On 6/17/24 13:00, Kees Cook wrote:
On Fri, Jun 14, 2024 at 09:50:05AM -0600, Shuah Khan wrote:
On 6/12/24 13:59, Kees Cook wrote:
Convert the runtime tests of hardened usercopy to standard KUnit tests.
Additionally disable usercopy_test_invalid() for systems with separate
address spaces (or no MMU) since it's not sensible to test for address
confusion there (e.g. m68k).
Co-developed-by: Vitor Massaru Iha <vitor@xxxxxxxxxxx>
Signed-off-by: Vitor Massaru Iha <vitor@xxxxxxxxxxx>
Link: https://lore.kernel.org/r/20200721174654.72132-1-vitor@xxxxxxxxxxx
Tested-by: Ivan Orlov <ivan.orlov0322@xxxxxxxxx>
Reviewed-by: David Gow <davidgow@xxxxxxxxxx>
Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
---
MAINTAINERS | 1 +
lib/Kconfig.debug | 21 +-
lib/Makefile | 2 +-
lib/{test_user_copy.c => usercopy_kunit.c} | 282 ++++++++++-----------
4 files changed, 151 insertions(+), 155 deletions(-)
rename lib/{test_user_copy.c => usercopy_kunit.c} (46%)
diff --git a/MAINTAINERS b/MAINTAINERS
index 8754ac2c259d..0cd171ec6010 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -11962,6 +11962,7 @@ F: arch/*/configs/hardening.config
F: include/linux/overflow.h
F: include/linux/randomize_kstack.h
F: kernel/configs/hardening.config
+F: lib/usercopy_kunit.c
F: mm/usercopy.c
K: \b(add|choose)_random_kstack_offset\b
K: \b__check_(object_size|heap_object)\b
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 59b6765d86b8..561e346f5cb0 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -2505,18 +2505,6 @@ config TEST_VMALLOC
If unsure, say N.
-config TEST_USER_COPY
- tristate "Test user/kernel boundary protections"
- depends on m
- help
- This builds the "test_user_copy" module that runs sanity checks
- on the copy_to/from_user infrastructure, making sure basic
- user/kernel boundary testing is working. If it fails to load,
- a regression has been detected in the user/kernel memory boundary
- protections.
-
- If unsure, say N.
-
config TEST_BPF
tristate "Test BPF filter functionality"
depends on m && NET
@@ -2814,6 +2802,15 @@ config SIPHASH_KUNIT_TEST
This is intended to help people writing architecture-specific
optimized versions. If unsure, say N.
+config USERCOPY_KUNIT_TEST
+ tristate "KUnit Test for user/kernel boundary protections"
+ depends on KUNIT
+ default KUNIT_ALL_TESTS
+ help
+ This builds the "usercopy_kunit" module that runs sanity checks
+ on the copy_to/from_user infrastructure, making sure basic
+ user/kernel boundary testing is working.
+
Please carry the following line forward as well to be complete assuming
it is relevant.
If unsure, say N.
I've explicitly removed that because it would be repetitive if it were
included for all KUnit tests.
Thanks for the explanation.
thanks,
-- Shuah
