* [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS
@ 2025-04-14 14:35 Geert Uytterhoeven
2025-04-15 20:51 ` Kees Cook
2025-04-22 12:10 ` Mark Brown
0 siblings, 2 replies; 5+ messages in thread
From: Geert Uytterhoeven @ 2025-04-14 14:35 UTC (permalink / raw)
To: Tamir Duberstein, Andrew Morton, Kees Cook, Brendan Higgins,
David Gow, Rae Moar
Cc: linux-kselftest, kunit-dev, linux-kernel, Geert Uytterhoeven
Enabling a (modular) test should not silently enable additional kernel
functionality, as that may increase the attack vector of a product.
Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS
instead of selecting it.
After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build
modules for all appropriate tests for ones system, without pulling in
extra unwanted functionality, while still allowing a tester to manually
enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS
is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in
tools/testing/selftests/lib/config for the latter use case.
Fixes: 313b38a6ecb46db4 ("lib/prime_numbers: convert self-test to KUnit")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Tamir Duberstein <tamird@gmail.com>
---
v2:
- Add Acked-by,
- Resurrect CONFIG_PRIME_NUMBERS=m in
tools/testing/selftests/lib/config.
---
lib/Kconfig.debug | 2 +-
tools/testing/selftests/lib/config | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 4060a89866626c0a..51722f5d041970aa 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -3326,7 +3326,7 @@ config GCD_KUNIT_TEST
config PRIME_NUMBERS_KUNIT_TEST
tristate "Prime number generator test" if !KUNIT_ALL_TESTS
depends on KUNIT
- select PRIME_NUMBERS
+ depends on PRIME_NUMBERS
default KUNIT_ALL_TESTS
help
This option enables the KUnit test suite for the {is,next}_prime_number
diff --git a/tools/testing/selftests/lib/config b/tools/testing/selftests/lib/config
index 81a1f64a22e860a6..377b3699ff312933 100644
--- a/tools/testing/selftests/lib/config
+++ b/tools/testing/selftests/lib/config
@@ -1,2 +1,3 @@
CONFIG_TEST_BITMAP=m
+CONFIG_PRIME_NUMBERS=m
CONFIG_TEST_BITOPS=m
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS
2025-04-14 14:35 [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS Geert Uytterhoeven
@ 2025-04-15 20:51 ` Kees Cook
2025-04-22 12:10 ` Mark Brown
1 sibling, 0 replies; 5+ messages in thread
From: Kees Cook @ 2025-04-15 20:51 UTC (permalink / raw)
To: Tamir Duberstein, Andrew Morton, Brendan Higgins, David Gow,
Rae Moar, Geert Uytterhoeven
Cc: Kees Cook, linux-kselftest, kunit-dev, linux-kernel
On Mon, 14 Apr 2025 16:35:00 +0200, Geert Uytterhoeven wrote:
> Enabling a (modular) test should not silently enable additional kernel
> functionality, as that may increase the attack vector of a product.
>
> Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS
> instead of selecting it.
>
> After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build
> modules for all appropriate tests for ones system, without pulling in
> extra unwanted functionality, while still allowing a tester to manually
> enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS
> is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in
> tools/testing/selftests/lib/config for the latter use case.
>
> [...]
Applied to for-linus/hardening, thanks!
[1/1] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS
https://git.kernel.org/kees/c/3f2925174f8b
Take care,
--
Kees Cook
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS
2025-04-14 14:35 [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS Geert Uytterhoeven
2025-04-15 20:51 ` Kees Cook
@ 2025-04-22 12:10 ` Mark Brown
2025-04-22 15:03 ` Kees Cook
1 sibling, 1 reply; 5+ messages in thread
From: Mark Brown @ 2025-04-22 12:10 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: Tamir Duberstein, Andrew Morton, Kees Cook, Brendan Higgins,
David Gow, Rae Moar, linux-kselftest, kunit-dev, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 1087 bytes --]
On Mon, Apr 14, 2025 at 04:35:00PM +0200, Geert Uytterhoeven wrote:
> Enabling a (modular) test should not silently enable additional kernel
> functionality, as that may increase the attack vector of a product.
>
> Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS
> instead of selecting it.
>
> After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build
> modules for all appropriate tests for ones system, without pulling in
> extra unwanted functionality, while still allowing a tester to manually
> enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS
> is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in
> tools/testing/selftests/lib/config for the latter use case.
This commit, which is now in mainline, causes the prime numbers test to
vanish from my CI which is a regression - the selftests config fragment
is obviously not picked up by the kunit runner when it builds the
kernel. You should add any KUnit tests to one of the configs in
tools/testing/kunit/configs/ - generally all_tests.config.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS
2025-04-22 12:10 ` Mark Brown
@ 2025-04-22 15:03 ` Kees Cook
2025-04-22 15:17 ` Mark Brown
0 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2025-04-22 15:03 UTC (permalink / raw)
To: Mark Brown
Cc: Geert Uytterhoeven, Tamir Duberstein, Andrew Morton,
Brendan Higgins, David Gow, Rae Moar, linux-kselftest, kunit-dev,
linux-kernel
On Tue, Apr 22, 2025 at 01:10:47PM +0100, Mark Brown wrote:
> On Mon, Apr 14, 2025 at 04:35:00PM +0200, Geert Uytterhoeven wrote:
> > Enabling a (modular) test should not silently enable additional kernel
> > functionality, as that may increase the attack vector of a product.
> >
> > Fix this by making PRIME_NUMBERS_KUNIT_TEST depend on PRIME_NUMBERS
> > instead of selecting it.
> >
> > After this, one can safely enable CONFIG_KUNIT_ALL_TESTS=m to build
> > modules for all appropriate tests for ones system, without pulling in
> > extra unwanted functionality, while still allowing a tester to manually
> > enable PRIME_NUMBERS and this test suite on a system where PRIME_NUMBERS
> > is not enabled by default. Resurrect CONFIG_PRIME_NUMBERS=m in
> > tools/testing/selftests/lib/config for the latter use case.
>
> This commit, which is now in mainline, causes the prime numbers test to
> vanish from my CI which is a regression - the selftests config fragment
> is obviously not picked up by the kunit runner when it builds the
> kernel. You should add any KUnit tests to one of the configs in
> tools/testing/kunit/configs/ - generally all_tests.config.
Ah! Thanks -- I forgot about these (apparently my memory horizon is at
most 2 years, considering commit 4d9060981f88 ("kunit: tool: Enable
CONFIG_FORTIFY_SOURCE under UML").
Does this look like you're expecting?
diff --git a/tools/testing/kunit/configs/all_tests.config b/tools/testing/kunit/configs/all_tests.config
index cdd9782f9646..554da9df02f2 100644
--- a/tools/testing/kunit/configs/all_tests.config
+++ b/tools/testing/kunit/configs/all_tests.config
@@ -51,3 +51,5 @@ CONFIG_SOUND=y
CONFIG_SND=y
CONFIG_SND_SOC=y
CONFIG_SND_SOC_TOPOLOGY_BUILD=y
+
+CONFIG_PRIME_NUMBERS=y
--
Kees Cook
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS
2025-04-22 15:03 ` Kees Cook
@ 2025-04-22 15:17 ` Mark Brown
0 siblings, 0 replies; 5+ messages in thread
From: Mark Brown @ 2025-04-22 15:17 UTC (permalink / raw)
To: Kees Cook
Cc: Geert Uytterhoeven, Tamir Duberstein, Andrew Morton,
Brendan Higgins, David Gow, Rae Moar, linux-kselftest, kunit-dev,
linux-kernel
[-- Attachment #1: Type: text/plain, Size: 765 bytes --]
On Tue, Apr 22, 2025 at 08:03:09AM -0700, Kees Cook wrote:
> On Tue, Apr 22, 2025 at 01:10:47PM +0100, Mark Brown wrote:
> > This commit, which is now in mainline, causes the prime numbers test to
> > vanish from my CI which is a regression - the selftests config fragment
> > is obviously not picked up by the kunit runner when it builds the
> > kernel. You should add any KUnit tests to one of the configs in
> > tools/testing/kunit/configs/ - generally all_tests.config.
> Ah! Thanks -- I forgot about these (apparently my memory horizon is at
> most 2 years, considering commit 4d9060981f88 ("kunit: tool: Enable
> CONFIG_FORTIFY_SOURCE under UML").
> Does this look like you're expecting?
Yes, in fact I actually have roughly that patch in my CI already.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-04-22 15:17 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-14 14:35 [PATCH v2] lib: PRIME_NUMBERS_KUNIT_TEST should not select PRIME_NUMBERS Geert Uytterhoeven
2025-04-15 20:51 ` Kees Cook
2025-04-22 12:10 ` Mark Brown
2025-04-22 15:03 ` Kees Cook
2025-04-22 15:17 ` Mark Brown
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.