lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABVgOSkNmmEn05B3HKopWt4T=6rNHCNgrd1JkQo46CS6C9hYJg@mail.gmail.com>
Date: Tue, 9 Apr 2024 16:29:27 +0800
From: David Gow <davidgow@...gle.com>
To: Guenter Roeck <linux@...ck-us.net>
Cc: linux-kselftest@...r.kernel.org, David Airlie <airlied@...il.com>, 
	Arnd Bergmann <arnd@...db.de>, Maíra Canal <mcanal@...lia.com>, 
	Dan Carpenter <dan.carpenter@...aro.org>, Kees Cook <keescook@...omium.org>, 
	Daniel Diaz <daniel.diaz@...aro.org>, Arthur Grillo <arthurgrillo@...eup.net>, 
	Brendan Higgins <brendan.higgins@...ux.dev>, Naresh Kamboju <naresh.kamboju@...aro.org>, 
	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, 
	Andrew Morton <akpm@...ux-foundation.org>, Maxime Ripard <mripard@...nel.org>, 
	Ville Syrjälä <ville.syrjala@...ux.intel.com>, 
	Daniel Vetter <daniel@...ll.ch>, Thomas Zimmermann <tzimmermann@...e.de>, dri-devel@...ts.freedesktop.org, 
	kunit-dev@...glegroups.com, linux-arch@...r.kernel.org, 
	linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-parisc@...r.kernel.org, 
	linuxppc-dev@...ts.ozlabs.org, linux-riscv@...ts.infradead.org, 
	linux-s390@...r.kernel.org, linux-sh@...r.kernel.org, 
	loongarch@...ts.linux.dev, netdev@...r.kernel.org, x86@...nel.org, 
	Linux Kernel Functional Testing <lkft@...aro.org>
Subject: Re: [PATCH v3 01/15] bug/kunit: Core support for suppressing warning backtraces

On Wed, 3 Apr 2024 at 21:19, Guenter Roeck <linux@...ck-us.net> wrote:
>
> Some unit tests intentionally trigger warning backtraces by passing
> bad parameters to API functions. Such unit tests typically check the
> return value from those calls, not the existence of the warning backtrace.
>
> Such intentionally generated warning backtraces are neither desirable
> nor useful for a number of reasons.
> - They can result in overlooked real problems.
> - A warning that suddenly starts to show up in unit tests needs to be
>   investigated and has to be marked to be ignored, for example by
>   adjusting filter scripts. Such filters are ad-hoc because there is
>   no real standard format for warnings. On top of that, such filter
>   scripts would require constant maintenance.
>
> One option to address problem would be to add messages such as "expected
> warning backtraces start / end here" to the kernel log.  However, that
> would again require filter scripts, it might result in missing real
> problematic warning backtraces triggered while the test is running, and
> the irrelevant backtrace(s) would still clog the kernel log.
>
> Solve the problem by providing a means to identify and suppress specific
> warning backtraces while executing test code. Since the new functionality
> results in an image size increase of about 1% if CONFIG_KUNIT is enabled,
> provide configuration option KUNIT_SUPPRESS_BACKTRACE to be able to disable
> the new functionality. This option is by default enabled since almost all
> systems with CONFIG_KUNIT enabled will want to benefit from it.
>
> Cc: Dan Carpenter <dan.carpenter@...aro.org>
> Cc: Daniel Diaz <daniel.diaz@...aro.org>
> Cc: Naresh Kamboju <naresh.kamboju@...aro.org>
> Cc: Kees Cook <keescook@...omium.org>
> Tested-by: Linux Kernel Functional Testing <lkft@...aro.org>
> Acked-by: Dan Carpenter <dan.carpenter@...aro.org>
> Reviewed-by: Kees Cook <keescook@...omium.org>
> Signed-off-by: Guenter Roeck <linux@...ck-us.net>
> ---

Sorry it took so long to get to this.

I love the idea, we've needed this for a while.

There are some downsides to this being entirely based on the name of
the function which contains WARN(). Partly because there could be
several WARN()s within a function, and there'd be overlap, and partly
because the function name is never actually printed during a warning
(it may come from the stack trace, but that can be misleading with
inlined functions).  I don't think either of these are showstoppers,
though, but it'd be nice to extend this in the future with (a) other
ways of identifying warnings, such as the format string, and (b) print
the function name in the report, if it's present. The function name is
probably a good middle ground, complexity-wise, though, so I'm happy
to have it thus far.

 I also think we're missing some opportunities to integrate this
better with existing KUnit infrastructure, like the
action/resource/cleanup system. In particular, it'd be nice to have a
way of ensuring that suppressions won't get leaked if the test aborts
between START_SUPPRESSED_WARNING() and END_SUPPRESSED_WARNING(). It's
not difficult to use this as-is, but it'd be nice to have some
helpers, rather than having to, for instance:
KUNIT_DEFINE_ACTION_WRAPPER(kunit_stop_suppressing_warning,
__end_suppress_warning, struct __suppressed_warning *);
DEFINE_SUPPRESSED_WARNING(vfree);
START_SUPPRESSED_WARNING(vfree);
kunit_add_action(test, kunit_stop_suppressing_warning, (void
*)&__kunit_suppress_vfree);

(With the note that the DEFINE_SUPPRESSED_WARNING() will have to be
global, or put on the heap, lest it become a dangling pointer by the
time the suppression has stopped.)

Equally, do we want to make the
__{start,end,is}_suppress[ed]_warning()  functions KUnit 'hooks'? This
would allow them to be used in modules which don't depend directly on
KUnit. I suspect it's not important in this case: but worth keeping in
mind in case we find a situation where we'd need to suppress a warning
elsewhere.

These are all things which could be added/changed in follow-up
patches, though, so I don't think they're blockers. Otherwise, this
looks good: perhaps the naming could be a bit more consistent with
other KUnit things, but that depends on how much we want this to be 'a
part of KUnit' versus an independent bit of functionality.

> v2:
> - Rebased to v6.9-rc1
> - Added Tested-by:, Acked-by:, and Reviewed-by: tags
> - Added CONFIG_KUNIT_SUPPRESS_BACKTRACE configuration option,
>   enabled by default
> v3:
> - Rebased to v6.9-rc2
>
>  include/asm-generic/bug.h | 16 +++++++++---
>  include/kunit/bug.h       | 51 +++++++++++++++++++++++++++++++++++++++
>  include/kunit/test.h      |  1 +
>  include/linux/bug.h       | 13 ++++++++++
>  lib/bug.c                 | 51 ++++++++++++++++++++++++++++++++++++---
>  lib/kunit/Kconfig         |  9 +++++++
>  lib/kunit/Makefile        |  6 +++--
>  lib/kunit/bug.c           | 40 ++++++++++++++++++++++++++++++
>  8 files changed, 178 insertions(+), 9 deletions(-)
>  create mode 100644 include/kunit/bug.h
>  create mode 100644 lib/kunit/bug.c
>
> diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
> index 6e794420bd39..c170b6477689 100644
> --- a/include/asm-generic/bug.h
> +++ b/include/asm-generic/bug.h
> @@ -18,6 +18,7 @@
>  #endif
>
>  #ifndef __ASSEMBLY__
> +#include <kunit/bug.h>
>  #include <linux/panic.h>
>  #include <linux/printk.h>
>
> @@ -39,8 +40,14 @@ struct bug_entry {
>  #ifdef CONFIG_DEBUG_BUGVERBOSE
>  #ifndef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
>         const char      *file;
> +#ifdef HAVE_BUG_FUNCTION
> +       const char      *function;
> +#endif
>  #else
>         signed int      file_disp;
> +#ifdef HAVE_BUG_FUNCTION
> +       signed int      function_disp;
> +#endif
>  #endif
>         unsigned short  line;
>  #endif
> @@ -96,15 +103,18 @@ extern __printf(1, 2) void __warn_printk(const char *fmt, ...);
>  #define __WARN()               __WARN_printf(TAINT_WARN, NULL)
>  #define __WARN_printf(taint, arg...) do {                              \
>                 instrumentation_begin();                                \
> -               warn_slowpath_fmt(__FILE__, __LINE__, taint, arg);      \
> +               if (!IS_SUPPRESSED_WARNING(__func__))                   \
> +                       warn_slowpath_fmt(__FILE__, __LINE__, taint, arg);\
>                 instrumentation_end();                                  \
>         } while (0)
>  #else
>  #define __WARN()               __WARN_FLAGS(BUGFLAG_TAINT(TAINT_WARN))
>  #define __WARN_printf(taint, arg...) do {                              \
>                 instrumentation_begin();                                \
> -               __warn_printk(arg);                                     \
> -               __WARN_FLAGS(BUGFLAG_NO_CUT_HERE | BUGFLAG_TAINT(taint));\
> +               if (!IS_SUPPRESSED_WARNING(__func__)) {                 \
> +                       __warn_printk(arg);                             \
> +                       __WARN_FLAGS(BUGFLAG_NO_CUT_HERE | BUGFLAG_TAINT(taint));\
> +               }                                                       \
>                 instrumentation_end();                                  \
>         } while (0)
>  #define WARN_ON_ONCE(condition) ({                             \
> diff --git a/include/kunit/bug.h b/include/kunit/bug.h
> new file mode 100644
> index 000000000000..bd0fe047572b
> --- /dev/null
> +++ b/include/kunit/bug.h
> @@ -0,0 +1,51 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * KUnit helpers for backtrace suppression
> + *
> + * Copyright (c) 2024 Guenter Roeck <linux@...ck-us.net>
> + */
> +
> +#ifndef _KUNIT_BUG_H
> +#define _KUNIT_BUG_H
> +
> +#ifndef __ASSEMBLY__
> +
> +#include <linux/kconfig.h>
> +
> +#ifdef CONFIG_KUNIT_SUPPRESS_BACKTRACE
> +
> +#include <linux/stringify.h>
> +#include <linux/types.h>
> +
> +struct __suppressed_warning {
> +       struct list_head node;
> +       const char *function;
> +};
> +
> +void __start_suppress_warning(struct __suppressed_warning *warning);
> +void __end_suppress_warning(struct __suppressed_warning *warning);
> +bool __is_suppressed_warning(const char *function);

Do we want to call these '__kunit_start_suppress_warning', etc., to
match other similar functions exported by KUnit to be used in macros,
et al.

> +
> +#define DEFINE_SUPPRESSED_WARNING(func)        \
> +       struct __suppressed_warning __kunit_suppress_##func = \

We use the __kunit_ prefix here...

> +               { .function = __stringify(func) }
> +
> +#define START_SUPPRESSED_WARNING(func) \
> +       __start_suppress_warning(&__kunit_suppress_##func)
> +
> +#define END_SUPPRESSED_WARNING(func) \
> +       __end_suppress_warning(&__kunit_suppress_##func)
> +
> +#define IS_SUPPRESSED_WARNING(func) \
> +       __is_suppressed_warning(func)
> +

Similarly, do we want to give these KUNIT_ prefixes to match other KUnit macros.

One possibility would be to have both KUNIT_- and non-KUNIT_-
variants, the latter of which accepts a struct kunit*, and registers
the suppression with the test for automated cleanup.


> +#else /* CONFIG_KUNIT_SUPPRESS_BACKTRACE */
> +
> +#define DEFINE_SUPPRESSED_WARNING(func)
> +#define START_SUPPRESSED_WARNING(func)
> +#define END_SUPPRESSED_WARNING(func)
> +#define IS_SUPPRESSED_WARNING(func) (false)
> +
> +#endif /* CONFIG_KUNIT_SUPPRESS_BACKTRACE */
> +#endif /* __ASSEMBLY__ */
> +#endif /* _KUNIT_BUG_H */
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index 61637ef32302..d0c44594d34c 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -10,6 +10,7 @@
>  #define _KUNIT_TEST_H
>
>  #include <kunit/assert.h>
> +#include <kunit/bug.h>
>  #include <kunit/try-catch.h>
>
>  #include <linux/args.h>
> diff --git a/include/linux/bug.h b/include/linux/bug.h
> index 348acf2558f3..c668762dc76a 100644
> --- a/include/linux/bug.h
> +++ b/include/linux/bug.h
> @@ -36,6 +36,9 @@ static inline int is_warning_bug(const struct bug_entry *bug)
>         return bug->flags & BUGFLAG_WARNING;
>  }
>
> +void bug_get_file_function_line(struct bug_entry *bug, const char **file,
> +                               const char **function, unsigned int *line);
> +
>  void bug_get_file_line(struct bug_entry *bug, const char **file,
>                        unsigned int *line);
>
> @@ -62,6 +65,16 @@ static inline enum bug_trap_type report_bug(unsigned long bug_addr,
>  }
>
>  struct bug_entry;
> +static inline void bug_get_file_function_line(struct bug_entry *bug,
> +                                             const char **file,
> +                                             const char **function,
> +                                             unsigned int *line)
> +{
> +       *file = NULL;
> +       *function = NULL;
> +       *line = 0;
> +}
> +
>  static inline void bug_get_file_line(struct bug_entry *bug, const char **file,
>                                      unsigned int *line)
>  {
> diff --git a/lib/bug.c b/lib/bug.c
> index e0ff21989990..aa8bb12b9809 100644
> --- a/lib/bug.c
> +++ b/lib/bug.c
> @@ -26,6 +26,14 @@
>         when CONFIG_DEBUG_BUGVERBOSE is not enabled, so you must generate
>         the values accordingly.
>
> +  2a.Optionally implement support for the "function" entry in struct
> +     bug_entry. This entry must point to the name of the function triggering
> +     the warning or bug trap (normally __func__). This is only needed if
> +     both CONFIG_DEBUG_BUGVERBOSE and CONFIG_KUNIT_SUPPRESS_BACKTRACE are
> +     enabled and if the architecture wants to implement support for suppressing
> +     warning backtraces. The architecture must define HAVE_BUG_FUNCTION if it
> +     adds pointers to function names to struct bug_entry.
> +
>    3. Implement the trap
>       - In the illegal instruction trap handler (typically), verify
>         that the fault was in kernel mode, and call report_bug()
> @@ -127,14 +135,21 @@ static inline struct bug_entry *module_find_bug(unsigned long bugaddr)
>  }
>  #endif
>
> -void bug_get_file_line(struct bug_entry *bug, const char **file,
> -                      unsigned int *line)
> +void bug_get_file_function_line(struct bug_entry *bug, const char **file,
> +                               const char **function, unsigned int *line)
>  {
> +       *function = NULL;
>  #ifdef CONFIG_DEBUG_BUGVERBOSE
>  #ifdef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
>         *file = (const char *)&bug->file_disp + bug->file_disp;
> +#ifdef HAVE_BUG_FUNCTION
> +       *function = (const char *)&bug->function_disp + bug->function_disp;
> +#endif
>  #else
>         *file = bug->file;
> +#ifdef HAVE_BUG_FUNCTION
> +       *function = bug->function;
> +#endif
>  #endif
>         *line = bug->line;
>  #else
> @@ -143,6 +158,13 @@ void bug_get_file_line(struct bug_entry *bug, const char **file,
>  #endif
>  }
>
> +void bug_get_file_line(struct bug_entry *bug, const char **file, unsigned int *line)
> +{
> +       const char *function;
> +
> +       bug_get_file_function_line(bug, file, &function, line);
> +}
> +
>  struct bug_entry *find_bug(unsigned long bugaddr)
>  {
>         struct bug_entry *bug;
> @@ -157,8 +179,9 @@ struct bug_entry *find_bug(unsigned long bugaddr)
>  static enum bug_trap_type __report_bug(unsigned long bugaddr, struct pt_regs *regs)
>  {
>         struct bug_entry *bug;
> -       const char *file;
> +       const char *file, *function;

As mentioned, I'd love to see the function plumbed through and
reported some day, both to make it easier to know what to suppress,
and also because it's possibly more reliable even outside the
suppression use-case. Could be a follow-up patch later, though.


>         unsigned line, warning, once, done;
> +       char __maybe_unused sym[KSYM_SYMBOL_LEN];
>
>         if (!is_valid_bugaddr(bugaddr))
>                 return BUG_TRAP_TYPE_NONE;
> @@ -169,12 +192,32 @@ static enum bug_trap_type __report_bug(unsigned long bugaddr, struct pt_regs *re
>
>         disable_trace_on_warning();
>
> -       bug_get_file_line(bug, &file, &line);
> +       bug_get_file_function_line(bug, &file, &function, &line);
> +#if defined(CONFIG_KUNIT_SUPPRESS_BACKTRACE) && defined(CONFIG_KALLSYMS)
> +       if (!function) {
> +               /*
> +                * This will be seen if report_bug is called on an architecture
> +                * with no architecture-specific support for suppressing warning
> +                * backtraces, if CONFIG_DEBUG_BUGVERBOSE is not enabled, or if
> +                * the calling code is from assembler which does not record a
> +                * function name. Extracting the function name from the bug
> +                * address is less than perfect since compiler optimization may
> +                * result in 'bugaddr' pointing to a function which does not
> +                * actually trigger the warning, but it is better than no
> +                * suppression at all.
> +                */
> +               sprint_symbol_no_offset(sym, bugaddr);
> +               function = sym;
> +       }
> +#endif /* defined(CONFIG_KUNIT_SUPPRESS_BACKTRACE) && defined(CONFIG_KALLSYMS) */
>
>         warning = (bug->flags & BUGFLAG_WARNING) != 0;
>         once = (bug->flags & BUGFLAG_ONCE) != 0;
>         done = (bug->flags & BUGFLAG_DONE) != 0;
>
> +       if (warning && IS_SUPPRESSED_WARNING(function))
> +               return BUG_TRAP_TYPE_WARN;
> +
>         if (warning && once) {
>                 if (done)
>                         return BUG_TRAP_TYPE_WARN;
> diff --git a/lib/kunit/Kconfig b/lib/kunit/Kconfig
> index 68a6daec0aef..b1b899265acc 100644
> --- a/lib/kunit/Kconfig
> +++ b/lib/kunit/Kconfig
> @@ -15,6 +15,15 @@ menuconfig KUNIT
>
>  if KUNIT
>
> +config KUNIT_SUPPRESS_BACKTRACE
> +       bool "KUnit - Enable backtrace suppression"
> +       default y
> +       help
> +         Enable backtrace suppression for KUnit. If enabled, backtraces
> +         generated intentionally by KUnit tests are suppressed. Disable
> +         to reduce kernel image size if image size is more important than
> +         suppression of backtraces generated by KUnit tests.
> +
>  config KUNIT_DEBUGFS
>         bool "KUnit - Enable /sys/kernel/debug/kunit debugfs representation" if !KUNIT_ALL_TESTS
>         default KUNIT_ALL_TESTS
> diff --git a/lib/kunit/Makefile b/lib/kunit/Makefile
> index 309659a32a78..545b57c3be48 100644
> --- a/lib/kunit/Makefile
> +++ b/lib/kunit/Makefile
> @@ -14,8 +14,10 @@ ifeq ($(CONFIG_KUNIT_DEBUGFS),y)
>  kunit-objs +=                          debugfs.o
>  endif
>
> -# KUnit 'hooks' are built-in even when KUnit is built as a module.
> -obj-y +=                               hooks.o
> +# KUnit 'hooks' and bug handling are built-in even when KUnit is built
> +# as a module.
> +obj-y +=                               hooks.o \
> +                                       bug.o
>
>  obj-$(CONFIG_KUNIT_TEST) +=            kunit-test.o
>
> diff --git a/lib/kunit/bug.c b/lib/kunit/bug.c
> new file mode 100644
> index 000000000000..f93544d7a9d1
> --- /dev/null
> +++ b/lib/kunit/bug.c
> @@ -0,0 +1,40 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * KUnit helpers for backtrace suppression
> + *
> + * Copyright (c) 2024 Guenter Roeck <linux@...ck-us.net>
> + */
> +
> +#include <kunit/bug.h>
> +#include <linux/export.h>
> +#include <linux/list.h>
> +#include <linux/string.h>
> +
> +static LIST_HEAD(suppressed_warnings);
> +
> +void __start_suppress_warning(struct __suppressed_warning *warning)
> +{
> +       list_add(&warning->node, &suppressed_warnings);
> +}
> +EXPORT_SYMBOL_GPL(__start_suppress_warning);
> +
> +void __end_suppress_warning(struct __suppressed_warning *warning)
> +{
> +       list_del(&warning->node);
> +}
> +EXPORT_SYMBOL_GPL(__end_suppress_warning);
> +
> +bool __is_suppressed_warning(const char *function)
> +{
> +       struct __suppressed_warning *warning;
> +
> +       if (!function)
> +               return false;
> +
> +       list_for_each_entry(warning, &suppressed_warnings, node) {
> +               if (!strcmp(function, warning->function))
> +                       return true;
> +       }
> +       return false;
> +}
> +EXPORT_SYMBOL_GPL(__is_suppressed_warning);
> --
> 2.39.2
>

Thanks,
-- David

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4014 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ