lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202408052100.74A2316C27@keescook>
Date: Mon, 5 Aug 2024 21:06:01 -0700
From: Kees Cook <kees@...nel.org>
To: David Gow <davidgow@...gle.com>
Cc: Brendan Higgins <brendan.higgins@...ux.dev>,
	Rae Moar <rmoar@...gle.com>, Shuah Khan <skhan@...uxfoundation.org>,
	Maxime Ripard <mripard@...nel.org>, Nico Pache <npache@...hat.com>,
	Stephen Rothwell <sfr@...b.auug.org.au>, kunit-dev@...glegroups.com,
	linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kunit: Fix kunit_kstrdup_const() with modules

On Tue, Aug 06, 2024 at 10:01:34AM +0800, David Gow wrote:
> In commit 7d3c33b290b1 ("kunit: Device wrappers should also manage driver name"),
> the kunit_kstrdup_const() and kunit_kfree_const() were introduced as an
> optimisation of kunit_kstrdup(), which only copy/free strings from the
> kernel rodata.
> 
> However, these are inline functions, and is_kernel_rodata() only works
> for built-in code. This causes problems in two cases:
> - If kunit is built as a module, __{start,end}_rodata is not defined.
> - If a kunit test using these functions is built as a module, it will
>   suffer the same fate.
> 
> Restrict the is_kernel_rodata() case to when KUnit is built as a module,
> which fixes the first case, at the cost of losing the optimisation.
> 
> Also, make kunit_{kstrdup,kfree}_const non-inline, so that other modules
> using them will not accidentally depend on is_kernel_rodata(). If KUnit
> is built-in, they'll benefit from the optimisation, if KUnit is not,
> they won't, but the string will be properly duplicated.

I wonder if this series should be refreshed:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=devel/hardening/is_rodata

We gained is_kernel_rodata() and is_kernel_ro_after_init() since this
original proposal, which is what the proposed core_kernel_rodata()
checks.

It adds a is_module_rodata...() check, so with the is_kernel_*() checks,
it's possible to do a check across the entire kernel and all modules.

-Kees

> 
> (And fix a couple of typos in the doc comment, too.)
> 
> Reported-by: Nico Pache <npache@...hat.com>
> Closes: https://lore.kernel.org/all/CAA1CXcDKht4vOL-acxrARbm6JhGna8_k8wjYJ-vHONink8aZ=w@mail.gmail.com/
> Fixes: 7d3c33b290b1 ("kunit: Device wrappers should also manage driver name")
> Signed-off-by: David Gow <davidgow@...gle.com>
> ---
>  include/kunit/test.h | 16 +++-------------
>  lib/kunit/test.c     | 19 +++++++++++++++++++
>  2 files changed, 22 insertions(+), 13 deletions(-)
> 
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index da9e84de14c0..5ac237c949a0 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -489,11 +489,7 @@ static inline void *kunit_kcalloc(struct kunit *test, size_t n, size_t size, gfp
>   * Calls kunit_kfree() only if @x is not in .rodata section.
>   * See kunit_kstrdup_const() for more information.
>   */
> -static inline void kunit_kfree_const(struct kunit *test, const void *x)
> -{
> -	if (!is_kernel_rodata((unsigned long)x))
> -		kunit_kfree(test, x);
> -}
> +void kunit_kfree_const(struct kunit *test, const void *x);
>  
>  /**
>   * kunit_kstrdup() - Duplicates a string into a test managed allocation.
> @@ -527,16 +523,10 @@ static inline char *kunit_kstrdup(struct kunit *test, const char *str, gfp_t gfp
>   * @gfp: flags passed to underlying kmalloc().
>   *
>   * Calls kunit_kstrdup() only if @str is not in the rodata section. Must be freed with
> - * kunit_free_const() -- not kunit_free().
> + * kunit_kfree_const() -- not kunit_kfree().
>   * See kstrdup_const() and kunit_kmalloc_array() for more information.
>   */
> -static inline const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
> -{
> -	if (is_kernel_rodata((unsigned long)str))
> -		return str;
> -
> -	return kunit_kstrdup(test, str, gfp);
> -}
> +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp);
>  
>  /**
>   * kunit_vm_mmap() - Allocate KUnit-tracked vm_mmap() area
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index e8b1b52a19ab..089c832e3cdb 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -874,6 +874,25 @@ void kunit_kfree(struct kunit *test, const void *ptr)
>  }
>  EXPORT_SYMBOL_GPL(kunit_kfree);
>  
> +void kunit_kfree_const(struct kunit *test, const void *x)
> +{
> +#if !IS_MODULE(CONFIG_KUNIT)
> +	if (!is_kernel_rodata((unsigned long)x))
> +#endif
> +		kunit_kfree(test, x);
> +}
> +EXPORT_SYMBOL_GPL(kunit_kfree_const);
> +
> +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
> +{
> +#if !IS_MODULE(CONFIG_KUNIT)
> +	if (is_kernel_rodata((unsigned long)str))
> +		return str;
> +#endif
> +	return kunit_kstrdup(test, str, gfp);
> +}
> +EXPORT_SYMBOL_GPL(kunit_kstrdup_const);
> +
>  void kunit_cleanup(struct kunit *test)
>  {
>  	struct kunit_resource *res;
> -- 
> 2.46.0.rc2.264.g509ed76dc8-goog
> 

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ