lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFd5g47wrVks-+rfPp=3qm+RYm9f+qvStw8TVwH_Eh8wh_Fzng@mail.gmail.com>
Date:   Mon, 12 Oct 2020 13:48:52 -0700
From:   Brendan Higgins <brendanhiggins@...gle.com>
To:     Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:     Petr Mladek <pmladek@...e.com>,
        Arpitha Raghunandan <98.arpi@...il.com>,
        Shuah Khan <skhan@...uxfoundation.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        KUnit Development <kunit-dev@...glegroups.com>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-kernel-mentees@...ts.linuxfoundation.org
Subject: Re: [PATCH] lib: Convert test_printf.c to KUnit

On Mon, Oct 12, 2020 at 1:13 PM Brendan Higgins
<brendanhiggins@...gle.com> wrote:
>
> On Fri, Aug 21, 2020 at 5:19 AM Rasmus Villemoes
> <linux@...musvillemoes.dk> wrote:
>
> Sorry about the late reply. I saw activity on this before and thought
> it was under control. I only saw the unresolved state now looking
> through patchwork.
>
> > On 21/08/2020 13.37, Petr Mladek wrote:
> > > On Mon 2020-08-17 09:06:32, Rasmus Villemoes wrote:
> > >> On 17/08/2020 06.30, Arpitha Raghunandan wrote:
> > >>> Converts test lib/test_printf.c to KUnit.
> > >>> More information about KUnit can be found at
> > >>> https://www.kernel.org/doc/html/latest/dev-tools/kunit/index.html.
> > >>> KUnit provides a common framework for unit tests in the kernel.
> > >>
> > >> So I can continue to build a kernel with some appropriate CONFIG set to
> > >> y, boot it under virt-me, run dmesg and see if I broke printf? That's
> > >> what I do now, and I don't want to have to start using some enterprisy
> > >> framework.
> > >
> > > I had the same concern. I have tried it.
> >
> > Thanks for doing that and reporting the results.
> >
> > >     #> modprobe printf_kunit
> > >
> > > produced the following in dmesg:
> > >
> > > [   60.931175] printf_kunit: module verification failed: signature and/or required key missing - tainting kernel
> > > [   60.942209] TAP version 14
> > > [   60.945197]     # Subtest: printf-kunit-test
> > > [   60.945200]     1..1
> > > [   60.951092]     ok 1 - selftest
> > > [   60.953414] ok 1 - printf-kunit-test
> > >
> > > I could live with the above. Then I tried to break a test by the following change:
> > >
> > >
> > > diff --git a/lib/printf_kunit.c b/lib/printf_kunit.c
> > > index 68ac5f9b8d28..1689dadd70a3 100644
> > > --- a/lib/printf_kunit.c
> > > +++ b/lib/printf_kunit.c
> > > @@ -395,7 +395,7 @@ ip4(struct kunit *kunittest)
> > >         sa.sin_port = cpu_to_be16(12345);
> > >         sa.sin_addr.s_addr = cpu_to_be32(0x7f000001);
> > >
> > > -       test(kunittest, "127.000.000.001|127.0.0.1", "%pi4|%pI4", &sa.sin_addr, &sa.sin_addr);
> > > +       test(kunittest, "127-000.000.001|127.0.0.1", "%pi4|%pI4", &sa.sin_addr, &sa.sin_addr);
> > >         test(kunittest, "127.000.000.001|127.0.0.1", "%piS|%pIS", &sa, &sa);
> > >         sa.sin_addr.s_addr = cpu_to_be32(0x01020304);
> > >         test(kunittest, "001.002.003.004:12345|1.2.3.4:12345", "%piSp|%pISp", &sa, &sa);
> > >
> > >
> > > It produced::
> > >
> > > [   56.786858] TAP version 14
> > > [   56.787493]     # Subtest: printf-kunit-test
> > > [   56.787494]     1..1
> > > [   56.788612]     # selftest: EXPECTATION FAILED at lib/printf_kunit.c:76
> > >                    Expected memcmp(test_buffer, expect, written) == 0, but
> > >                        memcmp(test_buffer, expect, written) == 1
> > >                        0 == 0
> > >                vsnprintf(buf, 256, "%pi4|%pI4", ...) wrote '127.000.000.001|127.0.0.1', expected '127-000.000.001|127.0.0.1'
> > > [   56.795433]     # selftest: EXPECTATION FAILED at lib/printf_kunit.c:76
> > >                    Expected memcmp(test_buffer, expect, written) == 0, but
> > >                        memcmp(test_buffer, expect, written) == 1
> > >                        0 == 0
> > >                vsnprintf(buf, 20, "%pi4|%pI4", ...) wrote '127.000.000.001|127', expected '127-000.000.001|127'
> > > [   56.800909]     # selftest: EXPECTATION FAILED at lib/printf_kunit.c:108
> > >                    Expected memcmp(p, expect, elen+1) == 0, but
> > >                        memcmp(p, expect, elen+1) == 1
> > >                        0 == 0
> > >                kvasprintf(..., "%pi4|%pI4", ...) returned '127.000.000.001|127.0.0.1', expected '127-000.000.001|127.0.0.1'
> > > [   56.806497]     not ok 1 - selftest
> > > [   56.806497] not ok 1 - printf-kunit-test
> > >
> > > while the original code would have written the following error messages:
> > >
> > > [   95.859225] test_printf: loaded.
> > > [   95.860031] test_printf: vsnprintf(buf, 256, "%pi4|%pI4", ...) wrote '127.000.000.001|127.0.0.1', expected '127-000.000.001|127.0.0.1'
> > > [   95.862630] test_printf: vsnprintf(buf, 6, "%pi4|%pI4", ...) wrote '127.0', expected '127-0'
> > > [   95.864118] test_printf: kvasprintf(..., "%pi4|%pI4", ...) returned '127.000.000.001|127.0.0.1', expected '127-000.000.001|127.0.0.1'
> > > [   95.866589] test_printf: failed 3 out of 388 tests
> > >
> > >
> > > Even the error output is acceptable for me.
> >
> > Urgh. Yeah, perhaps, but the original is much more readable; it really
> > doesn't matter that a memcmp() fails to compare equal to 0, that's
> > merely how we figured out that the output was wrong.
>
> We can go back to the original error reporting format, just as long as
> you don't mind the "ok" lines interspersed throughout (this is part of
> an attempt to standardize around the KTAP reporting format[1].
>
> > I am just curious why
> > > the 2nd failure is different:
> > >
> > >    + original code: vsnprintf(buf, 6, "%pi4|%pI4", ...) wrote '127.0', expected '127-0'
> > >    + kunit code: vsnprintf(buf, 20, "%pi4|%pI4", ...) wrote '127.000.000.001|127', expected '127-000.000.001|127'
> >
> > That's by design. If you read the code, there's a comment that says we
> > do every test case four times: With a buffer that is large enough to do
> > the whole output, with a 0 size buffer (that's essential to allowing
> > kasprintf to know how much to allocate),  with kvasprintf - but also
> > with a buffer size that's guaranteed to ensure the output gets truncated
> > somewhere. And that size is chosen randomly - I guess one could test
> > every single buffer size between 0 and elen+1, but that's overkill.
> >
> > Now I should probably have made the tests deterministic in the sense of
> > getting a random seed for a PRNG, printing that seed and allowing a
> > module parameter to set the seed in order to repeat the exact same
> > tests. But so far I haven't really seen any bugs caught by test_printf
> > which would have been easier to fix with that.
> >
> > The reason I added that "chop it off somewhere randomly" was, IIRC, due
> > to some %p extensions that behaved rather weirdly depending on whether
> > there was enough room left or not, but I fixed those bugs before
> > creating test_printf (and they were in turn the reason for creating
> > test_printf). See for example 41416f2330, where %pE at the beginning of
> > the format string would work ok, but if anything preceded it and the
> > buffer was too small we'd crash.
> >
> > >
> > > I am also a bit scared by the following note at
> > > https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html#running-tests-without-the-kunit-wrapper
> > >
> > >    "KUnit is not designed for use in a production system, and it’s
> > >    possible that tests may reduce the stability or security of the
> > >    system."
> > >
> > > What does it mean thay it might reduce stability or security?
> > > Is it because the tests might cause problems?
> > > Or because the kunit framework modifies functionality of the running
> > > system all the time?
>
> Oh yeah, that's just because we are afraid that tests might cause
> problems. KUnit by itself does nothing to affect the stability or
> security of the system.

And I forgot the link to KTAP[1]. I am really batting a thousand here.

[1] https://lore.kernel.org/linux-kselftest/CY4PR13MB1175B804E31E502221BC8163FD830@CY4PR13MB1175.namprd13.prod.outlook.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ