lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABVgOSnBhzh=n0VeKY=TZVT_BU=Mx-rTO9kbDo7XuxALtDCVng@mail.gmail.com>
Date: Tue, 6 Aug 2024 10:05:35 +0800
From: David Gow <davidgow@...gle.com>
To: Nico Pache <npache@...hat.com>
Cc: Brendan Higgins <brendan.higgins@...ux.dev>, Rae Moar <rmoar@...gle.com>, 
	Shuah Khan <skhan@...uxfoundation.org>, Matti Vaittinen <mazziesaccount@...il.com>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Maxime Ripard <mripard@...nel.org>, 
	Kees Cook <kees@...nel.org>, kunit-dev@...glegroups.com, 
	linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kunit: Device wrappers should also manage driver name

On Tue, 6 Aug 2024 at 08:23, Nico Pache <npache@...hat.com> wrote:
>
> On Wed, Jul 31, 2024 at 1:02 AM David Gow <davidgow@...gle.com> wrote:
> >
> > kunit_driver_create() accepts a name for the driver, but does not copy
> > it, so if that name is either on the stack, or otherwise freed, we end
> > up with a use-after-free when the driver is cleaned up.
> >
> > Instead, strdup() the name, and manage it as another KUnit allocation.
> > As there was no existing kunit_kstrdup(), we add one. Further, add a
> > kunit_ variant of strdup_const() and kfree_const(), so we don't need to
> > allocate and manage the string in the majority of cases where it's a
> > constant.
> >
> > This fixes a KASAN splat with overflow.overflow_allocation_test, when
> > built as a module.
> >
> > Fixes: d03c720e03bd ("kunit: Add APIs for managing devices")
> > Reported-by: Nico Pache <npache@...hat.com>
>
> Hi David,
>
> This is failing in the Fedora-ark build process [1] which builds the
> KUNIT tests as modules.
>
> + /usr/bin/make <SNIP> modules
> ...
> ERROR: modpost: "__start_rodata" [lib/kunit/kunit.ko] undefined!
> ERROR: modpost: "__end_rodata" [lib/kunit/kunit.ko] undefined!
> make[2]: *** [scripts/Makefile.modpost:145: Module.symvers] Error 1
> make[1]: *** [/builddir/build/BUILD/kernel-6.11.0-build/kernel-6.11-rc2/linux-6.11.0-0.rc2.22.ov.fc41.x86_64/Makefile:1895:
> modpost] Error 2
> make: *** [Makefile:236: __sub-make] Error 2
> + exit 1
>
> This seems related to
>
> +#include <asm/sections.h>
>
> which defines __<start|end>_rodata.
>
> When I tried exporting these symbols I got:
>
> ERROR: modpost: vmlinux: '__start_rodata' exported twice. Previous
> export was in vmlinux
>
> So I'm not sure what the problem is here.
>
> [1] - https://kojipkgs.fedoraproject.org//work/tasks/9116/121539116/build.log
>
> Cheers
> -- Nico
>

Thanks -- I've tried disabling the use of is_kernel_rodata() if KUnit
is built as a module, and that seems to fix it here. I've also moved
the new kunit_kstrdup_const() and kunit_kfree_const() functions into
kunit.ko, so they're not inlined into other modules where they could
cause problems:
https://lore.kernel.org/linux-kselftest/20240806020136.3481593-1-davidgow@google.com/

-- David

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4014 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ