Re: [PATCH v4 3/4] kunit: Taint the kernel when KUnit tests are run

From: "Maíra Canal" <mairacanal@riseup.net>
To: David Gow <davidgow@google.com>
Cc: "Guilherme G . Piccoli" <gpiccoli@igalia.com>,
	Kees Cook <keescook@chromium.org>,
	Sebastian Reichel <sre@kernel.org>,
	John Ogness <john.ogness@linutronix.de>,
	Joe Fradley <joefradley@google.com>,
	Daniel Latypov <dlatypov@google.com>,
	kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	Jonathan Corbet <corbet@lwn.net>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	Jani Nikula <jani.nikula@linux.intel.com>,
	Lucas De Marchi <lucas.demarchi@intel.com>,
	Aaron Tomlin <atomlin@redhat.com>,
	linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org,
	Michal Marek <michal.lkml@markovi.net>,
	Andrew Morton <akpm@linux-foundation.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	linux-kbuild@vger.kernel.org,
	Brendan Higgins <brendanhiggins@google.com>,
	Shuah Khan <skhan@linuxfoundation.org>,
	Greg KH <gregkh@linuxfoundation.org>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Masahiro Yamada <masahiroy@kernel.org>
Subject: Re: [PATCH v4 3/4] kunit: Taint the kernel when KUnit tests are run
Date: Fri, 1 Jul 2022 08:55:07 -0300	[thread overview]
Message-ID: <f361c4b7-12b8-0513-2025-4ed8025a67d1@riseup.net> (raw)
In-Reply-To: <20220701084744.3002019-3-davidgow@google.com>

On 7/1/22 05:47, 'David Gow' via KUnit Development wrote:
> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
> Due to KUnit tests not being intended to run on production systems, and
> potentially causing problems (or security issues like leaking kernel
> addresses), the kernel's state should not be considered safe for
> production use after KUnit tests are run.
> 
> This both marks KUnit modules as test modules using MODULE_INFO() and
> manually taints the kernel when tests are run (which catches builtin
> tests).
> 
> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
> Tested-by: Daniel Latypov <dlatypov@google.com>
> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
> Signed-off-by: David Gow <davidgow@google.com>
> ---

Tested with DRM KUnit tests on x86_64.

Tested-By: Maíra Canal <mairacanal@riseup.net>

Best Regards
- Maíra Canal

> 
> Changes since v3:
> https://lore.kernel.org/lkml/20220513083212.3537869-2-davidgow@google.com/
> - Use MODULE_INFO() for KUnit modules.
>   - This is technically redundant, as the KUnit executor will taint the
>     kernel when _any_ KUnit tests are run, but may be useful if some
>     other tool will parse the 'test' property.
> - Add {Acked,Tested,Reviewed}-by tags.
> 
> ---
>  include/kunit/test.h | 3 ++-
>  lib/kunit/test.c     | 4 ++++
>  2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index 8ffcd7de9607..ccae848720dc 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -277,7 +277,8 @@ static inline int kunit_run_all_tests(void)
>  	{								\
>  		return __kunit_test_suites_exit(__suites);		\
>  	}								\
> -	module_exit(kunit_test_suites_exit)
> +	module_exit(kunit_test_suites_exit)				\
> +	MODULE_INFO(test, "Y");
>  #else
>  #define kunit_test_suites_for_module(__suites)
>  #endif /* MODULE */
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index a5053a07409f..8b11552dc215 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -11,6 +11,7 @@
>  #include <kunit/test-bug.h>
>  #include <linux/kernel.h>
>  #include <linux/moduleparam.h>
> +#include <linux/panic.h>
>  #include <linux/sched/debug.h>
>  #include <linux/sched.h>
>  
> @@ -501,6 +502,9 @@ int kunit_run_tests(struct kunit_suite *suite)
>  	struct kunit_result_stats suite_stats = { 0 };
>  	struct kunit_result_stats total_stats = { 0 };
>  
> +	/* Taint the kernel so we know we've run tests. */
> +	add_taint(TAINT_TEST, LOCKDEP_STILL_OK);
> +
>  	if (suite->suite_init) {
>  		suite->suite_init_err = suite->suite_init(suite);
>  		if (suite->suite_init_err) {