From: Kees Cook <kees@kernel.org>
To: David Gow <davidgow@google.com>
Cc: Brendan Higgins <brendan.higgins@linux.dev>,
Rae Moar <rmoar@google.com>,
Shuah Khan <skhan@linuxfoundation.org>,
Maxime Ripard <mripard@kernel.org>,
Nico Pache <npache@redhat.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] kunit: Fix kunit_kstrdup_const() with modules
Date: Mon, 5 Aug 2024 21:06:01 -0700 [thread overview]
Message-ID: <202408052100.74A2316C27@keescook> (raw)
In-Reply-To: <20240806020136.3481593-1-davidgow@google.com>
On Tue, Aug 06, 2024 at 10:01:34AM +0800, David Gow wrote:
> In commit 7d3c33b290b1 ("kunit: Device wrappers should also manage driver name"),
> the kunit_kstrdup_const() and kunit_kfree_const() were introduced as an
> optimisation of kunit_kstrdup(), which only copy/free strings from the
> kernel rodata.
>
> However, these are inline functions, and is_kernel_rodata() only works
> for built-in code. This causes problems in two cases:
> - If kunit is built as a module, __{start,end}_rodata is not defined.
> - If a kunit test using these functions is built as a module, it will
> suffer the same fate.
>
> Restrict the is_kernel_rodata() case to when KUnit is built as a module,
> which fixes the first case, at the cost of losing the optimisation.
>
> Also, make kunit_{kstrdup,kfree}_const non-inline, so that other modules
> using them will not accidentally depend on is_kernel_rodata(). If KUnit
> is built-in, they'll benefit from the optimisation, if KUnit is not,
> they won't, but the string will be properly duplicated.
I wonder if this series should be refreshed:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=devel/hardening/is_rodata
We gained is_kernel_rodata() and is_kernel_ro_after_init() since this
original proposal, which is what the proposed core_kernel_rodata()
checks.
It adds a is_module_rodata...() check, so with the is_kernel_*() checks,
it's possible to do a check across the entire kernel and all modules.
-Kees
>
> (And fix a couple of typos in the doc comment, too.)
>
> Reported-by: Nico Pache <npache@redhat.com>
> Closes: https://lore.kernel.org/all/CAA1CXcDKht4vOL-acxrARbm6JhGna8_k8wjYJ-vHONink8aZ=w@mail.gmail.com/
> Fixes: 7d3c33b290b1 ("kunit: Device wrappers should also manage driver name")
> Signed-off-by: David Gow <davidgow@google.com>
> ---
> include/kunit/test.h | 16 +++-------------
> lib/kunit/test.c | 19 +++++++++++++++++++
> 2 files changed, 22 insertions(+), 13 deletions(-)
>
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index da9e84de14c0..5ac237c949a0 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -489,11 +489,7 @@ static inline void *kunit_kcalloc(struct kunit *test, size_t n, size_t size, gfp
> * Calls kunit_kfree() only if @x is not in .rodata section.
> * See kunit_kstrdup_const() for more information.
> */
> -static inline void kunit_kfree_const(struct kunit *test, const void *x)
> -{
> - if (!is_kernel_rodata((unsigned long)x))
> - kunit_kfree(test, x);
> -}
> +void kunit_kfree_const(struct kunit *test, const void *x);
>
> /**
> * kunit_kstrdup() - Duplicates a string into a test managed allocation.
> @@ -527,16 +523,10 @@ static inline char *kunit_kstrdup(struct kunit *test, const char *str, gfp_t gfp
> * @gfp: flags passed to underlying kmalloc().
> *
> * Calls kunit_kstrdup() only if @str is not in the rodata section. Must be freed with
> - * kunit_free_const() -- not kunit_free().
> + * kunit_kfree_const() -- not kunit_kfree().
> * See kstrdup_const() and kunit_kmalloc_array() for more information.
> */
> -static inline const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
> -{
> - if (is_kernel_rodata((unsigned long)str))
> - return str;
> -
> - return kunit_kstrdup(test, str, gfp);
> -}
> +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp);
>
> /**
> * kunit_vm_mmap() - Allocate KUnit-tracked vm_mmap() area
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index e8b1b52a19ab..089c832e3cdb 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -874,6 +874,25 @@ void kunit_kfree(struct kunit *test, const void *ptr)
> }
> EXPORT_SYMBOL_GPL(kunit_kfree);
>
> +void kunit_kfree_const(struct kunit *test, const void *x)
> +{
> +#if !IS_MODULE(CONFIG_KUNIT)
> + if (!is_kernel_rodata((unsigned long)x))
> +#endif
> + kunit_kfree(test, x);
> +}
> +EXPORT_SYMBOL_GPL(kunit_kfree_const);
> +
> +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
> +{
> +#if !IS_MODULE(CONFIG_KUNIT)
> + if (is_kernel_rodata((unsigned long)str))
> + return str;
> +#endif
> + return kunit_kstrdup(test, str, gfp);
> +}
> +EXPORT_SYMBOL_GPL(kunit_kstrdup_const);
> +
> void kunit_cleanup(struct kunit *test)
> {
> struct kunit_resource *res;
> --
> 2.46.0.rc2.264.g509ed76dc8-goog
>
--
Kees Cook
prev parent reply other threads:[~2024-08-06 4:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-06 2:01 [PATCH] kunit: Fix kunit_kstrdup_const() with modules David Gow
2024-08-06 4:06 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202408052100.74A2316C27@keescook \
--to=kees@kernel.org \
--cc=brendan.higgins@linux.dev \
--cc=davidgow@google.com \
--cc=kunit-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mripard@kernel.org \
--cc=npache@redhat.com \
--cc=rmoar@google.com \
--cc=sfr@canb.auug.org.au \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox