212205 – KASAN: port all tests to KUnit

Bug 212205 - KASAN: port all tests to KUnit

Summary: KASAN: port all tests to KUnit

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	Memory Management
Classification:	Unclassified
Component:	Sanitizers (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	MM/Sanitizers virtual assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-03-09 16:37 UTC by Andrey Konovalov
Modified:	2024-11-23 20:39 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	upstream
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Andrey Konovalov 2021-03-09 16:37:40 UTC

There are three tests remaining in lib/kasan_test_module.c:

1. kasan_rcu_uaf() and 2. kasan_workqueue_uaf() that trigger KASAN bug reports in a different task than where the test is run. Porting those should be easy once tests start using tracepoints instead of a per-task flag to check for bug reports:

https://bugzilla.kernel.org/show_bug.cgi?id=212203

3. copy_user_test(). The issue with this one is that it requires a user context to work. It's unclear what's the best/easiest approach to port this one to KUnit.

Comment 1 Andrey Konovalov 2021-03-09 16:39:45 UTC

Some options for #3:

- Spawning a user task from the kernel.
- Creating fake mm structs.
- Using kernel memory as arguments to copy_to/from_user. (It might make sense to add tests for this in either case.)

Comment 2 Andrey Konovalov 2021-03-09 16:42:00 UTC

Note: currently, lib/kasan_test_module.c doesn't work with HW_TAGS KASAN. When the tests are ported to KUnit, they should be explicitly checked with that KASAN mode.

Comment 3 Andrey Konovalov 2022-09-25 20:20:19 UTC

Posted patches porting #1 and #2 to KUnit [1].

For #3, another potential approach is to hijack a userspace process via tracepoints, and execute the test there. However, this can only be done when userspace processes are launched (=> when KUnit tests are loaded as a module) and also requires the faultable tracepoints patchset [2].

[1] https://lore.kernel.org/linux-mm/653d43e9a6d9aad2ae148a941dab048cb8e765a8.1664044241.git.andreyknvl@google.com/T/
[2] https://lore.kernel.org/bpf/20210218222125.46565-5-mjeanson@efficios.com/T/

Comment 4 Andrey Konovalov 2022-12-24 01:42:29 UTC

Non-copy_to/from_user tests have been ported to KUnit in [1] and [2].

For copy_to/from_user tests, we could keep them in a module, but nevertheless integrate with KUnit. This won't allow easily running them during boot, but other approaches seem overly complicated to implement.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2c5bd4c69ce28500ed2176d11002a4e9b30da36
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8516e837cab0b2c740b90603b66039aa7dcecda4

Comment 5 Andrey Konovalov 2024-09-21 20:50:51 UTC

KUnit now supports creating mock userspace memory mappings via kunit_vm_mmap, so we should be able to port all tests to KUnit. See lib/usercopy_kunit.c as a reference.

Comment 6 Sabyrzhan Tasbolatov 2024-10-11 07:17:21 UTC

Hello,

I've made a patch for #3.
https://lore.kernel.org/linux-mm/20241011071657.3032690-1-snovitoll@gmail.com/T/#u

Comment 7 Andrey Konovalov 2024-11-23 20:39:44 UTC

Resolved by Sabyrzhan in [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca79a00bb9a899674a63018c6cd155a3730c3509

Note You need to log in before you can comment on or make changes to this bug.