From: Kees Cook <keescook@chromium.org>
To: Daniel Latypov <dlatypov@google.com>
Cc: David Gow <davidgow@google.com>,
Vitor Massaru Iha <vitor@massaru.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Nick Desaulniers <ndesaulniers@google.com>,
Arnd Bergmann <arnd@arndb.de>,
linux-kernel@vger.kernel.org,
KUnit Development <kunit-dev@googlegroups.com>,
linux-kselftest@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] lib: overflow: Convert to Kunit
Date: Thu, 17 Feb 2022 09:09:29 -0800 [thread overview]
Message-ID: <202202170903.E39554DF@keescook> (raw)
In-Reply-To: <CAGS_qxoOYjOtX6BQm-ozcarnazyED2vocd4iV+VdDVnMWpjWjg@mail.gmail.com>
On Wed, Feb 16, 2022 at 02:57:12PM -0800, Daniel Latypov wrote:
> On Wed, Feb 16, 2022 at 2:42 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > Convert overflow unit tests to KUnit, for better integration into the
> > kernel self test framework. Includes a rename of test_overflow.c to
> > overflow_kunit.c, and CONFIG_TEST_OVERFLOW to CONFIG_OVERFLOW_KUNIT_TEST.
> >
> > $ ./tools/testing/kunit/kunit.py config
> > ...
> > $ ./tools/testing/kunit/kunit.py run overflow
>
> JFYI, you can run this as a one-liner via
>
> $ ./tools/testing/kunit/kunit.py run --kunitconfig /dev/stdin <<EOF
> CONFIG_KUNIT=y
> CONFIG_TEST_OVERFLOW=y
> EOF
>
> The above is taken from my own duplicate version of this patch
> [1] https://lore.kernel.org/linux-kselftest/20210503211536.1384578-1-dlatypov@google.com/
Ah-ha! I thought I remembered this conversion being proposed before but
I totally failed to find it. Thank you! I'll compare/adjust this patch
and add you as Co-developed-by.
> > ...
> > [14:33:51] Starting KUnit Kernel (1/1)...
> > [14:33:51] ============================================================
> > [14:33:51] ================== overflow (11 subtests) ==================
> > [14:33:51] [PASSED] u8_overflow_test
> > [14:33:51] [PASSED] s8_overflow_test
> > [14:33:51] [PASSED] u16_overflow_test
> > [14:33:51] [PASSED] s16_overflow_test
> > [14:33:51] [PASSED] u32_overflow_test
> > [14:33:51] [PASSED] s32_overflow_test
> > [14:33:51] [PASSED] u64_overflow_test
> > [14:33:51] [PASSED] s64_overflow_test
> > [14:33:51] [PASSED] overflow_shift_test
> > [14:33:51] [PASSED] overflow_allocation_test
> > [14:33:51] [PASSED] overflow_size_helpers_test
> > [14:33:51] ==================== [PASSED] overflow =====================
> > [14:33:51] ============================================================
> > [14:33:51] Testing complete. Passed: 11, Failed: 0, Crashed: 0, Skipped: 0, Errors: 0
> > [14:33:51] Elapsed time: 12.525s total, 0.001s configuring, 12.402s building, 0.101s running
> >
> > Cc: David Gow <davidgow@google.com>
> > Cc: Vitor Massaru Iha <vitor@massaru.org>
> > Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> > Cc: Nick Desaulniers <ndesaulniers@google.com>
> > Co-developed-by: Vitor Massaru Iha <vitor@massaru.org>
> > Signed-off-by: Vitor Massaru Iha <vitor@massaru.org>
> > Link: https://lore.kernel.org/lkml/20200720224418.200495-1-vitor@massaru.org/
> > Signed-off-by: Kees Cook <keescook@chromium.org>
>
> Reviewed-by: Daniel Latypov <dlatypov@google.com>
>
> Looks good to me, some minor nits/suggestions wrt KUnit usage.
> Nice to see this test converted over!
Thanks!
> [...]
> > index f6530fce799d..4cc27b9926a1 100644
> > --- a/lib/test_overflow.c
> > +++ b/lib/overflow_kunit.c
> > @@ -1,9 +1,13 @@
> > // SPDX-License-Identifier: GPL-2.0 OR MIT
> > /*
> > - * Test cases for arithmetic overflow checks.
> > + * Test cases for arithmetic overflow checks. See:
> > + * https://www.kernel.org/doc/html/latest/dev-tools/kunit/kunit-tool.html#configuring-building-and-running-tests
> > + * ./tools/testing/kunit/kunit.py config
> > + * ./tools/testing/kunit/kunit.py run overflow [--raw_output]
> > */
> > #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>
> We can drop the pr_fmt now, I think
My instinct is to leave these in place just so that anything weird that
gets inlined and sneaks a pr_*() call into the code will have a
meaningful prefix.
> [...]
> > @@ -510,30 +477,28 @@ static int __init test_ ## func (void *arg) \
> > \
> > /* Tiny allocation test. */ \
> > ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, 1);\
> > - if (!ptr) { \
> > - pr_warn(#func " failed regular allocation?!\n"); \
> > - return 1; \
> > - } \
> > + KUNIT_EXPECT_FALSE_MSG(test, !ptr, \
> > + #func " failed regular allocation?!\n"); \
>
> Optional: we can consider using KUNIT_ASSERT_NOT_ERR_OR_NULL_MSG() here.
> It's a more heavy handed than just a `return` on failure, but if the
> regular allocation failed, we're probably justified in bailing out on
> the whole test case.
Yeah, I think it might work here. Earlier I hadn't figured out how to
convert each test separately, but now an ASSERT makes sense.
>
> > + if (!ptr) \
> > + return; \
> > free ## want_arg (free_func, arg, ptr); \
> > \
> > /* Wrapped allocation test. */ \
> > ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, \
> > a * b); \
> > - if (!ptr) { \
> > - pr_warn(#func " unexpectedly failed bad wrapping?!\n"); \
> > - return 1; \
> > - } \
> > + KUNIT_EXPECT_FALSE_MSG(test, !ptr, \
> > + #func " unexpectedly failed bad wrapping?!\n"); \
> > + if (!ptr) \
> > + return; \
> > free ## want_arg (free_func, arg, ptr); \
> > \
> > /* Saturated allocation test. */ \
> > ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, \
> > array_size(a, b)); \
> > - if (ptr) { \
> > - pr_warn(#func " missed saturation!\n"); \
> > + KUNIT_EXPECT_FALSE_MSG(test, ptr, \
> > + #func " missed saturation!\n"); \
> > + if (ptr) \
>
> We can instead do
>
> if (ptr) {
> KUNIT_FAIL(test, #func "missed saturation!");
> free...()
> }
>
> IMO, it's a bit easier to read that way, but not that important.
Ah yes, good. That's much better.
I will respin and resend...
--
Kees Cook
next prev parent reply other threads:[~2022-02-17 17:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-16 22:41 [PATCH] lib: overflow: Convert to Kunit Kees Cook
2022-02-16 22:47 ` Nick Desaulniers
2022-02-16 22:57 ` Daniel Latypov
2022-02-17 17:09 ` Kees Cook [this message]
2022-02-17 17:24 ` Shuah Khan
2022-02-17 19:01 ` Daniel Latypov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202202170903.E39554DF@keescook \
--to=keescook@chromium.org \
--cc=arnd@arndb.de \
--cc=davidgow@google.com \
--cc=dlatypov@google.com \
--cc=kunit-dev@googlegroups.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=ndesaulniers@google.com \
--cc=vitor@massaru.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).