| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202601281437.F327FC61@keescook>
Date: Wed, 28 Jan 2026 14:39:14 -0800
From: Kees Cook <kees@...nel.org>
To: Feng Jiang <jiangfeng@...inos.cn>
Cc: pjw@...nel.org, palmer@...belt.com, aou@...s.berkeley.edu,
alex@...ti.fr, akpm@...ux-foundation.org, andy@...nel.org,
ebiggers@...nel.org, martin.petersen@...cle.com,
sohil.mehta@...el.com, charlie@...osinc.com,
conor.dooley@...rochip.com, samuel.holland@...ive.com,
linus.walleij@...aro.org, nathan@...nel.org,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org, Joel Stanley <joel@....id.au>
Subject: Re: [PATCH v5 1/8] lib/string_kunit: add correctness test for
strlen()
On Tue, Jan 27, 2026 at 09:25:51AM +0800, Feng Jiang wrote:
> Add a KUnit test for strlen() to verify correctness across
> different string lengths and memory alignments.
>
> Signed-off-by: Feng Jiang <jiangfeng@...inos.cn>
> Acked-by: Andy Shevchenko <andy@...nel.org>
> Tested-by: Joel Stanley <joel@....id.au>
> ---
> lib/tests/string_kunit.c | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/lib/tests/string_kunit.c b/lib/tests/string_kunit.c
> index f9a8e557ba77..bc5130c6e5e9 100644
> --- a/lib/tests/string_kunit.c
> +++ b/lib/tests/string_kunit.c
> @@ -17,6 +17,9 @@
> #define STRCMP_TEST_EXPECT_LOWER(test, fn, ...) KUNIT_EXPECT_LT(test, fn(__VA_ARGS__), 0)
> #define STRCMP_TEST_EXPECT_GREATER(test, fn, ...) KUNIT_EXPECT_GT(test, fn(__VA_ARGS__), 0)
>
> +#define STRING_TEST_MAX_LEN 128
> +#define STRING_TEST_MAX_OFFSET 16
> +
> static void string_test_memset16(struct kunit *test)
> {
> unsigned i, j, k;
> @@ -104,6 +107,28 @@ static void string_test_memset64(struct kunit *test)
> }
> }
>
> +static void string_test_strlen(struct kunit *test)
> +{
> + const size_t buf_size = STRING_TEST_MAX_LEN + STRING_TEST_MAX_OFFSET + 1;
> + size_t len, offset;
> + char *s;
> +
> + s = kunit_kzalloc(test, buf_size, GFP_KERNEL);
One aspect of "correctness" that we might want to include here is making
sure we don't have any implementations that over-read. To that end,
perhaps this test can put the string at the end of a vmalloc allocation
(so that the end of the string is right up against an unallocated memory
space).
> + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, s);
> +
> + memset(s, 'A', buf_size);
> + s[buf_size - 1] = '\0';
> +
> + for (offset = 0; offset < STRING_TEST_MAX_OFFSET; offset++) {
> + for (len = 0; len <= STRING_TEST_MAX_LEN; len++) {
> + s[offset + len] = '\0';
> + KUNIT_EXPECT_EQ_MSG(test, strlen(s + offset), len,
> + "offset:%zu len:%zu", offset, len);
> + s[offset + len] = 'A';
> + }
> + }
> +}
It would require building the string backwards here. Or maybe we just
need a separate test for the over-read concerns?
Thoughts?
-Kees
--
Kees Cook
Powered by blists - more mailing lists