documentation
> >
> >  Documentation/dev-tools/kasan.rst |  70 +++
> >  include/kunit/test.h              |   5 +
> >  include/linux/kasan.h             |   6 +
> >  include/linux/sched.h             |   4 +
> >  lib/Kconfig.kasan                 |  22 +-
> >  lib/Makefile                      |   7 +-
> >  lib/kasan_kunit.c                 | 770 +++++++++++++++++++++++++
> >  lib/kunit/test.c                  |  13 +-
> >  lib/test_kasan.c                  | 903 ------------------------------
> >  lib/test_kasan_module.c           | 111 ++++
> >  mm/kasan/report.c                 |  34 +-
> >  11 files changed, 1028 insertions(+), 917 deletions(-)
> >  create mode 100644 lib/kasan_kunit.c
> >  delete mode 100644 lib/test_kasan.c
> >  create mode 100644 lib/test_kasan_module.c
> >
> > --
> > 2.28.0.163.g6104cc2f0b6-goog
> >
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/CAAeHK%2BwPt46879AnV3n3d7%2BJZqkv2Vo652OPBAjHcuyru56h9w%40mail.gmail.com.

Powered by blists - more mailing lists