From: Kees Cook <kees@kernel.org>
To: Feng Jiang <jiangfeng@kylinos.cn>
Cc: pjw@kernel.org, palmer@dabbelt.com, aou@eecs.berkeley.edu,
alex@ghiti.fr, akpm@linux-foundation.org, andy@kernel.org,
ebiggers@kernel.org, martin.petersen@oracle.com,
sohil.mehta@intel.com, charlie@rivosinc.com,
conor.dooley@microchip.com, samuel.holland@sifive.com,
linus.walleij@linaro.org, nathan@kernel.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-hardening@vger.kernel.org, Joel Stanley <joel@jms.id.au>
Subject: Re: [PATCH v5 1/8] lib/string_kunit: add correctness test for strlen()
Date: Wed, 28 Jan 2026 14:39:14 -0800 [thread overview]
Message-ID: <202601281437.F327FC61@keescook> (raw)
In-Reply-To: <20260127012558.40025-2-jiangfeng@kylinos.cn>
On Tue, Jan 27, 2026 at 09:25:51AM +0800, Feng Jiang wrote:
> Add a KUnit test for strlen() to verify correctness across
> different string lengths and memory alignments.
>
> Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
> Acked-by: Andy Shevchenko <andy@kernel.org>
> Tested-by: Joel Stanley <joel@jms.id.au>
> ---
> lib/tests/string_kunit.c | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/lib/tests/string_kunit.c b/lib/tests/string_kunit.c
> index f9a8e557ba77..bc5130c6e5e9 100644
> --- a/lib/tests/string_kunit.c
> +++ b/lib/tests/string_kunit.c
> @@ -17,6 +17,9 @@
> #define STRCMP_TEST_EXPECT_LOWER(test, fn, ...) KUNIT_EXPECT_LT(test, fn(__VA_ARGS__), 0)
> #define STRCMP_TEST_EXPECT_GREATER(test, fn, ...) KUNIT_EXPECT_GT(test, fn(__VA_ARGS__), 0)
>
> +#define STRING_TEST_MAX_LEN 128
> +#define STRING_TEST_MAX_OFFSET 16
> +
> static void string_test_memset16(struct kunit *test)
> {
> unsigned i, j, k;
> @@ -104,6 +107,28 @@ static void string_test_memset64(struct kunit *test)
> }
> }
>
> +static void string_test_strlen(struct kunit *test)
> +{
> + const size_t buf_size = STRING_TEST_MAX_LEN + STRING_TEST_MAX_OFFSET + 1;
> + size_t len, offset;
> + char *s;
> +
> + s = kunit_kzalloc(test, buf_size, GFP_KERNEL);
One aspect of "correctness" that we might want to include here is making
sure we don't have any implementations that over-read. To that end,
perhaps this test can put the string at the end of a vmalloc allocation
(so that the end of the string is right up against an unallocated memory
space).
> + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, s);
> +
> + memset(s, 'A', buf_size);
> + s[buf_size - 1] = '\0';
> +
> + for (offset = 0; offset < STRING_TEST_MAX_OFFSET; offset++) {
> + for (len = 0; len <= STRING_TEST_MAX_LEN; len++) {
> + s[offset + len] = '\0';
> + KUNIT_EXPECT_EQ_MSG(test, strlen(s + offset), len,
> + "offset:%zu len:%zu", offset, len);
> + s[offset + len] = 'A';
> + }
> + }
> +}
It would require building the string backwards here. Or maybe we just
need a separate test for the over-read concerns?
Thoughts?
-Kees
--
Kees Cook
next prev parent reply other threads:[~2026-01-28 22:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-27 1:25 [PATCH v5 0/8] riscv: optimize string functions and add kunit tests Feng Jiang
2026-01-27 1:25 ` [PATCH v5 1/8] lib/string_kunit: add correctness test for strlen() Feng Jiang
2026-01-28 22:39 ` Kees Cook [this message]
2026-01-29 2:19 ` Feng Jiang
2026-01-27 1:25 ` [PATCH v5 2/8] lib/string_kunit: add correctness test for strnlen() Feng Jiang
2026-01-27 1:25 ` [PATCH v5 3/8] lib/string_kunit: add correctness test for strrchr() Feng Jiang
2026-01-27 1:25 ` [PATCH v5 4/8] lib/string_kunit: add performance benchmark for strlen() Feng Jiang
2026-01-27 8:57 ` Andy Shevchenko
2026-01-27 9:33 ` Feng Jiang
2026-01-27 9:50 ` Andy Shevchenko
2026-01-28 1:44 ` Feng Jiang
2026-01-28 8:59 ` Andy Shevchenko
2026-01-28 9:20 ` Feng Jiang
2026-01-27 1:25 ` [PATCH v5 5/8] lib/string_kunit: extend benchmarks to strnlen() and chr searches Feng Jiang
2026-01-27 1:25 ` [PATCH v5 6/8] riscv: lib: add strnlen() implementation Feng Jiang
2026-01-27 1:25 ` [PATCH v5 7/8] riscv: lib: add strchr() implementation Feng Jiang
2026-01-27 1:25 ` [PATCH v5 8/8] riscv: lib: add strrchr() implementation Feng Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202601281437.F327FC61@keescook \
--to=kees@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=andy@kernel.org \
--cc=aou@eecs.berkeley.edu \
--cc=charlie@rivosinc.com \
--cc=conor.dooley@microchip.com \
--cc=ebiggers@kernel.org \
--cc=jiangfeng@kylinos.cn \
--cc=joel@jms.id.au \
--cc=linus.walleij@linaro.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=martin.petersen@oracle.com \
--cc=nathan@kernel.org \
--cc=palmer@dabbelt.com \
--cc=pjw@kernel.org \
--cc=samuel.holland@sifive.com \
--cc=sohil.mehta@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox