lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <655fd7e303b852809d3a8167d28091429f969c73.1669486407.git.andreyknvl@google.com>
Date:   Sat, 26 Nov 2022 19:15:11 +0100
From:   andrey.konovalov@...ux.dev
To:     Marco Elver <elver@...gle.com>, David Gow <davidgow@...gle.com>
Cc:     Andrey Konovalov <andreyknvl@...il.com>,
        Alexander Potapenko <glider@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Andrey Ryabinin <ryabinin.a.a@...il.com>,
        kasan-dev@...glegroups.com,
        Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org,
        Andrey Konovalov <andreyknvl@...gle.com>
Subject: [PATCH mm] kasan: fail non-kasan KUnit tests on KASAN reports

From: Andrey Konovalov <andreyknvl@...gle.com>

After the recent changes done to KUnit-enabled KASAN tests, non-KASAN KUnit
tests stopped being failed when KASAN report is detected.

Recover that property by failing the currently running non-KASAN KUnit test
when KASAN detects and prints a report for a bad memory access.

Note that if the bad accesses happened in a kernel thread that doesn't
have a reference to the currently running KUnit-test available via
current->kunit_test, the test won't be failed. This is a limitation of
KUnit, which doesn't yet provide a thread-agnostic way to find the
reference to the currenly running test.

Fixes: 49d9977ac909 ("kasan: check CONFIG_KASAN_KUNIT_TEST instead of CONFIG_KUNIT")
Fixes: 7f29493ba529 ("kasan: switch kunit tests to console tracepoints")
Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
---
 mm/kasan/kasan.h      |  6 ++++++
 mm/kasan/kasan_test.c | 11 +++++++++++
 mm/kasan/report.c     | 22 ++++++++++++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index a84491bc4867..08a83a7ef77f 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -548,6 +548,12 @@ void kasan_restore_multi_shot(bool enabled);
 
 #endif
 
+#if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST)
+bool kasan_kunit_test_suite_executing(void);
+#else
+static bool kasan_kunit_test_suite_executing(void) { return false; }
+#endif
+
 /*
  * Exported functions for interfaces called from assembly or from generated
  * code. Declared here to avoid warnings about missing declarations.
diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c
index e27591ef2777..c9a615e892ed 100644
--- a/mm/kasan/kasan_test.c
+++ b/mm/kasan/kasan_test.c
@@ -32,6 +32,9 @@
 
 #define OOB_TAG_OFF (IS_ENABLED(CONFIG_KASAN_GENERIC) ? 0 : KASAN_GRANULE_SIZE)
 
+/* Whether the KASAN KUnit test suite is currently being executed. */
+static bool executing;
+
 static bool multishot;
 
 /* Fields set based on lines observed in the console. */
@@ -47,6 +50,11 @@ static struct {
 void *kasan_ptr_result;
 int kasan_int_result;
 
+bool kasan_kunit_test_suite_executing(void)
+{
+	return READ_ONCE(executing);
+}
+
 /* Probe for console output: obtains test_status lines of interest. */
 static void probe_console(void *ignore, const char *buf, size_t len)
 {
@@ -76,6 +84,8 @@ static int kasan_suite_init(struct kunit_suite *suite)
 		return -1;
 	}
 
+	WRITE_ONCE(executing, true);
+
 	/*
 	 * Temporarily enable multi-shot mode. Otherwise, KASAN would only
 	 * report the first detected bug and panic the kernel if panic_on_warn
@@ -94,6 +104,7 @@ static int kasan_suite_init(struct kunit_suite *suite)
 
 static void kasan_suite_exit(struct kunit_suite *suite)
 {
+	WRITE_ONCE(executing, false);
 	kasan_restore_multi_shot(multishot);
 	for_each_kernel_tracepoint(unregister_tracepoints, NULL);
 	tracepoint_synchronize_unregister();
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 31355851a5ec..e718c997ecae 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -9,6 +9,7 @@
  *        Andrey Konovalov <andreyknvl@...il.com>
  */
 
+#include <kunit/test.h>
 #include <linux/bitops.h>
 #include <linux/ftrace.h>
 #include <linux/init.h>
@@ -112,10 +113,31 @@ EXPORT_SYMBOL_GPL(kasan_restore_multi_shot);
 
 #endif
 
+#if IS_ENABLED(CONFIG_KUNIT)
+
+static void fail_nonkasan_kunit_test(void)
+{
+	struct kunit *test;
+
+	if (!kasan_kunit_test_suite_executing())
+		return;
+
+	test = current->kunit_test;
+	if (test)
+		kunit_set_failure(test);
+}
+
+#else /* CONFIG_KUNIT */
+
+static void fail_nonkasan_kunit_test(void) { }
+
+#endif /* CONFIG_KUNIT */
+
 static DEFINE_SPINLOCK(report_lock);
 
 static void start_report(unsigned long *flags, bool sync)
 {
+	fail_nonkasan_kunit_test();
 	/* Respect the /proc/sys/kernel/traceoff_on_warning interface. */
 	disable_trace_on_warning();
 	/* Do not allow LOCKDEP mangling KASAN reports. */
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ