| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1792d41f-fa5b-4507-98d4-cb8f671cde96@kylinos.cn>
Date: Thu, 29 Jan 2026 10:19:10 +0800
From: Feng Jiang <jiangfeng@...inos.cn>
To: Kees Cook <kees@...nel.org>
Cc: pjw@...nel.org, palmer@...belt.com, aou@...s.berkeley.edu, alex@...ti.fr,
akpm@...ux-foundation.org, andy@...nel.org, ebiggers@...nel.org,
martin.petersen@...cle.com, sohil.mehta@...el.com, charlie@...osinc.com,
conor.dooley@...rochip.com, samuel.holland@...ive.com,
linus.walleij@...aro.org, nathan@...nel.org,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org, Joel Stanley <joel@....id.au>
Subject: Re: [PATCH v5 1/8] lib/string_kunit: add correctness test for
strlen()
On 2026/1/29 06:39, Kees Cook wrote:
> On Tue, Jan 27, 2026 at 09:25:51AM +0800, Feng Jiang wrote:
>> Add a KUnit test for strlen() to verify correctness across
>> different string lengths and memory alignments.
>>
>> Signed-off-by: Feng Jiang <jiangfeng@...inos.cn>
>> Acked-by: Andy Shevchenko <andy@...nel.org>
>> Tested-by: Joel Stanley <joel@....id.au>
>> ---
>> lib/tests/string_kunit.c | 26 ++++++++++++++++++++++++++
>> 1 file changed, 26 insertions(+)
>>
>> diff --git a/lib/tests/string_kunit.c b/lib/tests/string_kunit.c
>> index f9a8e557ba77..bc5130c6e5e9 100644
>> --- a/lib/tests/string_kunit.c
>> +++ b/lib/tests/string_kunit.c
>> @@ -17,6 +17,9 @@
>> #define STRCMP_TEST_EXPECT_LOWER(test, fn, ...) KUNIT_EXPECT_LT(test, fn(__VA_ARGS__), 0)
>> #define STRCMP_TEST_EXPECT_GREATER(test, fn, ...) KUNIT_EXPECT_GT(test, fn(__VA_ARGS__), 0)
>>
>> +#define STRING_TEST_MAX_LEN 128
>> +#define STRING_TEST_MAX_OFFSET 16
>> +
>> static void string_test_memset16(struct kunit *test)
>> {
>> unsigned i, j, k;
>> @@ -104,6 +107,28 @@ static void string_test_memset64(struct kunit *test)
>> }
>> }
>>
>> +static void string_test_strlen(struct kunit *test)
>> +{
>> + const size_t buf_size = STRING_TEST_MAX_LEN + STRING_TEST_MAX_OFFSET + 1;
>> + size_t len, offset;
>> + char *s;
>> +
>> + s = kunit_kzalloc(test, buf_size, GFP_KERNEL);
>
> One aspect of "correctness" that we might want to include here is making
> sure we don't have any implementations that over-read. To that end,
> perhaps this test can put the string at the end of a vmalloc allocation
> (so that the end of the string is right up against an unallocated memory
> space).
>
>> + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, s);
>> +
>> + memset(s, 'A', buf_size);
>> + s[buf_size - 1] = '\0';
>> +
>> + for (offset = 0; offset < STRING_TEST_MAX_OFFSET; offset++) {
>> + for (len = 0; len <= STRING_TEST_MAX_LEN; len++) {
>> + s[offset + len] = '\0';
>> + KUNIT_EXPECT_EQ_MSG(test, strlen(s + offset), len,
>> + "offset:%zu len:%zu", offset, len);
>> + s[offset + len] = 'A';
>> + }
>> + }
>> +}
>
> It would require building the string backwards here. Or maybe we just
> need a separate test for the over-read concerns?
>
> Thoughts?
Thanks for the suggestion! That is a very effective way to catch potential
over-reads in optimized implementations.
I will refactor the correctness tests in v6 to use a vmalloc-allocated page
and ensure the NUL character is positioned at the very end of the allocation
boundary.
I'll send out the v6 patch set shortly with these changes.
--
With Best Regards,
Feng Jiang
Powered by blists - more mailing lists