Re: [RFC PATCH 2/2] KUnit: KASAN Integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 27, 2020 at 6:39 AM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>
> On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> <kasan-dev@xxxxxxxxxxxxxxxx> wrote:
> >
> > Integrate KASAN into KUnit testing framework.
> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@xxxxxxxxxx>
> > ---
> > If anyone has any suggestions on how best to print the failure
> > messages, please share!
> >
> > One issue I have found while testing this is the allocation fails in
> > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > does cause the test to fail on the KUnit side, as expected, but it
> > seems to skip all the tests before this one because the output starts
> > with this failure instead of with the first test, kmalloc_oob_right().
> >
> >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> >  include/linux/sched.h               |  7 ++++++-
> >  lib/kunit/test.c                    |  7 ++++++-
> >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> >  tools/testing/kunit/kunit_kernel.py |  2 +-
> >  5 files changed, 56 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > index 2dfb550c6723..2e388f8937f3 100644
> > --- a/include/kunit/test.h
> > +++ b/include/kunit/test.h
> > @@ -21,6 +21,8 @@ struct kunit_resource;
> >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> >
> > +void kunit_set_failure(struct kunit *test);
> > +
> >  /**
> >   * struct kunit_resource - represents a *test managed resource*
> >   * @allocation: for the user to store arbitrary data.
> > @@ -191,6 +193,9 @@ struct kunit {
> >          * protect it with some type of lock.
> >          */
> >         struct list_head resources; /* Protected by lock. */
> > +
> > +       bool kasan_report_expected;
> > +       bool kasan_report_found;
> >  };
> >
> >  void kunit_init_test(struct kunit *test, const char *name);
> > @@ -941,6 +946,25 @@ do {                                                                              \
> >                                                 ptr,                           \
> >                                                 NULL)
> >
> > +/**
> > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > + * not cause a KASAN error.
>
> Oh, I see, this is not a test, but rather an ASSERT-like macro.
> Then maybe we should use it for actual expressions that are supposed
> to trigger KASAN errors?
>
> E.g. KUNIT_EXPECT_KASAN_FAIL(test, *(volatile int*)p);
>

This is one possible approach. I wasn't sure what would be the most
useful. Would it be most useful to assert an error is reported on a
function or assert an error is reported at a specific address?

>
> > + *
> > + */
> > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {  \
>
> s/condition/expression/
>
> > +       test->kasan_report_expected = true;     \
>
> Check that kasan_report_expected is unset. If these are nested things
> will break in confusing ways.
> Or otherwise we need to restore the previous value at the end.
>
Good point! I think I was just unsure of where I should set this value
and what the default should be.

> > +       test->kasan_report_found = false; \
> > +       condition; \
> > +       if (test->kasan_report_found == test->kasan_report_expected) { \
>
> We know that kasan_report_expected is true here, so we could just said:
>
> if (!test->kasan_report_found)
>
Good point! This is much more readable

> > +               pr_info("%d has passed", __LINE__); \
> > +       } else { \
> > +               kunit_set_failure(test); \
> > +               pr_info("%d has failed", __LINE__); \
>
> This needs a more readable error.
>
Yes, this was just a stand-in. I was wondering if you might have a
suggestion for the best way to print this failure message? Alan
suggested reusing the KUNIT_EXPECT_EQ() macro so the error message
would look something like:
"Expected kasan_report_expected == kasan_report_found, but
kasan_report_expected == true
kasan_report_found == false"

What do you think of this?

> > +       } \
> > +       test->kasan_report_expected = false;    \
> > +       test->kasan_report_found = false;       \
> > +} while (0)
> > +
> >  /**
> >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> >   * @test: The test context object.
> > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > index 04278493bf15..db23d56061e7 100644
> > --- a/include/linux/sched.h
> > +++ b/include/linux/sched.h
> > @@ -32,6 +32,8 @@
> >  #include <linux/posix-timers.h>
> >  #include <linux/rseq.h>
> >
> > +#include <kunit/test.h>
> > +
> >  /* task_struct member predeclarations (sorted alphabetically): */
> >  struct audit_context;
> >  struct backing_dev_info;
> > @@ -1178,7 +1180,10 @@ struct task_struct {
> >
> >  #ifdef CONFIG_KASAN
> >         unsigned int                    kasan_depth;
> > -#endif
> > +#ifdef CONFIG_KUNIT
> > +       struct kunit *kasan_kunit_test;
>
> I would assume we will use this for other things as well (failing
> tests on LOCKDEP errors, WARNINGs, etc).
> So I would call this just kunit_test and make non-dependent on KASAN right away.
>
Yeah, I think I just wanted to make it clear that this is only used
for KASAN, but I believe that was before we talked about extending
this.

> > +       if (current->kasan_kunit_test) {
>
> Strictly saying, this also needs to check in_task().
>

I was not aware of in_task()... can you explain its importance to me?

> > +               if (current->kasan_kunit_test->kasan_report_expected) {
> > +                       current->kasan_kunit_test->kasan_report_found = true;
> > +                       return;
> > +               }
> > +               kunit_set_failure(current->kasan_kunit_test);
> > +       }
>
> This chunk is duplicated 2 times. I think it will be more reasonable
> for KASAN code to just notify KUNIT that the error has happened, and
> then KUNIT will figure out what it means and what to do.
>
>
Yeah, I think moving this to the KUnit files is best too. I would like
to keep kunit_set_failure a static function as well.


-- 
Thank you for the comments!

Patricia Alfonso



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux