[PATCH v6 1/4] panic: Taint kernel if tests are run

[PATCH v6 1/4] panic: Taint kernel if tests are run

[David Gow]

Most in-kernel tests (such as KUnit tests) are not supposed to run on
production systems: they may do deliberately illegal things to trigger
errors, and have security implications (for example, KUnit assertions
will often deliberately leak kernel addresses).

Add a new taint type, TAINT_TEST to signal that a test has been run.
This will be printed as 'N' (originally for kuNit, as every other
sensible letter was taken.)

This should discourage people from running these tests on production
systems, and to make it easier to tell if tests have been run
accidentally (by loading the wrong configuration, etc.)

Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: David Gow <davidgow@google.com>
---

This is v6 of the "make tests taint the kernel" patchset. The only
changes since v5 (which is the version in linux-next at time of writing)
are some rather critical fixes to patch 2/4, where the cruicial check
was inverted. (Oops!)

The 'N' character for the taint is even less useful now that it's no
longer short for kuNit, but all the letters in TEST are taken. :-(

No changes since v5:
https://lore.kernel.org/linux-kselftest/20220702040959.3232874-1-davidgow@google.com/

No changes since v4:
https://lore.kernel.org/linux-kselftest/20220701084744.3002019-1-davidgow@google.com/

Changes since v3:
https://lore.kernel.org/lkml/20220513083212.3537869-1-davidgow@google.com/
- Remove the mention of KUnit from the documentation.
- Add Luis and Brendan's Acked/Reviewed-by tags.

Changes since v2:
https://lore.kernel.org/linux-kselftest/20220430030019.803481-1-davidgow@google.com/
- Rename TAINT_KUNIT -> TAINT_TEST.
- Split into separate patches for adding the taint, and triggering it.
- Taint on a kselftest_module being loaded (patch 3/3)

Changes since v1:
https://lore.kernel.org/linux-kselftest/20220429043913.626647-1-davidgow@google.com/
- Make the taint per-module, to handle the case when tests are in
  (longer lasting) modules. (Thanks Greg KH).

Note that this still has checkpatch.pl warnings around bracket
placement, which are intentional as part of matching the surrounding
code.

---
 Documentation/admin-guide/tainted-kernels.rst | 1 +
 include/linux/panic.h                         | 3 ++-
 kernel/panic.c                                | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst
index ceeed7b0798d..7d80e8c307d1 100644
--- a/Documentation/admin-guide/tainted-kernels.rst
+++ b/Documentation/admin-guide/tainted-kernels.rst
@@ -100,6 +100,7 @@ Bit  Log  Number  Reason that got the kernel tainted
  15  _/K   32768  kernel has been live patched
  16  _/X   65536  auxiliary taint, defined for and used by distros
  17  _/T  131072  kernel was built with the struct randomization plugin
+ 18  _/N  262144  an in-kernel test has been run
 ===  ===  ======  ========================================================
 
 Note: The character ``_`` is representing a blank in this table to make reading
diff --git a/include/linux/panic.h b/include/linux/panic.h
index e71161da69c4..c7759b3f2045 100644
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@@ -68,7 +68,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
 #define TAINT_LIVEPATCH			15
 #define TAINT_AUX			16
 #define TAINT_RANDSTRUCT		17
-#define TAINT_FLAGS_COUNT		18
+#define TAINT_TEST			18
+#define TAINT_FLAGS_COUNT		19
 #define TAINT_FLAGS_MAX			((1UL << TAINT_FLAGS_COUNT) - 1)
 
 struct taint_flag {
diff --git a/kernel/panic.c b/kernel/panic.c
index a3c758dba15a..6b3369e21026 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
 	[ TAINT_LIVEPATCH ]		= { 'K', ' ', true },
 	[ TAINT_AUX ]			= { 'X', ' ', true },
 	[ TAINT_RANDSTRUCT ]		= { 'T', ' ', true },
+	[ TAINT_TEST ]			= { 'N', ' ', true },
 };
 
 /**
-- 
2.37.0.rc0.161.g10f37bed90-goog

[PATCH v6 2/4] module: panic: Taint the kernel when selftest modules load

[David Gow]

Taint the kernel with TAINT_TEST whenever a test module loads, by adding
a new "TEST" module property, and setting it for all modules in the
tools/testing directory. This property can also be set manually, for
tests which live outside the tools/testing directory with:
MODULE_INFO(test, "Y");

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: Aaron Tomlin <atomlin@redhat.com>
Acked-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: David Gow <davidgow@google.com>
---

Version 6 of this patch fixes the issue pointed out by Nathan here,
whereby the check for the module property was inverted:
https://lore.kernel.org/linux-kselftest/Ysd9FG1fOSnzKv8d@dev-arch.thelio-3990X/

Changes since v5:
https://lore.kernel.org/linux-kselftest/20220702040959.3232874-2-davidgow@google.com/
- Fix the test for the module property being inverted, making this patch
  do exactly the opposite of what it should. (Thanks Nathan Chancellor)
- Revert to using pr_warn(), as we already don't warn if the kernel is
  tainted, so won't spam the logs.
- Add Reviewed-, Acked-by tags.

Changes since v4:
https://lore.kernel.org/linux-kselftest/20220701084744.3002019-2-davidgow@google.com/
- Use pr_warn_once() to only log a warning the first time a module
taints the kernel with TAINT_TEST
  - Loading lots of test modules is a common usecase, and this would
otherwise spam the logs too much.
  - Thanks Luis.
- Remove a superfluous newline (Thanks Greg)
- Add Luis' Reviewed-by tag.

This patch was new in v4 of the series.

---
 kernel/module/main.c  | 7 +++++++
 scripts/mod/modpost.c | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/kernel/module/main.c b/kernel/module/main.c
index fed58d30725d..4723f1316709 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -1988,6 +1988,13 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
 	/* Set up license info based on the info section */
 	set_license(mod, get_modinfo(info, "license"));
 
+	if (get_modinfo(info, "test")) {
+		if (!test_taint(TAINT_TEST))
+			pr_warn("%s: loading test module taints kernel.\n",
+				mod->name);
+		add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK);
+	}
+
 	return 0;
 }
 
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 29d5a841e215..5937212b4433 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -2191,6 +2191,9 @@ static void add_header(struct buffer *b, struct module *mod)
 
 	if (strstarts(mod->name, "drivers/staging"))
 		buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n");
+
+	if (strstarts(mod->name, "tools/testing"))
+		buf_printf(b, "\nMODULE_INFO(test, \"Y\");\n");
 }
 
 static void add_exported_symbols(struct buffer *buf, struct module *mod)
-- 
2.37.0.rc0.161.g10f37bed90-goog

[PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[David Gow]

Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
Due to KUnit tests not being intended to run on production systems, and
potentially causing problems (or security issues like leaking kernel
addresses), the kernel's state should not be considered safe for
production use after KUnit tests are run.

This both marks KUnit modules as test modules using MODULE_INFO() and
manually taints the kernel when tests are run (which catches builtin
tests).

Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Tested-by: Daniel Latypov <dlatypov@google.com>
Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: David Gow <davidgow@google.com>
---

No changes since v5:
https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/

No changes since v4:
https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/

Changes since v3:
https://lore.kernel.org/lkml/20220513083212.3537869-2-davidgow@google.com/
- Use MODULE_INFO() for KUnit modules.
  - This is technically redundant, as the KUnit executor will taint the
    kernel when _any_ KUnit tests are run, but may be useful if some
    other tool will parse the 'test' property.
- Add {Acked,Tested,Reviewed}-by tags.

---
 include/kunit/test.h | 3 ++-
 lib/kunit/test.c     | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/kunit/test.h b/include/kunit/test.h
index 8ffcd7de9607..ccae848720dc 100644
--- a/include/kunit/test.h
+++ b/include/kunit/test.h
@@ -277,7 +277,8 @@ static inline int kunit_run_all_tests(void)
 	{								\
 		return __kunit_test_suites_exit(__suites);		\
 	}								\
-	module_exit(kunit_test_suites_exit)
+	module_exit(kunit_test_suites_exit)				\
+	MODULE_INFO(test, "Y");
 #else
 #define kunit_test_suites_for_module(__suites)
 #endif /* MODULE */
diff --git a/lib/kunit/test.c b/lib/kunit/test.c
index a5053a07409f..8b11552dc215 100644
--- a/lib/kunit/test.c
+++ b/lib/kunit/test.c
@@ -11,6 +11,7 @@
 #include <kunit/test-bug.h>
 #include <linux/kernel.h>
 #include <linux/moduleparam.h>
+#include <linux/panic.h>
 #include <linux/sched/debug.h>
 #include <linux/sched.h>
 
@@ -501,6 +502,9 @@ int kunit_run_tests(struct kunit_suite *suite)
 	struct kunit_result_stats suite_stats = { 0 };
 	struct kunit_result_stats total_stats = { 0 };
 
+	/* Taint the kernel so we know we've run tests. */
+	add_taint(TAINT_TEST, LOCKDEP_STILL_OK);
+
 	if (suite->suite_init) {
 		suite->suite_init_err = suite->suite_init(suite);
 		if (suite->suite_init_err) {
-- 
2.37.0.rc0.161.g10f37bed90-goog

[PATCH v6 4/4] selftest: Taint kernel when test module loaded

[David Gow]

Make any kselftest test module (using the kselftest_module framework)
taint the kernel with TAINT_TEST on module load.

Also mark the module as a test module using MODULE_INFO(test, "Y") so
that other tools can tell this is a test module. We can't rely solely
on this, though, as these test modules are also often built-in.

Finally, update the kselftest documentation to mention that the kernel
should be tainted, and how to do so manually (as below).

Note that several selftests use kernel modules which are not based on
the kselftest_module framework, and so will not automatically taint the
kernel.

This can be done in two ways:
- Moving the module to the tools/testing directory. All modules under
  this directory will taint the kernel.
- Adding the 'test' module property with:
  MODULE_INFO(test, "Y")

Similarly, selftests which do not load modules into the kernel generally
should not taint the kernel (or possibly should only do so on failure),
as it's assumed that testing from user-space should be safe. Regardless,
they can write to /proc/sys/kernel/tainted if required.

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Acked-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: David Gow <davidgow@google.com>
---

Changes since v5:
https://lore.kernel.org/linux-kselftest/20220702040959.3232874-4-davidgow@google.com/
- Add Brendan's Acked-by tag.

Changes since v4:
https://lore.kernel.org/lkml/20220513083212.3537869-3-davidgow@google.com/
- Actually use the new TAINT_TEST name, instead of TAINT_KUNIT
(Thanks, kernel-test-robot)
- Document how to use this (or MODULE_INFO()) to taint the kernel.
(Thanks, Luis)
- Also add MODULE_INFO(test, "Y") to embed the fact that this is a
test module into the .ko
  - Nothing depends on it now, but it should allow us to tell this is
a test module without executing it in the future.

No changes since v3:
https://lore.kernel.org/lkml/20220513083212.3537869-3-davidgow@google.com/

---
 Documentation/dev-tools/kselftest.rst      | 9 +++++++++
 tools/testing/selftests/kselftest_module.h | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/Documentation/dev-tools/kselftest.rst b/Documentation/dev-tools/kselftest.rst
index a833ecf12fbc..1096a9833550 100644
--- a/Documentation/dev-tools/kselftest.rst
+++ b/Documentation/dev-tools/kselftest.rst
@@ -250,6 +250,14 @@ assist writing kernel modules that are for use with kselftest:
 - ``tools/testing/selftests/kselftest_module.h``
 - ``tools/testing/selftests/kselftest/module.sh``
 
+Note that test modules should taint the kernel with TAINT_TEST. This will
+happen automatically for modules which are in the ``tools/testing/``
+directory, or for modules which use the ``kselftest_module.h`` header above.
+Otherwise, you'll need to add ``MODULE_INFO(test, "Y")`` to your module
+source. selftests which do not load modules typically should not taint the
+kernel, but in cases where a non-test module is loaded, TEST_TAINT can be
+applied from userspace by writing to ``/proc/sys/kernel/tainted``.
+
 How to use
 ----------
 
@@ -308,6 +316,7 @@ A bare bones test module might look like this:
    KSTM_MODULE_LOADERS(test_foo);
    MODULE_AUTHOR("John Developer <jd@fooman.org>");
    MODULE_LICENSE("GPL");
+   MODULE_INFO(test, "Y");
 
 Example test script
 -------------------
diff --git a/tools/testing/selftests/kselftest_module.h b/tools/testing/selftests/kselftest_module.h
index e2ea41de3f35..63cd7487373f 100644
--- a/tools/testing/selftests/kselftest_module.h
+++ b/tools/testing/selftests/kselftest_module.h
@@ -3,6 +3,7 @@
 #define __KSELFTEST_MODULE_H
 
 #include <linux/module.h>
+#include <linux/panic.h>
 
 /*
  * Test framework for writing test modules to be loaded by kselftest.
@@ -41,6 +42,7 @@ static inline int kstm_report(unsigned int total_tests, unsigned int failed_test
 static int __init __module##_init(void)			\
 {							\
 	pr_info("loaded.\n");				\
+	add_taint(TAINT_TEST, LOCKDEP_STILL_OK);	\
 	selftest();					\
 	return kstm_report(total_tests, failed_tests, skipped_tests);	\
 }							\
@@ -51,4 +53,6 @@ static void __exit __module##_exit(void)		\
 module_init(__module##_init);				\
 module_exit(__module##_exit)
 
+MODULE_INFO(test, "Y");
+
 #endif	/* __KSELFTEST_MODULE_H */
-- 
2.37.0.rc0.161.g10f37bed90-goog

Re: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[Shuah Khan]

On 7/7/22 10:48 PM, David Gow wrote:
> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
> Due to KUnit tests not being intended to run on production systems, and
> potentially causing problems (or security issues like leaking kernel
> addresses), the kernel's state should not be considered safe for
> production use after KUnit tests are run.
> 
> This both marks KUnit modules as test modules using MODULE_INFO() and
> manually taints the kernel when tests are run (which catches builtin
> tests).
> 
> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
> Tested-by: Daniel Latypov <dlatypov@google.com>
> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
> Signed-off-by: David Gow <davidgow@google.com>
> ---
> 
> No changes since v5:
> https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/
> 
> No changes since v4:
> https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/
> 

David, Brendan, Andrew,

Just confirming the status of these patches. I applied v4 1/3 and v4 3/4
to linux-kselftest kunit for 5.20-rc1.

I am seeing v5 and v6 now. Andrew applied v5 looks like. Would you like
me to drop the two I applied? Do we have to refresh with v6?

thanks,
-- Shuah

Re: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[Daniel Latypov]

On Fri, Jul 8, 2022 at 1:22 PM Shuah Khan <skhan@linuxfoundation.org> wrote:
>
> On 7/7/22 10:48 PM, David Gow wrote:
> > Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
> > Due to KUnit tests not being intended to run on production systems, and
> > potentially causing problems (or security issues like leaking kernel
> > addresses), the kernel's state should not be considered safe for
> > production use after KUnit tests are run.
> >
> > This both marks KUnit modules as test modules using MODULE_INFO() and
> > manually taints the kernel when tests are run (which catches builtin
> > tests).
> >
> > Acked-by: Luis Chamberlain <mcgrof@kernel.org>
> > Tested-by: Daniel Latypov <dlatypov@google.com>
> > Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
> > Signed-off-by: David Gow <davidgow@google.com>
> > ---
> >
> > No changes since v5:
> > https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/
> >
> > No changes since v4:
> > https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/
> >
>
> David, Brendan, Andrew,
>
> Just confirming the status of these patches. I applied v4 1/3 and v4 3/4
> to linux-kselftest kunit for 5.20-rc1.
> I am seeing v5 and v6 now. Andrew applied v5 looks like. Would you like
> me to drop the two I applied? Do we have to refresh with v6?

Just noting here that there'll be a merge conflict between this patch
(3/4) and some other patches lined up to go through the kunit tree:
https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/

Not sure how we want to handle that.

Daniel

Re: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[Shuah Khan]

On 7/8/22 3:00 PM, Daniel Latypov wrote:
> On Fri, Jul 8, 2022 at 1:22 PM Shuah Khan <skhan@linuxfoundation.org> wrote:
>>
>> On 7/7/22 10:48 PM, David Gow wrote:
>>> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
>>> Due to KUnit tests not being intended to run on production systems, and
>>> potentially causing problems (or security issues like leaking kernel
>>> addresses), the kernel's state should not be considered safe for
>>> production use after KUnit tests are run.
>>>
>>> This both marks KUnit modules as test modules using MODULE_INFO() and
>>> manually taints the kernel when tests are run (which catches builtin
>>> tests).
>>>
>>> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
>>> Tested-by: Daniel Latypov <dlatypov@google.com>
>>> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
>>> Signed-off-by: David Gow <davidgow@google.com>
>>> ---
>>>
>>> No changes since v5:
>>> https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/
>>>
>>> No changes since v4:
>>> https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/
>>>
>>
>> David, Brendan, Andrew,
>>
>> Just confirming the status of these patches. I applied v4 1/3 and v4 3/4
>> to linux-kselftest kunit for 5.20-rc1.
>> I am seeing v5 and v6 now. Andrew applied v5 looks like. Would you like
>> me to drop the two I applied? Do we have to refresh with v6?
> 
> Just noting here that there'll be a merge conflict between this patch
> (3/4) and some other patches lined up to go through the kunit tree:
> https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/
> 
> Not sure how we want to handle that.
> 

I can go drop the two patches and have Andrew carry the series through
mm tree.

thanks,
-- Shuah

Re: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[Shuah Khan]

On 7/8/22 3:22 PM, Shuah Khan wrote:
> On 7/8/22 3:00 PM, Daniel Latypov wrote:
>> On Fri, Jul 8, 2022 at 1:22 PM Shuah Khan <skhan@linuxfoundation.org> wrote:
>>>
>>> On 7/7/22 10:48 PM, David Gow wrote:
>>>> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
>>>> Due to KUnit tests not being intended to run on production systems, and
>>>> potentially causing problems (or security issues like leaking kernel
>>>> addresses), the kernel's state should not be considered safe for
>>>> production use after KUnit tests are run.
>>>>
>>>> This both marks KUnit modules as test modules using MODULE_INFO() and
>>>> manually taints the kernel when tests are run (which catches builtin
>>>> tests).
>>>>
>>>> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
>>>> Tested-by: Daniel Latypov <dlatypov@google.com>
>>>> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
>>>> Signed-off-by: David Gow <davidgow@google.com>
>>>> ---
>>>>
>>>> No changes since v5:
>>>> https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/
>>>>
>>>> No changes since v4:
>>>> https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/
>>>>
>>>
>>> David, Brendan, Andrew,
>>>
>>> Just confirming the status of these patches. I applied v4 1/3 and v4 3/4
>>> to linux-kselftest kunit for 5.20-rc1.
>>> I am seeing v5 and v6 now. Andrew applied v5 looks like. Would you like
>>> me to drop the two I applied? Do we have to refresh with v6?
>>
>> Just noting here that there'll be a merge conflict between this patch
>> (3/4) and some other patches lined up to go through the kunit tree:
>> https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/
>>
>> Not sure how we want to handle that.
>>
> 
> I can go drop the two patches and have Andrew carry the series through
> mm tree.
> 

Sorry spoke too soon. Yes there are others that might have conflicts as
Daniel pointed out:

https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/

thanks,
-- Shuah

Re: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[David Gow]

[-- Attachment #1: Type: text/plain, Size: 2590 bytes --]

On Sat, Jul 9, 2022 at 5:24 AM Shuah Khan <skhan@linuxfoundation.org> wrote:
>
> On 7/8/22 3:22 PM, Shuah Khan wrote:
> > On 7/8/22 3:00 PM, Daniel Latypov wrote:
> >> On Fri, Jul 8, 2022 at 1:22 PM Shuah Khan <skhan@linuxfoundation.org> wrote:
> >>>
> >>> On 7/7/22 10:48 PM, David Gow wrote:
> >>>> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
> >>>> Due to KUnit tests not being intended to run on production systems, and
> >>>> potentially causing problems (or security issues like leaking kernel
> >>>> addresses), the kernel's state should not be considered safe for
> >>>> production use after KUnit tests are run.
> >>>>
> >>>> This both marks KUnit modules as test modules using MODULE_INFO() and
> >>>> manually taints the kernel when tests are run (which catches builtin
> >>>> tests).
> >>>>
> >>>> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
> >>>> Tested-by: Daniel Latypov <dlatypov@google.com>
> >>>> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
> >>>> Signed-off-by: David Gow <davidgow@google.com>
> >>>> ---
> >>>>
> >>>> No changes since v5:
> >>>> https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/
> >>>>
> >>>> No changes since v4:
> >>>> https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/
> >>>>
> >>>
> >>> David, Brendan, Andrew,
> >>>
> >>> Just confirming the status of these patches. I applied v4 1/3 and v4 3/4
> >>> to linux-kselftest kunit for 5.20-rc1.
> >>> I am seeing v5 and v6 now. Andrew applied v5 looks like. Would you like
> >>> me to drop the two I applied? Do we have to refresh with v6?
> >>
> >> Just noting here that there'll be a merge conflict between this patch
> >> (3/4) and some other patches lined up to go through the kunit tree:
> >> https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/
> >>
> >> Not sure how we want to handle that.
> >>
> >
> > I can go drop the two patches and have Andrew carry the series through
> > mm tree.
> >
>
> Sorry spoke too soon. Yes there are others that might have conflicts as
> Daniel pointed out:
>
> https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/
>
> thanks,
> -- Shuah
>

Thanks everyone for pointing these out.

I've rebased the other series (the KUnit module support one:
https://lore.kernel.org/linux-kselftest/20220709032001.819487-1-davidgow@google.com/
) on top of this.

If they all go in via the kselftest/kunit tree, everything should be fine now.

Cheers,
-- David

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4003 bytes --]

Re: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run

[Shuah Khan]

On 7/8/22 9:35 PM, David Gow wrote:
> On Sat, Jul 9, 2022 at 5:24 AM Shuah Khan <skhan@linuxfoundation.org> wrote:
>>
>> On 7/8/22 3:22 PM, Shuah Khan wrote:
>>> On 7/8/22 3:00 PM, Daniel Latypov wrote:
>>>> On Fri, Jul 8, 2022 at 1:22 PM Shuah Khan <skhan@linuxfoundation.org> wrote:
>>>>>
>>>>> On 7/7/22 10:48 PM, David Gow wrote:
>>>>>> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
>>>>>> Due to KUnit tests not being intended to run on production systems, and
>>>>>> potentially causing problems (or security issues like leaking kernel
>>>>>> addresses), the kernel's state should not be considered safe for
>>>>>> production use after KUnit tests are run.
>>>>>>
>>>>>> This both marks KUnit modules as test modules using MODULE_INFO() and
>>>>>> manually taints the kernel when tests are run (which catches builtin
>>>>>> tests).
>>>>>>
>>>>>> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
>>>>>> Tested-by: Daniel Latypov <dlatypov@google.com>
>>>>>> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
>>>>>> Signed-off-by: David Gow <davidgow@google.com>
>>>>>> ---
>>>>>>
>>>>>> No changes since v5:
>>>>>> https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/
>>>>>>
>>>>>> No changes since v4:
>>>>>> https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/
>>>>>>
>>>>>
>>>>> David, Brendan, Andrew,
>>>>>
>>>>> Just confirming the status of these patches. I applied v4 1/3 and v4 3/4
>>>>> to linux-kselftest kunit for 5.20-rc1.
>>>>> I am seeing v5 and v6 now. Andrew applied v5 looks like. Would you like
>>>>> me to drop the two I applied? Do we have to refresh with v6?
>>>>
>>>> Just noting here that there'll be a merge conflict between this patch
>>>> (3/4) and some other patches lined up to go through the kunit tree:
>>>> https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/
>>>>
>>>> Not sure how we want to handle that.
>>>>
>>>
>>> I can go drop the two patches and have Andrew carry the series through
>>> mm tree.
>>>
>>
>> Sorry spoke too soon. Yes there are others that might have conflicts as
>> Daniel pointed out:
>>
>> https://patchwork.kernel.org/project/linux-kselftest/patch/20220625050838.1618469-2-davidgow@google.com/
>>
>> thanks,
>> -- Shuah
>>
> 
> Thanks everyone for pointing these out.
> 
> I've rebased the other series (the KUnit module support one:
> https://lore.kernel.org/linux-kselftest/20220709032001.819487-1-davidgow@google.com/
> ) on top of this.
> 
> If they all go in via the kselftest/kunit tree, everything should be fine now.
> 
> Cheers,
> -- David
> 

Thank you David. All patches applied now to linux-kselftest kunit for 5.20-rc1

thanks,
-- Shuah