linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [RFC PATCH 1/2] Port KASAN Tests to KUnit
@ 2020-02-27  2:43 Patricia Alfonso
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
                   ` (2 more replies)
  0 siblings, 3 replies; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-27  2:43 UTC (permalink / raw)
  To: aryabinin, dvyukov, brendanhiggins, davidgow, mingo, peterz,
	juri.lelli, vincent.guittot
  Cc: linux-kernel, kasan-dev, linux-kselftest, kunit-dev, Patricia Alfonso

Transfer all previous tests for KASAN to KUnit so they can be run
more easily. With proper KASAN integration into KUnit, developers can
run these tests with their other KUnit tests and see "pass" or "fail"
with the appropriate KASAN report instead of needing to parse each KASAN
report to test KASAN functionalities.

Stack tests do not work in UML so those tests are protected inside an
"#if (CONFIG_KASAN_STACK == 1)" so this only runs if stack
instrumentation is enabled.

Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
---
The KUnit version of these tests could be in addition to the existing
tests if that is preferred.

 lib/Kconfig.kasan |   2 +-
 lib/test_kasan.c  | 352 +++++++++++++++++++++-------------------------
 2 files changed, 161 insertions(+), 193 deletions(-)

diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 5b54f3c9a741..f8cc9ed60677 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -160,7 +160,7 @@ config KASAN_VMALLOC
 
 config TEST_KASAN
 	tristate "Module for testing KASAN for bug detection"
-	depends on m && KASAN
+	depends on KASAN && KUNIT
 	help
 	  This is a test module doing various nasty things like
 	  out of bounds accesses, use after free. It is useful for testing
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 3872d250ed2c..988650387a2a 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -23,17 +23,18 @@
 
 #include <asm/page.h>
 
+#include <kunit/test.h>
+
 /*
  * Note: test functions are marked noinline so that their names appear in
  * reports.
  */
 
-static noinline void __init kmalloc_oob_right(void)
+static noinline void kmalloc_oob_right(void)
 {
 	char *ptr;
 	size_t size = 123;
 
-	pr_info("out-of-bounds to right\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -44,12 +45,11 @@ static noinline void __init kmalloc_oob_right(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_oob_left(void)
+static noinline void kmalloc_oob_left(void)
 {
 	char *ptr;
 	size_t size = 15;
 
-	pr_info("out-of-bounds to left\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -60,12 +60,11 @@ static noinline void __init kmalloc_oob_left(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_node_oob_right(void)
+static noinline void kmalloc_node_oob_right(void)
 {
 	char *ptr;
 	size_t size = 4096;
 
-	pr_info("kmalloc_node(): out-of-bounds to right\n");
 	ptr = kmalloc_node(size, GFP_KERNEL, 0);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -77,7 +76,7 @@ static noinline void __init kmalloc_node_oob_right(void)
 }
 
 #ifdef CONFIG_SLUB
-static noinline void __init kmalloc_pagealloc_oob_right(void)
+static noinline void kmalloc_pagealloc_oob_right(void)
 {
 	char *ptr;
 	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
@@ -85,7 +84,6 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
 	/* Allocate a chunk that does not fit into a SLUB cache to trigger
 	 * the page allocator fallback.
 	 */
-	pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -96,12 +94,11 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_pagealloc_uaf(void)
+static noinline void kmalloc_pagealloc_uaf(void)
 {
 	char *ptr;
 	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 
-	pr_info("kmalloc pagealloc allocation: use-after-free\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -112,12 +109,11 @@ static noinline void __init kmalloc_pagealloc_uaf(void)
 	ptr[0] = 0;
 }
 
-static noinline void __init kmalloc_pagealloc_invalid_free(void)
+static noinline void kmalloc_pagealloc_invalid_free(void)
 {
 	char *ptr;
 	size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
 
-	pr_info("kmalloc pagealloc allocation: invalid-free\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -128,14 +124,13 @@ static noinline void __init kmalloc_pagealloc_invalid_free(void)
 }
 #endif
 
-static noinline void __init kmalloc_large_oob_right(void)
+static noinline void kmalloc_large_oob_right(void)
 {
 	char *ptr;
 	size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
 	/* Allocate a chunk that is large enough, but still fits into a slab
 	 * and does not trigger the page allocator fallback in SLUB.
 	 */
-	pr_info("kmalloc large allocation: out-of-bounds to right\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -146,13 +141,12 @@ static noinline void __init kmalloc_large_oob_right(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_oob_krealloc_more(void)
+static noinline void kmalloc_oob_krealloc_more(void)
 {
 	char *ptr1, *ptr2;
 	size_t size1 = 17;
 	size_t size2 = 19;
 
-	pr_info("out-of-bounds after krealloc more\n");
 	ptr1 = kmalloc(size1, GFP_KERNEL);
 	ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
 	if (!ptr1 || !ptr2) {
@@ -166,13 +160,12 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
 	kfree(ptr2);
 }
 
-static noinline void __init kmalloc_oob_krealloc_less(void)
+static noinline void kmalloc_oob_krealloc_less(void)
 {
 	char *ptr1, *ptr2;
 	size_t size1 = 17;
 	size_t size2 = 15;
 
-	pr_info("out-of-bounds after krealloc less\n");
 	ptr1 = kmalloc(size1, GFP_KERNEL);
 	ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
 	if (!ptr1 || !ptr2) {
@@ -184,13 +177,12 @@ static noinline void __init kmalloc_oob_krealloc_less(void)
 	kfree(ptr2);
 }
 
-static noinline void __init kmalloc_oob_16(void)
+static noinline void kmalloc_oob_16(void)
 {
 	struct {
 		u64 words[2];
 	} *ptr1, *ptr2;
 
-	pr_info("kmalloc out-of-bounds for 16-bytes access\n");
 	ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
 	ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
 	if (!ptr1 || !ptr2) {
@@ -204,12 +196,11 @@ static noinline void __init kmalloc_oob_16(void)
 	kfree(ptr2);
 }
 
-static noinline void __init kmalloc_oob_memset_2(void)
+static noinline void kmalloc_oob_memset_2(void)
 {
 	char *ptr;
 	size_t size = 8;
 
-	pr_info("out-of-bounds in memset2\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -220,12 +211,11 @@ static noinline void __init kmalloc_oob_memset_2(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_oob_memset_4(void)
+static noinline void kmalloc_oob_memset_4(void)
 {
 	char *ptr;
 	size_t size = 8;
 
-	pr_info("out-of-bounds in memset4\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -237,12 +227,11 @@ static noinline void __init kmalloc_oob_memset_4(void)
 }
 
 
-static noinline void __init kmalloc_oob_memset_8(void)
+static noinline void kmalloc_oob_memset_8(void)
 {
 	char *ptr;
 	size_t size = 8;
 
-	pr_info("out-of-bounds in memset8\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -253,12 +242,11 @@ static noinline void __init kmalloc_oob_memset_8(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_oob_memset_16(void)
+static noinline void kmalloc_oob_memset_16(void)
 {
 	char *ptr;
 	size_t size = 16;
 
-	pr_info("out-of-bounds in memset16\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -269,12 +257,11 @@ static noinline void __init kmalloc_oob_memset_16(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_oob_in_memset(void)
+static noinline void kmalloc_oob_in_memset(void)
 {
 	char *ptr;
 	size_t size = 666;
 
-	pr_info("out-of-bounds in memset\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -285,12 +272,11 @@ static noinline void __init kmalloc_oob_in_memset(void)
 	kfree(ptr);
 }
 
-static noinline void __init kmalloc_uaf(void)
+static noinline void kmalloc_uaf(void)
 {
 	char *ptr;
 	size_t size = 10;
 
-	pr_info("use-after-free\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -301,12 +287,11 @@ static noinline void __init kmalloc_uaf(void)
 	*(ptr + 8) = 'x';
 }
 
-static noinline void __init kmalloc_uaf_memset(void)
+static noinline void kmalloc_uaf_memset(void)
 {
 	char *ptr;
 	size_t size = 33;
 
-	pr_info("use-after-free in memset\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -317,12 +302,11 @@ static noinline void __init kmalloc_uaf_memset(void)
 	memset(ptr, 0, size);
 }
 
-static noinline void __init kmalloc_uaf2(void)
+static noinline void kmalloc_uaf2(void)
 {
 	char *ptr1, *ptr2;
 	size_t size = 43;
 
-	pr_info("use-after-free after another kmalloc\n");
 	ptr1 = kmalloc(size, GFP_KERNEL);
 	if (!ptr1) {
 		pr_err("Allocation failed\n");
@@ -342,14 +326,13 @@ static noinline void __init kmalloc_uaf2(void)
 	kfree(ptr2);
 }
 
-static noinline void __init kfree_via_page(void)
+static noinline void kfree_via_page(void)
 {
 	char *ptr;
 	size_t size = 8;
 	struct page *page;
 	unsigned long offset;
 
-	pr_info("invalid-free false positive (via page)\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -361,13 +344,12 @@ static noinline void __init kfree_via_page(void)
 	kfree(page_address(page) + offset);
 }
 
-static noinline void __init kfree_via_phys(void)
+static noinline void kfree_via_phys(void)
 {
 	char *ptr;
 	size_t size = 8;
 	phys_addr_t phys;
 
-	pr_info("invalid-free false positive (via phys)\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -378,7 +360,7 @@ static noinline void __init kfree_via_phys(void)
 	kfree(phys_to_virt(phys));
 }
 
-static noinline void __init kmem_cache_oob(void)
+static noinline void kmem_cache_oob(void)
 {
 	char *p;
 	size_t size = 200;
@@ -389,7 +371,6 @@ static noinline void __init kmem_cache_oob(void)
 		pr_err("Cache allocation failed\n");
 		return;
 	}
-	pr_info("out-of-bounds in kmem_cache_alloc\n");
 	p = kmem_cache_alloc(cache, GFP_KERNEL);
 	if (!p) {
 		pr_err("Allocation failed\n");
@@ -402,7 +383,7 @@ static noinline void __init kmem_cache_oob(void)
 	kmem_cache_destroy(cache);
 }
 
-static noinline void __init memcg_accounted_kmem_cache(void)
+static noinline void memcg_accounted_kmem_cache(void)
 {
 	int i;
 	char *p;
@@ -415,7 +396,6 @@ static noinline void __init memcg_accounted_kmem_cache(void)
 		return;
 	}
 
-	pr_info("allocate memcg accounted object\n");
 	/*
 	 * Several allocations with a delay to allow for lazy per memcg kmem
 	 * cache creation.
@@ -435,31 +415,19 @@ static noinline void __init memcg_accounted_kmem_cache(void)
 
 static char global_array[10];
 
-static noinline void __init kasan_global_oob(void)
+static noinline void kasan_global_oob(void)
 {
 	volatile int i = 3;
 	char *p = &global_array[ARRAY_SIZE(global_array) + i];
 
-	pr_info("out-of-bounds global variable\n");
-	*(volatile char *)p;
-}
-
-static noinline void __init kasan_stack_oob(void)
-{
-	char stack_array[10];
-	volatile int i = 0;
-	char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
-
-	pr_info("out-of-bounds on stack\n");
 	*(volatile char *)p;
 }
 
-static noinline void __init ksize_unpoisons_memory(void)
+static noinline void ksize_unpoisons_memory(void)
 {
 	char *ptr;
 	size_t size = 123, real_size;
 
-	pr_info("ksize() unpoisons the whole allocated chunk\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -473,72 +441,36 @@ static noinline void __init ksize_unpoisons_memory(void)
 	kfree(ptr);
 }
 
-static noinline void __init copy_user_test(void)
+#if (CONFIG_KASAN_STACK == 1)
+static noinline void kasan_stack_oob(void)
 {
-	char *kmem;
-	char __user *usermem;
-	size_t size = 10;
-	int unused;
-
-	kmem = kmalloc(size, GFP_KERNEL);
-	if (!kmem)
-		return;
-
-	usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
-			    PROT_READ | PROT_WRITE | PROT_EXEC,
-			    MAP_ANONYMOUS | MAP_PRIVATE, 0);
-	if (IS_ERR(usermem)) {
-		pr_err("Failed to allocate user memory\n");
-		kfree(kmem);
-		return;
-	}
-
-	pr_info("out-of-bounds in copy_from_user()\n");
-	unused = copy_from_user(kmem, usermem, size + 1);
-
-	pr_info("out-of-bounds in copy_to_user()\n");
-	unused = copy_to_user(usermem, kmem, size + 1);
-
-	pr_info("out-of-bounds in __copy_from_user()\n");
-	unused = __copy_from_user(kmem, usermem, size + 1);
-
-	pr_info("out-of-bounds in __copy_to_user()\n");
-	unused = __copy_to_user(usermem, kmem, size + 1);
-
-	pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
-	unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
-
-	pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
-	unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
-
-	pr_info("out-of-bounds in strncpy_from_user()\n");
-	unused = strncpy_from_user(kmem, usermem, size + 1);
+	char stack_array[10];
+	volatile int i = 0;
+	char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
 
-	vm_munmap((unsigned long)usermem, PAGE_SIZE);
-	kfree(kmem);
+	*(volatile char *)p;
 }
 
-static noinline void __init kasan_alloca_oob_left(void)
+static noinline void kasan_alloca_oob_left(void)
 {
 	volatile int i = 10;
 	char alloca_array[i];
 	char *p = alloca_array - 1;
 
-	pr_info("out-of-bounds to left on alloca\n");
 	*(volatile char *)p;
 }
 
-static noinline void __init kasan_alloca_oob_right(void)
+static noinline void kasan_alloca_oob_right(void)
 {
 	volatile int i = 10;
 	char alloca_array[i];
 	char *p = alloca_array + i;
 
-	pr_info("out-of-bounds to right on alloca\n");
 	*(volatile char *)p;
 }
+#endif /* CONFIG_KASAN_STACK */
 
-static noinline void __init kmem_cache_double_free(void)
+static noinline void kmem_cache_double_free(void)
 {
 	char *p;
 	size_t size = 200;
@@ -549,7 +481,6 @@ static noinline void __init kmem_cache_double_free(void)
 		pr_err("Cache allocation failed\n");
 		return;
 	}
-	pr_info("double-free on heap object\n");
 	p = kmem_cache_alloc(cache, GFP_KERNEL);
 	if (!p) {
 		pr_err("Allocation failed\n");
@@ -562,7 +493,7 @@ static noinline void __init kmem_cache_double_free(void)
 	kmem_cache_destroy(cache);
 }
 
-static noinline void __init kmem_cache_invalid_free(void)
+static noinline void kmem_cache_invalid_free(void)
 {
 	char *p;
 	size_t size = 200;
@@ -574,7 +505,6 @@ static noinline void __init kmem_cache_invalid_free(void)
 		pr_err("Cache allocation failed\n");
 		return;
 	}
-	pr_info("invalid-free of heap object\n");
 	p = kmem_cache_alloc(cache, GFP_KERNEL);
 	if (!p) {
 		pr_err("Allocation failed\n");
@@ -594,12 +524,11 @@ static noinline void __init kmem_cache_invalid_free(void)
 	kmem_cache_destroy(cache);
 }
 
-static noinline void __init kasan_memchr(void)
+static noinline void kasan_memchr(void)
 {
 	char *ptr;
 	size_t size = 24;
 
-	pr_info("out-of-bounds in memchr\n");
 	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
 	if (!ptr)
 		return;
@@ -608,13 +537,12 @@ static noinline void __init kasan_memchr(void)
 	kfree(ptr);
 }
 
-static noinline void __init kasan_memcmp(void)
+static noinline void kasan_memcmp(void)
 {
 	char *ptr;
 	size_t size = 24;
 	int arr[9];
 
-	pr_info("out-of-bounds in memcmp\n");
 	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
 	if (!ptr)
 		return;
@@ -624,12 +552,11 @@ static noinline void __init kasan_memcmp(void)
 	kfree(ptr);
 }
 
-static noinline void __init kasan_strings(void)
+static noinline void kasan_strings(void)
 {
 	char *ptr;
 	size_t size = 24;
 
-	pr_info("use-after-free in strchr\n");
 	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
 	if (!ptr)
 		return;
@@ -645,23 +572,18 @@ static noinline void __init kasan_strings(void)
 	ptr += 16;
 	strchr(ptr, '1');
 
-	pr_info("use-after-free in strrchr\n");
 	strrchr(ptr, '1');
 
-	pr_info("use-after-free in strcmp\n");
 	strcmp(ptr, "2");
 
-	pr_info("use-after-free in strncmp\n");
 	strncmp(ptr, "2", 1);
 
-	pr_info("use-after-free in strlen\n");
 	strlen(ptr);
 
-	pr_info("use-after-free in strnlen\n");
 	strnlen(ptr, 1);
 }
 
-static noinline void __init kasan_bitops(void)
+static noinline void kasan_bitops(void)
 {
 	/*
 	 * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
@@ -676,70 +598,52 @@ static noinline void __init kasan_bitops(void)
 	 * below accesses are still out-of-bounds, since bitops are defined to
 	 * operate on the whole long the bit is in.
 	 */
-	pr_info("out-of-bounds in set_bit\n");
 	set_bit(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in __set_bit\n");
 	__set_bit(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in clear_bit\n");
 	clear_bit(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in __clear_bit\n");
 	__clear_bit(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in clear_bit_unlock\n");
 	clear_bit_unlock(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in __clear_bit_unlock\n");
 	__clear_bit_unlock(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in change_bit\n");
 	change_bit(BITS_PER_LONG, bits);
 
-	pr_info("out-of-bounds in __change_bit\n");
 	__change_bit(BITS_PER_LONG, bits);
 
 	/*
 	 * Below calls try to access bit beyond allocated memory.
 	 */
-	pr_info("out-of-bounds in test_and_set_bit\n");
 	test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in __test_and_set_bit\n");
 	__test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in test_and_set_bit_lock\n");
 	test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in test_and_clear_bit\n");
 	test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in __test_and_clear_bit\n");
 	__test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in test_and_change_bit\n");
 	test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in __test_and_change_bit\n");
 	__test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
-	pr_info("out-of-bounds in test_bit\n");
 	(void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
 #if defined(clear_bit_unlock_is_negative_byte)
-	pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
 	clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
 #endif
 	kfree(bits);
 }
 
-static noinline void __init kmalloc_double_kzfree(void)
+static noinline void kmalloc_double_kzfree(void)
 {
 	char *ptr;
 	size_t size = 16;
 
-	pr_info("double-free (kzfree)\n");
 	ptr = kmalloc(size, GFP_KERNEL);
 	if (!ptr) {
 		pr_err("Allocation failed\n");
@@ -750,29 +654,130 @@ static noinline void __init kmalloc_double_kzfree(void)
 	kzfree(ptr);
 }
 
-#ifdef CONFIG_KASAN_VMALLOC
-static noinline void __init vmalloc_oob(void)
+static void kunit_test_oob(struct kunit *test)
+{
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_right());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_left());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_node_oob_right());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_large_oob_right());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_more());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_less());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_16());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_in_memset());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_2());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_4());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_8());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_16());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_oob());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_global_oob());
+	KUNIT_EXPECT_KASAN_FAIL(test, ksize_unpoisons_memory());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_memchr());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_memcmp());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_strings());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_bitops());
+#ifdef CONFIG_SLUB
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_oob_right());
+#endif /* CONFIG_SLUB */
+
+#if (CONFIG_KASAN_STACK == 1)
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_stack_oob());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_right());
+	KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_left());
+#endif /*CONFIG_KASAN_STACK*/
+}
+
+static void kunit_test_uaf(struct kunit *test)
+{
+#ifdef CONFIG_SLUB
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_uaf());
+#endif
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf_memset());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf2());
+}
+
+static void kunit_test_invalid_free(struct kunit *test)
 {
-	void *area;
+#ifdef CONFIG_SLUB
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_invalid_free());
+#endif
+	KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_invalid_free());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_double_free());
+	KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_double_kzfree());
+}
 
-	pr_info("vmalloc out-of-bounds\n");
+static void kunit_test_false_positives(struct kunit *test)
+{
+	kfree_via_page();
+	kfree_via_phys();
+}
 
-	/*
-	 * We have to be careful not to hit the guard page.
-	 * The MMU will catch that and crash us.
-	 */
-	area = vmalloc(3000);
-	if (!area) {
-		pr_err("Allocation failed\n");
+static void kunit_test_memcg(struct kunit *test)
+{
+	memcg_accounted_kmem_cache();
+}
+
+static struct kunit_case kasan_kunit_test_cases[] = {
+	KUNIT_CASE(kunit_test_oob),
+	KUNIT_CASE(kunit_test_uaf),
+	KUNIT_CASE(kunit_test_invalid_free),
+	KUNIT_CASE(kunit_test_false_positives),
+	KUNIT_CASE(kunit_test_memcg),
+	{}
+};
+
+static struct kunit_suite kasan_kunit_test_suite = {
+	.name = "kasan_kunit_test",
+	.test_cases = kasan_kunit_test_cases,
+};
+
+kunit_test_suite(kasan_kunit_test_suite);
+
+#if IS_MODULE(CONFIG_TEST_KASAN)
+static noinline void __init copy_user_test(void)
+{
+	char *kmem;
+	char __user *usermem;
+	size_t size = 10;
+	int unused;
+
+	kmem = kmalloc(size, GFP_KERNEL);
+	if (!kmem)
+		return;
+
+	usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
+			    PROT_READ | PROT_WRITE | PROT_EXEC,
+			    MAP_ANONYMOUS | MAP_PRIVATE, 0);
+	if (IS_ERR(usermem)) {
+		pr_err("Failed to allocate user memory\n");
+		kfree(kmem);
 		return;
 	}
 
-	((volatile char *)area)[3100];
-	vfree(area);
+	pr_info("out-of-bounds in copy_from_user()\n");
+	unused = copy_from_user(kmem, usermem, size + 1);
+
+	pr_info("out-of-bounds in copy_to_user()\n");
+	unused = copy_to_user(usermem, kmem, size + 1);
+
+	pr_info("out-of-bounds in __copy_from_user()\n");
+	unused = __copy_from_user(kmem, usermem, size + 1);
+
+	pr_info("out-of-bounds in __copy_to_user()\n");
+	unused = __copy_to_user(usermem, kmem, size + 1);
+
+	pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
+	unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
+
+	pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
+	unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
+
+	pr_info("out-of-bounds in strncpy_from_user()\n");
+	unused = strncpy_from_user(kmem, usermem, size + 1);
+
+	vm_munmap((unsigned long)usermem, PAGE_SIZE);
+	kfree(kmem);
 }
-#else
-static void __init vmalloc_oob(void) {}
-#endif
 
 static int __init kmalloc_tests_init(void)
 {
@@ -782,44 +787,7 @@ static int __init kmalloc_tests_init(void)
 	 */
 	bool multishot = kasan_save_enable_multi_shot();
 
-	kmalloc_oob_right();
-	kmalloc_oob_left();
-	kmalloc_node_oob_right();
-#ifdef CONFIG_SLUB
-	kmalloc_pagealloc_oob_right();
-	kmalloc_pagealloc_uaf();
-	kmalloc_pagealloc_invalid_free();
-#endif
-	kmalloc_large_oob_right();
-	kmalloc_oob_krealloc_more();
-	kmalloc_oob_krealloc_less();
-	kmalloc_oob_16();
-	kmalloc_oob_in_memset();
-	kmalloc_oob_memset_2();
-	kmalloc_oob_memset_4();
-	kmalloc_oob_memset_8();
-	kmalloc_oob_memset_16();
-	kmalloc_uaf();
-	kmalloc_uaf_memset();
-	kmalloc_uaf2();
-	kfree_via_page();
-	kfree_via_phys();
-	kmem_cache_oob();
-	memcg_accounted_kmem_cache();
-	kasan_stack_oob();
-	kasan_global_oob();
-	kasan_alloca_oob_left();
-	kasan_alloca_oob_right();
-	ksize_unpoisons_memory();
 	copy_user_test();
-	kmem_cache_double_free();
-	kmem_cache_invalid_free();
-	kasan_memchr();
-	kasan_memcmp();
-	kasan_strings();
-	kasan_bitops();
-	kmalloc_double_kzfree();
-	vmalloc_oob();
 
 	kasan_restore_multi_shot(multishot);
 
@@ -827,4 +795,4 @@ static int __init kmalloc_tests_init(void)
 }
 
 module_init(kmalloc_tests_init);
-MODULE_LICENSE("GPL");
+#endif /* IS_MODULE(CONFIG_TEST_KASAN) */
-- 
2.25.0.265.gbab2e86ba0-goog


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27  2:43 [RFC PATCH 1/2] Port KASAN Tests to KUnit Patricia Alfonso
@ 2020-02-27  2:43 ` Patricia Alfonso
  2020-02-27 14:04   ` Alan Maguire
                     ` (4 more replies)
  2020-02-27 13:56 ` [RFC PATCH 1/2] Port KASAN Tests to KUnit Andrey Konovalov
  2020-02-27 14:19 ` Dmitry Vyukov
  2 siblings, 5 replies; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-27  2:43 UTC (permalink / raw)
  To: aryabinin, dvyukov, brendanhiggins, davidgow, mingo, peterz,
	juri.lelli, vincent.guittot
  Cc: linux-kernel, kasan-dev, linux-kselftest, kunit-dev, Patricia Alfonso

Integrate KASAN into KUnit testing framework.
 - Fail tests when KASAN reports an error that is not expected
 - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
 - KUnit struct added to current task to keep track of the current test
from KASAN code
 - Booleans representing if a KASAN report is expected and if a KASAN
 report is found added to kunit struct
 - This prints "line# has passed" or "line# has failed"

Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
---
If anyone has any suggestions on how best to print the failure
messages, please share!

One issue I have found while testing this is the allocation fails in
kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
does cause the test to fail on the KUnit side, as expected, but it
seems to skip all the tests before this one because the output starts
with this failure instead of with the first test, kmalloc_oob_right().

 include/kunit/test.h                | 24 ++++++++++++++++++++++++
 include/linux/sched.h               |  7 ++++++-
 lib/kunit/test.c                    |  7 ++++++-
 mm/kasan/report.c                   | 19 +++++++++++++++++++
 tools/testing/kunit/kunit_kernel.py |  2 +-
 5 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/include/kunit/test.h b/include/kunit/test.h
index 2dfb550c6723..2e388f8937f3 100644
--- a/include/kunit/test.h
+++ b/include/kunit/test.h
@@ -21,6 +21,8 @@ struct kunit_resource;
 typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
 typedef void (*kunit_resource_free_t)(struct kunit_resource *);
 
+void kunit_set_failure(struct kunit *test);
+
 /**
  * struct kunit_resource - represents a *test managed resource*
  * @allocation: for the user to store arbitrary data.
@@ -191,6 +193,9 @@ struct kunit {
 	 * protect it with some type of lock.
 	 */
 	struct list_head resources; /* Protected by lock. */
+
+	bool kasan_report_expected;
+	bool kasan_report_found;
 };
 
 void kunit_init_test(struct kunit *test, const char *name);
@@ -941,6 +946,25 @@ do {									       \
 						ptr,			       \
 						NULL)
 
+/**
+ * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
+ * not cause a KASAN error.
+ *
+ */
+#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {	\
+	test->kasan_report_expected = true;	\
+	test->kasan_report_found = false; \
+	condition; \
+	if (test->kasan_report_found == test->kasan_report_expected) { \
+		pr_info("%d has passed", __LINE__); \
+	} else { \
+		kunit_set_failure(test); \
+		pr_info("%d has failed", __LINE__); \
+	} \
+	test->kasan_report_expected = false;	\
+	test->kasan_report_found = false;	\
+} while (0)
+
 /**
  * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
  * @test: The test context object.
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 04278493bf15..db23d56061e7 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -32,6 +32,8 @@
 #include <linux/posix-timers.h>
 #include <linux/rseq.h>
 
+#include <kunit/test.h>
+
 /* task_struct member predeclarations (sorted alphabetically): */
 struct audit_context;
 struct backing_dev_info;
@@ -1178,7 +1180,10 @@ struct task_struct {
 
 #ifdef CONFIG_KASAN
 	unsigned int			kasan_depth;
-#endif
+#ifdef CONFIG_KUNIT
+	struct kunit *kasan_kunit_test;
+#endif /* CONFIG_KUNIT */
+#endif /* CONFIG_KASAN */
 
 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
 	/* Index of current stored address in ret_stack: */
diff --git a/lib/kunit/test.c b/lib/kunit/test.c
index 9242f932896c..d266b9495c67 100644
--- a/lib/kunit/test.c
+++ b/lib/kunit/test.c
@@ -9,11 +9,12 @@
 #include <kunit/test.h>
 #include <linux/kernel.h>
 #include <linux/sched/debug.h>
+#include <linux/sched.h>
 
 #include "string-stream.h"
 #include "try-catch-impl.h"
 
-static void kunit_set_failure(struct kunit *test)
+void kunit_set_failure(struct kunit *test)
 {
 	WRITE_ONCE(test->success, false);
 }
@@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
 	struct kunit_suite *suite = ctx->suite;
 	struct kunit_case *test_case = ctx->test_case;
 
+#ifdef CONFIG_KASAN
+	current->kasan_kunit_test = test;
+#endif
+
 	/*
 	 * kunit_run_case_internal may encounter a fatal error; if it does,
 	 * abort will be called, this thread will exit, and finally the parent
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 5ef9f24f566b..5554d23799a5 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -32,6 +32,8 @@
 
 #include <asm/sections.h>
 
+#include <kunit/test.h>
+
 #include "kasan.h"
 #include "../slab.h"
 
@@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
 	u8 tag = get_tag(object);
 
 	object = reset_tag(object);
+
+	if (current->kasan_kunit_test) {
+		if (current->kasan_kunit_test->kasan_report_expected) {
+			current->kasan_kunit_test->kasan_report_found = true;
+			return;
+		}
+		kunit_set_failure(current->kasan_kunit_test);
+	}
+
 	start_report(&flags);
 	pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
 	print_tags(tag, object);
@@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
 	if (likely(!report_enabled()))
 		return;
 
+	if (current->kasan_kunit_test) {
+		if (current->kasan_kunit_test->kasan_report_expected) {
+			current->kasan_kunit_test->kasan_report_found = true;
+			return;
+		}
+		kunit_set_failure(current->kasan_kunit_test);
+	}
+
 	disable_trace_on_warning();
 
 	tagged_addr = (void *)addr;
diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
index cc5d844ecca1..63eab18a8c34 100644
--- a/tools/testing/kunit/kunit_kernel.py
+++ b/tools/testing/kunit/kunit_kernel.py
@@ -141,7 +141,7 @@ class LinuxSourceTree(object):
 		return True
 
 	def run_kernel(self, args=[], timeout=None, build_dir=''):
-		args.extend(['mem=256M'])
+		args.extend(['mem=256M', 'kasan_multi_shot'])
 		process = self._ops.linux_bin(args, timeout, build_dir)
 		with open(os.path.join(build_dir, 'test.log'), 'w') as f:
 			for line in process.stdout:
-- 
2.25.0.265.gbab2e86ba0-goog


^ permalink raw reply related	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-02-27  2:43 [RFC PATCH 1/2] Port KASAN Tests to KUnit Patricia Alfonso
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
@ 2020-02-27 13:56 ` Andrey Konovalov
  2020-02-27 15:16   ` Alan Maguire
  2020-02-27 14:19 ` Dmitry Vyukov
  2 siblings, 1 reply; 33+ messages in thread
From: Andrey Konovalov @ 2020-02-27 13:56 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Dmitry Vyukov, Brendan Higgins, davidgow,
	Ingo Molnar, Peter Zijlstra, juri.lelli, vincent.guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
<kasan-dev@googlegroups.com> wrote:
>
> Transfer all previous tests for KASAN to KUnit so they can be run
> more easily. With proper KASAN integration into KUnit, developers can
> run these tests with their other KUnit tests and see "pass" or "fail"
> with the appropriate KASAN report instead of needing to parse each KASAN
> report to test KASAN functionalities.
>
> Stack tests do not work in UML so those tests are protected inside an
> "#if (CONFIG_KASAN_STACK == 1)" so this only runs if stack
> instrumentation is enabled.
>
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> ---
> The KUnit version of these tests could be in addition to the existing
> tests if that is preferred.

Will it be possible to run KASAN tests with KUnit on arbitrary
hardware/vm with arbitrary architecture (like it is possible now by
loading test_kasan.ko)?

>
>  lib/Kconfig.kasan |   2 +-
>  lib/test_kasan.c  | 352 +++++++++++++++++++++-------------------------
>  2 files changed, 161 insertions(+), 193 deletions(-)
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 5b54f3c9a741..f8cc9ed60677 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -160,7 +160,7 @@ config KASAN_VMALLOC
>
>  config TEST_KASAN
>         tristate "Module for testing KASAN for bug detection"
> -       depends on m && KASAN
> +       depends on KASAN && KUNIT
>         help
>           This is a test module doing various nasty things like
>           out of bounds accesses, use after free. It is useful for testing
> diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> index 3872d250ed2c..988650387a2a 100644
> --- a/lib/test_kasan.c
> +++ b/lib/test_kasan.c
> @@ -23,17 +23,18 @@
>
>  #include <asm/page.h>
>
> +#include <kunit/test.h>
> +
>  /*
>   * Note: test functions are marked noinline so that their names appear in
>   * reports.
>   */
>
> -static noinline void __init kmalloc_oob_right(void)
> +static noinline void kmalloc_oob_right(void)
>  {
>         char *ptr;
>         size_t size = 123;
>
> -       pr_info("out-of-bounds to right\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -44,12 +45,11 @@ static noinline void __init kmalloc_oob_right(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_left(void)
> +static noinline void kmalloc_oob_left(void)
>  {
>         char *ptr;
>         size_t size = 15;
>
> -       pr_info("out-of-bounds to left\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -60,12 +60,11 @@ static noinline void __init kmalloc_oob_left(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_node_oob_right(void)
> +static noinline void kmalloc_node_oob_right(void)
>  {
>         char *ptr;
>         size_t size = 4096;
>
> -       pr_info("kmalloc_node(): out-of-bounds to right\n");
>         ptr = kmalloc_node(size, GFP_KERNEL, 0);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -77,7 +76,7 @@ static noinline void __init kmalloc_node_oob_right(void)
>  }
>
>  #ifdef CONFIG_SLUB
> -static noinline void __init kmalloc_pagealloc_oob_right(void)
> +static noinline void kmalloc_pagealloc_oob_right(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> @@ -85,7 +84,6 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
>         /* Allocate a chunk that does not fit into a SLUB cache to trigger
>          * the page allocator fallback.
>          */
> -       pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -96,12 +94,11 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_pagealloc_uaf(void)
> +static noinline void kmalloc_pagealloc_uaf(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
>
> -       pr_info("kmalloc pagealloc allocation: use-after-free\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -112,12 +109,11 @@ static noinline void __init kmalloc_pagealloc_uaf(void)
>         ptr[0] = 0;
>  }
>
> -static noinline void __init kmalloc_pagealloc_invalid_free(void)
> +static noinline void kmalloc_pagealloc_invalid_free(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
>
> -       pr_info("kmalloc pagealloc allocation: invalid-free\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -128,14 +124,13 @@ static noinline void __init kmalloc_pagealloc_invalid_free(void)
>  }
>  #endif
>
> -static noinline void __init kmalloc_large_oob_right(void)
> +static noinline void kmalloc_large_oob_right(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
>         /* Allocate a chunk that is large enough, but still fits into a slab
>          * and does not trigger the page allocator fallback in SLUB.
>          */
> -       pr_info("kmalloc large allocation: out-of-bounds to right\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -146,13 +141,12 @@ static noinline void __init kmalloc_large_oob_right(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_krealloc_more(void)
> +static noinline void kmalloc_oob_krealloc_more(void)
>  {
>         char *ptr1, *ptr2;
>         size_t size1 = 17;
>         size_t size2 = 19;
>
> -       pr_info("out-of-bounds after krealloc more\n");
>         ptr1 = kmalloc(size1, GFP_KERNEL);
>         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
>         if (!ptr1 || !ptr2) {
> @@ -166,13 +160,12 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kmalloc_oob_krealloc_less(void)
> +static noinline void kmalloc_oob_krealloc_less(void)
>  {
>         char *ptr1, *ptr2;
>         size_t size1 = 17;
>         size_t size2 = 15;
>
> -       pr_info("out-of-bounds after krealloc less\n");
>         ptr1 = kmalloc(size1, GFP_KERNEL);
>         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
>         if (!ptr1 || !ptr2) {
> @@ -184,13 +177,12 @@ static noinline void __init kmalloc_oob_krealloc_less(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kmalloc_oob_16(void)
> +static noinline void kmalloc_oob_16(void)
>  {
>         struct {
>                 u64 words[2];
>         } *ptr1, *ptr2;
>
> -       pr_info("kmalloc out-of-bounds for 16-bytes access\n");
>         ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
>         ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
>         if (!ptr1 || !ptr2) {
> @@ -204,12 +196,11 @@ static noinline void __init kmalloc_oob_16(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kmalloc_oob_memset_2(void)
> +static noinline void kmalloc_oob_memset_2(void)
>  {
>         char *ptr;
>         size_t size = 8;
>
> -       pr_info("out-of-bounds in memset2\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -220,12 +211,11 @@ static noinline void __init kmalloc_oob_memset_2(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_memset_4(void)
> +static noinline void kmalloc_oob_memset_4(void)
>  {
>         char *ptr;
>         size_t size = 8;
>
> -       pr_info("out-of-bounds in memset4\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -237,12 +227,11 @@ static noinline void __init kmalloc_oob_memset_4(void)
>  }
>
>
> -static noinline void __init kmalloc_oob_memset_8(void)
> +static noinline void kmalloc_oob_memset_8(void)
>  {
>         char *ptr;
>         size_t size = 8;
>
> -       pr_info("out-of-bounds in memset8\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -253,12 +242,11 @@ static noinline void __init kmalloc_oob_memset_8(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_memset_16(void)
> +static noinline void kmalloc_oob_memset_16(void)
>  {
>         char *ptr;
>         size_t size = 16;
>
> -       pr_info("out-of-bounds in memset16\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -269,12 +257,11 @@ static noinline void __init kmalloc_oob_memset_16(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_in_memset(void)
> +static noinline void kmalloc_oob_in_memset(void)
>  {
>         char *ptr;
>         size_t size = 666;
>
> -       pr_info("out-of-bounds in memset\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -285,12 +272,11 @@ static noinline void __init kmalloc_oob_in_memset(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_uaf(void)
> +static noinline void kmalloc_uaf(void)
>  {
>         char *ptr;
>         size_t size = 10;
>
> -       pr_info("use-after-free\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -301,12 +287,11 @@ static noinline void __init kmalloc_uaf(void)
>         *(ptr + 8) = 'x';
>  }
>
> -static noinline void __init kmalloc_uaf_memset(void)
> +static noinline void kmalloc_uaf_memset(void)
>  {
>         char *ptr;
>         size_t size = 33;
>
> -       pr_info("use-after-free in memset\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -317,12 +302,11 @@ static noinline void __init kmalloc_uaf_memset(void)
>         memset(ptr, 0, size);
>  }
>
> -static noinline void __init kmalloc_uaf2(void)
> +static noinline void kmalloc_uaf2(void)
>  {
>         char *ptr1, *ptr2;
>         size_t size = 43;
>
> -       pr_info("use-after-free after another kmalloc\n");
>         ptr1 = kmalloc(size, GFP_KERNEL);
>         if (!ptr1) {
>                 pr_err("Allocation failed\n");
> @@ -342,14 +326,13 @@ static noinline void __init kmalloc_uaf2(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kfree_via_page(void)
> +static noinline void kfree_via_page(void)
>  {
>         char *ptr;
>         size_t size = 8;
>         struct page *page;
>         unsigned long offset;
>
> -       pr_info("invalid-free false positive (via page)\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -361,13 +344,12 @@ static noinline void __init kfree_via_page(void)
>         kfree(page_address(page) + offset);
>  }
>
> -static noinline void __init kfree_via_phys(void)
> +static noinline void kfree_via_phys(void)
>  {
>         char *ptr;
>         size_t size = 8;
>         phys_addr_t phys;
>
> -       pr_info("invalid-free false positive (via phys)\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -378,7 +360,7 @@ static noinline void __init kfree_via_phys(void)
>         kfree(phys_to_virt(phys));
>  }
>
> -static noinline void __init kmem_cache_oob(void)
> +static noinline void kmem_cache_oob(void)
>  {
>         char *p;
>         size_t size = 200;
> @@ -389,7 +371,6 @@ static noinline void __init kmem_cache_oob(void)
>                 pr_err("Cache allocation failed\n");
>                 return;
>         }
> -       pr_info("out-of-bounds in kmem_cache_alloc\n");
>         p = kmem_cache_alloc(cache, GFP_KERNEL);
>         if (!p) {
>                 pr_err("Allocation failed\n");
> @@ -402,7 +383,7 @@ static noinline void __init kmem_cache_oob(void)
>         kmem_cache_destroy(cache);
>  }
>
> -static noinline void __init memcg_accounted_kmem_cache(void)
> +static noinline void memcg_accounted_kmem_cache(void)
>  {
>         int i;
>         char *p;
> @@ -415,7 +396,6 @@ static noinline void __init memcg_accounted_kmem_cache(void)
>                 return;
>         }
>
> -       pr_info("allocate memcg accounted object\n");
>         /*
>          * Several allocations with a delay to allow for lazy per memcg kmem
>          * cache creation.
> @@ -435,31 +415,19 @@ static noinline void __init memcg_accounted_kmem_cache(void)
>
>  static char global_array[10];
>
> -static noinline void __init kasan_global_oob(void)
> +static noinline void kasan_global_oob(void)
>  {
>         volatile int i = 3;
>         char *p = &global_array[ARRAY_SIZE(global_array) + i];
>
> -       pr_info("out-of-bounds global variable\n");
> -       *(volatile char *)p;
> -}
> -
> -static noinline void __init kasan_stack_oob(void)
> -{
> -       char stack_array[10];
> -       volatile int i = 0;
> -       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
> -
> -       pr_info("out-of-bounds on stack\n");
>         *(volatile char *)p;
>  }
>
> -static noinline void __init ksize_unpoisons_memory(void)
> +static noinline void ksize_unpoisons_memory(void)
>  {
>         char *ptr;
>         size_t size = 123, real_size;
>
> -       pr_info("ksize() unpoisons the whole allocated chunk\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -473,72 +441,36 @@ static noinline void __init ksize_unpoisons_memory(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init copy_user_test(void)
> +#if (CONFIG_KASAN_STACK == 1)
> +static noinline void kasan_stack_oob(void)
>  {
> -       char *kmem;
> -       char __user *usermem;
> -       size_t size = 10;
> -       int unused;
> -
> -       kmem = kmalloc(size, GFP_KERNEL);
> -       if (!kmem)
> -               return;
> -
> -       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> -                           PROT_READ | PROT_WRITE | PROT_EXEC,
> -                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> -       if (IS_ERR(usermem)) {
> -               pr_err("Failed to allocate user memory\n");
> -               kfree(kmem);
> -               return;
> -       }
> -
> -       pr_info("out-of-bounds in copy_from_user()\n");
> -       unused = copy_from_user(kmem, usermem, size + 1);
> -
> -       pr_info("out-of-bounds in copy_to_user()\n");
> -       unused = copy_to_user(usermem, kmem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_from_user()\n");
> -       unused = __copy_from_user(kmem, usermem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_to_user()\n");
> -       unused = __copy_to_user(usermem, kmem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> -       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> -       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> -
> -       pr_info("out-of-bounds in strncpy_from_user()\n");
> -       unused = strncpy_from_user(kmem, usermem, size + 1);
> +       char stack_array[10];
> +       volatile int i = 0;
> +       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
>
> -       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> -       kfree(kmem);
> +       *(volatile char *)p;
>  }
>
> -static noinline void __init kasan_alloca_oob_left(void)
> +static noinline void kasan_alloca_oob_left(void)
>  {
>         volatile int i = 10;
>         char alloca_array[i];
>         char *p = alloca_array - 1;
>
> -       pr_info("out-of-bounds to left on alloca\n");
>         *(volatile char *)p;
>  }
>
> -static noinline void __init kasan_alloca_oob_right(void)
> +static noinline void kasan_alloca_oob_right(void)
>  {
>         volatile int i = 10;
>         char alloca_array[i];
>         char *p = alloca_array + i;
>
> -       pr_info("out-of-bounds to right on alloca\n");
>         *(volatile char *)p;
>  }
> +#endif /* CONFIG_KASAN_STACK */
>
> -static noinline void __init kmem_cache_double_free(void)
> +static noinline void kmem_cache_double_free(void)
>  {
>         char *p;
>         size_t size = 200;
> @@ -549,7 +481,6 @@ static noinline void __init kmem_cache_double_free(void)
>                 pr_err("Cache allocation failed\n");
>                 return;
>         }
> -       pr_info("double-free on heap object\n");
>         p = kmem_cache_alloc(cache, GFP_KERNEL);
>         if (!p) {
>                 pr_err("Allocation failed\n");
> @@ -562,7 +493,7 @@ static noinline void __init kmem_cache_double_free(void)
>         kmem_cache_destroy(cache);
>  }
>
> -static noinline void __init kmem_cache_invalid_free(void)
> +static noinline void kmem_cache_invalid_free(void)
>  {
>         char *p;
>         size_t size = 200;
> @@ -574,7 +505,6 @@ static noinline void __init kmem_cache_invalid_free(void)
>                 pr_err("Cache allocation failed\n");
>                 return;
>         }
> -       pr_info("invalid-free of heap object\n");
>         p = kmem_cache_alloc(cache, GFP_KERNEL);
>         if (!p) {
>                 pr_err("Allocation failed\n");
> @@ -594,12 +524,11 @@ static noinline void __init kmem_cache_invalid_free(void)
>         kmem_cache_destroy(cache);
>  }
>
> -static noinline void __init kasan_memchr(void)
> +static noinline void kasan_memchr(void)
>  {
>         char *ptr;
>         size_t size = 24;
>
> -       pr_info("out-of-bounds in memchr\n");
>         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
>         if (!ptr)
>                 return;
> @@ -608,13 +537,12 @@ static noinline void __init kasan_memchr(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kasan_memcmp(void)
> +static noinline void kasan_memcmp(void)
>  {
>         char *ptr;
>         size_t size = 24;
>         int arr[9];
>
> -       pr_info("out-of-bounds in memcmp\n");
>         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
>         if (!ptr)
>                 return;
> @@ -624,12 +552,11 @@ static noinline void __init kasan_memcmp(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kasan_strings(void)
> +static noinline void kasan_strings(void)
>  {
>         char *ptr;
>         size_t size = 24;
>
> -       pr_info("use-after-free in strchr\n");
>         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
>         if (!ptr)
>                 return;
> @@ -645,23 +572,18 @@ static noinline void __init kasan_strings(void)
>         ptr += 16;
>         strchr(ptr, '1');
>
> -       pr_info("use-after-free in strrchr\n");
>         strrchr(ptr, '1');
>
> -       pr_info("use-after-free in strcmp\n");
>         strcmp(ptr, "2");
>
> -       pr_info("use-after-free in strncmp\n");
>         strncmp(ptr, "2", 1);
>
> -       pr_info("use-after-free in strlen\n");
>         strlen(ptr);
>
> -       pr_info("use-after-free in strnlen\n");
>         strnlen(ptr, 1);
>  }
>
> -static noinline void __init kasan_bitops(void)
> +static noinline void kasan_bitops(void)
>  {
>         /*
>          * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
> @@ -676,70 +598,52 @@ static noinline void __init kasan_bitops(void)
>          * below accesses are still out-of-bounds, since bitops are defined to
>          * operate on the whole long the bit is in.
>          */
> -       pr_info("out-of-bounds in set_bit\n");
>         set_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __set_bit\n");
>         __set_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in clear_bit\n");
>         clear_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __clear_bit\n");
>         __clear_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in clear_bit_unlock\n");
>         clear_bit_unlock(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __clear_bit_unlock\n");
>         __clear_bit_unlock(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in change_bit\n");
>         change_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __change_bit\n");
>         __change_bit(BITS_PER_LONG, bits);
>
>         /*
>          * Below calls try to access bit beyond allocated memory.
>          */
> -       pr_info("out-of-bounds in test_and_set_bit\n");
>         test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in __test_and_set_bit\n");
>         __test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_and_set_bit_lock\n");
>         test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_and_clear_bit\n");
>         test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in __test_and_clear_bit\n");
>         __test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_and_change_bit\n");
>         test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in __test_and_change_bit\n");
>         __test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_bit\n");
>         (void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
>  #if defined(clear_bit_unlock_is_negative_byte)
> -       pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
>         clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
>  #endif
>         kfree(bits);
>  }
>
> -static noinline void __init kmalloc_double_kzfree(void)
> +static noinline void kmalloc_double_kzfree(void)
>  {
>         char *ptr;
>         size_t size = 16;
>
> -       pr_info("double-free (kzfree)\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -750,29 +654,130 @@ static noinline void __init kmalloc_double_kzfree(void)
>         kzfree(ptr);
>  }
>
> -#ifdef CONFIG_KASAN_VMALLOC
> -static noinline void __init vmalloc_oob(void)
> +static void kunit_test_oob(struct kunit *test)
> +{
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_left());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_node_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_large_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_more());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_less());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_16());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_in_memset());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_2());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_4());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_8());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_16());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_oob());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_global_oob());
> +       KUNIT_EXPECT_KASAN_FAIL(test, ksize_unpoisons_memory());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memchr());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memcmp());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_strings());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_bitops());
> +#ifdef CONFIG_SLUB
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_oob_right());
> +#endif /* CONFIG_SLUB */
> +
> +#if (CONFIG_KASAN_STACK == 1)
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_stack_oob());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_left());
> +#endif /*CONFIG_KASAN_STACK*/
> +}
> +
> +static void kunit_test_uaf(struct kunit *test)
> +{
> +#ifdef CONFIG_SLUB
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_uaf());
> +#endif
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf_memset());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf2());
> +}
> +
> +static void kunit_test_invalid_free(struct kunit *test)
>  {
> -       void *area;
> +#ifdef CONFIG_SLUB
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_invalid_free());
> +#endif
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_invalid_free());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_double_free());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_double_kzfree());
> +}
>
> -       pr_info("vmalloc out-of-bounds\n");
> +static void kunit_test_false_positives(struct kunit *test)
> +{
> +       kfree_via_page();
> +       kfree_via_phys();
> +}
>
> -       /*
> -        * We have to be careful not to hit the guard page.
> -        * The MMU will catch that and crash us.
> -        */
> -       area = vmalloc(3000);
> -       if (!area) {
> -               pr_err("Allocation failed\n");
> +static void kunit_test_memcg(struct kunit *test)
> +{
> +       memcg_accounted_kmem_cache();
> +}
> +
> +static struct kunit_case kasan_kunit_test_cases[] = {
> +       KUNIT_CASE(kunit_test_oob),
> +       KUNIT_CASE(kunit_test_uaf),
> +       KUNIT_CASE(kunit_test_invalid_free),
> +       KUNIT_CASE(kunit_test_false_positives),
> +       KUNIT_CASE(kunit_test_memcg),
> +       {}
> +};
> +
> +static struct kunit_suite kasan_kunit_test_suite = {
> +       .name = "kasan_kunit_test",
> +       .test_cases = kasan_kunit_test_cases,
> +};
> +
> +kunit_test_suite(kasan_kunit_test_suite);
> +
> +#if IS_MODULE(CONFIG_TEST_KASAN)
> +static noinline void __init copy_user_test(void)
> +{
> +       char *kmem;
> +       char __user *usermem;
> +       size_t size = 10;
> +       int unused;
> +
> +       kmem = kmalloc(size, GFP_KERNEL);
> +       if (!kmem)
> +               return;
> +
> +       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> +                           PROT_READ | PROT_WRITE | PROT_EXEC,
> +                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> +       if (IS_ERR(usermem)) {
> +               pr_err("Failed to allocate user memory\n");
> +               kfree(kmem);
>                 return;
>         }
>
> -       ((volatile char *)area)[3100];
> -       vfree(area);
> +       pr_info("out-of-bounds in copy_from_user()\n");
> +       unused = copy_from_user(kmem, usermem, size + 1);
> +
> +       pr_info("out-of-bounds in copy_to_user()\n");
> +       unused = copy_to_user(usermem, kmem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_from_user()\n");
> +       unused = __copy_from_user(kmem, usermem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_to_user()\n");
> +       unused = __copy_to_user(usermem, kmem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> +       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> +       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> +
> +       pr_info("out-of-bounds in strncpy_from_user()\n");
> +       unused = strncpy_from_user(kmem, usermem, size + 1);
> +
> +       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> +       kfree(kmem);
>  }
> -#else
> -static void __init vmalloc_oob(void) {}
> -#endif
>
>  static int __init kmalloc_tests_init(void)
>  {
> @@ -782,44 +787,7 @@ static int __init kmalloc_tests_init(void)
>          */
>         bool multishot = kasan_save_enable_multi_shot();
>
> -       kmalloc_oob_right();
> -       kmalloc_oob_left();
> -       kmalloc_node_oob_right();
> -#ifdef CONFIG_SLUB
> -       kmalloc_pagealloc_oob_right();
> -       kmalloc_pagealloc_uaf();
> -       kmalloc_pagealloc_invalid_free();
> -#endif
> -       kmalloc_large_oob_right();
> -       kmalloc_oob_krealloc_more();
> -       kmalloc_oob_krealloc_less();
> -       kmalloc_oob_16();
> -       kmalloc_oob_in_memset();
> -       kmalloc_oob_memset_2();
> -       kmalloc_oob_memset_4();
> -       kmalloc_oob_memset_8();
> -       kmalloc_oob_memset_16();
> -       kmalloc_uaf();
> -       kmalloc_uaf_memset();
> -       kmalloc_uaf2();
> -       kfree_via_page();
> -       kfree_via_phys();
> -       kmem_cache_oob();
> -       memcg_accounted_kmem_cache();
> -       kasan_stack_oob();
> -       kasan_global_oob();
> -       kasan_alloca_oob_left();
> -       kasan_alloca_oob_right();
> -       ksize_unpoisons_memory();
>         copy_user_test();
> -       kmem_cache_double_free();
> -       kmem_cache_invalid_free();
> -       kasan_memchr();
> -       kasan_memcmp();
> -       kasan_strings();
> -       kasan_bitops();
> -       kmalloc_double_kzfree();
> -       vmalloc_oob();
>
>         kasan_restore_multi_shot(multishot);
>
> @@ -827,4 +795,4 @@ static int __init kmalloc_tests_init(void)
>  }
>
>  module_init(kmalloc_tests_init);
> -MODULE_LICENSE("GPL");
> +#endif /* IS_MODULE(CONFIG_TEST_KASAN) */
> --
> 2.25.0.265.gbab2e86ba0-goog
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200227024301.217042-1-trishalfonso%40google.com.

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
@ 2020-02-27 14:04   ` Alan Maguire
  2020-02-29  0:46     ` Patricia Alfonso
  2020-03-10 21:39     ` Brendan Higgins
  2020-02-27 14:39   ` Dmitry Vyukov
                     ` (3 subsequent siblings)
  4 siblings, 2 replies; 33+ messages in thread
From: Alan Maguire @ 2020-02-27 14:04 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: aryabinin, dvyukov, brendanhiggins, davidgow, mingo, peterz,
	juri.lelli, vincent.guittot, linux-kernel, kasan-dev,
	linux-kselftest, kunit-dev

On Wed, 26 Feb 2020, Patricia Alfonso wrote:

> Integrate KASAN into KUnit testing framework.

This is a great idea! Some comments/suggestions below...

>  - Fail tests when KASAN reports an error that is not expected
>  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
>  - KUnit struct added to current task to keep track of the current test
> from KASAN code
>  - Booleans representing if a KASAN report is expected and if a KASAN
>  report is found added to kunit struct
>  - This prints "line# has passed" or "line# has failed"
> 
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> ---
> If anyone has any suggestions on how best to print the failure
> messages, please share!
> 
> One issue I have found while testing this is the allocation fails in
> kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> does cause the test to fail on the KUnit side, as expected, but it
> seems to skip all the tests before this one because the output starts
> with this failure instead of with the first test, kmalloc_oob_right().
> 
>  include/kunit/test.h                | 24 ++++++++++++++++++++++++
>  include/linux/sched.h               |  7 ++++++-
>  lib/kunit/test.c                    |  7 ++++++-
>  mm/kasan/report.c                   | 19 +++++++++++++++++++
>  tools/testing/kunit/kunit_kernel.py |  2 +-
>  5 files changed, 56 insertions(+), 3 deletions(-)
> 
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index 2dfb550c6723..2e388f8937f3 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -21,6 +21,8 @@ struct kunit_resource;
>  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
>  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
>  
> +void kunit_set_failure(struct kunit *test);
> +
>  /**
>   * struct kunit_resource - represents a *test managed resource*
>   * @allocation: for the user to store arbitrary data.
> @@ -191,6 +193,9 @@ struct kunit {
>  	 * protect it with some type of lock.
>  	 */
>  	struct list_head resources; /* Protected by lock. */
> +
> +	bool kasan_report_expected;
> +	bool kasan_report_found;
>  };
>  

Is this needed here? You're testing something pretty
specific so it seems wrong to add to the generic
kunit resource unless there's a good reason. I see the
code around setting these values in mm/kasan/report.c,
but I wonder if we could do something more generic.

How about the concept of a static resource (assuming a
dynamically allocated one is out because it messes
with memory allocation tests)? Something like this:

#define kunit_add_static_resource(test, resource_ptr, resource_field)	\
	do {								\
		spin_lock(&test->lock);					\
		(resource_ptr)->resource_field.init = NULL;		\
		(resource_ptr)->resource_field.free = NULL;		\
		list_add_tail(&(resource_ptr)->resource_field,		\
 			      &test->resources);			\
		spin_unlock(&test->lock);				\
	} while (0)	      

	  
Within your kasan code you could then create a kasan-specific
structure that embends a kunit_resource, and contains the
values you need:

struct kasan_report_resource {
	struct kunit_resource res;
	bool kasan_report_expected;
	bool kasan_report_found;
};

(One thing we'd need to do for such static resources is fix
kunit_resource_free() to check if there's a free() function,
and if not assume a static resource)

If you then create an init() function associated with your
kunit suite (which will be run for every case) it can do this:

int kunit_kasan_test_init(struct kunit *test)
{
	kunit_add_static_resource(test, &my_kasan_report_resource, res);
	...
}

The above should also be used to initialize current->kasan_unit_test
instead of doing that in kunit_try_run_case().  With those
changes, you don't (I think) need to change anything in core
kunit (assuming support for static resources).

To retrieve the resource during tests or in kasan context, the
method seems to be to use kunit_resource_find(). However, that
requires a match function which seems a bit heavyweight for the
static case.  We should probably have a default "find by name"
or similar function here, and add an optional "name" field
to kunit resources to simplify things.  Anyway here you'd
use something like:

	kasan_report_resource = kunit_resource_find(test, matchfn, 
						    NULL, matchdata); 


Are there any barriers to taking this sort of approach (apart
from the support for static resources not being there yet)?

>  void kunit_init_test(struct kunit *test, const char *name);
> @@ -941,6 +946,25 @@ do {									       \
>  						ptr,			       \
>  						NULL)
>  
> +/**
> + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> + * not cause a KASAN error.
> + *
> + */
> +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {	\
> +	test->kasan_report_expected = true;	\
> +	test->kasan_report_found = false; \
> +	condition; \
> +	if (test->kasan_report_found == test->kasan_report_expected) { \
> +		pr_info("%d has passed", __LINE__); \
> +	} else { \
> +		kunit_set_failure(test); \
> +		pr_info("%d has failed", __LINE__); \
> +	} \
> +	test->kasan_report_expected = false;	\
> +	test->kasan_report_found = false;	\
> +} while (0)
> +

Feels like this belongs in test_kasan.c, and could be reworked
to avoid adding test->kasan_report_[expected|found] as described
above.  Instead of having your own pass/fail logic couldn't you
do this:

	KUNIT_EXPECT_EQ(test, expected, found);

? That will set the failure state too so no need to export
a separate function for that, and no need to log anything
as KUNIT_EXPECT_EQ() should do that for you.

>  /**
>   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
>   * @test: The test context object.
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 04278493bf15..db23d56061e7 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -32,6 +32,8 @@
>  #include <linux/posix-timers.h>
>  #include <linux/rseq.h>
>  
> +#include <kunit/test.h>
> +

This feels like the wrong place to add this #include, and
when I attempted to build to test I ran into a bunch of
compilation errors; for example:

 CC      kernel/sched/core.o
In file included from ./include/linux/uaccess.h:11,
                 from ./arch/x86/include/asm/fpu/xstate.h:5,
                 from ./arch/x86/include/asm/pgtable.h:26,
                 from ./include/linux/kasan.h:16,
                 from ./include/linux/slab.h:136,
                 from ./include/kunit/test.h:16,
                 from ./include/linux/sched.h:35,
                 from init/do_mounts.c:3:
./arch/x86/include/asm/uaccess.h: In function 'set_fs':
./arch/x86/include/asm/uaccess.h:32:9: error: dereferencing pointer to 
incomplete type 'struct task_struct'
  current->thread.addr_limit = fs;

(I'm testing with CONFIG_SLUB). Removing this #include
resolves these errors, but then causes problems for
lib/test_kasan.c. I'll dig around a bit more.

>  /* task_struct member predeclarations (sorted alphabetically): */
>  struct audit_context;
>  struct backing_dev_info;
> @@ -1178,7 +1180,10 @@ struct task_struct {
>  
>  #ifdef CONFIG_KASAN
>  	unsigned int			kasan_depth;
> -#endif
> +#ifdef CONFIG_KUNIT
> +	struct kunit *kasan_kunit_test;
> +#endif /* CONFIG_KUNIT */
> +#endif /* CONFIG_KASAN */
>  
>  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
>  	/* Index of current stored address in ret_stack: */
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index 9242f932896c..d266b9495c67 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -9,11 +9,12 @@
>  #include <kunit/test.h>
>  #include <linux/kernel.h>
>  #include <linux/sched/debug.h>
> +#include <linux/sched.h>
>  
>  #include "string-stream.h"
>  #include "try-catch-impl.h"
>  
> -static void kunit_set_failure(struct kunit *test)
> +void kunit_set_failure(struct kunit *test)
>  {
>  	WRITE_ONCE(test->success, false);
>  }
> @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
>  	struct kunit_suite *suite = ctx->suite;
>  	struct kunit_case *test_case = ctx->test_case;
>  
> +#ifdef CONFIG_KASAN
> +	current->kasan_kunit_test = test;
> +#endif
> +
>  	/*
>  	 * kunit_run_case_internal may encounter a fatal error; if it does,
>  	 * abort will be called, this thread will exit, and finally the parent
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 5ef9f24f566b..5554d23799a5 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -32,6 +32,8 @@
>  
>  #include <asm/sections.h>
>  
> +#include <kunit/test.h>
> +
>  #include "kasan.h"
>  #include "../slab.h"
>  
> @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
>  	u8 tag = get_tag(object);
>  
>  	object = reset_tag(object);
> +
> +	if (current->kasan_kunit_test) {
> +		if (current->kasan_kunit_test->kasan_report_expected) {
> +			current->kasan_kunit_test->kasan_report_found = true;
> +			return;
> +		}
> +		kunit_set_failure(current->kasan_kunit_test);
> +	}
> +
>  	start_report(&flags);
>  	pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
>  	print_tags(tag, object);
> @@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
>  	if (likely(!report_enabled()))
>  		return;
>  
> +	if (current->kasan_kunit_test) {
> +		if (current->kasan_kunit_test->kasan_report_expected) {
> +			current->kasan_kunit_test->kasan_report_found = true;
> +			return;
> +		}
> +		kunit_set_failure(current->kasan_kunit_test);
> +	}
> +
>  	disable_trace_on_warning();
>  
>  	tagged_addr = (void *)addr;
> diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
> index cc5d844ecca1..63eab18a8c34 100644
> --- a/tools/testing/kunit/kunit_kernel.py
> +++ b/tools/testing/kunit/kunit_kernel.py
> @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
>  		return True
>  
>  	def run_kernel(self, args=[], timeout=None, build_dir=''):
> -		args.extend(['mem=256M'])
> +		args.extend(['mem=256M', 'kasan_multi_shot'])
>  		process = self._ops.linux_bin(args, timeout, build_dir)
>  		with open(os.path.join(build_dir, 'test.log'), 'w') as f:
>  			for line in process.stdout:

I tried applying this to the "kunit" branch of linux-kselftest, and
the above failed. Which branch are you building with? Probably
best to use the kunit branch I think. Thanks!

Alan

> -- 
> 2.25.0.265.gbab2e86ba0-goog
> 
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-02-27  2:43 [RFC PATCH 1/2] Port KASAN Tests to KUnit Patricia Alfonso
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
  2020-02-27 13:56 ` [RFC PATCH 1/2] Port KASAN Tests to KUnit Andrey Konovalov
@ 2020-02-27 14:19 ` Dmitry Vyukov
  2020-02-29  1:56   ` Patricia Alfonso
  2020-03-06 23:58   ` Patricia Alfonso
  2 siblings, 2 replies; 33+ messages in thread
From: Dmitry Vyukov @ 2020-02-27 14:19 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

.On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
<trishalfonso@google.com> wrote:
>
> Transfer all previous tests for KASAN to KUnit so they can be run
> more easily. With proper KASAN integration into KUnit, developers can
> run these tests with their other KUnit tests and see "pass" or "fail"
> with the appropriate KASAN report instead of needing to parse each KASAN
> report to test KASAN functionalities.
>
> Stack tests do not work in UML so those tests are protected inside an
> "#if (CONFIG_KASAN_STACK == 1)" so this only runs if stack
> instrumentation is enabled.
>
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> ---
> The KUnit version of these tests could be in addition to the existing
> tests if that is preferred.
>
>  lib/Kconfig.kasan |   2 +-
>  lib/test_kasan.c  | 352 +++++++++++++++++++++-------------------------
>  2 files changed, 161 insertions(+), 193 deletions(-)
>
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 5b54f3c9a741..f8cc9ed60677 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -160,7 +160,7 @@ config KASAN_VMALLOC
>
>  config TEST_KASAN
>         tristate "Module for testing KASAN for bug detection"
> -       depends on m && KASAN
> +       depends on KASAN && KUNIT
>         help
>           This is a test module doing various nasty things like
>           out of bounds accesses, use after free. It is useful for testing
> diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> index 3872d250ed2c..988650387a2a 100644
> --- a/lib/test_kasan.c
> +++ b/lib/test_kasan.c
> @@ -23,17 +23,18 @@
>
>  #include <asm/page.h>
>
> +#include <kunit/test.h>
> +
>  /*
>   * Note: test functions are marked noinline so that their names appear in
>   * reports.
>   */
>
> -static noinline void __init kmalloc_oob_right(void)
> +static noinline void kmalloc_oob_right(void)
>  {
>         char *ptr;
>         size_t size = 123;
>
> -       pr_info("out-of-bounds to right\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -44,12 +45,11 @@ static noinline void __init kmalloc_oob_right(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_left(void)
> +static noinline void kmalloc_oob_left(void)
>  {
>         char *ptr;
>         size_t size = 15;
>
> -       pr_info("out-of-bounds to left\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -60,12 +60,11 @@ static noinline void __init kmalloc_oob_left(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_node_oob_right(void)
> +static noinline void kmalloc_node_oob_right(void)
>  {
>         char *ptr;
>         size_t size = 4096;
>
> -       pr_info("kmalloc_node(): out-of-bounds to right\n");
>         ptr = kmalloc_node(size, GFP_KERNEL, 0);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -77,7 +76,7 @@ static noinline void __init kmalloc_node_oob_right(void)
>  }
>
>  #ifdef CONFIG_SLUB
> -static noinline void __init kmalloc_pagealloc_oob_right(void)
> +static noinline void kmalloc_pagealloc_oob_right(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> @@ -85,7 +84,6 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
>         /* Allocate a chunk that does not fit into a SLUB cache to trigger
>          * the page allocator fallback.
>          */
> -       pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -96,12 +94,11 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_pagealloc_uaf(void)
> +static noinline void kmalloc_pagealloc_uaf(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
>
> -       pr_info("kmalloc pagealloc allocation: use-after-free\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -112,12 +109,11 @@ static noinline void __init kmalloc_pagealloc_uaf(void)
>         ptr[0] = 0;
>  }
>
> -static noinline void __init kmalloc_pagealloc_invalid_free(void)
> +static noinline void kmalloc_pagealloc_invalid_free(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
>
> -       pr_info("kmalloc pagealloc allocation: invalid-free\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -128,14 +124,13 @@ static noinline void __init kmalloc_pagealloc_invalid_free(void)
>  }
>  #endif
>
> -static noinline void __init kmalloc_large_oob_right(void)
> +static noinline void kmalloc_large_oob_right(void)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
>         /* Allocate a chunk that is large enough, but still fits into a slab
>          * and does not trigger the page allocator fallback in SLUB.
>          */
> -       pr_info("kmalloc large allocation: out-of-bounds to right\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -146,13 +141,12 @@ static noinline void __init kmalloc_large_oob_right(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_krealloc_more(void)
> +static noinline void kmalloc_oob_krealloc_more(void)
>  {
>         char *ptr1, *ptr2;
>         size_t size1 = 17;
>         size_t size2 = 19;
>
> -       pr_info("out-of-bounds after krealloc more\n");
>         ptr1 = kmalloc(size1, GFP_KERNEL);
>         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
>         if (!ptr1 || !ptr2) {
> @@ -166,13 +160,12 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kmalloc_oob_krealloc_less(void)
> +static noinline void kmalloc_oob_krealloc_less(void)
>  {
>         char *ptr1, *ptr2;
>         size_t size1 = 17;
>         size_t size2 = 15;
>
> -       pr_info("out-of-bounds after krealloc less\n");
>         ptr1 = kmalloc(size1, GFP_KERNEL);
>         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
>         if (!ptr1 || !ptr2) {
> @@ -184,13 +177,12 @@ static noinline void __init kmalloc_oob_krealloc_less(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kmalloc_oob_16(void)
> +static noinline void kmalloc_oob_16(void)
>  {
>         struct {
>                 u64 words[2];
>         } *ptr1, *ptr2;
>
> -       pr_info("kmalloc out-of-bounds for 16-bytes access\n");
>         ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
>         ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
>         if (!ptr1 || !ptr2) {
> @@ -204,12 +196,11 @@ static noinline void __init kmalloc_oob_16(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kmalloc_oob_memset_2(void)
> +static noinline void kmalloc_oob_memset_2(void)
>  {
>         char *ptr;
>         size_t size = 8;
>
> -       pr_info("out-of-bounds in memset2\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -220,12 +211,11 @@ static noinline void __init kmalloc_oob_memset_2(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_memset_4(void)
> +static noinline void kmalloc_oob_memset_4(void)
>  {
>         char *ptr;
>         size_t size = 8;
>
> -       pr_info("out-of-bounds in memset4\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -237,12 +227,11 @@ static noinline void __init kmalloc_oob_memset_4(void)
>  }
>
>
> -static noinline void __init kmalloc_oob_memset_8(void)
> +static noinline void kmalloc_oob_memset_8(void)
>  {
>         char *ptr;
>         size_t size = 8;
>
> -       pr_info("out-of-bounds in memset8\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -253,12 +242,11 @@ static noinline void __init kmalloc_oob_memset_8(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_memset_16(void)
> +static noinline void kmalloc_oob_memset_16(void)
>  {
>         char *ptr;
>         size_t size = 16;
>
> -       pr_info("out-of-bounds in memset16\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -269,12 +257,11 @@ static noinline void __init kmalloc_oob_memset_16(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_oob_in_memset(void)
> +static noinline void kmalloc_oob_in_memset(void)
>  {
>         char *ptr;
>         size_t size = 666;
>
> -       pr_info("out-of-bounds in memset\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -285,12 +272,11 @@ static noinline void __init kmalloc_oob_in_memset(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kmalloc_uaf(void)
> +static noinline void kmalloc_uaf(void)
>  {
>         char *ptr;
>         size_t size = 10;
>
> -       pr_info("use-after-free\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -301,12 +287,11 @@ static noinline void __init kmalloc_uaf(void)
>         *(ptr + 8) = 'x';
>  }
>
> -static noinline void __init kmalloc_uaf_memset(void)
> +static noinline void kmalloc_uaf_memset(void)
>  {
>         char *ptr;
>         size_t size = 33;
>
> -       pr_info("use-after-free in memset\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -317,12 +302,11 @@ static noinline void __init kmalloc_uaf_memset(void)
>         memset(ptr, 0, size);
>  }
>
> -static noinline void __init kmalloc_uaf2(void)
> +static noinline void kmalloc_uaf2(void)
>  {
>         char *ptr1, *ptr2;
>         size_t size = 43;
>
> -       pr_info("use-after-free after another kmalloc\n");
>         ptr1 = kmalloc(size, GFP_KERNEL);
>         if (!ptr1) {
>                 pr_err("Allocation failed\n");
> @@ -342,14 +326,13 @@ static noinline void __init kmalloc_uaf2(void)
>         kfree(ptr2);
>  }
>
> -static noinline void __init kfree_via_page(void)
> +static noinline void kfree_via_page(void)
>  {
>         char *ptr;
>         size_t size = 8;
>         struct page *page;
>         unsigned long offset;
>
> -       pr_info("invalid-free false positive (via page)\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -361,13 +344,12 @@ static noinline void __init kfree_via_page(void)
>         kfree(page_address(page) + offset);
>  }
>
> -static noinline void __init kfree_via_phys(void)
> +static noinline void kfree_via_phys(void)
>  {
>         char *ptr;
>         size_t size = 8;
>         phys_addr_t phys;
>
> -       pr_info("invalid-free false positive (via phys)\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -378,7 +360,7 @@ static noinline void __init kfree_via_phys(void)
>         kfree(phys_to_virt(phys));
>  }
>
> -static noinline void __init kmem_cache_oob(void)
> +static noinline void kmem_cache_oob(void)
>  {
>         char *p;
>         size_t size = 200;
> @@ -389,7 +371,6 @@ static noinline void __init kmem_cache_oob(void)
>                 pr_err("Cache allocation failed\n");
>                 return;
>         }
> -       pr_info("out-of-bounds in kmem_cache_alloc\n");
>         p = kmem_cache_alloc(cache, GFP_KERNEL);
>         if (!p) {
>                 pr_err("Allocation failed\n");
> @@ -402,7 +383,7 @@ static noinline void __init kmem_cache_oob(void)
>         kmem_cache_destroy(cache);
>  }
>
> -static noinline void __init memcg_accounted_kmem_cache(void)
> +static noinline void memcg_accounted_kmem_cache(void)
>  {
>         int i;
>         char *p;
> @@ -415,7 +396,6 @@ static noinline void __init memcg_accounted_kmem_cache(void)
>                 return;
>         }
>
> -       pr_info("allocate memcg accounted object\n");
>         /*
>          * Several allocations with a delay to allow for lazy per memcg kmem
>          * cache creation.
> @@ -435,31 +415,19 @@ static noinline void __init memcg_accounted_kmem_cache(void)
>
>  static char global_array[10];
>
> -static noinline void __init kasan_global_oob(void)
> +static noinline void kasan_global_oob(void)
>  {
>         volatile int i = 3;
>         char *p = &global_array[ARRAY_SIZE(global_array) + i];
>
> -       pr_info("out-of-bounds global variable\n");
> -       *(volatile char *)p;
> -}
> -
> -static noinline void __init kasan_stack_oob(void)

Let's keep it but also make dependent on CONFIG_KASAN_STACK

> -{
> -       char stack_array[10];
> -       volatile int i = 0;
> -       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
> -
> -       pr_info("out-of-bounds on stack\n");
>         *(volatile char *)p;
>  }
>
> -static noinline void __init ksize_unpoisons_memory(void)
> +static noinline void ksize_unpoisons_memory(void)
>  {
>         char *ptr;
>         size_t size = 123, real_size;
>
> -       pr_info("ksize() unpoisons the whole allocated chunk\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -473,72 +441,36 @@ static noinline void __init ksize_unpoisons_memory(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init copy_user_test(void)
> +#if (CONFIG_KASAN_STACK == 1)

The more common syntax for this is:

#ifdef CONFIG_KASAN_STACK

but it would even better to do:

if (IS_ENABLED(CONFIG_KASAN_STACK))

and return early. This way we at least test compilation (e.g.
CONFIG_KASAN_STACK is not supported on your arch, you change tests and
build break them because they were not even compiled).


> +static noinline void kasan_stack_oob(void)
>  {
> -       char *kmem;
> -       char __user *usermem;
> -       size_t size = 10;
> -       int unused;
> -
> -       kmem = kmalloc(size, GFP_KERNEL);
> -       if (!kmem)
> -               return;
> -
> -       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> -                           PROT_READ | PROT_WRITE | PROT_EXEC,
> -                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> -       if (IS_ERR(usermem)) {
> -               pr_err("Failed to allocate user memory\n");
> -               kfree(kmem);
> -               return;
> -       }
> -
> -       pr_info("out-of-bounds in copy_from_user()\n");
> -       unused = copy_from_user(kmem, usermem, size + 1);

Why is all of this removed?
Most of these tests are hard earned and test some special corner cases.

> -
> -       pr_info("out-of-bounds in copy_to_user()\n");
> -       unused = copy_to_user(usermem, kmem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_from_user()\n");
> -       unused = __copy_from_user(kmem, usermem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_to_user()\n");
> -       unused = __copy_to_user(usermem, kmem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> -       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> -
> -       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> -       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> -
> -       pr_info("out-of-bounds in strncpy_from_user()\n");
> -       unused = strncpy_from_user(kmem, usermem, size + 1);
> +       char stack_array[10];
> +       volatile int i = 0;
> +       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
>
> -       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> -       kfree(kmem);
> +       *(volatile char *)p;
>  }
>
> -static noinline void __init kasan_alloca_oob_left(void)
> +static noinline void kasan_alloca_oob_left(void)
>  {
>         volatile int i = 10;
>         char alloca_array[i];
>         char *p = alloca_array - 1;
>
> -       pr_info("out-of-bounds to left on alloca\n");
>         *(volatile char *)p;
>  }
>
> -static noinline void __init kasan_alloca_oob_right(void)
> +static noinline void kasan_alloca_oob_right(void)
>  {
>         volatile int i = 10;
>         char alloca_array[i];
>         char *p = alloca_array + i;
>
> -       pr_info("out-of-bounds to right on alloca\n");
>         *(volatile char *)p;
>  }
> +#endif /* CONFIG_KASAN_STACK */
>
> -static noinline void __init kmem_cache_double_free(void)
> +static noinline void kmem_cache_double_free(void)
>  {
>         char *p;
>         size_t size = 200;
> @@ -549,7 +481,6 @@ static noinline void __init kmem_cache_double_free(void)
>                 pr_err("Cache allocation failed\n");
>                 return;
>         }
> -       pr_info("double-free on heap object\n");
>         p = kmem_cache_alloc(cache, GFP_KERNEL);
>         if (!p) {
>                 pr_err("Allocation failed\n");
> @@ -562,7 +493,7 @@ static noinline void __init kmem_cache_double_free(void)
>         kmem_cache_destroy(cache);
>  }
>
> -static noinline void __init kmem_cache_invalid_free(void)
> +static noinline void kmem_cache_invalid_free(void)
>  {
>         char *p;
>         size_t size = 200;
> @@ -574,7 +505,6 @@ static noinline void __init kmem_cache_invalid_free(void)
>                 pr_err("Cache allocation failed\n");
>                 return;
>         }
> -       pr_info("invalid-free of heap object\n");
>         p = kmem_cache_alloc(cache, GFP_KERNEL);
>         if (!p) {
>                 pr_err("Allocation failed\n");
> @@ -594,12 +524,11 @@ static noinline void __init kmem_cache_invalid_free(void)
>         kmem_cache_destroy(cache);
>  }
>
> -static noinline void __init kasan_memchr(void)
> +static noinline void kasan_memchr(void)
>  {
>         char *ptr;
>         size_t size = 24;
>
> -       pr_info("out-of-bounds in memchr\n");
>         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
>         if (!ptr)
>                 return;
> @@ -608,13 +537,12 @@ static noinline void __init kasan_memchr(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kasan_memcmp(void)
> +static noinline void kasan_memcmp(void)
>  {
>         char *ptr;
>         size_t size = 24;
>         int arr[9];
>
> -       pr_info("out-of-bounds in memcmp\n");
>         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
>         if (!ptr)
>                 return;
> @@ -624,12 +552,11 @@ static noinline void __init kasan_memcmp(void)
>         kfree(ptr);
>  }
>
> -static noinline void __init kasan_strings(void)
> +static noinline void kasan_strings(void)
>  {
>         char *ptr;
>         size_t size = 24;
>
> -       pr_info("use-after-free in strchr\n");
>         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
>         if (!ptr)
>                 return;
> @@ -645,23 +572,18 @@ static noinline void __init kasan_strings(void)
>         ptr += 16;
>         strchr(ptr, '1');
>
> -       pr_info("use-after-free in strrchr\n");
>         strrchr(ptr, '1');
>
> -       pr_info("use-after-free in strcmp\n");
>         strcmp(ptr, "2");

Such tests now need to be split into multiple tests, one error per
test. Otherwise they don't test what they are supposed to test (each
of these produces an error).
Well, I mean, currently they don't test anything at all, but with
kunit we actually can test this, so it would be good to actually test
what this test was supposed to test :)
This applies to other tests as well.


> -       pr_info("use-after-free in strncmp\n");
>         strncmp(ptr, "2", 1);
>
> -       pr_info("use-after-free in strlen\n");
>         strlen(ptr);
>
> -       pr_info("use-after-free in strnlen\n");
>         strnlen(ptr, 1);
>  }
>
> -static noinline void __init kasan_bitops(void)
> +static noinline void kasan_bitops(void)
>  {
>         /*
>          * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
> @@ -676,70 +598,52 @@ static noinline void __init kasan_bitops(void)
>          * below accesses are still out-of-bounds, since bitops are defined to
>          * operate on the whole long the bit is in.
>          */
> -       pr_info("out-of-bounds in set_bit\n");
>         set_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __set_bit\n");
>         __set_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in clear_bit\n");
>         clear_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __clear_bit\n");
>         __clear_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in clear_bit_unlock\n");
>         clear_bit_unlock(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __clear_bit_unlock\n");
>         __clear_bit_unlock(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in change_bit\n");
>         change_bit(BITS_PER_LONG, bits);
>
> -       pr_info("out-of-bounds in __change_bit\n");
>         __change_bit(BITS_PER_LONG, bits);
>
>         /*
>          * Below calls try to access bit beyond allocated memory.
>          */
> -       pr_info("out-of-bounds in test_and_set_bit\n");
>         test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in __test_and_set_bit\n");
>         __test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_and_set_bit_lock\n");
>         test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_and_clear_bit\n");
>         test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in __test_and_clear_bit\n");
>         __test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_and_change_bit\n");
>         test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in __test_and_change_bit\n");
>         __test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
> -       pr_info("out-of-bounds in test_bit\n");
>         (void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
>
>  #if defined(clear_bit_unlock_is_negative_byte)
> -       pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
>         clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
>  #endif
>         kfree(bits);
>  }
>
> -static noinline void __init kmalloc_double_kzfree(void)
> +static noinline void kmalloc_double_kzfree(void)

Since it seems we will need v2, it will help if you move these
mechanical diffs to a separate patch. I mean removal of __init and
pr_info. These produce lots of changes and it's hard to separate out
more meaningful changes from this mechanical noise.

>  {
>         char *ptr;
>         size_t size = 16;
>
> -       pr_info("double-free (kzfree)\n");
>         ptr = kmalloc(size, GFP_KERNEL);
>         if (!ptr) {
>                 pr_err("Allocation failed\n");
> @@ -750,29 +654,130 @@ static noinline void __init kmalloc_double_kzfree(void)
>         kzfree(ptr);
>  }
>
> -#ifdef CONFIG_KASAN_VMALLOC
> -static noinline void __init vmalloc_oob(void)
> +static void kunit_test_oob(struct kunit *test)
> +{
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_right());

I think the 2 patches need to be reordered. This
KUNIT_EXPECT_KASAN_FAIL is introduced only in the next patch. This
will break build during bisections.

> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_left());

I am wondering if it makes sense to have the "KASAN_FAIL" part be part
of the test itself. It will make the test and assertion local to each
other. I hope later we will add some negative tests as well (without
kasan errors), then people will start copy-pasting these macros and
it's possible I copy-paste macro that checks that the test does not
produce kasan error for my test, which I actually want the macro that
checks for report. Then if my test does not fail, it will be
unnoticed. I may be good to have assertion local to the test itself.
Thoughts?

> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_node_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_large_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_more());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_less());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_16());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_in_memset());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_2());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_4());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_8());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_16());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_oob());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_global_oob());
> +       KUNIT_EXPECT_KASAN_FAIL(test, ksize_unpoisons_memory());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memchr());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memcmp());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_strings());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_bitops());
> +#ifdef CONFIG_SLUB
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_oob_right());
> +#endif /* CONFIG_SLUB */
> +
> +#if (CONFIG_KASAN_STACK == 1)
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_stack_oob());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_right());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_left());
> +#endif /*CONFIG_KASAN_STACK*/
> +}
> +
> +static void kunit_test_uaf(struct kunit *test)
> +{
> +#ifdef CONFIG_SLUB
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_uaf());
> +#endif
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf_memset());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf2());
> +}
> +
> +static void kunit_test_invalid_free(struct kunit *test)
>  {
> -       void *area;
> +#ifdef CONFIG_SLUB
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_invalid_free());
> +#endif
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_invalid_free());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_double_free());
> +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_double_kzfree());
> +}
>
> -       pr_info("vmalloc out-of-bounds\n");
> +static void kunit_test_false_positives(struct kunit *test)
> +{
> +       kfree_via_page();
> +       kfree_via_phys();
> +}
>
> -       /*
> -        * We have to be careful not to hit the guard page.
> -        * The MMU will catch that and crash us.
> -        */
> -       area = vmalloc(3000);
> -       if (!area) {
> -               pr_err("Allocation failed\n");
> +static void kunit_test_memcg(struct kunit *test)
> +{
> +       memcg_accounted_kmem_cache();
> +}
> +
> +static struct kunit_case kasan_kunit_test_cases[] = {
> +       KUNIT_CASE(kunit_test_oob),
> +       KUNIT_CASE(kunit_test_uaf),
> +       KUNIT_CASE(kunit_test_invalid_free),
> +       KUNIT_CASE(kunit_test_false_positives),
> +       KUNIT_CASE(kunit_test_memcg),
> +       {}
> +};
> +
> +static struct kunit_suite kasan_kunit_test_suite = {
> +       .name = "kasan_kunit_test",
> +       .test_cases = kasan_kunit_test_cases,
> +};
> +
> +kunit_test_suite(kasan_kunit_test_suite);
> +
> +#if IS_MODULE(CONFIG_TEST_KASAN)
> +static noinline void __init copy_user_test(void)
> +{
> +       char *kmem;
> +       char __user *usermem;
> +       size_t size = 10;
> +       int unused;
> +
> +       kmem = kmalloc(size, GFP_KERNEL);
> +       if (!kmem)
> +               return;
> +
> +       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> +                           PROT_READ | PROT_WRITE | PROT_EXEC,
> +                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> +       if (IS_ERR(usermem)) {
> +               pr_err("Failed to allocate user memory\n");
> +               kfree(kmem);
>                 return;
>         }
>
> -       ((volatile char *)area)[3100];
> -       vfree(area);
> +       pr_info("out-of-bounds in copy_from_user()\n");
> +       unused = copy_from_user(kmem, usermem, size + 1);
> +
> +       pr_info("out-of-bounds in copy_to_user()\n");
> +       unused = copy_to_user(usermem, kmem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_from_user()\n");
> +       unused = __copy_from_user(kmem, usermem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_to_user()\n");
> +       unused = __copy_to_user(usermem, kmem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> +       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> +
> +       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> +       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> +
> +       pr_info("out-of-bounds in strncpy_from_user()\n");
> +       unused = strncpy_from_user(kmem, usermem, size + 1);
> +
> +       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> +       kfree(kmem);
>  }
> -#else
> -static void __init vmalloc_oob(void) {}
> -#endif
>
>  static int __init kmalloc_tests_init(void)
>  {
> @@ -782,44 +787,7 @@ static int __init kmalloc_tests_init(void)
>          */
>         bool multishot = kasan_save_enable_multi_shot();
>
> -       kmalloc_oob_right();
> -       kmalloc_oob_left();
> -       kmalloc_node_oob_right();
> -#ifdef CONFIG_SLUB
> -       kmalloc_pagealloc_oob_right();
> -       kmalloc_pagealloc_uaf();
> -       kmalloc_pagealloc_invalid_free();
> -#endif
> -       kmalloc_large_oob_right();
> -       kmalloc_oob_krealloc_more();
> -       kmalloc_oob_krealloc_less();
> -       kmalloc_oob_16();
> -       kmalloc_oob_in_memset();
> -       kmalloc_oob_memset_2();
> -       kmalloc_oob_memset_4();
> -       kmalloc_oob_memset_8();
> -       kmalloc_oob_memset_16();
> -       kmalloc_uaf();
> -       kmalloc_uaf_memset();
> -       kmalloc_uaf2();
> -       kfree_via_page();
> -       kfree_via_phys();
> -       kmem_cache_oob();
> -       memcg_accounted_kmem_cache();
> -       kasan_stack_oob();
> -       kasan_global_oob();
> -       kasan_alloca_oob_left();
> -       kasan_alloca_oob_right();
> -       ksize_unpoisons_memory();
>         copy_user_test();
> -       kmem_cache_double_free();
> -       kmem_cache_invalid_free();
> -       kasan_memchr();
> -       kasan_memcmp();
> -       kasan_strings();
> -       kasan_bitops();
> -       kmalloc_double_kzfree();
> -       vmalloc_oob();
>
>         kasan_restore_multi_shot(multishot);
>
> @@ -827,4 +795,4 @@ static int __init kmalloc_tests_init(void)
>  }
>
>  module_init(kmalloc_tests_init);
> -MODULE_LICENSE("GPL");
> +#endif /* IS_MODULE(CONFIG_TEST_KASAN) */
> --
> 2.25.0.265.gbab2e86ba0-goog
>

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
  2020-02-27 14:04   ` Alan Maguire
@ 2020-02-27 14:39   ` Dmitry Vyukov
  2020-02-29  1:09     ` Patricia Alfonso
  2020-02-27 14:43   ` Dmitry Vyukov
                     ` (2 subsequent siblings)
  4 siblings, 1 reply; 33+ messages in thread
From: Dmitry Vyukov @ 2020-02-27 14:39 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
<kasan-dev@googlegroups.com> wrote:
>
> Integrate KASAN into KUnit testing framework.
>  - Fail tests when KASAN reports an error that is not expected
>  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
>  - KUnit struct added to current task to keep track of the current test
> from KASAN code
>  - Booleans representing if a KASAN report is expected and if a KASAN
>  report is found added to kunit struct
>  - This prints "line# has passed" or "line# has failed"
>
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> ---
> If anyone has any suggestions on how best to print the failure
> messages, please share!
>
> One issue I have found while testing this is the allocation fails in
> kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> does cause the test to fail on the KUnit side, as expected, but it
> seems to skip all the tests before this one because the output starts
> with this failure instead of with the first test, kmalloc_oob_right().
>
>  include/kunit/test.h                | 24 ++++++++++++++++++++++++
>  include/linux/sched.h               |  7 ++++++-
>  lib/kunit/test.c                    |  7 ++++++-
>  mm/kasan/report.c                   | 19 +++++++++++++++++++
>  tools/testing/kunit/kunit_kernel.py |  2 +-
>  5 files changed, 56 insertions(+), 3 deletions(-)
>
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index 2dfb550c6723..2e388f8937f3 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -21,6 +21,8 @@ struct kunit_resource;
>  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
>  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
>
> +void kunit_set_failure(struct kunit *test);
> +
>  /**
>   * struct kunit_resource - represents a *test managed resource*
>   * @allocation: for the user to store arbitrary data.
> @@ -191,6 +193,9 @@ struct kunit {
>          * protect it with some type of lock.
>          */
>         struct list_head resources; /* Protected by lock. */
> +
> +       bool kasan_report_expected;
> +       bool kasan_report_found;
>  };
>
>  void kunit_init_test(struct kunit *test, const char *name);
> @@ -941,6 +946,25 @@ do {                                                                              \
>                                                 ptr,                           \
>                                                 NULL)
>
> +/**
> + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> + * not cause a KASAN error.

Oh, I see, this is not a test, but rather an ASSERT-like macro.
Then maybe we should use it for actual expressions that are supposed
to trigger KASAN errors?

E.g. KUNIT_EXPECT_KASAN_FAIL(test, *(volatile int*)p);


> + *
> + */
> +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {  \

s/condition/expression/

> +       test->kasan_report_expected = true;     \

Check that kasan_report_expected is unset. If these are nested things
will break in confusing ways.
Or otherwise we need to restore the previous value at the end.

> +       test->kasan_report_found = false; \
> +       condition; \
> +       if (test->kasan_report_found == test->kasan_report_expected) { \

We know that kasan_report_expected is true here, so we could just said:

if (!test->kasan_report_found)

> +               pr_info("%d has passed", __LINE__); \
> +       } else { \
> +               kunit_set_failure(test); \
> +               pr_info("%d has failed", __LINE__); \

This needs a more readable error.

> +       } \
> +       test->kasan_report_expected = false;    \
> +       test->kasan_report_found = false;       \
> +} while (0)
> +
>  /**
>   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
>   * @test: The test context object.
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 04278493bf15..db23d56061e7 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -32,6 +32,8 @@
>  #include <linux/posix-timers.h>
>  #include <linux/rseq.h>
>
> +#include <kunit/test.h>
> +
>  /* task_struct member predeclarations (sorted alphabetically): */
>  struct audit_context;
>  struct backing_dev_info;
> @@ -1178,7 +1180,10 @@ struct task_struct {
>
>  #ifdef CONFIG_KASAN
>         unsigned int                    kasan_depth;
> -#endif
> +#ifdef CONFIG_KUNIT
> +       struct kunit *kasan_kunit_test;

I would assume we will use this for other things as well (failing
tests on LOCKDEP errors, WARNINGs, etc).
So I would call this just kunit_test and make non-dependent on KASAN right away.


> +#endif /* CONFIG_KUNIT */
> +#endif /* CONFIG_KASAN */
>
>  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
>         /* Index of current stored address in ret_stack: */
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index 9242f932896c..d266b9495c67 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -9,11 +9,12 @@
>  #include <kunit/test.h>
>  #include <linux/kernel.h>
>  #include <linux/sched/debug.h>
> +#include <linux/sched.h>
>
>  #include "string-stream.h"
>  #include "try-catch-impl.h"
>
> -static void kunit_set_failure(struct kunit *test)
> +void kunit_set_failure(struct kunit *test)
>  {
>         WRITE_ONCE(test->success, false);
>  }
> @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
>         struct kunit_suite *suite = ctx->suite;
>         struct kunit_case *test_case = ctx->test_case;
>
> +#ifdef CONFIG_KASAN
> +       current->kasan_kunit_test = test;
> +#endif
> +
>         /*
>          * kunit_run_case_internal may encounter a fatal error; if it does,
>          * abort will be called, this thread will exit, and finally the parent
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 5ef9f24f566b..5554d23799a5 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -32,6 +32,8 @@
>
>  #include <asm/sections.h>
>
> +#include <kunit/test.h>
> +
>  #include "kasan.h"
>  #include "../slab.h"
>
> @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
>         u8 tag = get_tag(object);
>
>         object = reset_tag(object);
> +
> +       if (current->kasan_kunit_test) {
> +               if (current->kasan_kunit_test->kasan_report_expected) {
> +                       current->kasan_kunit_test->kasan_report_found = true;
> +                       return;
> +               }
> +               kunit_set_failure(current->kasan_kunit_test);
> +       }
> +
>         start_report(&flags);
>         pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
>         print_tags(tag, object);
> @@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
>         if (likely(!report_enabled()))
>                 return;
>
> +       if (current->kasan_kunit_test) {

Strictly saying, this also needs to check in_task().

> +               if (current->kasan_kunit_test->kasan_report_expected) {
> +                       current->kasan_kunit_test->kasan_report_found = true;
> +                       return;
> +               }
> +               kunit_set_failure(current->kasan_kunit_test);
> +       }

This chunk is duplicated 2 times. I think it will be more reasonable
for KASAN code to just notify KUNIT that the error has happened, and
then KUNIT will figure out what it means and what to do.


> +
>         disable_trace_on_warning();
>
>         tagged_addr = (void *)addr;
> diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
> index cc5d844ecca1..63eab18a8c34 100644
> --- a/tools/testing/kunit/kunit_kernel.py
> +++ b/tools/testing/kunit/kunit_kernel.py
> @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
>                 return True
>
>         def run_kernel(self, args=[], timeout=None, build_dir=''):
> -               args.extend(['mem=256M'])
> +               args.extend(['mem=256M', 'kasan_multi_shot'])
>                 process = self._ops.linux_bin(args, timeout, build_dir)
>                 with open(os.path.join(build_dir, 'test.log'), 'w') as f:
>                         for line in process.stdout:
> --
> 2.25.0.265.gbab2e86ba0-goog
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200227024301.217042-2-trishalfonso%40google.com.

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
  2020-02-27 14:04   ` Alan Maguire
  2020-02-27 14:39   ` Dmitry Vyukov
@ 2020-02-27 14:43   ` Dmitry Vyukov
  2020-02-29  1:23     ` Patricia Alfonso
  2020-02-27 14:45   ` Dmitry Vyukov
  2020-03-04  6:35   ` Dmitry Vyukov
  4 siblings, 1 reply; 33+ messages in thread
From: Dmitry Vyukov @ 2020-02-27 14:43 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
<kasan-dev@googlegroups.com> wrote:
>
> Integrate KASAN into KUnit testing framework.
>  - Fail tests when KASAN reports an error that is not expected
>  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
>  - KUnit struct added to current task to keep track of the current test
> from KASAN code
>  - Booleans representing if a KASAN report is expected and if a KASAN
>  report is found added to kunit struct
>  - This prints "line# has passed" or "line# has failed"
>
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> ---
> If anyone has any suggestions on how best to print the failure
> messages, please share!
>
> One issue I have found while testing this is the allocation fails in
> kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> does cause the test to fail on the KUnit side, as expected, but it
> seems to skip all the tests before this one because the output starts
> with this failure instead of with the first test, kmalloc_oob_right().

I don't follow this... we don't check output in any way, so how does
output affect execution?...


> --- a/tools/testing/kunit/kunit_kernel.py
> +++ b/tools/testing/kunit/kunit_kernel.py
> @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
>                 return True
>
>         def run_kernel(self, args=[], timeout=None, build_dir=''):
> -               args.extend(['mem=256M'])
> +               args.extend(['mem=256M', 'kasan_multi_shot'])

This is better done somewhere else (different default value if
KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
to be a mandatory part now. This means people will always hit this, be
confused, figure out they need to flip the value, and only then be
able to run kunit+kasan.


>                 process = self._ops.linux_bin(args, timeout, build_dir)
>                 with open(os.path.join(build_dir, 'test.log'), 'w') as f:
>                         for line in process.stdout:

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
                     ` (2 preceding siblings ...)
  2020-02-27 14:43   ` Dmitry Vyukov
@ 2020-02-27 14:45   ` Dmitry Vyukov
  2020-02-29  0:49     ` Patricia Alfonso
  2020-03-04  6:35   ` Dmitry Vyukov
  4 siblings, 1 reply; 33+ messages in thread
From: Dmitry Vyukov @ 2020-02-27 14:45 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
<kasan-dev@googlegroups.com> wrote:
>
> Integrate KASAN into KUnit testing framework.
>  - Fail tests when KASAN reports an error that is not expected
>  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
>  - KUnit struct added to current task to keep track of the current test
> from KASAN code
>  - Booleans representing if a KASAN report is expected and if a KASAN
>  report is found added to kunit struct
>  - This prints "line# has passed" or "line# has failed"
>
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>

This does not build for me:

$ make
scripts/kconfig/conf  --syncconfig Kconfig
  CC      arch/x86/kernel/asm-offsets.s
  UPD     include/generated/asm-offsets.h
  CALL    scripts/checksyscalls.sh
  CALL    scripts/atomic/check-atomics.sh
  DESCEND  objtool
  CC      init/main.o
In file included from ./include/linux/uaccess.h:11,
                 from ./arch/x86/include/asm/fpu/xstate.h:5,
                 from ./arch/x86/include/asm/pgtable.h:26,
                 from ./include/linux/kasan.h:15,
                 from ./include/linux/slab.h:136,
                 from ./include/kunit/test.h:16,
                 from ./include/linux/sched.h:35,
                 from ./include/linux/ioprio.h:5,
                 from ./include/linux/fs.h:39,
                 from ./include/linux/proc_fs.h:9,
                 from init/main.c:18:
./arch/x86/include/asm/uaccess.h: In function ‘set_fs’:
./arch/x86/include/asm/uaccess.h:31:9: error: dereferencing pointer to
incomplete type ‘struct task_struct’
   31 |  current->thread.addr_limit = fs;
      |         ^~
make[1]: *** [scripts/Makefile.build:268: init/main.o] Error 1
make: *** [Makefile:1681: init] Error 2


On bfdc6d91a25f4545bcd1b12e3219af4838142ef1 config:
https://pastebin.com/raw/nwnL2N9w

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-02-27 13:56 ` [RFC PATCH 1/2] Port KASAN Tests to KUnit Andrey Konovalov
@ 2020-02-27 15:16   ` Alan Maguire
  0 siblings, 0 replies; 33+ messages in thread
From: Alan Maguire @ 2020-02-27 15:16 UTC (permalink / raw)
  To: Andrey Konovalov
  Cc: Patricia Alfonso, Andrey Ryabinin, Dmitry Vyukov,
	Brendan Higgins, davidgow, Ingo Molnar, Peter Zijlstra,
	juri.lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, 27 Feb 2020, Andrey Konovalov wrote:

> On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> <kasan-dev@googlegroups.com> wrote:
> >
> > Transfer all previous tests for KASAN to KUnit so they can be run
> > more easily. With proper KASAN integration into KUnit, developers can
> > run these tests with their other KUnit tests and see "pass" or "fail"
> > with the appropriate KASAN report instead of needing to parse each KASAN
> > report to test KASAN functionalities.
> >
> > Stack tests do not work in UML so those tests are protected inside an
> > "#if (CONFIG_KASAN_STACK == 1)" so this only runs if stack
> > instrumentation is enabled.
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > The KUnit version of these tests could be in addition to the existing
> > tests if that is preferred.
> 
> Will it be possible to run KASAN tests with KUnit on arbitrary
> hardware/vm with arbitrary architecture (like it is possible now by
> loading test_kasan.ko)?
>

Yep - KUnit tests can be run on bare metal/VMs as
well as within a UML instance.  In the bare metal/VM
case we're working to add some ease-of-use features
such as results avaiable in /sys/kernel/debug/kunit.
Looks like CONFIG_TEST_KASAN is tristate too, so that
means it can be built as a module (KUnit itself can be
built as a module too) so running the tests becomes
a matter of executing "modprobe test_kasan.ko"; presumably
similar to what is done with non-KUnit test_kasan?

The tests execute on module loading automatically, and
results are retrievable via dmesg, and soon hopefully
via debugfs also.

I'd be really interested in any feedback regarding running
KUnit tests this way, so if you get a chance to try it
out do let us know if you see things that are missing.

Thanks!

Alan

> >
> >  lib/Kconfig.kasan |   2 +-
> >  lib/test_kasan.c  | 352 +++++++++++++++++++++-------------------------
> >  2 files changed, 161 insertions(+), 193 deletions(-)
> >
> > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> > index 5b54f3c9a741..f8cc9ed60677 100644
> > --- a/lib/Kconfig.kasan
> > +++ b/lib/Kconfig.kasan
> > @@ -160,7 +160,7 @@ config KASAN_VMALLOC
> >
> >  config TEST_KASAN
> >         tristate "Module for testing KASAN for bug detection"
> > -       depends on m && KASAN
> > +       depends on KASAN && KUNIT
> >         help
> >           This is a test module doing various nasty things like
> >           out of bounds accesses, use after free. It is useful for testing
> > diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> > index 3872d250ed2c..988650387a2a 100644
> > --- a/lib/test_kasan.c
> > +++ b/lib/test_kasan.c
> > @@ -23,17 +23,18 @@
> >
> >  #include <asm/page.h>
> >
> > +#include <kunit/test.h>
> > +
> >  /*
> >   * Note: test functions are marked noinline so that their names appear in
> >   * reports.
> >   */
> >
> > -static noinline void __init kmalloc_oob_right(void)
> > +static noinline void kmalloc_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = 123;
> >
> > -       pr_info("out-of-bounds to right\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -44,12 +45,11 @@ static noinline void __init kmalloc_oob_right(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_left(void)
> > +static noinline void kmalloc_oob_left(void)
> >  {
> >         char *ptr;
> >         size_t size = 15;
> >
> > -       pr_info("out-of-bounds to left\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -60,12 +60,11 @@ static noinline void __init kmalloc_oob_left(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_node_oob_right(void)
> > +static noinline void kmalloc_node_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = 4096;
> >
> > -       pr_info("kmalloc_node(): out-of-bounds to right\n");
> >         ptr = kmalloc_node(size, GFP_KERNEL, 0);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -77,7 +76,7 @@ static noinline void __init kmalloc_node_oob_right(void)
> >  }
> >
> >  #ifdef CONFIG_SLUB
> > -static noinline void __init kmalloc_pagealloc_oob_right(void)
> > +static noinline void kmalloc_pagealloc_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> > @@ -85,7 +84,6 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
> >         /* Allocate a chunk that does not fit into a SLUB cache to trigger
> >          * the page allocator fallback.
> >          */
> > -       pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -96,12 +94,11 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_pagealloc_uaf(void)
> > +static noinline void kmalloc_pagealloc_uaf(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> >
> > -       pr_info("kmalloc pagealloc allocation: use-after-free\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -112,12 +109,11 @@ static noinline void __init kmalloc_pagealloc_uaf(void)
> >         ptr[0] = 0;
> >  }
> >
> > -static noinline void __init kmalloc_pagealloc_invalid_free(void)
> > +static noinline void kmalloc_pagealloc_invalid_free(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> >
> > -       pr_info("kmalloc pagealloc allocation: invalid-free\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -128,14 +124,13 @@ static noinline void __init kmalloc_pagealloc_invalid_free(void)
> >  }
> >  #endif
> >
> > -static noinline void __init kmalloc_large_oob_right(void)
> > +static noinline void kmalloc_large_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
> >         /* Allocate a chunk that is large enough, but still fits into a slab
> >          * and does not trigger the page allocator fallback in SLUB.
> >          */
> > -       pr_info("kmalloc large allocation: out-of-bounds to right\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -146,13 +141,12 @@ static noinline void __init kmalloc_large_oob_right(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_krealloc_more(void)
> > +static noinline void kmalloc_oob_krealloc_more(void)
> >  {
> >         char *ptr1, *ptr2;
> >         size_t size1 = 17;
> >         size_t size2 = 19;
> >
> > -       pr_info("out-of-bounds after krealloc more\n");
> >         ptr1 = kmalloc(size1, GFP_KERNEL);
> >         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
> >         if (!ptr1 || !ptr2) {
> > @@ -166,13 +160,12 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kmalloc_oob_krealloc_less(void)
> > +static noinline void kmalloc_oob_krealloc_less(void)
> >  {
> >         char *ptr1, *ptr2;
> >         size_t size1 = 17;
> >         size_t size2 = 15;
> >
> > -       pr_info("out-of-bounds after krealloc less\n");
> >         ptr1 = kmalloc(size1, GFP_KERNEL);
> >         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
> >         if (!ptr1 || !ptr2) {
> > @@ -184,13 +177,12 @@ static noinline void __init kmalloc_oob_krealloc_less(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kmalloc_oob_16(void)
> > +static noinline void kmalloc_oob_16(void)
> >  {
> >         struct {
> >                 u64 words[2];
> >         } *ptr1, *ptr2;
> >
> > -       pr_info("kmalloc out-of-bounds for 16-bytes access\n");
> >         ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
> >         ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
> >         if (!ptr1 || !ptr2) {
> > @@ -204,12 +196,11 @@ static noinline void __init kmalloc_oob_16(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kmalloc_oob_memset_2(void)
> > +static noinline void kmalloc_oob_memset_2(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >
> > -       pr_info("out-of-bounds in memset2\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -220,12 +211,11 @@ static noinline void __init kmalloc_oob_memset_2(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_memset_4(void)
> > +static noinline void kmalloc_oob_memset_4(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >
> > -       pr_info("out-of-bounds in memset4\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -237,12 +227,11 @@ static noinline void __init kmalloc_oob_memset_4(void)
> >  }
> >
> >
> > -static noinline void __init kmalloc_oob_memset_8(void)
> > +static noinline void kmalloc_oob_memset_8(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >
> > -       pr_info("out-of-bounds in memset8\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -253,12 +242,11 @@ static noinline void __init kmalloc_oob_memset_8(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_memset_16(void)
> > +static noinline void kmalloc_oob_memset_16(void)
> >  {
> >         char *ptr;
> >         size_t size = 16;
> >
> > -       pr_info("out-of-bounds in memset16\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -269,12 +257,11 @@ static noinline void __init kmalloc_oob_memset_16(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_in_memset(void)
> > +static noinline void kmalloc_oob_in_memset(void)
> >  {
> >         char *ptr;
> >         size_t size = 666;
> >
> > -       pr_info("out-of-bounds in memset\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -285,12 +272,11 @@ static noinline void __init kmalloc_oob_in_memset(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_uaf(void)
> > +static noinline void kmalloc_uaf(void)
> >  {
> >         char *ptr;
> >         size_t size = 10;
> >
> > -       pr_info("use-after-free\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -301,12 +287,11 @@ static noinline void __init kmalloc_uaf(void)
> >         *(ptr + 8) = 'x';
> >  }
> >
> > -static noinline void __init kmalloc_uaf_memset(void)
> > +static noinline void kmalloc_uaf_memset(void)
> >  {
> >         char *ptr;
> >         size_t size = 33;
> >
> > -       pr_info("use-after-free in memset\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -317,12 +302,11 @@ static noinline void __init kmalloc_uaf_memset(void)
> >         memset(ptr, 0, size);
> >  }
> >
> > -static noinline void __init kmalloc_uaf2(void)
> > +static noinline void kmalloc_uaf2(void)
> >  {
> >         char *ptr1, *ptr2;
> >         size_t size = 43;
> >
> > -       pr_info("use-after-free after another kmalloc\n");
> >         ptr1 = kmalloc(size, GFP_KERNEL);
> >         if (!ptr1) {
> >                 pr_err("Allocation failed\n");
> > @@ -342,14 +326,13 @@ static noinline void __init kmalloc_uaf2(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kfree_via_page(void)
> > +static noinline void kfree_via_page(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >         struct page *page;
> >         unsigned long offset;
> >
> > -       pr_info("invalid-free false positive (via page)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -361,13 +344,12 @@ static noinline void __init kfree_via_page(void)
> >         kfree(page_address(page) + offset);
> >  }
> >
> > -static noinline void __init kfree_via_phys(void)
> > +static noinline void kfree_via_phys(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >         phys_addr_t phys;
> >
> > -       pr_info("invalid-free false positive (via phys)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -378,7 +360,7 @@ static noinline void __init kfree_via_phys(void)
> >         kfree(phys_to_virt(phys));
> >  }
> >
> > -static noinline void __init kmem_cache_oob(void)
> > +static noinline void kmem_cache_oob(void)
> >  {
> >         char *p;
> >         size_t size = 200;
> > @@ -389,7 +371,6 @@ static noinline void __init kmem_cache_oob(void)
> >                 pr_err("Cache allocation failed\n");
> >                 return;
> >         }
> > -       pr_info("out-of-bounds in kmem_cache_alloc\n");
> >         p = kmem_cache_alloc(cache, GFP_KERNEL);
> >         if (!p) {
> >                 pr_err("Allocation failed\n");
> > @@ -402,7 +383,7 @@ static noinline void __init kmem_cache_oob(void)
> >         kmem_cache_destroy(cache);
> >  }
> >
> > -static noinline void __init memcg_accounted_kmem_cache(void)
> > +static noinline void memcg_accounted_kmem_cache(void)
> >  {
> >         int i;
> >         char *p;
> > @@ -415,7 +396,6 @@ static noinline void __init memcg_accounted_kmem_cache(void)
> >                 return;
> >         }
> >
> > -       pr_info("allocate memcg accounted object\n");
> >         /*
> >          * Several allocations with a delay to allow for lazy per memcg kmem
> >          * cache creation.
> > @@ -435,31 +415,19 @@ static noinline void __init memcg_accounted_kmem_cache(void)
> >
> >  static char global_array[10];
> >
> > -static noinline void __init kasan_global_oob(void)
> > +static noinline void kasan_global_oob(void)
> >  {
> >         volatile int i = 3;
> >         char *p = &global_array[ARRAY_SIZE(global_array) + i];
> >
> > -       pr_info("out-of-bounds global variable\n");
> > -       *(volatile char *)p;
> > -}
> > -
> > -static noinline void __init kasan_stack_oob(void)
> > -{
> > -       char stack_array[10];
> > -       volatile int i = 0;
> > -       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
> > -
> > -       pr_info("out-of-bounds on stack\n");
> >         *(volatile char *)p;
> >  }
> >
> > -static noinline void __init ksize_unpoisons_memory(void)
> > +static noinline void ksize_unpoisons_memory(void)
> >  {
> >         char *ptr;
> >         size_t size = 123, real_size;
> >
> > -       pr_info("ksize() unpoisons the whole allocated chunk\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -473,72 +441,36 @@ static noinline void __init ksize_unpoisons_memory(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init copy_user_test(void)
> > +#if (CONFIG_KASAN_STACK == 1)
> > +static noinline void kasan_stack_oob(void)
> >  {
> > -       char *kmem;
> > -       char __user *usermem;
> > -       size_t size = 10;
> > -       int unused;
> > -
> > -       kmem = kmalloc(size, GFP_KERNEL);
> > -       if (!kmem)
> > -               return;
> > -
> > -       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> > -                           PROT_READ | PROT_WRITE | PROT_EXEC,
> > -                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> > -       if (IS_ERR(usermem)) {
> > -               pr_err("Failed to allocate user memory\n");
> > -               kfree(kmem);
> > -               return;
> > -       }
> > -
> > -       pr_info("out-of-bounds in copy_from_user()\n");
> > -       unused = copy_from_user(kmem, usermem, size + 1);
> > -
> > -       pr_info("out-of-bounds in copy_to_user()\n");
> > -       unused = copy_to_user(usermem, kmem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_from_user()\n");
> > -       unused = __copy_from_user(kmem, usermem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_to_user()\n");
> > -       unused = __copy_to_user(usermem, kmem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> > -       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> > -       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> > -
> > -       pr_info("out-of-bounds in strncpy_from_user()\n");
> > -       unused = strncpy_from_user(kmem, usermem, size + 1);
> > +       char stack_array[10];
> > +       volatile int i = 0;
> > +       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
> >
> > -       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> > -       kfree(kmem);
> > +       *(volatile char *)p;
> >  }
> >
> > -static noinline void __init kasan_alloca_oob_left(void)
> > +static noinline void kasan_alloca_oob_left(void)
> >  {
> >         volatile int i = 10;
> >         char alloca_array[i];
> >         char *p = alloca_array - 1;
> >
> > -       pr_info("out-of-bounds to left on alloca\n");
> >         *(volatile char *)p;
> >  }
> >
> > -static noinline void __init kasan_alloca_oob_right(void)
> > +static noinline void kasan_alloca_oob_right(void)
> >  {
> >         volatile int i = 10;
> >         char alloca_array[i];
> >         char *p = alloca_array + i;
> >
> > -       pr_info("out-of-bounds to right on alloca\n");
> >         *(volatile char *)p;
> >  }
> > +#endif /* CONFIG_KASAN_STACK */
> >
> > -static noinline void __init kmem_cache_double_free(void)
> > +static noinline void kmem_cache_double_free(void)
> >  {
> >         char *p;
> >         size_t size = 200;
> > @@ -549,7 +481,6 @@ static noinline void __init kmem_cache_double_free(void)
> >                 pr_err("Cache allocation failed\n");
> >                 return;
> >         }
> > -       pr_info("double-free on heap object\n");
> >         p = kmem_cache_alloc(cache, GFP_KERNEL);
> >         if (!p) {
> >                 pr_err("Allocation failed\n");
> > @@ -562,7 +493,7 @@ static noinline void __init kmem_cache_double_free(void)
> >         kmem_cache_destroy(cache);
> >  }
> >
> > -static noinline void __init kmem_cache_invalid_free(void)
> > +static noinline void kmem_cache_invalid_free(void)
> >  {
> >         char *p;
> >         size_t size = 200;
> > @@ -574,7 +505,6 @@ static noinline void __init kmem_cache_invalid_free(void)
> >                 pr_err("Cache allocation failed\n");
> >                 return;
> >         }
> > -       pr_info("invalid-free of heap object\n");
> >         p = kmem_cache_alloc(cache, GFP_KERNEL);
> >         if (!p) {
> >                 pr_err("Allocation failed\n");
> > @@ -594,12 +524,11 @@ static noinline void __init kmem_cache_invalid_free(void)
> >         kmem_cache_destroy(cache);
> >  }
> >
> > -static noinline void __init kasan_memchr(void)
> > +static noinline void kasan_memchr(void)
> >  {
> >         char *ptr;
> >         size_t size = 24;
> >
> > -       pr_info("out-of-bounds in memchr\n");
> >         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
> >         if (!ptr)
> >                 return;
> > @@ -608,13 +537,12 @@ static noinline void __init kasan_memchr(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kasan_memcmp(void)
> > +static noinline void kasan_memcmp(void)
> >  {
> >         char *ptr;
> >         size_t size = 24;
> >         int arr[9];
> >
> > -       pr_info("out-of-bounds in memcmp\n");
> >         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
> >         if (!ptr)
> >                 return;
> > @@ -624,12 +552,11 @@ static noinline void __init kasan_memcmp(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kasan_strings(void)
> > +static noinline void kasan_strings(void)
> >  {
> >         char *ptr;
> >         size_t size = 24;
> >
> > -       pr_info("use-after-free in strchr\n");
> >         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
> >         if (!ptr)
> >                 return;
> > @@ -645,23 +572,18 @@ static noinline void __init kasan_strings(void)
> >         ptr += 16;
> >         strchr(ptr, '1');
> >
> > -       pr_info("use-after-free in strrchr\n");
> >         strrchr(ptr, '1');
> >
> > -       pr_info("use-after-free in strcmp\n");
> >         strcmp(ptr, "2");
> >
> > -       pr_info("use-after-free in strncmp\n");
> >         strncmp(ptr, "2", 1);
> >
> > -       pr_info("use-after-free in strlen\n");
> >         strlen(ptr);
> >
> > -       pr_info("use-after-free in strnlen\n");
> >         strnlen(ptr, 1);
> >  }
> >
> > -static noinline void __init kasan_bitops(void)
> > +static noinline void kasan_bitops(void)
> >  {
> >         /*
> >          * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
> > @@ -676,70 +598,52 @@ static noinline void __init kasan_bitops(void)
> >          * below accesses are still out-of-bounds, since bitops are defined to
> >          * operate on the whole long the bit is in.
> >          */
> > -       pr_info("out-of-bounds in set_bit\n");
> >         set_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __set_bit\n");
> >         __set_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in clear_bit\n");
> >         clear_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __clear_bit\n");
> >         __clear_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in clear_bit_unlock\n");
> >         clear_bit_unlock(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __clear_bit_unlock\n");
> >         __clear_bit_unlock(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in change_bit\n");
> >         change_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __change_bit\n");
> >         __change_bit(BITS_PER_LONG, bits);
> >
> >         /*
> >          * Below calls try to access bit beyond allocated memory.
> >          */
> > -       pr_info("out-of-bounds in test_and_set_bit\n");
> >         test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_set_bit\n");
> >         __test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_set_bit_lock\n");
> >         test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_clear_bit\n");
> >         test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_clear_bit\n");
> >         __test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_change_bit\n");
> >         test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_change_bit\n");
> >         __test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_bit\n");
> >         (void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> >  #if defined(clear_bit_unlock_is_negative_byte)
> > -       pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
> >         clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >  #endif
> >         kfree(bits);
> >  }
> >
> > -static noinline void __init kmalloc_double_kzfree(void)
> > +static noinline void kmalloc_double_kzfree(void)
> >  {
> >         char *ptr;
> >         size_t size = 16;
> >
> > -       pr_info("double-free (kzfree)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -750,29 +654,130 @@ static noinline void __init kmalloc_double_kzfree(void)
> >         kzfree(ptr);
> >  }
> >
> > -#ifdef CONFIG_KASAN_VMALLOC
> > -static noinline void __init vmalloc_oob(void)
> > +static void kunit_test_oob(struct kunit *test)
> > +{
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_left());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_node_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_large_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_more());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_less());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_16());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_in_memset());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_2());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_4());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_8());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_16());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_global_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, ksize_unpoisons_memory());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memchr());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memcmp());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_strings());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_bitops());
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_oob_right());
> > +#endif /* CONFIG_SLUB */
> > +
> > +#if (CONFIG_KASAN_STACK == 1)
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_stack_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_left());
> > +#endif /*CONFIG_KASAN_STACK*/
> > +}
> > +
> > +static void kunit_test_uaf(struct kunit *test)
> > +{
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_uaf());
> > +#endif
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf_memset());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf2());
> > +}
> > +
> > +static void kunit_test_invalid_free(struct kunit *test)
> >  {
> > -       void *area;
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_invalid_free());
> > +#endif
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_invalid_free());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_double_free());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_double_kzfree());
> > +}
> >
> > -       pr_info("vmalloc out-of-bounds\n");
> > +static void kunit_test_false_positives(struct kunit *test)
> > +{
> > +       kfree_via_page();
> > +       kfree_via_phys();
> > +}
> >
> > -       /*
> > -        * We have to be careful not to hit the guard page.
> > -        * The MMU will catch that and crash us.
> > -        */
> > -       area = vmalloc(3000);
> > -       if (!area) {
> > -               pr_err("Allocation failed\n");
> > +static void kunit_test_memcg(struct kunit *test)
> > +{
> > +       memcg_accounted_kmem_cache();
> > +}
> > +
> > +static struct kunit_case kasan_kunit_test_cases[] = {
> > +       KUNIT_CASE(kunit_test_oob),
> > +       KUNIT_CASE(kunit_test_uaf),
> > +       KUNIT_CASE(kunit_test_invalid_free),
> > +       KUNIT_CASE(kunit_test_false_positives),
> > +       KUNIT_CASE(kunit_test_memcg),
> > +       {}
> > +};
> > +
> > +static struct kunit_suite kasan_kunit_test_suite = {
> > +       .name = "kasan_kunit_test",
> > +       .test_cases = kasan_kunit_test_cases,
> > +};
> > +
> > +kunit_test_suite(kasan_kunit_test_suite);
> > +
> > +#if IS_MODULE(CONFIG_TEST_KASAN)
> > +static noinline void __init copy_user_test(void)
> > +{
> > +       char *kmem;
> > +       char __user *usermem;
> > +       size_t size = 10;
> > +       int unused;
> > +
> > +       kmem = kmalloc(size, GFP_KERNEL);
> > +       if (!kmem)
> > +               return;
> > +
> > +       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> > +                           PROT_READ | PROT_WRITE | PROT_EXEC,
> > +                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> > +       if (IS_ERR(usermem)) {
> > +               pr_err("Failed to allocate user memory\n");
> > +               kfree(kmem);
> >                 return;
> >         }
> >
> > -       ((volatile char *)area)[3100];
> > -       vfree(area);
> > +       pr_info("out-of-bounds in copy_from_user()\n");
> > +       unused = copy_from_user(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in copy_to_user()\n");
> > +       unused = copy_to_user(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_from_user()\n");
> > +       unused = __copy_from_user(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_to_user()\n");
> > +       unused = __copy_to_user(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> > +       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> > +       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in strncpy_from_user()\n");
> > +       unused = strncpy_from_user(kmem, usermem, size + 1);
> > +
> > +       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> > +       kfree(kmem);
> >  }
> > -#else
> > -static void __init vmalloc_oob(void) {}
> > -#endif
> >
> >  static int __init kmalloc_tests_init(void)
> >  {
> > @@ -782,44 +787,7 @@ static int __init kmalloc_tests_init(void)
> >          */
> >         bool multishot = kasan_save_enable_multi_shot();
> >
> > -       kmalloc_oob_right();
> > -       kmalloc_oob_left();
> > -       kmalloc_node_oob_right();
> > -#ifdef CONFIG_SLUB
> > -       kmalloc_pagealloc_oob_right();
> > -       kmalloc_pagealloc_uaf();
> > -       kmalloc_pagealloc_invalid_free();
> > -#endif
> > -       kmalloc_large_oob_right();
> > -       kmalloc_oob_krealloc_more();
> > -       kmalloc_oob_krealloc_less();
> > -       kmalloc_oob_16();
> > -       kmalloc_oob_in_memset();
> > -       kmalloc_oob_memset_2();
> > -       kmalloc_oob_memset_4();
> > -       kmalloc_oob_memset_8();
> > -       kmalloc_oob_memset_16();
> > -       kmalloc_uaf();
> > -       kmalloc_uaf_memset();
> > -       kmalloc_uaf2();
> > -       kfree_via_page();
> > -       kfree_via_phys();
> > -       kmem_cache_oob();
> > -       memcg_accounted_kmem_cache();
> > -       kasan_stack_oob();
> > -       kasan_global_oob();
> > -       kasan_alloca_oob_left();
> > -       kasan_alloca_oob_right();
> > -       ksize_unpoisons_memory();
> >         copy_user_test();
> > -       kmem_cache_double_free();
> > -       kmem_cache_invalid_free();
> > -       kasan_memchr();
> > -       kasan_memcmp();
> > -       kasan_strings();
> > -       kasan_bitops();
> > -       kmalloc_double_kzfree();
> > -       vmalloc_oob();
> >
> >         kasan_restore_multi_shot(multishot);
> >
> > @@ -827,4 +795,4 @@ static int __init kmalloc_tests_init(void)
> >  }
> >
> >  module_init(kmalloc_tests_init);
> > -MODULE_LICENSE("GPL");
> > +#endif /* IS_MODULE(CONFIG_TEST_KASAN) */
> > --
> > 2.25.0.265.gbab2e86ba0-goog
> >
> > --
> > You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200227024301.217042-1-trishalfonso%40google.com.
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27 14:04   ` Alan Maguire
@ 2020-02-29  0:46     ` Patricia Alfonso
  2020-03-03 16:40       ` Alan Maguire
  2020-03-10 21:39     ` Brendan Higgins
  1 sibling, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-29  0:46 UTC (permalink / raw)
  To: Alan Maguire
  Cc: Andrey Ryabinin, Dmitry Vyukov, Brendan Higgins, David Gow,
	mingo, peterz, juri.lelli, vincent.guittot, LKML, kasan-dev,
	linux-kselftest, kunit-dev

On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:
>
> On Wed, 26 Feb 2020, Patricia Alfonso wrote:
>
> > Integrate KASAN into KUnit testing framework.
>
> This is a great idea! Some comments/suggestions below...
>

Thank you so much for your suggestions!

> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > If anyone has any suggestions on how best to print the failure
> > messages, please share!
> >
> > One issue I have found while testing this is the allocation fails in
> > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > does cause the test to fail on the KUnit side, as expected, but it
> > seems to skip all the tests before this one because the output starts
> > with this failure instead of with the first test, kmalloc_oob_right().
> >
> >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> >  include/linux/sched.h               |  7 ++++++-
> >  lib/kunit/test.c                    |  7 ++++++-
> >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> >  tools/testing/kunit/kunit_kernel.py |  2 +-
> >  5 files changed, 56 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > index 2dfb550c6723..2e388f8937f3 100644
> > --- a/include/kunit/test.h
> > +++ b/include/kunit/test.h
> > @@ -21,6 +21,8 @@ struct kunit_resource;
> >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> >
> > +void kunit_set_failure(struct kunit *test);
> > +
> >  /**
> >   * struct kunit_resource - represents a *test managed resource*
> >   * @allocation: for the user to store arbitrary data.
> > @@ -191,6 +193,9 @@ struct kunit {
> >        * protect it with some type of lock.
> >        */
> >       struct list_head resources; /* Protected by lock. */
> > +
> > +     bool kasan_report_expected;
> > +     bool kasan_report_found;
> >  };
> >
>
> Is this needed here? You're testing something pretty
> specific so it seems wrong to add to the generic
> kunit resource unless there's a good reason. I see the
> code around setting these values in mm/kasan/report.c,
> but I wonder if we could do something more generic.
>
> How about the concept of a static resource (assuming a
> dynamically allocated one is out because it messes
> with memory allocation tests)? Something like this:
>
> #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
>         do {                                                            \
>                 spin_lock(&test->lock);                                 \
>                 (resource_ptr)->resource_field.init = NULL;             \
>                 (resource_ptr)->resource_field.free = NULL;             \
>                 list_add_tail(&(resource_ptr)->resource_field,          \
>                               &test->resources);                        \
>                 spin_unlock(&test->lock);                               \
>         } while (0)
>
>
> Within your kasan code you could then create a kasan-specific
> structure that embends a kunit_resource, and contains the
> values you need:
>
> struct kasan_report_resource {
>         struct kunit_resource res;
>         bool kasan_report_expected;
>         bool kasan_report_found;
> };
>
> (One thing we'd need to do for such static resources is fix
> kunit_resource_free() to check if there's a free() function,
> and if not assume a static resource)
>
> If you then create an init() function associated with your
> kunit suite (which will be run for every case) it can do this:
>
> int kunit_kasan_test_init(struct kunit *test)
> {
>         kunit_add_static_resource(test, &my_kasan_report_resource, res);
>         ...
> }
>
> The above should also be used to initialize current->kasan_unit_test
> instead of doing that in kunit_try_run_case().  With those
> changes, you don't (I think) need to change anything in core
> kunit (assuming support for static resources).
>
> To retrieve the resource during tests or in kasan context, the
> method seems to be to use kunit_resource_find(). However, that
> requires a match function which seems a bit heavyweight for the
> static case.  We should probably have a default "find by name"
> or similar function here, and add an optional "name" field
> to kunit resources to simplify things.  Anyway here you'd
> use something like:
>
>         kasan_report_resource = kunit_resource_find(test, matchfn,
>                                                     NULL, matchdata);
>
>
> Are there any barriers to taking this sort of approach (apart
> from the support for static resources not being there yet)?
>

I'm not sure. I don't have any experience with kunit resources so I
would have to put some more effort into understanding how this would
work for myself. I wonder if this might be a bit of an over
complicated way of eliminating an extraneous boolean... maybe we can
find a simpler solution for the first version of this patch and add
the notion of a static resource for generic use later.

> >  void kunit_init_test(struct kunit *test, const char *name);
> > @@ -941,6 +946,25 @@ do {                                                                            \
> >                                               ptr,                           \
> >                                               NULL)
> >
> > +/**
> > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > + * not cause a KASAN error.
> > + *
> > + */
> > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {        \
> > +     test->kasan_report_expected = true;     \
> > +     test->kasan_report_found = false; \
> > +     condition; \
> > +     if (test->kasan_report_found == test->kasan_report_expected) { \
> > +             pr_info("%d has passed", __LINE__); \
> > +     } else { \
> > +             kunit_set_failure(test); \
> > +             pr_info("%d has failed", __LINE__); \
> > +     } \
> > +     test->kasan_report_expected = false;    \
> > +     test->kasan_report_found = false;       \
> > +} while (0)
> > +
>
> Feels like this belongs in test_kasan.c, and could be reworked
> to avoid adding test->kasan_report_[expected|found] as described
> above.

You're right. Since I don't see any reason why any other tests should
want to expect a KASAN error, it does make sense to move this logic
inside test_kasan.c. If, in the future, there is a need for this
elsewhere, we can always move it back then.

>  Instead of having your own pass/fail logic couldn't you
> do this:
>
>         KUNIT_EXPECT_EQ(test, expected, found);
>
> ? That will set the failure state too so no need to export
> a separate function for that, and no need to log anything
> as KUNIT_EXPECT_EQ() should do that for you.
>

This is a great idea - I feel a little silly that I didn't think of
that myself! Do we think the failure message for the KUNIT_EXPECT_EQ()
would be sufficient for KASAN developers?
i.e. "Expected kasan_report_expected == kasan_report_found, but
kasan_report_expected == true
kasan_report_found == false"

> >  /**
> >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> >   * @test: The test context object.
> > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > index 04278493bf15..db23d56061e7 100644
> > --- a/include/linux/sched.h
> > +++ b/include/linux/sched.h
> > @@ -32,6 +32,8 @@
> >  #include <linux/posix-timers.h>
> >  #include <linux/rseq.h>
> >
> > +#include <kunit/test.h>
> > +
>
> This feels like the wrong place to add this #include, and
> when I attempted to build to test I ran into a bunch of
> compilation errors; for example:
>
>  CC      kernel/sched/core.o
> In file included from ./include/linux/uaccess.h:11,
>                  from ./arch/x86/include/asm/fpu/xstate.h:5,
>                  from ./arch/x86/include/asm/pgtable.h:26,
>                  from ./include/linux/kasan.h:16,
>                  from ./include/linux/slab.h:136,
>                  from ./include/kunit/test.h:16,
>                  from ./include/linux/sched.h:35,
>                  from init/do_mounts.c:3:
> ./arch/x86/include/asm/uaccess.h: In function 'set_fs':
> ./arch/x86/include/asm/uaccess.h:32:9: error: dereferencing pointer to
> incomplete type 'struct task_struct'
>   current->thread.addr_limit = fs;
>
> (I'm testing with CONFIG_SLUB). Removing this #include
> resolves these errors, but then causes problems for
> lib/test_kasan.c. I'll dig around a bit more.
>

Yes, I was only testing with UML. Removing that #include fixed the
problem for me for both x86 and UML. Could you share more about the
errors you have encountered in lib/test_kasan.c?

> >  /* task_struct member predeclarations (sorted alphabetically): */
> >  struct audit_context;
> >  struct backing_dev_info;
> > @@ -1178,7 +1180,10 @@ struct task_struct {
> >
> >  #ifdef CONFIG_KASAN
> >       unsigned int                    kasan_depth;
> > -#endif
> > +#ifdef CONFIG_KUNIT
> > +     struct kunit *kasan_kunit_test;
> > +#endif /* CONFIG_KUNIT */
> > +#endif /* CONFIG_KASAN */
> >
> >  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
> >       /* Index of current stored address in ret_stack: */
> > diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> > index 9242f932896c..d266b9495c67 100644
> > --- a/lib/kunit/test.c
> > +++ b/lib/kunit/test.c
> > @@ -9,11 +9,12 @@
> >  #include <kunit/test.h>
> >  #include <linux/kernel.h>
> >  #include <linux/sched/debug.h>
> > +#include <linux/sched.h>
> >
> >  #include "string-stream.h"
> >  #include "try-catch-impl.h"
> >
> > -static void kunit_set_failure(struct kunit *test)
> > +void kunit_set_failure(struct kunit *test)
> >  {
> >       WRITE_ONCE(test->success, false);
> >  }
> > @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
> >       struct kunit_suite *suite = ctx->suite;
> >       struct kunit_case *test_case = ctx->test_case;
> >
> > +#ifdef CONFIG_KASAN
> > +     current->kasan_kunit_test = test;
> > +#endif
> > +
> >       /*
> >        * kunit_run_case_internal may encounter a fatal error; if it does,
> >        * abort will be called, this thread will exit, and finally the parent
> > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > index 5ef9f24f566b..5554d23799a5 100644
> > --- a/mm/kasan/report.c
> > +++ b/mm/kasan/report.c
> > @@ -32,6 +32,8 @@
> >
> >  #include <asm/sections.h>
> >
> > +#include <kunit/test.h>
> > +
> >  #include "kasan.h"
> >  #include "../slab.h"
> >
> > @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
> >       u8 tag = get_tag(object);
> >
> >       object = reset_tag(object);
> > +
> > +     if (current->kasan_kunit_test) {
> > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > +                     current->kasan_kunit_test->kasan_report_found = true;
> > +                     return;
> > +             }
> > +             kunit_set_failure(current->kasan_kunit_test);
> > +     }
> > +
> >       start_report(&flags);
> >       pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
> >       print_tags(tag, object);
> > @@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
> >       if (likely(!report_enabled()))
> >               return;
> >
> > +     if (current->kasan_kunit_test) {
> > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > +                     current->kasan_kunit_test->kasan_report_found = true;
> > +                     return;
> > +             }
> > +             kunit_set_failure(current->kasan_kunit_test);
> > +     }
> > +
> >       disable_trace_on_warning();
> >
> >       tagged_addr = (void *)addr;
> > diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
> > index cc5d844ecca1..63eab18a8c34 100644
> > --- a/tools/testing/kunit/kunit_kernel.py
> > +++ b/tools/testing/kunit/kunit_kernel.py
> > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> >               return True
> >
> >       def run_kernel(self, args=[], timeout=None, build_dir=''):
> > -             args.extend(['mem=256M'])
> > +             args.extend(['mem=256M', 'kasan_multi_shot'])
> >               process = self._ops.linux_bin(args, timeout, build_dir)
> >               with open(os.path.join(build_dir, 'test.log'), 'w') as f:
> >                       for line in process.stdout:
>
> I tried applying this to the "kunit" branch of linux-kselftest, and
> the above failed. Which branch are you building with? Probably
> best to use the kunit branch I think. Thanks!
>
I believe I am on Torvalds/master. There was some debate as to which
branch I should be developing on when I started, but it probably makes
sense for me to move to the "kunit" branch.

> Alan
>
> > --
> > 2.25.0.265.gbab2e86ba0-goog
> >
> >

-- 
Thank you for all your comments!
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27 14:45   ` Dmitry Vyukov
@ 2020-02-29  0:49     ` Patricia Alfonso
  0 siblings, 0 replies; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-29  0:49 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 6:45 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> <kasan-dev@googlegroups.com> wrote:
> >
> > Integrate KASAN into KUnit testing framework.
> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
>
> This does not build for me:
>
> $ make
> scripts/kconfig/conf  --syncconfig Kconfig
>   CC      arch/x86/kernel/asm-offsets.s
>   UPD     include/generated/asm-offsets.h
>   CALL    scripts/checksyscalls.sh
>   CALL    scripts/atomic/check-atomics.sh
>   DESCEND  objtool
>   CC      init/main.o
> In file included from ./include/linux/uaccess.h:11,
>                  from ./arch/x86/include/asm/fpu/xstate.h:5,
>                  from ./arch/x86/include/asm/pgtable.h:26,
>                  from ./include/linux/kasan.h:15,
>                  from ./include/linux/slab.h:136,
>                  from ./include/kunit/test.h:16,
>                  from ./include/linux/sched.h:35,
>                  from ./include/linux/ioprio.h:5,
>                  from ./include/linux/fs.h:39,
>                  from ./include/linux/proc_fs.h:9,
>                  from init/main.c:18:
> ./arch/x86/include/asm/uaccess.h: In function ‘set_fs’:
> ./arch/x86/include/asm/uaccess.h:31:9: error: dereferencing pointer to
> incomplete type ‘struct task_struct’
>    31 |  current->thread.addr_limit = fs;
>       |         ^~
> make[1]: *** [scripts/Makefile.build:268: init/main.o] Error 1
> make: *** [Makefile:1681: init] Error 2
>
>
> On bfdc6d91a25f4545bcd1b12e3219af4838142ef1 config:
> https://pastebin.com/raw/nwnL2N9w

I'm sorry. It seems I only ever tested locally on UML. As Alan
suggested, removing "#include <kunit/test.h>" from
include/linux/sched.h seems to fix this problem.

-- 
Best,
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27 14:39   ` Dmitry Vyukov
@ 2020-02-29  1:09     ` Patricia Alfonso
  2020-03-01  6:26       ` Dmitry Vyukov
  0 siblings, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-29  1:09 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 6:39 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> <kasan-dev@googlegroups.com> wrote:
> >
> > Integrate KASAN into KUnit testing framework.
> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > If anyone has any suggestions on how best to print the failure
> > messages, please share!
> >
> > One issue I have found while testing this is the allocation fails in
> > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > does cause the test to fail on the KUnit side, as expected, but it
> > seems to skip all the tests before this one because the output starts
> > with this failure instead of with the first test, kmalloc_oob_right().
> >
> >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> >  include/linux/sched.h               |  7 ++++++-
> >  lib/kunit/test.c                    |  7 ++++++-
> >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> >  tools/testing/kunit/kunit_kernel.py |  2 +-
> >  5 files changed, 56 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > index 2dfb550c6723..2e388f8937f3 100644
> > --- a/include/kunit/test.h
> > +++ b/include/kunit/test.h
> > @@ -21,6 +21,8 @@ struct kunit_resource;
> >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> >
> > +void kunit_set_failure(struct kunit *test);
> > +
> >  /**
> >   * struct kunit_resource - represents a *test managed resource*
> >   * @allocation: for the user to store arbitrary data.
> > @@ -191,6 +193,9 @@ struct kunit {
> >          * protect it with some type of lock.
> >          */
> >         struct list_head resources; /* Protected by lock. */
> > +
> > +       bool kasan_report_expected;
> > +       bool kasan_report_found;
> >  };
> >
> >  void kunit_init_test(struct kunit *test, const char *name);
> > @@ -941,6 +946,25 @@ do {                                                                              \
> >                                                 ptr,                           \
> >                                                 NULL)
> >
> > +/**
> > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > + * not cause a KASAN error.
>
> Oh, I see, this is not a test, but rather an ASSERT-like macro.
> Then maybe we should use it for actual expressions that are supposed
> to trigger KASAN errors?
>
> E.g. KUNIT_EXPECT_KASAN_FAIL(test, *(volatile int*)p);
>

This is one possible approach. I wasn't sure what would be the most
useful. Would it be most useful to assert an error is reported on a
function or assert an error is reported at a specific address?

>
> > + *
> > + */
> > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {  \
>
> s/condition/expression/
>
> > +       test->kasan_report_expected = true;     \
>
> Check that kasan_report_expected is unset. If these are nested things
> will break in confusing ways.
> Or otherwise we need to restore the previous value at the end.
>
Good point! I think I was just unsure of where I should set this value
and what the default should be.

> > +       test->kasan_report_found = false; \
> > +       condition; \
> > +       if (test->kasan_report_found == test->kasan_report_expected) { \
>
> We know that kasan_report_expected is true here, so we could just said:
>
> if (!test->kasan_report_found)
>
Good point! This is much more readable

> > +               pr_info("%d has passed", __LINE__); \
> > +       } else { \
> > +               kunit_set_failure(test); \
> > +               pr_info("%d has failed", __LINE__); \
>
> This needs a more readable error.
>
Yes, this was just a stand-in. I was wondering if you might have a
suggestion for the best way to print this failure message? Alan
suggested reusing the KUNIT_EXPECT_EQ() macro so the error message
would look something like:
"Expected kasan_report_expected == kasan_report_found, but
kasan_report_expected == true
kasan_report_found == false"

What do you think of this?

> > +       } \
> > +       test->kasan_report_expected = false;    \
> > +       test->kasan_report_found = false;       \
> > +} while (0)
> > +
> >  /**
> >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> >   * @test: The test context object.
> > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > index 04278493bf15..db23d56061e7 100644
> > --- a/include/linux/sched.h
> > +++ b/include/linux/sched.h
> > @@ -32,6 +32,8 @@
> >  #include <linux/posix-timers.h>
> >  #include <linux/rseq.h>
> >
> > +#include <kunit/test.h>
> > +
> >  /* task_struct member predeclarations (sorted alphabetically): */
> >  struct audit_context;
> >  struct backing_dev_info;
> > @@ -1178,7 +1180,10 @@ struct task_struct {
> >
> >  #ifdef CONFIG_KASAN
> >         unsigned int                    kasan_depth;
> > -#endif
> > +#ifdef CONFIG_KUNIT
> > +       struct kunit *kasan_kunit_test;
>
> I would assume we will use this for other things as well (failing
> tests on LOCKDEP errors, WARNINGs, etc).
> So I would call this just kunit_test and make non-dependent on KASAN right away.
>
Yeah, I think I just wanted to make it clear that this is only used
for KASAN, but I believe that was before we talked about extending
this.

> > +       if (current->kasan_kunit_test) {
>
> Strictly saying, this also needs to check in_task().
>

I was not aware of in_task()... can you explain its importance to me?

> > +               if (current->kasan_kunit_test->kasan_report_expected) {
> > +                       current->kasan_kunit_test->kasan_report_found = true;
> > +                       return;
> > +               }
> > +               kunit_set_failure(current->kasan_kunit_test);
> > +       }
>
> This chunk is duplicated 2 times. I think it will be more reasonable
> for KASAN code to just notify KUNIT that the error has happened, and
> then KUNIT will figure out what it means and what to do.
>
>
Yeah, I think moving this to the KUnit files is best too. I would like
to keep kunit_set_failure a static function as well.


-- 
Thank you for the comments!

Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27 14:43   ` Dmitry Vyukov
@ 2020-02-29  1:23     ` Patricia Alfonso
  2020-03-01  6:29       ` Dmitry Vyukov
  0 siblings, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-29  1:23 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 6:43 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> <kasan-dev@googlegroups.com> wrote:
> >
> > Integrate KASAN into KUnit testing framework.
> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > If anyone has any suggestions on how best to print the failure
> > messages, please share!
> >
> > One issue I have found while testing this is the allocation fails in
> > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > does cause the test to fail on the KUnit side, as expected, but it
> > seems to skip all the tests before this one because the output starts
> > with this failure instead of with the first test, kmalloc_oob_right().
>
> I don't follow this... we don't check output in any way, so how does
> output affect execution?...
>
I'm sorry. I think I was just reading the results wrong before - no
wonder I was confused!

I just recreated the error and it does work as expected.

>
> > --- a/tools/testing/kunit/kunit_kernel.py
> > +++ b/tools/testing/kunit/kunit_kernel.py
> > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> >                 return True
> >
> >         def run_kernel(self, args=[], timeout=None, build_dir=''):
> > -               args.extend(['mem=256M'])
> > +               args.extend(['mem=256M', 'kasan_multi_shot'])
>
> This is better done somewhere else (different default value if
> KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
> Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
> to be a mandatory part now. This means people will always hit this, be
> confused, figure out they need to flip the value, and only then be
> able to run kunit+kasan.
>
I agree. Is the best way to do this with "bool multishot =
kasan_save_enable_multi_shot();"  and
"kasan_restore_multi_shot(multishot);" inside test_kasan.c like what
was done in the tests before?

-- 
Thank you,
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-02-27 14:19 ` Dmitry Vyukov
@ 2020-02-29  1:56   ` Patricia Alfonso
  2020-03-01  6:39     ` Dmitry Vyukov
  2020-03-06 23:58   ` Patricia Alfonso
  1 sibling, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-02-29  1:56 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, vincent.guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 6:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> .On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
> <trishalfonso@google.com> wrote:
> >
> > Transfer all previous tests for KASAN to KUnit so they can be run
> > more easily. With proper KASAN integration into KUnit, developers can
> > run these tests with their other KUnit tests and see "pass" or "fail"
> > with the appropriate KASAN report instead of needing to parse each KASAN
> > report to test KASAN functionalities.
> >
> > Stack tests do not work in UML so those tests are protected inside an
> > "#if (CONFIG_KASAN_STACK == 1)" so this only runs if stack
> > instrumentation is enabled.
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > The KUnit version of these tests could be in addition to the existing
> > tests if that is preferred.
> >
> >  lib/Kconfig.kasan |   2 +-
> >  lib/test_kasan.c  | 352 +++++++++++++++++++++-------------------------
> >  2 files changed, 161 insertions(+), 193 deletions(-)
> >
> > diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> > index 5b54f3c9a741..f8cc9ed60677 100644
> > --- a/lib/Kconfig.kasan
> > +++ b/lib/Kconfig.kasan
> > @@ -160,7 +160,7 @@ config KASAN_VMALLOC
> >
> >  config TEST_KASAN
> >         tristate "Module for testing KASAN for bug detection"
> > -       depends on m && KASAN
> > +       depends on KASAN && KUNIT
> >         help
> >           This is a test module doing various nasty things like
> >           out of bounds accesses, use after free. It is useful for testing
> > diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> > index 3872d250ed2c..988650387a2a 100644
> > --- a/lib/test_kasan.c
> > +++ b/lib/test_kasan.c
> > @@ -23,17 +23,18 @@
> >
> >  #include <asm/page.h>
> >
> > +#include <kunit/test.h>
> > +
> >  /*
> >   * Note: test functions are marked noinline so that their names appear in
> >   * reports.
> >   */
> >
> > -static noinline void __init kmalloc_oob_right(void)
> > +static noinline void kmalloc_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = 123;
> >
> > -       pr_info("out-of-bounds to right\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -44,12 +45,11 @@ static noinline void __init kmalloc_oob_right(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_left(void)
> > +static noinline void kmalloc_oob_left(void)
> >  {
> >         char *ptr;
> >         size_t size = 15;
> >
> > -       pr_info("out-of-bounds to left\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -60,12 +60,11 @@ static noinline void __init kmalloc_oob_left(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_node_oob_right(void)
> > +static noinline void kmalloc_node_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = 4096;
> >
> > -       pr_info("kmalloc_node(): out-of-bounds to right\n");
> >         ptr = kmalloc_node(size, GFP_KERNEL, 0);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -77,7 +76,7 @@ static noinline void __init kmalloc_node_oob_right(void)
> >  }
> >
> >  #ifdef CONFIG_SLUB
> > -static noinline void __init kmalloc_pagealloc_oob_right(void)
> > +static noinline void kmalloc_pagealloc_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> > @@ -85,7 +84,6 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
> >         /* Allocate a chunk that does not fit into a SLUB cache to trigger
> >          * the page allocator fallback.
> >          */
> > -       pr_info("kmalloc pagealloc allocation: out-of-bounds to right\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -96,12 +94,11 @@ static noinline void __init kmalloc_pagealloc_oob_right(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_pagealloc_uaf(void)
> > +static noinline void kmalloc_pagealloc_uaf(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> >
> > -       pr_info("kmalloc pagealloc allocation: use-after-free\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -112,12 +109,11 @@ static noinline void __init kmalloc_pagealloc_uaf(void)
> >         ptr[0] = 0;
> >  }
> >
> > -static noinline void __init kmalloc_pagealloc_invalid_free(void)
> > +static noinline void kmalloc_pagealloc_invalid_free(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE + 10;
> >
> > -       pr_info("kmalloc pagealloc allocation: invalid-free\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -128,14 +124,13 @@ static noinline void __init kmalloc_pagealloc_invalid_free(void)
> >  }
> >  #endif
> >
> > -static noinline void __init kmalloc_large_oob_right(void)
> > +static noinline void kmalloc_large_oob_right(void)
> >  {
> >         char *ptr;
> >         size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
> >         /* Allocate a chunk that is large enough, but still fits into a slab
> >          * and does not trigger the page allocator fallback in SLUB.
> >          */
> > -       pr_info("kmalloc large allocation: out-of-bounds to right\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -146,13 +141,12 @@ static noinline void __init kmalloc_large_oob_right(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_krealloc_more(void)
> > +static noinline void kmalloc_oob_krealloc_more(void)
> >  {
> >         char *ptr1, *ptr2;
> >         size_t size1 = 17;
> >         size_t size2 = 19;
> >
> > -       pr_info("out-of-bounds after krealloc more\n");
> >         ptr1 = kmalloc(size1, GFP_KERNEL);
> >         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
> >         if (!ptr1 || !ptr2) {
> > @@ -166,13 +160,12 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kmalloc_oob_krealloc_less(void)
> > +static noinline void kmalloc_oob_krealloc_less(void)
> >  {
> >         char *ptr1, *ptr2;
> >         size_t size1 = 17;
> >         size_t size2 = 15;
> >
> > -       pr_info("out-of-bounds after krealloc less\n");
> >         ptr1 = kmalloc(size1, GFP_KERNEL);
> >         ptr2 = krealloc(ptr1, size2, GFP_KERNEL);
> >         if (!ptr1 || !ptr2) {
> > @@ -184,13 +177,12 @@ static noinline void __init kmalloc_oob_krealloc_less(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kmalloc_oob_16(void)
> > +static noinline void kmalloc_oob_16(void)
> >  {
> >         struct {
> >                 u64 words[2];
> >         } *ptr1, *ptr2;
> >
> > -       pr_info("kmalloc out-of-bounds for 16-bytes access\n");
> >         ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
> >         ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
> >         if (!ptr1 || !ptr2) {
> > @@ -204,12 +196,11 @@ static noinline void __init kmalloc_oob_16(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kmalloc_oob_memset_2(void)
> > +static noinline void kmalloc_oob_memset_2(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >
> > -       pr_info("out-of-bounds in memset2\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -220,12 +211,11 @@ static noinline void __init kmalloc_oob_memset_2(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_memset_4(void)
> > +static noinline void kmalloc_oob_memset_4(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >
> > -       pr_info("out-of-bounds in memset4\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -237,12 +227,11 @@ static noinline void __init kmalloc_oob_memset_4(void)
> >  }
> >
> >
> > -static noinline void __init kmalloc_oob_memset_8(void)
> > +static noinline void kmalloc_oob_memset_8(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >
> > -       pr_info("out-of-bounds in memset8\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -253,12 +242,11 @@ static noinline void __init kmalloc_oob_memset_8(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_memset_16(void)
> > +static noinline void kmalloc_oob_memset_16(void)
> >  {
> >         char *ptr;
> >         size_t size = 16;
> >
> > -       pr_info("out-of-bounds in memset16\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -269,12 +257,11 @@ static noinline void __init kmalloc_oob_memset_16(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_oob_in_memset(void)
> > +static noinline void kmalloc_oob_in_memset(void)
> >  {
> >         char *ptr;
> >         size_t size = 666;
> >
> > -       pr_info("out-of-bounds in memset\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -285,12 +272,11 @@ static noinline void __init kmalloc_oob_in_memset(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kmalloc_uaf(void)
> > +static noinline void kmalloc_uaf(void)
> >  {
> >         char *ptr;
> >         size_t size = 10;
> >
> > -       pr_info("use-after-free\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -301,12 +287,11 @@ static noinline void __init kmalloc_uaf(void)
> >         *(ptr + 8) = 'x';
> >  }
> >
> > -static noinline void __init kmalloc_uaf_memset(void)
> > +static noinline void kmalloc_uaf_memset(void)
> >  {
> >         char *ptr;
> >         size_t size = 33;
> >
> > -       pr_info("use-after-free in memset\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -317,12 +302,11 @@ static noinline void __init kmalloc_uaf_memset(void)
> >         memset(ptr, 0, size);
> >  }
> >
> > -static noinline void __init kmalloc_uaf2(void)
> > +static noinline void kmalloc_uaf2(void)
> >  {
> >         char *ptr1, *ptr2;
> >         size_t size = 43;
> >
> > -       pr_info("use-after-free after another kmalloc\n");
> >         ptr1 = kmalloc(size, GFP_KERNEL);
> >         if (!ptr1) {
> >                 pr_err("Allocation failed\n");
> > @@ -342,14 +326,13 @@ static noinline void __init kmalloc_uaf2(void)
> >         kfree(ptr2);
> >  }
> >
> > -static noinline void __init kfree_via_page(void)
> > +static noinline void kfree_via_page(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >         struct page *page;
> >         unsigned long offset;
> >
> > -       pr_info("invalid-free false positive (via page)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -361,13 +344,12 @@ static noinline void __init kfree_via_page(void)
> >         kfree(page_address(page) + offset);
> >  }
> >
> > -static noinline void __init kfree_via_phys(void)
> > +static noinline void kfree_via_phys(void)
> >  {
> >         char *ptr;
> >         size_t size = 8;
> >         phys_addr_t phys;
> >
> > -       pr_info("invalid-free false positive (via phys)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -378,7 +360,7 @@ static noinline void __init kfree_via_phys(void)
> >         kfree(phys_to_virt(phys));
> >  }
> >
> > -static noinline void __init kmem_cache_oob(void)
> > +static noinline void kmem_cache_oob(void)
> >  {
> >         char *p;
> >         size_t size = 200;
> > @@ -389,7 +371,6 @@ static noinline void __init kmem_cache_oob(void)
> >                 pr_err("Cache allocation failed\n");
> >                 return;
> >         }
> > -       pr_info("out-of-bounds in kmem_cache_alloc\n");
> >         p = kmem_cache_alloc(cache, GFP_KERNEL);
> >         if (!p) {
> >                 pr_err("Allocation failed\n");
> > @@ -402,7 +383,7 @@ static noinline void __init kmem_cache_oob(void)
> >         kmem_cache_destroy(cache);
> >  }
> >
> > -static noinline void __init memcg_accounted_kmem_cache(void)
> > +static noinline void memcg_accounted_kmem_cache(void)
> >  {
> >         int i;
> >         char *p;
> > @@ -415,7 +396,6 @@ static noinline void __init memcg_accounted_kmem_cache(void)
> >                 return;
> >         }
> >
> > -       pr_info("allocate memcg accounted object\n");
> >         /*
> >          * Several allocations with a delay to allow for lazy per memcg kmem
> >          * cache creation.
> > @@ -435,31 +415,19 @@ static noinline void __init memcg_accounted_kmem_cache(void)
> >
> >  static char global_array[10];
> >
> > -static noinline void __init kasan_global_oob(void)
> > +static noinline void kasan_global_oob(void)
> >  {
> >         volatile int i = 3;
> >         char *p = &global_array[ARRAY_SIZE(global_array) + i];
> >
> > -       pr_info("out-of-bounds global variable\n");
> > -       *(volatile char *)p;
> > -}
> > -
> > -static noinline void __init kasan_stack_oob(void)
>
> Let's keep it but also make dependent on CONFIG_KASAN_STACK
>
> > -{
> > -       char stack_array[10];
> > -       volatile int i = 0;
> > -       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
> > -
> > -       pr_info("out-of-bounds on stack\n");
> >         *(volatile char *)p;
> >  }
> >
> > -static noinline void __init ksize_unpoisons_memory(void)
> > +static noinline void ksize_unpoisons_memory(void)
> >  {
> >         char *ptr;
> >         size_t size = 123, real_size;
> >
> > -       pr_info("ksize() unpoisons the whole allocated chunk\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -473,72 +441,36 @@ static noinline void __init ksize_unpoisons_memory(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init copy_user_test(void)
> > +#if (CONFIG_KASAN_STACK == 1)
>
> The more common syntax for this is:
>
> #ifdef CONFIG_KASAN_STACK
>
> but it would even better to do:
>
> if (IS_ENABLED(CONFIG_KASAN_STACK))
>
> and return early. This way we at least test compilation (e.g.
> CONFIG_KASAN_STACK is not supported on your arch, you change tests and
> build break them because they were not even compiled).
>
>
Thank you!

> > +static noinline void kasan_stack_oob(void)
> >  {
> > -       char *kmem;
> > -       char __user *usermem;
> > -       size_t size = 10;
> > -       int unused;
> > -
> > -       kmem = kmalloc(size, GFP_KERNEL);
> > -       if (!kmem)
> > -               return;
> > -
> > -       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> > -                           PROT_READ | PROT_WRITE | PROT_EXEC,
> > -                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> > -       if (IS_ERR(usermem)) {
> > -               pr_err("Failed to allocate user memory\n");
> > -               kfree(kmem);
> > -               return;
> > -       }
> > -
> > -       pr_info("out-of-bounds in copy_from_user()\n");
> > -       unused = copy_from_user(kmem, usermem, size + 1);
>
> Why is all of this removed?
> Most of these tests are hard earned and test some special corner cases.
>
I just moved it inside IS_MODULE(CONFIG_TEST_KASAN) instead because I
don't think there is a way to rewrite this without it being a module.

> > -
> > -       pr_info("out-of-bounds in copy_to_user()\n");
> > -       unused = copy_to_user(usermem, kmem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_from_user()\n");
> > -       unused = __copy_from_user(kmem, usermem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_to_user()\n");
> > -       unused = __copy_to_user(usermem, kmem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> > -       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> > -
> > -       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> > -       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> > -
> > -       pr_info("out-of-bounds in strncpy_from_user()\n");
> > -       unused = strncpy_from_user(kmem, usermem, size + 1);
> > +       char stack_array[10];
> > +       volatile int i = 0;
> > +       char *p = &stack_array[ARRAY_SIZE(stack_array) + i];
> >
> > -       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> > -       kfree(kmem);
> > +       *(volatile char *)p;
> >  }
> >
> > -static noinline void __init kasan_alloca_oob_left(void)
> > +static noinline void kasan_alloca_oob_left(void)
> >  {
> >         volatile int i = 10;
> >         char alloca_array[i];
> >         char *p = alloca_array - 1;
> >
> > -       pr_info("out-of-bounds to left on alloca\n");
> >         *(volatile char *)p;
> >  }
> >
> > -static noinline void __init kasan_alloca_oob_right(void)
> > +static noinline void kasan_alloca_oob_right(void)
> >  {
> >         volatile int i = 10;
> >         char alloca_array[i];
> >         char *p = alloca_array + i;
> >
> > -       pr_info("out-of-bounds to right on alloca\n");
> >         *(volatile char *)p;
> >  }
> > +#endif /* CONFIG_KASAN_STACK */
> >
> > -static noinline void __init kmem_cache_double_free(void)
> > +static noinline void kmem_cache_double_free(void)
> >  {
> >         char *p;
> >         size_t size = 200;
> > @@ -549,7 +481,6 @@ static noinline void __init kmem_cache_double_free(void)
> >                 pr_err("Cache allocation failed\n");
> >                 return;
> >         }
> > -       pr_info("double-free on heap object\n");
> >         p = kmem_cache_alloc(cache, GFP_KERNEL);
> >         if (!p) {
> >                 pr_err("Allocation failed\n");
> > @@ -562,7 +493,7 @@ static noinline void __init kmem_cache_double_free(void)
> >         kmem_cache_destroy(cache);
> >  }
> >
> > -static noinline void __init kmem_cache_invalid_free(void)
> > +static noinline void kmem_cache_invalid_free(void)
> >  {
> >         char *p;
> >         size_t size = 200;
> > @@ -574,7 +505,6 @@ static noinline void __init kmem_cache_invalid_free(void)
> >                 pr_err("Cache allocation failed\n");
> >                 return;
> >         }
> > -       pr_info("invalid-free of heap object\n");
> >         p = kmem_cache_alloc(cache, GFP_KERNEL);
> >         if (!p) {
> >                 pr_err("Allocation failed\n");
> > @@ -594,12 +524,11 @@ static noinline void __init kmem_cache_invalid_free(void)
> >         kmem_cache_destroy(cache);
> >  }
> >
> > -static noinline void __init kasan_memchr(void)
> > +static noinline void kasan_memchr(void)
> >  {
> >         char *ptr;
> >         size_t size = 24;
> >
> > -       pr_info("out-of-bounds in memchr\n");
> >         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
> >         if (!ptr)
> >                 return;
> > @@ -608,13 +537,12 @@ static noinline void __init kasan_memchr(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kasan_memcmp(void)
> > +static noinline void kasan_memcmp(void)
> >  {
> >         char *ptr;
> >         size_t size = 24;
> >         int arr[9];
> >
> > -       pr_info("out-of-bounds in memcmp\n");
> >         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
> >         if (!ptr)
> >                 return;
> > @@ -624,12 +552,11 @@ static noinline void __init kasan_memcmp(void)
> >         kfree(ptr);
> >  }
> >
> > -static noinline void __init kasan_strings(void)
> > +static noinline void kasan_strings(void)
> >  {
> >         char *ptr;
> >         size_t size = 24;
> >
> > -       pr_info("use-after-free in strchr\n");
> >         ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
> >         if (!ptr)
> >                 return;
> > @@ -645,23 +572,18 @@ static noinline void __init kasan_strings(void)
> >         ptr += 16;
> >         strchr(ptr, '1');
> >
> > -       pr_info("use-after-free in strrchr\n");
> >         strrchr(ptr, '1');
> >
> > -       pr_info("use-after-free in strcmp\n");
> >         strcmp(ptr, "2");
>
> Such tests now need to be split into multiple tests, one error per
> test. Otherwise they don't test what they are supposed to test (each
> of these produces an error).
> Well, I mean, currently they don't test anything at all, but with
> kunit we actually can test this, so it would be good to actually test
> what this test was supposed to test :)
> This applies to other tests as well.
>
I didn't realize. I'll split up those tests for v2.

>
> > -       pr_info("use-after-free in strncmp\n");
> >         strncmp(ptr, "2", 1);
> >
> > -       pr_info("use-after-free in strlen\n");
> >         strlen(ptr);
> >
> > -       pr_info("use-after-free in strnlen\n");
> >         strnlen(ptr, 1);
> >  }
> >
> > -static noinline void __init kasan_bitops(void)
> > +static noinline void kasan_bitops(void)
> >  {
> >         /*
> >          * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
> > @@ -676,70 +598,52 @@ static noinline void __init kasan_bitops(void)
> >          * below accesses are still out-of-bounds, since bitops are defined to
> >          * operate on the whole long the bit is in.
> >          */
> > -       pr_info("out-of-bounds in set_bit\n");
> >         set_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __set_bit\n");
> >         __set_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in clear_bit\n");
> >         clear_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __clear_bit\n");
> >         __clear_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in clear_bit_unlock\n");
> >         clear_bit_unlock(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __clear_bit_unlock\n");
> >         __clear_bit_unlock(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in change_bit\n");
> >         change_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __change_bit\n");
> >         __change_bit(BITS_PER_LONG, bits);
> >
> >         /*
> >          * Below calls try to access bit beyond allocated memory.
> >          */
> > -       pr_info("out-of-bounds in test_and_set_bit\n");
> >         test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_set_bit\n");
> >         __test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_set_bit_lock\n");
> >         test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_clear_bit\n");
> >         test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_clear_bit\n");
> >         __test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_change_bit\n");
> >         test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_change_bit\n");
> >         __test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_bit\n");
> >         (void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> >  #if defined(clear_bit_unlock_is_negative_byte)
> > -       pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
> >         clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >  #endif
> >         kfree(bits);
> >  }
> >
> > -static noinline void __init kmalloc_double_kzfree(void)
> > +static noinline void kmalloc_double_kzfree(void)
>
> Since it seems we will need v2, it will help if you move these
> mechanical diffs to a separate patch. I mean removal of __init and
> pr_info. These produce lots of changes and it's hard to separate out
> more meaningful changes from this mechanical noise.
>
Good point!

> >  {
> >         char *ptr;
> >         size_t size = 16;
> >
> > -       pr_info("double-free (kzfree)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -750,29 +654,130 @@ static noinline void __init kmalloc_double_kzfree(void)
> >         kzfree(ptr);
> >  }
> >
> > -#ifdef CONFIG_KASAN_VMALLOC
> > -static noinline void __init vmalloc_oob(void)
> > +static void kunit_test_oob(struct kunit *test)
> > +{
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_right());
>
> I think the 2 patches need to be reordered. This
> KUNIT_EXPECT_KASAN_FAIL is introduced only in the next patch. This
> will break build during bisections.
>
This makes sense. I will reorder them for v2

> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_left());
>
> I am wondering if it makes sense to have the "KASAN_FAIL" part be part
> of the test itself. It will make the test and assertion local to each
> other. I hope later we will add some negative tests as well (without
> kasan errors), then people will start copy-pasting these macros and
> it's possible I copy-paste macro that checks that the test does not
> produce kasan error for my test, which I actually want the macro that
> checks for report. Then if my test does not fail, it will be
> unnoticed. I may be good to have assertion local to the test itself.
> Thoughts?
>
Alan suggested this as well. Since I can't imagine another place where
these expectations will be used, I will move the definition of
KUNIT_EXPECT_KASAN_FAILURE into test_kasan.c.

> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_node_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_large_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_more());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_less());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_16());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_in_memset());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_2());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_4());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_8());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_16());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_global_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, ksize_unpoisons_memory());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memchr());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memcmp());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_strings());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_bitops());
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_oob_right());
> > +#endif /* CONFIG_SLUB */
> > +
> > +#if (CONFIG_KASAN_STACK == 1)
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_stack_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_left());
> > +#endif /*CONFIG_KASAN_STACK*/
> > +}
> > +
> > +static void kunit_test_uaf(struct kunit *test)
> > +{
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_uaf());
> > +#endif
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf_memset());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf2());
> > +}
> > +
> > +static void kunit_test_invalid_free(struct kunit *test)
> >  {
> > -       void *area;
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_invalid_free());
> > +#endif
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_invalid_free());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_double_free());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_double_kzfree());
> > +}
> >
> > -       pr_info("vmalloc out-of-bounds\n");
> > +static void kunit_test_false_positives(struct kunit *test)
> > +{
> > +       kfree_via_page();
> > +       kfree_via_phys();
> > +}
> >
> > -       /*
> > -        * We have to be careful not to hit the guard page.
> > -        * The MMU will catch that and crash us.
> > -        */
> > -       area = vmalloc(3000);
> > -       if (!area) {
> > -               pr_err("Allocation failed\n");
> > +static void kunit_test_memcg(struct kunit *test)
> > +{
> > +       memcg_accounted_kmem_cache();
> > +}
> > +
> > +static struct kunit_case kasan_kunit_test_cases[] = {
> > +       KUNIT_CASE(kunit_test_oob),
> > +       KUNIT_CASE(kunit_test_uaf),
> > +       KUNIT_CASE(kunit_test_invalid_free),
> > +       KUNIT_CASE(kunit_test_false_positives),
> > +       KUNIT_CASE(kunit_test_memcg),
> > +       {}
> > +};
> > +
> > +static struct kunit_suite kasan_kunit_test_suite = {
> > +       .name = "kasan_kunit_test",
> > +       .test_cases = kasan_kunit_test_cases,
> > +};
> > +
> > +kunit_test_suite(kasan_kunit_test_suite);
> > +
> > +#if IS_MODULE(CONFIG_TEST_KASAN)
> > +static noinline void __init copy_user_test(void)
> > +{
> > +       char *kmem;
> > +       char __user *usermem;
> > +       size_t size = 10;
> > +       int unused;
> > +
> > +       kmem = kmalloc(size, GFP_KERNEL);
> > +       if (!kmem)
> > +               return;
> > +
> > +       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> > +                           PROT_READ | PROT_WRITE | PROT_EXEC,
> > +                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> > +       if (IS_ERR(usermem)) {
> > +               pr_err("Failed to allocate user memory\n");
> > +               kfree(kmem);
> >                 return;
> >         }
> >
> > -       ((volatile char *)area)[3100];
> > -       vfree(area);
> > +       pr_info("out-of-bounds in copy_from_user()\n");
> > +       unused = copy_from_user(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in copy_to_user()\n");
> > +       unused = copy_to_user(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_from_user()\n");
> > +       unused = __copy_from_user(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_to_user()\n");
> > +       unused = __copy_to_user(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> > +       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> > +       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in strncpy_from_user()\n");
> > +       unused = strncpy_from_user(kmem, usermem, size + 1);
> > +
> > +       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> > +       kfree(kmem);
> >  }
> > -#else
> > -static void __init vmalloc_oob(void) {}
> > -#endif
> >
> >  static int __init kmalloc_tests_init(void)
> >  {
> > @@ -782,44 +787,7 @@ static int __init kmalloc_tests_init(void)
> >          */
> >         bool multishot = kasan_save_enable_multi_shot();
> >
> > -       kmalloc_oob_right();
> > -       kmalloc_oob_left();
> > -       kmalloc_node_oob_right();
> > -#ifdef CONFIG_SLUB
> > -       kmalloc_pagealloc_oob_right();
> > -       kmalloc_pagealloc_uaf();
> > -       kmalloc_pagealloc_invalid_free();
> > -#endif
> > -       kmalloc_large_oob_right();
> > -       kmalloc_oob_krealloc_more();
> > -       kmalloc_oob_krealloc_less();
> > -       kmalloc_oob_16();
> > -       kmalloc_oob_in_memset();
> > -       kmalloc_oob_memset_2();
> > -       kmalloc_oob_memset_4();
> > -       kmalloc_oob_memset_8();
> > -       kmalloc_oob_memset_16();
> > -       kmalloc_uaf();
> > -       kmalloc_uaf_memset();
> > -       kmalloc_uaf2();
> > -       kfree_via_page();
> > -       kfree_via_phys();
> > -       kmem_cache_oob();
> > -       memcg_accounted_kmem_cache();
> > -       kasan_stack_oob();
> > -       kasan_global_oob();
> > -       kasan_alloca_oob_left();
> > -       kasan_alloca_oob_right();
> > -       ksize_unpoisons_memory();
> >         copy_user_test();
> > -       kmem_cache_double_free();
> > -       kmem_cache_invalid_free();
> > -       kasan_memchr();
> > -       kasan_memcmp();
> > -       kasan_strings();
> > -       kasan_bitops();
> > -       kmalloc_double_kzfree();
> > -       vmalloc_oob();
> >
> >         kasan_restore_multi_shot(multishot);
> >
> > @@ -827,4 +795,4 @@ static int __init kmalloc_tests_init(void)
> >  }
> >
> >  module_init(kmalloc_tests_init);
> > -MODULE_LICENSE("GPL");
> > +#endif /* IS_MODULE(CONFIG_TEST_KASAN) */
> > --
> > 2.25.0.265.gbab2e86ba0-goog
> >



-- 
Thanks!
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-29  1:09     ` Patricia Alfonso
@ 2020-03-01  6:26       ` Dmitry Vyukov
  0 siblings, 0 replies; 33+ messages in thread
From: Dmitry Vyukov @ 2020-03-01  6:26 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Sat, Feb 29, 2020 at 2:09 AM Patricia Alfonso
<trishalfonso@google.com> wrote:
> > <kasan-dev@googlegroups.com> wrote:
> > >
> > > Integrate KASAN into KUnit testing framework.
> > >  - Fail tests when KASAN reports an error that is not expected
> > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > >  - KUnit struct added to current task to keep track of the current test
> > > from KASAN code
> > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > >  report is found added to kunit struct
> > >  - This prints "line# has passed" or "line# has failed"
> > >
> > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > ---
> > > If anyone has any suggestions on how best to print the failure
> > > messages, please share!
> > >
> > > One issue I have found while testing this is the allocation fails in
> > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > does cause the test to fail on the KUnit side, as expected, but it
> > > seems to skip all the tests before this one because the output starts
> > > with this failure instead of with the first test, kmalloc_oob_right().
> > >
> > >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> > >  include/linux/sched.h               |  7 ++++++-
> > >  lib/kunit/test.c                    |  7 ++++++-
> > >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> > >  tools/testing/kunit/kunit_kernel.py |  2 +-
> > >  5 files changed, 56 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > > index 2dfb550c6723..2e388f8937f3 100644
> > > --- a/include/kunit/test.h
> > > +++ b/include/kunit/test.h
> > > @@ -21,6 +21,8 @@ struct kunit_resource;
> > >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> > >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> > >
> > > +void kunit_set_failure(struct kunit *test);
> > > +
> > >  /**
> > >   * struct kunit_resource - represents a *test managed resource*
> > >   * @allocation: for the user to store arbitrary data.
> > > @@ -191,6 +193,9 @@ struct kunit {
> > >          * protect it with some type of lock.
> > >          */
> > >         struct list_head resources; /* Protected by lock. */
> > > +
> > > +       bool kasan_report_expected;
> > > +       bool kasan_report_found;
> > >  };
> > >
> > >  void kunit_init_test(struct kunit *test, const char *name);
> > > @@ -941,6 +946,25 @@ do {                                                                              \
> > >                                                 ptr,                           \
> > >                                                 NULL)
> > >
> > > +/**
> > > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > > + * not cause a KASAN error.
> >
> > Oh, I see, this is not a test, but rather an ASSERT-like macro.
> > Then maybe we should use it for actual expressions that are supposed
> > to trigger KASAN errors?
> >
> > E.g. KUNIT_EXPECT_KASAN_FAIL(test, *(volatile int*)p);
> >
>
> This is one possible approach. I wasn't sure what would be the most
> useful. Would it be most useful to assert an error is reported on a
> function or assert an error is reported at a specific address?

I would say assert on a specific line of code/expression for locality reasons.
This will also solve the problem for tests that trigger several
reports, this way we can check that we get N reports.


> > > + *
> > > + */
> > > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {  \
> >
> > s/condition/expression/
> >
> > > +       test->kasan_report_expected = true;     \
> >
> > Check that kasan_report_expected is unset. If these are nested things
> > will break in confusing ways.
> > Or otherwise we need to restore the previous value at the end.
> >
> Good point! I think I was just unsure of where I should set this value
> and what the default should be.
>
> > > +       test->kasan_report_found = false; \
> > > +       condition; \
> > > +       if (test->kasan_report_found == test->kasan_report_expected) { \
> >
> > We know that kasan_report_expected is true here, so we could just said:
> >
> > if (!test->kasan_report_found)
> >
> Good point! This is much more readable
>
> > > +               pr_info("%d has passed", __LINE__); \
> > > +       } else { \
> > > +               kunit_set_failure(test); \
> > > +               pr_info("%d has failed", __LINE__); \
> >
> > This needs a more readable error.
> >
> Yes, this was just a stand-in. I was wondering if you might have a
> suggestion for the best way to print this failure message? Alan
> suggested reusing the KUNIT_EXPECT_EQ() macro so the error message
> would look something like:
> "Expected kasan_report_expected == kasan_report_found, but
> kasan_report_expected == true
> kasan_report_found == false"
>
> What do you think of this?

I will be able to understand why the test has failed reading this error message.
A more human-friendly message may be better, but if this makes for
better consistency I am fine with this.

> > > +       } \
> > > +       test->kasan_report_expected = false;    \
> > > +       test->kasan_report_found = false;       \
> > > +} while (0)
> > > +
> > >  /**
> > >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> > >   * @test: The test context object.
> > > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > > index 04278493bf15..db23d56061e7 100644
> > > --- a/include/linux/sched.h
> > > +++ b/include/linux/sched.h
> > > @@ -32,6 +32,8 @@
> > >  #include <linux/posix-timers.h>
> > >  #include <linux/rseq.h>
> > >
> > > +#include <kunit/test.h>
> > > +
> > >  /* task_struct member predeclarations (sorted alphabetically): */
> > >  struct audit_context;
> > >  struct backing_dev_info;
> > > @@ -1178,7 +1180,10 @@ struct task_struct {
> > >
> > >  #ifdef CONFIG_KASAN
> > >         unsigned int                    kasan_depth;
> > > -#endif
> > > +#ifdef CONFIG_KUNIT
> > > +       struct kunit *kasan_kunit_test;
> >
> > I would assume we will use this for other things as well (failing
> > tests on LOCKDEP errors, WARNINGs, etc).
> > So I would call this just kunit_test and make non-dependent on KASAN right away.
> >
> Yeah, I think I just wanted to make it clear that this is only used
> for KASAN, but I believe that was before we talked about extending
> this.
>
> > > +       if (current->kasan_kunit_test) {
> >
> > Strictly saying, this also needs to check in_task().
> >
>
> I was not aware of in_task()... can you explain its importance to me?
>
> > > +               if (current->kasan_kunit_test->kasan_report_expected) {
> > > +                       current->kasan_kunit_test->kasan_report_found = true;
> > > +                       return;
> > > +               }
> > > +               kunit_set_failure(current->kasan_kunit_test);
> > > +       }
> >
> > This chunk is duplicated 2 times. I think it will be more reasonable
> > for KASAN code to just notify KUNIT that the error has happened, and
> > then KUNIT will figure out what it means and what to do.
> >
> >
> Yeah, I think moving this to the KUnit files is best too. I would like
> to keep kunit_set_failure a static function as well.
>
>
> --
> Thank you for the comments!
>
> Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-29  1:23     ` Patricia Alfonso
@ 2020-03-01  6:29       ` Dmitry Vyukov
  2020-03-04  1:26         ` Patricia Alfonso
  0 siblings, 1 reply; 33+ messages in thread
From: Dmitry Vyukov @ 2020-03-01  6:29 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Sat, Feb 29, 2020 at 2:23 AM Patricia Alfonso
<trishalfonso@google.com> wrote:
> >
> > On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> > <kasan-dev@googlegroups.com> wrote:
> > >
> > > Integrate KASAN into KUnit testing framework.
> > >  - Fail tests when KASAN reports an error that is not expected
> > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > >  - KUnit struct added to current task to keep track of the current test
> > > from KASAN code
> > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > >  report is found added to kunit struct
> > >  - This prints "line# has passed" or "line# has failed"
> > >
> > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > ---
> > > If anyone has any suggestions on how best to print the failure
> > > messages, please share!
> > >
> > > One issue I have found while testing this is the allocation fails in
> > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > does cause the test to fail on the KUnit side, as expected, but it
> > > seems to skip all the tests before this one because the output starts
> > > with this failure instead of with the first test, kmalloc_oob_right().
> >
> > I don't follow this... we don't check output in any way, so how does
> > output affect execution?...
> >
> I'm sorry. I think I was just reading the results wrong before - no
> wonder I was confused!
>
> I just recreated the error and it does work as expected.
>
> >
> > > --- a/tools/testing/kunit/kunit_kernel.py
> > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > >                 return True
> > >
> > >         def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > -               args.extend(['mem=256M'])
> > > +               args.extend(['mem=256M', 'kasan_multi_shot'])
> >
> > This is better done somewhere else (different default value if
> > KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
> > Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
> > to be a mandatory part now. This means people will always hit this, be
> > confused, figure out they need to flip the value, and only then be
> > able to run kunit+kasan.
> >
> I agree. Is the best way to do this with "bool multishot =
> kasan_save_enable_multi_shot();"  and
> "kasan_restore_multi_shot(multishot);" inside test_kasan.c like what
> was done in the tests before?

This will fix KASAN tests, but not non-KASAN tests running under KUNIT
and triggering KASAN reports.
You set kasan_multi_shot for all KUNIT tests. I am reading this as
that we don't want to abort on the first test that triggered a KASAN
report. Or not?

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-02-29  1:56   ` Patricia Alfonso
@ 2020-03-01  6:39     ` Dmitry Vyukov
  2020-03-02 17:52       ` Kees Cook
  0 siblings, 1 reply; 33+ messages in thread
From: Dmitry Vyukov @ 2020-03-01  6:39 UTC (permalink / raw)
  To: Patricia Alfonso, Kees Cook
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Sat, Feb 29, 2020 at 2:56 AM Patricia Alfonso
<trishalfonso@google.com> wrote:
> On Thu, Feb 27, 2020 at 6:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
> >
> > .On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
> > > -       pr_info("out-of-bounds in copy_from_user()\n");
> > > -       unused = copy_from_user(kmem, usermem, size + 1);
> >
> > Why is all of this removed?
> > Most of these tests are hard earned and test some special corner cases.
> >
> I just moved it inside IS_MODULE(CONFIG_TEST_KASAN) instead because I
> don't think there is a way to rewrite this without it being a module.

You mean these are unconditionally crashing the machine? If yes,
please add a comment about this.

Theoretically we could have a notion of "death tests" similar to gunit:
https://stackoverflow.com/questions/3698718/what-are-google-test-death-tests
KUnit test runner wrapper would need to spawn a separete process per
each such test. Under non-KUnit test runner these should probably be
disabled by default and only run if specifically requested (a-la
--gunit_filter/--gunit_also_run_disabled_tests).
Could also be used to test other things that unconditionally panic,
e.g. +Kees may be happy for unit tests for some of the
hardening/fortification features.
I am not asking to bundle this with this change of course.

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-03-01  6:39     ` Dmitry Vyukov
@ 2020-03-02 17:52       ` Kees Cook
  2020-03-02 22:36         ` Brendan Higgins
  0 siblings, 1 reply; 33+ messages in thread
From: Kees Cook @ 2020-03-02 17:52 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Patricia Alfonso, Andrey Ryabinin, Brendan Higgins, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Sat, Feb 29, 2020 at 10:39 PM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Sat, Feb 29, 2020 at 2:56 AM Patricia Alfonso
> <trishalfonso@google.com> wrote:
> > On Thu, Feb 27, 2020 at 6:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
> > >
> > > .On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
> > > > -       pr_info("out-of-bounds in copy_from_user()\n");
> > > > -       unused = copy_from_user(kmem, usermem, size + 1);
> > >
> > > Why is all of this removed?
> > > Most of these tests are hard earned and test some special corner cases.
> > >
> > I just moved it inside IS_MODULE(CONFIG_TEST_KASAN) instead because I
> > don't think there is a way to rewrite this without it being a module.
>
> You mean these are unconditionally crashing the machine? If yes,
> please add a comment about this.
>
> Theoretically we could have a notion of "death tests" similar to gunit:
> https://stackoverflow.com/questions/3698718/what-are-google-test-death-tests
> KUnit test runner wrapper would need to spawn a separete process per
> each such test. Under non-KUnit test runner these should probably be
> disabled by default and only run if specifically requested (a-la
> --gunit_filter/--gunit_also_run_disabled_tests).
> Could also be used to test other things that unconditionally panic,
> e.g. +Kees may be happy for unit tests for some of the
> hardening/fortification features.
> I am not asking to bundle this with this change of course.

A bunch of LKDTM tests can kill the system too. I collected the list
when building the selftest script for LKDTM:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/lkdtm/tests.txt

I'm all for unittests (I have earlier kind-of-unit-tests in
lib/test_user_copy.c lib/test_overflow.c etc), but most of LKDTM is
designed to be full system-behavior testing ("does the system correct
BUG the current thread, when some deeper system state is violated?")

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-03-02 17:52       ` Kees Cook
@ 2020-03-02 22:36         ` Brendan Higgins
  2020-03-02 23:02           ` Kees Cook
  0 siblings, 1 reply; 33+ messages in thread
From: Brendan Higgins @ 2020-03-02 22:36 UTC (permalink / raw)
  To: Kees Cook
  Cc: Dmitry Vyukov, Patricia Alfonso, Andrey Ryabinin, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK,
	KUnit Development

On Mon, Mar 2, 2020 at 9:52 AM Kees Cook <keescook@chromium.org> wrote:
>
> On Sat, Feb 29, 2020 at 10:39 PM Dmitry Vyukov <dvyukov@google.com> wrote:
> >
> > On Sat, Feb 29, 2020 at 2:56 AM Patricia Alfonso
> > <trishalfonso@google.com> wrote:
> > > On Thu, Feb 27, 2020 at 6:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
> > > >
> > > > .On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
> > > > > -       pr_info("out-of-bounds in copy_from_user()\n");
> > > > > -       unused = copy_from_user(kmem, usermem, size + 1);
> > > >
> > > > Why is all of this removed?
> > > > Most of these tests are hard earned and test some special corner cases.
> > > >
> > > I just moved it inside IS_MODULE(CONFIG_TEST_KASAN) instead because I
> > > don't think there is a way to rewrite this without it being a module.
> >
> > You mean these are unconditionally crashing the machine? If yes,
> > please add a comment about this.
> >
> > Theoretically we could have a notion of "death tests" similar to gunit:
> > https://stackoverflow.com/questions/3698718/what-are-google-test-death-tests
> > KUnit test runner wrapper would need to spawn a separete process per
> > each such test. Under non-KUnit test runner these should probably be
> > disabled by default and only run if specifically requested (a-la
> > --gunit_filter/--gunit_also_run_disabled_tests).
> > Could also be used to test other things that unconditionally panic,
> > e.g. +Kees may be happy for unit tests for some of the
> > hardening/fortification features.
> > I am not asking to bundle this with this change of course.
>
> A bunch of LKDTM tests can kill the system too. I collected the list
> when building the selftest script for LKDTM:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/lkdtm/tests.txt
>
> I'm all for unittests (I have earlier kind-of-unit-tests in
> lib/test_user_copy.c lib/test_overflow.c etc), but most of LKDTM is

<Minor tangent (sorry)>

I took a brief look at lib/test_user_copy.c, it looks like it doesn't
use TAP formatted output. How do you feel about someone converting
them over to use KUnit? If nothing else, it would be good getting all
the unit-ish tests to output in the same format.

I proposed converting over some of the runtime tests over to KUnit as
a LKMP project (Linux Kernel Mentorship Program) here:

https://wiki.linuxfoundation.org/lkmp/lkmp_project_list#convert_runtime_tests_to_kunit_tests

I am curious what you think about this.

</Minor tangent>

> designed to be full system-behavior testing ("does the system correct
> BUG the current thread, when some deeper system state is violated?")

Makes sense.

Thanks!

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-03-02 22:36         ` Brendan Higgins
@ 2020-03-02 23:02           ` Kees Cook
  0 siblings, 0 replies; 33+ messages in thread
From: Kees Cook @ 2020-03-02 23:02 UTC (permalink / raw)
  To: Brendan Higgins
  Cc: Dmitry Vyukov, Patricia Alfonso, Andrey Ryabinin, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK,
	KUnit Development

On Mon, Mar 02, 2020 at 02:36:48PM -0800, Brendan Higgins wrote:
> On Mon, Mar 2, 2020 at 9:52 AM Kees Cook <keescook@chromium.org> wrote:
> > I'm all for unittests (I have earlier kind-of-unit-tests in
> > lib/test_user_copy.c lib/test_overflow.c etc), but most of LKDTM is
> 
> <Minor tangent (sorry)>
> 
> I took a brief look at lib/test_user_copy.c, it looks like it doesn't
> use TAP formatted output. How do you feel about someone converting
> them over to use KUnit? If nothing else, it would be good getting all
> the unit-ish tests to output in the same format.
> 
> I proposed converting over some of the runtime tests over to KUnit as
> a LKMP project (Linux Kernel Mentorship Program) here:
> 
> https://wiki.linuxfoundation.org/lkmp/lkmp_project_list#convert_runtime_tests_to_kunit_tests
> 
> I am curious what you think about this.
> 
> </Minor tangent>

Yes please! Anything that helps these tests get more exposure/wider
testing is good. (That said, I don't want to lose any of the existing
diagnostic messages -- _adding_ TAP would be lovely.)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-29  0:46     ` Patricia Alfonso
@ 2020-03-03 16:40       ` Alan Maguire
  2020-03-05  2:14         ` Patricia Alfonso
  0 siblings, 1 reply; 33+ messages in thread
From: Alan Maguire @ 2020-03-03 16:40 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Alan Maguire, Andrey Ryabinin, Dmitry Vyukov, Brendan Higgins,
	David Gow, mingo, peterz, juri.lelli, vincent.guittot, LKML,
	kasan-dev, linux-kselftest, kunit-dev

On Fri, 28 Feb 2020, Patricia Alfonso wrote:

> On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> >
> > On Wed, 26 Feb 2020, Patricia Alfonso wrote:
> >
> > > Integrate KASAN into KUnit testing framework.
> >
> > This is a great idea! Some comments/suggestions below...
> >
> 
> Thank you so much for your suggestions!
>

No problem! Extending KUnit to test things like KASAN
is really valuable, as it shows us ways we can improve
the framework. More below...
 
> > >  - Fail tests when KASAN reports an error that is not expected
> > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > >  - KUnit struct added to current task to keep track of the current test
> > > from KASAN code
> > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > >  report is found added to kunit struct
> > >  - This prints "line# has passed" or "line# has failed"
> > >
> > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > ---
> > > If anyone has any suggestions on how best to print the failure
> > > messages, please share!
> > >
> > > One issue I have found while testing this is the allocation fails in
> > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > does cause the test to fail on the KUnit side, as expected, but it
> > > seems to skip all the tests before this one because the output starts
> > > with this failure instead of with the first test, kmalloc_oob_right().
> > >
> > >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> > >  include/linux/sched.h               |  7 ++++++-
> > >  lib/kunit/test.c                    |  7 ++++++-
> > >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> > >  tools/testing/kunit/kunit_kernel.py |  2 +-
> > >  5 files changed, 56 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > > index 2dfb550c6723..2e388f8937f3 100644
> > > --- a/include/kunit/test.h
> > > +++ b/include/kunit/test.h
> > > @@ -21,6 +21,8 @@ struct kunit_resource;
> > >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> > >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> > >
> > > +void kunit_set_failure(struct kunit *test);
> > > +
> > >  /**
> > >   * struct kunit_resource - represents a *test managed resource*
> > >   * @allocation: for the user to store arbitrary data.
> > > @@ -191,6 +193,9 @@ struct kunit {
> > >        * protect it with some type of lock.
> > >        */
> > >       struct list_head resources; /* Protected by lock. */
> > > +
> > > +     bool kasan_report_expected;
> > > +     bool kasan_report_found;
> > >  };
> > >
> >
> > Is this needed here? You're testing something pretty
> > specific so it seems wrong to add to the generic
> > kunit resource unless there's a good reason. I see the
> > code around setting these values in mm/kasan/report.c,
> > but I wonder if we could do something more generic.
> >
> > How about the concept of a static resource (assuming a
> > dynamically allocated one is out because it messes
> > with memory allocation tests)? Something like this:
> >
> > #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
> >         do {                                                            \
> >                 spin_lock(&test->lock);                                 \
> >                 (resource_ptr)->resource_field.init = NULL;             \
> >                 (resource_ptr)->resource_field.free = NULL;             \
> >                 list_add_tail(&(resource_ptr)->resource_field,          \
> >                               &test->resources);                        \
> >                 spin_unlock(&test->lock);                               \
> >         } while (0)
> >
> >
> > Within your kasan code you could then create a kasan-specific
> > structure that embends a kunit_resource, and contains the
> > values you need:
> >
> > struct kasan_report_resource {
> >         struct kunit_resource res;
> >         bool kasan_report_expected;
> >         bool kasan_report_found;
> > };
> >
> > (One thing we'd need to do for such static resources is fix
> > kunit_resource_free() to check if there's a free() function,
> > and if not assume a static resource)
> >
> > If you then create an init() function associated with your
> > kunit suite (which will be run for every case) it can do this:
> >
> > int kunit_kasan_test_init(struct kunit *test)
> > {
> >         kunit_add_static_resource(test, &my_kasan_report_resource, res);
> >         ...
> > }
> >
> > The above should also be used to initialize current->kasan_unit_test
> > instead of doing that in kunit_try_run_case().  With those
> > changes, you don't (I think) need to change anything in core
> > kunit (assuming support for static resources).
> >
> > To retrieve the resource during tests or in kasan context, the
> > method seems to be to use kunit_resource_find(). However, that
> > requires a match function which seems a bit heavyweight for the
> > static case.  We should probably have a default "find by name"
> > or similar function here, and add an optional "name" field
> > to kunit resources to simplify things.  Anyway here you'd
> > use something like:
> >
> >         kasan_report_resource = kunit_resource_find(test, matchfn,
> >                                                     NULL, matchdata);
> >
> >
> > Are there any barriers to taking this sort of approach (apart
> > from the support for static resources not being there yet)?
> >
> 
> I'm not sure. I don't have any experience with kunit resources so I
> would have to put some more effort into understanding how this would
> work for myself. I wonder if this might be a bit of an over
> complicated way of eliminating an extraneous boolean... maybe we can
> find a simpler solution for the first version of this patch and add
> the notion of a static resource for generic use later.
>

My personal preference would be to try and learn what's needed
by KASAN and improve the KUnit APIs so the next developer finds
life a bit easier. More hassle for you I know, but actual use cases
like this are invaluable for improving the API.  I've sent
out an RFC patchset which has the functionality I _think_ you
need but I may be missing something:

https://lore.kernel.org/linux-kselftest/1583251361-12748-1-git-send-email-alan.maguire@oracle.com/T/#t

The idea is your test can do something like this:

struct kasan_data {
	bool report_expected;
	bool report_found;
};


my_kasan_test(struct kunit *test)
{
	struct kunit_resource resource;
	struct kasan_data kasan_data;

...
	// add our named resource using static resource/data
	kunit_add_named_resource(test, NULL, NULL, &resource, 
				 "kasan_data", &kasan_data);
...

}

(The NULLs in the function arguments above reflect the fact we
don't require initialization or cleanup for such static resources)

Then, in KASAN context you can look the above resource up like so:

	struct kunit_resource *resource;
	struct kasan_data *kasan_data;

	resource = kunit_find_named_resource(test, "kasan_data");
	kasan_data = resource->data;

	// when finished, reduce reference count on resource
	kunit_put_resource(resource);
 
Does that work for your use case?

> > >  void kunit_init_test(struct kunit *test, const char *name);
> > > @@ -941,6 +946,25 @@ do {                                                                            \
> > >                                               ptr,                           \
> > >                                               NULL)
> > >
> > > +/**
> > > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > > + * not cause a KASAN error.
> > > + *
> > > + */
> > > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {        \
> > > +     test->kasan_report_expected = true;     \
> > > +     test->kasan_report_found = false; \
> > > +     condition; \
> > > +     if (test->kasan_report_found == test->kasan_report_expected) { \
> > > +             pr_info("%d has passed", __LINE__); \
> > > +     } else { \
> > > +             kunit_set_failure(test); \
> > > +             pr_info("%d has failed", __LINE__); \
> > > +     } \
> > > +     test->kasan_report_expected = false;    \
> > > +     test->kasan_report_found = false;       \
> > > +} while (0)
> > > +
> >
> > Feels like this belongs in test_kasan.c, and could be reworked
> > to avoid adding test->kasan_report_[expected|found] as described
> > above.
> 
> You're right. Since I don't see any reason why any other tests should
> want to expect a KASAN error, it does make sense to move this logic
> inside test_kasan.c. If, in the future, there is a need for this
> elsewhere, we can always move it back then.
> 
> >  Instead of having your own pass/fail logic couldn't you
> > do this:
> >
> >         KUNIT_EXPECT_EQ(test, expected, found);
> >
> > ? That will set the failure state too so no need to export
> > a separate function for that, and no need to log anything
> > as KUNIT_EXPECT_EQ() should do that for you.
> >
> 
> This is a great idea - I feel a little silly that I didn't think of
> that myself! Do we think the failure message for the KUNIT_EXPECT_EQ()
> would be sufficient for KASAN developers?
> i.e. "Expected kasan_report_expected == kasan_report_found, but
> kasan_report_expected == true
> kasan_report_found == false"
>

I guess the missing piece above is the line number where
the test failure was encountered, is that the concern?
 
> > >  /**
> > >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> > >   * @test: The test context object.
> > > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > > index 04278493bf15..db23d56061e7 100644
> > > --- a/include/linux/sched.h
> > > +++ b/include/linux/sched.h
> > > @@ -32,6 +32,8 @@
> > >  #include <linux/posix-timers.h>
> > >  #include <linux/rseq.h>
> > >
> > > +#include <kunit/test.h>
> > > +
> >
> > This feels like the wrong place to add this #include, and
> > when I attempted to build to test I ran into a bunch of
> > compilation errors; for example:
> >
> >  CC      kernel/sched/core.o
> > In file included from ./include/linux/uaccess.h:11,
> >                  from ./arch/x86/include/asm/fpu/xstate.h:5,
> >                  from ./arch/x86/include/asm/pgtable.h:26,
> >                  from ./include/linux/kasan.h:16,
> >                  from ./include/linux/slab.h:136,
> >                  from ./include/kunit/test.h:16,
> >                  from ./include/linux/sched.h:35,
> >                  from init/do_mounts.c:3:
> > ./arch/x86/include/asm/uaccess.h: In function 'set_fs':
> > ./arch/x86/include/asm/uaccess.h:32:9: error: dereferencing pointer to
> > incomplete type 'struct task_struct'
> >   current->thread.addr_limit = fs;
> >
> > (I'm testing with CONFIG_SLUB). Removing this #include
> > resolves these errors, but then causes problems for
> > lib/test_kasan.c. I'll dig around a bit more.
> >
> 
> Yes, I was only testing with UML. Removing that #include fixed the
> problem for me for both x86 and UML. Could you share more about the
> errors you have encountered in lib/test_kasan.c?
> 

I'll try this again and send details.

I think broadly the issue is that if we #include kunit headers
in the kasan headers, we end up creating all kinds of problems
for ourselves, since the kasan headers are in turn included
in so many places (including the kunit headers themselves, since
kunit uses memory allocation APIs). I suspect the way forward is
to try and ensure that we don't utilize the kunit headers in any
of the kasan headers, but rather just include kunit headers
in test_kasan.c, and any other kasan .c files we need KUnit APIs
for. Not sure if that's possible, but it's likely the best way to
go if it is.

> > >  /* task_struct member predeclarations (sorted alphabetically): */
> > >  struct audit_context;
> > >  struct backing_dev_info;
> > > @@ -1178,7 +1180,10 @@ struct task_struct {
> > >
> > >  #ifdef CONFIG_KASAN
> > >       unsigned int                    kasan_depth;
> > > -#endif
> > > +#ifdef CONFIG_KUNIT
> > > +     struct kunit *kasan_kunit_test;
> > > +#endif /* CONFIG_KUNIT */
> > > +#endif /* CONFIG_KASAN */
> > >
> > >  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
> > >       /* Index of current stored address in ret_stack: */
> > > diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> > > index 9242f932896c..d266b9495c67 100644
> > > --- a/lib/kunit/test.c
> > > +++ b/lib/kunit/test.c
> > > @@ -9,11 +9,12 @@
> > >  #include <kunit/test.h>
> > >  #include <linux/kernel.h>
> > >  #include <linux/sched/debug.h>
> > > +#include <linux/sched.h>
> > >
> > >  #include "string-stream.h"
> > >  #include "try-catch-impl.h"
> > >
> > > -static void kunit_set_failure(struct kunit *test)
> > > +void kunit_set_failure(struct kunit *test)
> > >  {
> > >       WRITE_ONCE(test->success, false);
> > >  }
> > > @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
> > >       struct kunit_suite *suite = ctx->suite;
> > >       struct kunit_case *test_case = ctx->test_case;
> > >
> > > +#ifdef CONFIG_KASAN
> > > +     current->kasan_kunit_test = test;
> > > +#endif
> > > +
> > >       /*
> > >        * kunit_run_case_internal may encounter a fatal error; if it does,
> > >        * abort will be called, this thread will exit, and finally the parent
> > > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > > index 5ef9f24f566b..5554d23799a5 100644
> > > --- a/mm/kasan/report.c
> > > +++ b/mm/kasan/report.c
> > > @@ -32,6 +32,8 @@
> > >
> > >  #include <asm/sections.h>
> > >
> > > +#include <kunit/test.h>
> > > +
> > >  #include "kasan.h"
> > >  #include "../slab.h"
> > >
> > > @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
> > >       u8 tag = get_tag(object);
> > >
> > >       object = reset_tag(object);
> > > +
> > > +     if (current->kasan_kunit_test) {
> > > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > > +                     current->kasan_kunit_test->kasan_report_found = true;
> > > +                     return;
> > > +             }
> > > +             kunit_set_failure(current->kasan_kunit_test);
> > > +     }
> > > +
> > >       start_report(&flags);
> > >       pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
> > >       print_tags(tag, object);
> > > @@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
> > >       if (likely(!report_enabled()))
> > >               return;
> > >
> > > +     if (current->kasan_kunit_test) {
> > > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > > +                     current->kasan_kunit_test->kasan_report_found = true;
> > > +                     return;
> > > +             }
> > > +             kunit_set_failure(current->kasan_kunit_test);
> > > +     }
> > > +
> > >       disable_trace_on_warning();
> > >
> > >       tagged_addr = (void *)addr;
> > > diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
> > > index cc5d844ecca1..63eab18a8c34 100644
> > > --- a/tools/testing/kunit/kunit_kernel.py
> > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > >               return True
> > >
> > >       def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > -             args.extend(['mem=256M'])
> > > +             args.extend(['mem=256M', 'kasan_multi_shot'])
> > >               process = self._ops.linux_bin(args, timeout, build_dir)
> > >               with open(os.path.join(build_dir, 'test.log'), 'w') as f:
> > >                       for line in process.stdout:
> >
> > I tried applying this to the "kunit" branch of linux-kselftest, and
> > the above failed. Which branch are you building with? Probably
> > best to use the kunit branch I think. Thanks!
> >
> I believe I am on Torvalds/master. There was some debate as to which
> branch I should be developing on when I started, but it probably makes
> sense for me to move to the "kunit" branch.
>

I think for this case - given that we may need some new KUnit
functionality - that would be best. Thanks!

Alan
 
> > Alan
> >
> > > --
> > > 2.25.0.265.gbab2e86ba0-goog
> > >
> > >
> 
> -- 
> Thank you for all your comments!
> Patricia Alfonso
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-01  6:29       ` Dmitry Vyukov
@ 2020-03-04  1:26         ` Patricia Alfonso
  2020-03-04  6:23           ` Dmitry Vyukov
  0 siblings, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-03-04  1:26 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Sat, Feb 29, 2020 at 10:29 PM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Sat, Feb 29, 2020 at 2:23 AM Patricia Alfonso
> <trishalfonso@google.com> wrote:
> > >
> > > On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> > > <kasan-dev@googlegroups.com> wrote:
> > > >
> > > > --- a/tools/testing/kunit/kunit_kernel.py
> > > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > > >                 return True
> > > >
> > > >         def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > > -               args.extend(['mem=256M'])
> > > > +               args.extend(['mem=256M', 'kasan_multi_shot'])
> > >
> > > This is better done somewhere else (different default value if
> > > KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
> > > Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
> > > to be a mandatory part now. This means people will always hit this, be
> > > confused, figure out they need to flip the value, and only then be
> > > able to run kunit+kasan.
> > >
> > I agree. Is the best way to do this with "bool multishot =
> > kasan_save_enable_multi_shot();"  and
> > "kasan_restore_multi_shot(multishot);" inside test_kasan.c like what
> > was done in the tests before?
>
> This will fix KASAN tests, but not non-KASAN tests running under KUNIT
> and triggering KASAN reports.
> You set kasan_multi_shot for all KUNIT tests. I am reading this as
> that we don't want to abort on the first test that triggered a KASAN
> report. Or not?

I don't think I understand the question, but let me try to explain my
thinking and see if that resonates with you. We know that the KASAN
tests will require more than one report, and we want that. For most
users, since a KASAN error can cause unexpected kernel behavior for
anything after a KASAN error, it is best for just one unexpected KASAN
error to be the only error printed to the user, unless they specify
kasan-multi-shot. The way I understand it, the way to implement this
is to use  "bool multishot = kasan_save_enable_multi_shot();"  and
"kasan_restore_multi_shot(multishot);" around the KASAN tests so that
kasan-multi-shot is temporarily enabled for the tests we expect
multiple reports. I assume "kasan_restore_multi_shot(multishot);"
restores the value to what the user input was so after the KASAN tests
are finished, if the user did not specify kasan-multi-shot and an
unexpected kasan error is reported, it will print the full report and
only that first one. Is this understanding correct? If you have a
better way of implementing this or a better expected behavior, I
appreciate your thoughts.

-- 
Thanks,
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-04  1:26         ` Patricia Alfonso
@ 2020-03-04  6:23           ` Dmitry Vyukov
  2020-03-05  0:07             ` Patricia Alfonso
  0 siblings, 1 reply; 33+ messages in thread
From: Dmitry Vyukov @ 2020-03-04  6:23 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Wed, Mar 4, 2020 at 2:26 AM Patricia Alfonso <trishalfonso@google.com> wrote:
>
> On Sat, Feb 29, 2020 at 10:29 PM Dmitry Vyukov <dvyukov@google.com> wrote:
> >
> > On Sat, Feb 29, 2020 at 2:23 AM Patricia Alfonso
> > <trishalfonso@google.com> wrote:
> > > >
> > > > On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> > > > <kasan-dev@googlegroups.com> wrote:
> > > > >
> > > > > --- a/tools/testing/kunit/kunit_kernel.py
> > > > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > > > >                 return True
> > > > >
> > > > >         def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > > > -               args.extend(['mem=256M'])
> > > > > +               args.extend(['mem=256M', 'kasan_multi_shot'])
> > > >
> > > > This is better done somewhere else (different default value if
> > > > KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
> > > > Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
> > > > to be a mandatory part now. This means people will always hit this, be
> > > > confused, figure out they need to flip the value, and only then be
> > > > able to run kunit+kasan.
> > > >
> > > I agree. Is the best way to do this with "bool multishot =
> > > kasan_save_enable_multi_shot();"  and
> > > "kasan_restore_multi_shot(multishot);" inside test_kasan.c like what
> > > was done in the tests before?
> >
> > This will fix KASAN tests, but not non-KASAN tests running under KUNIT
> > and triggering KASAN reports.
> > You set kasan_multi_shot for all KUNIT tests. I am reading this as
> > that we don't want to abort on the first test that triggered a KASAN
> > report. Or not?
>
> I don't think I understand the question, but let me try to explain my
> thinking and see if that resonates with you. We know that the KASAN
> tests will require more than one report, and we want that. For most
> users, since a KASAN error can cause unexpected kernel behavior for
> anything after a KASAN error, it is best for just one unexpected KASAN
> error to be the only error printed to the user, unless they specify
> kasan-multi-shot. The way I understand it, the way to implement this
> is to use  "bool multishot = kasan_save_enable_multi_shot();"  and
> "kasan_restore_multi_shot(multishot);" around the KASAN tests so that
> kasan-multi-shot is temporarily enabled for the tests we expect
> multiple reports. I assume "kasan_restore_multi_shot(multishot);"
> restores the value to what the user input was so after the KASAN tests
> are finished, if the user did not specify kasan-multi-shot and an
> unexpected kasan error is reported, it will print the full report and
> only that first one. Is this understanding correct? If you have a
> better way of implementing this or a better expected behavior, I
> appreciate your thoughts.

Everything you say is correct.
What I tried to point at is that this new behavior is different from
the original behavior of your change. Initially you added
kasan_multi_shot to command line for _all_ kunit tests (not just
KASAN). The question is: do we want kasan_multi_shot for non-KASAN
tests or not?

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
                     ` (3 preceding siblings ...)
  2020-02-27 14:45   ` Dmitry Vyukov
@ 2020-03-04  6:35   ` Dmitry Vyukov
  4 siblings, 0 replies; 33+ messages in thread
From: Dmitry Vyukov @ 2020-03-04  6:35 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
<kasan-dev@googlegroups.com> wrote:
>
> Integrate KASAN into KUnit testing framework.
>  - Fail tests when KASAN reports an error that is not expected
>  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
>  - KUnit struct added to current task to keep track of the current test
> from KASAN code
>  - Booleans representing if a KASAN report is expected and if a KASAN
>  report is found added to kunit struct
>  - This prints "line# has passed" or "line# has failed"
>
> Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> ---
> If anyone has any suggestions on how best to print the failure
> messages, please share!
>
> One issue I have found while testing this is the allocation fails in
> kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> does cause the test to fail on the KUnit side, as expected, but it
> seems to skip all the tests before this one because the output starts
> with this failure instead of with the first test, kmalloc_oob_right().
>
>  include/kunit/test.h                | 24 ++++++++++++++++++++++++
>  include/linux/sched.h               |  7 ++++++-
>  lib/kunit/test.c                    |  7 ++++++-
>  mm/kasan/report.c                   | 19 +++++++++++++++++++
>  tools/testing/kunit/kunit_kernel.py |  2 +-
>  5 files changed, 56 insertions(+), 3 deletions(-)
>
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index 2dfb550c6723..2e388f8937f3 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -21,6 +21,8 @@ struct kunit_resource;
>  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
>  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
>
> +void kunit_set_failure(struct kunit *test);
> +
>  /**
>   * struct kunit_resource - represents a *test managed resource*
>   * @allocation: for the user to store arbitrary data.
> @@ -191,6 +193,9 @@ struct kunit {
>          * protect it with some type of lock.
>          */
>         struct list_head resources; /* Protected by lock. */
> +
> +       bool kasan_report_expected;
> +       bool kasan_report_found;
>  };
>
>  void kunit_init_test(struct kunit *test, const char *name);
> @@ -941,6 +946,25 @@ do {                                                                              \
>                                                 ptr,                           \
>                                                 NULL)
>
> +/**
> + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> + * not cause a KASAN error.
> + *
> + */
> +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {  \
> +       test->kasan_report_expected = true;     \
> +       test->kasan_report_found = false; \
> +       condition; \
> +       if (test->kasan_report_found == test->kasan_report_expected) { \
> +               pr_info("%d has passed", __LINE__); \
> +       } else { \
> +               kunit_set_failure(test); \
> +               pr_info("%d has failed", __LINE__); \
> +       } \
> +       test->kasan_report_expected = false;    \
> +       test->kasan_report_found = false;       \
> +} while (0)
> +
>  /**
>   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
>   * @test: The test context object.
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 04278493bf15..db23d56061e7 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -32,6 +32,8 @@
>  #include <linux/posix-timers.h>
>  #include <linux/rseq.h>
>
> +#include <kunit/test.h>
> +
>  /* task_struct member predeclarations (sorted alphabetically): */
>  struct audit_context;
>  struct backing_dev_info;
> @@ -1178,7 +1180,10 @@ struct task_struct {
>
>  #ifdef CONFIG_KASAN
>         unsigned int                    kasan_depth;
> -#endif
> +#ifdef CONFIG_KUNIT
> +       struct kunit *kasan_kunit_test;
> +#endif /* CONFIG_KUNIT */
> +#endif /* CONFIG_KASAN */
>
>  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
>         /* Index of current stored address in ret_stack: */
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index 9242f932896c..d266b9495c67 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -9,11 +9,12 @@
>  #include <kunit/test.h>
>  #include <linux/kernel.h>
>  #include <linux/sched/debug.h>
> +#include <linux/sched.h>
>
>  #include "string-stream.h"
>  #include "try-catch-impl.h"
>
> -static void kunit_set_failure(struct kunit *test)
> +void kunit_set_failure(struct kunit *test)
>  {
>         WRITE_ONCE(test->success, false);
>  }
> @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
>         struct kunit_suite *suite = ctx->suite;
>         struct kunit_case *test_case = ctx->test_case;
>
> +#ifdef CONFIG_KASAN
> +       current->kasan_kunit_test = test;
> +#endif
> +
>         /*
>          * kunit_run_case_internal may encounter a fatal error; if it does,
>          * abort will be called, this thread will exit, and finally the parent
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 5ef9f24f566b..5554d23799a5 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -32,6 +32,8 @@
>
>  #include <asm/sections.h>
>
> +#include <kunit/test.h>
> +
>  #include "kasan.h"
>  #include "../slab.h"
>
> @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
>         u8 tag = get_tag(object);
>
>         object = reset_tag(object);
> +
> +       if (current->kasan_kunit_test) {
> +               if (current->kasan_kunit_test->kasan_report_expected) {
> +                       current->kasan_kunit_test->kasan_report_found = true;
> +                       return;

I think we need to continue and print KASAN report even in this case.
2 reasons:
 - tests don't check validity of printed reports, but at least human
can verify sanity of the report
 - report printing code also needs to be tested, at least that it does
not crash/hang
If we don't print reports, it may look nicer, but will be less useful.

> +               }
> +               kunit_set_failure(current->kasan_kunit_test);
> +       }
> +

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-04  6:23           ` Dmitry Vyukov
@ 2020-03-05  0:07             ` Patricia Alfonso
  2020-03-05  6:44               ` Dmitry Vyukov
  0 siblings, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-03-05  0:07 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Tue, Mar 3, 2020 at 10:23 PM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Wed, Mar 4, 2020 at 2:26 AM Patricia Alfonso <trishalfonso@google.com> wrote:
> >
> > On Sat, Feb 29, 2020 at 10:29 PM Dmitry Vyukov <dvyukov@google.com> wrote:
> > >
> > > On Sat, Feb 29, 2020 at 2:23 AM Patricia Alfonso
> > > <trishalfonso@google.com> wrote:
> > > > >
> > > > > On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> > > > > <kasan-dev@googlegroups.com> wrote:
> > > > > >
> > > > > > --- a/tools/testing/kunit/kunit_kernel.py
> > > > > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > > > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > > > > >                 return True
> > > > > >
> > > > > >         def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > > > > -               args.extend(['mem=256M'])
> > > > > > +               args.extend(['mem=256M', 'kasan_multi_shot'])
> > > > >
> > > > > This is better done somewhere else (different default value if
> > > > > KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
> > > > > Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
> > > > > to be a mandatory part now. This means people will always hit this, be
> > > > > confused, figure out they need to flip the value, and only then be
> > > > > able to run kunit+kasan.
> > > > >
> > > > I agree. Is the best way to do this with "bool multishot =
> > > > kasan_save_enable_multi_shot();"  and
> > > > "kasan_restore_multi_shot(multishot);" inside test_kasan.c like what
> > > > was done in the tests before?
> > >
> > > This will fix KASAN tests, but not non-KASAN tests running under KUNIT
> > > and triggering KASAN reports.
> > > You set kasan_multi_shot for all KUNIT tests. I am reading this as
> > > that we don't want to abort on the first test that triggered a KASAN
> > > report. Or not?
> >
> > I don't think I understand the question, but let me try to explain my
> > thinking and see if that resonates with you. We know that the KASAN
> > tests will require more than one report, and we want that. For most
> > users, since a KASAN error can cause unexpected kernel behavior for
> > anything after a KASAN error, it is best for just one unexpected KASAN
> > error to be the only error printed to the user, unless they specify
> > kasan-multi-shot. The way I understand it, the way to implement this
> > is to use  "bool multishot = kasan_save_enable_multi_shot();"  and
> > "kasan_restore_multi_shot(multishot);" around the KASAN tests so that
> > kasan-multi-shot is temporarily enabled for the tests we expect
> > multiple reports. I assume "kasan_restore_multi_shot(multishot);"
> > restores the value to what the user input was so after the KASAN tests
> > are finished, if the user did not specify kasan-multi-shot and an
> > unexpected kasan error is reported, it will print the full report and
> > only that first one. Is this understanding correct? If you have a
> > better way of implementing this or a better expected behavior, I
> > appreciate your thoughts.
>
> Everything you say is correct.
> What I tried to point at is that this new behavior is different from
> the original behavior of your change. Initially you added
> kasan_multi_shot to command line for _all_ kunit tests (not just
> KASAN). The question is: do we want kasan_multi_shot for non-KASAN
> tests or not?

Ah, yes. I thought your first comment was suggesting I change it from
printing all KASAN tests by default because the intended behavior of
KASAN is to only print the first report. I think I'll pose the
question back to you. Do we want kasan_multi_shot for non-KASAN tests?
For functionality sake, it is only required for the KASAN tests so
this is more of a judgement call for the user experience.

--
Best,
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-03 16:40       ` Alan Maguire
@ 2020-03-05  2:14         ` Patricia Alfonso
  2020-03-05  7:46           ` Alan Maguire
  0 siblings, 1 reply; 33+ messages in thread
From: Patricia Alfonso @ 2020-03-05  2:14 UTC (permalink / raw)
  To: Alan Maguire
  Cc: Andrey Ryabinin, Dmitry Vyukov, Brendan Higgins, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Tue, Mar 3, 2020 at 8:40 AM Alan Maguire <alan.maguire@oracle.com> wrote:
>
> On Fri, 28 Feb 2020, Patricia Alfonso wrote:
>
> > On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> > >
> > > On Wed, 26 Feb 2020, Patricia Alfonso wrote:
> > >
> > > > Integrate KASAN into KUnit testing framework.
> > >
> > > This is a great idea! Some comments/suggestions below...
> > >
> >
> > Thank you so much for your suggestions!
> >
>
> No problem! Extending KUnit to test things like KASAN
> is really valuable, as it shows us ways we can improve
> the framework. More below...
>
> > > >  - Fail tests when KASAN reports an error that is not expected
> > > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > > >  - KUnit struct added to current task to keep track of the current test
> > > > from KASAN code
> > > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > > >  report is found added to kunit struct
> > > >  - This prints "line# has passed" or "line# has failed"
> > > >
> > > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > > ---
> > > > If anyone has any suggestions on how best to print the failure
> > > > messages, please share!
> > > >
> > > > One issue I have found while testing this is the allocation fails in
> > > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > > does cause the test to fail on the KUnit side, as expected, but it
> > > > seems to skip all the tests before this one because the output starts
> > > > with this failure instead of with the first test, kmalloc_oob_right().
> > > >
> > > >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> > > >  include/linux/sched.h               |  7 ++++++-
> > > >  lib/kunit/test.c                    |  7 ++++++-
> > > >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> > > >  tools/testing/kunit/kunit_kernel.py |  2 +-
> > > >  5 files changed, 56 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > > > index 2dfb550c6723..2e388f8937f3 100644
> > > > --- a/include/kunit/test.h
> > > > +++ b/include/kunit/test.h
> > > > @@ -21,6 +21,8 @@ struct kunit_resource;
> > > >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> > > >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> > > >
> > > > +void kunit_set_failure(struct kunit *test);
> > > > +
> > > >  /**
> > > >   * struct kunit_resource - represents a *test managed resource*
> > > >   * @allocation: for the user to store arbitrary data.
> > > > @@ -191,6 +193,9 @@ struct kunit {
> > > >        * protect it with some type of lock.
> > > >        */
> > > >       struct list_head resources; /* Protected by lock. */
> > > > +
> > > > +     bool kasan_report_expected;
> > > > +     bool kasan_report_found;
> > > >  };
> > > >
> > >
> > > Is this needed here? You're testing something pretty
> > > specific so it seems wrong to add to the generic
> > > kunit resource unless there's a good reason. I see the
> > > code around setting these values in mm/kasan/report.c,
> > > but I wonder if we could do something more generic.
> > >
> > > How about the concept of a static resource (assuming a
> > > dynamically allocated one is out because it messes
> > > with memory allocation tests)? Something like this:
> > >
> > > #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
> > >         do {                                                            \
> > >                 spin_lock(&test->lock);                                 \
> > >                 (resource_ptr)->resource_field.init = NULL;             \
> > >                 (resource_ptr)->resource_field.free = NULL;             \
> > >                 list_add_tail(&(resource_ptr)->resource_field,          \
> > >                               &test->resources);                        \
> > >                 spin_unlock(&test->lock);                               \
> > >         } while (0)
> > >
> > >
> > > Within your kasan code you could then create a kasan-specific
> > > structure that embends a kunit_resource, and contains the
> > > values you need:
> > >
> > > struct kasan_report_resource {
> > >         struct kunit_resource res;
> > >         bool kasan_report_expected;
> > >         bool kasan_report_found;
> > > };
> > >
> > > (One thing we'd need to do for such static resources is fix
> > > kunit_resource_free() to check if there's a free() function,
> > > and if not assume a static resource)
> > >
> > > If you then create an init() function associated with your
> > > kunit suite (which will be run for every case) it can do this:
> > >
> > > int kunit_kasan_test_init(struct kunit *test)
> > > {
> > >         kunit_add_static_resource(test, &my_kasan_report_resource, res);
> > >         ...
> > > }
> > >
> > > The above should also be used to initialize current->kasan_unit_test
> > > instead of doing that in kunit_try_run_case().  With those
> > > changes, you don't (I think) need to change anything in core
> > > kunit (assuming support for static resources).
> > >
> > > To retrieve the resource during tests or in kasan context, the
> > > method seems to be to use kunit_resource_find(). However, that
> > > requires a match function which seems a bit heavyweight for the
> > > static case.  We should probably have a default "find by name"
> > > or similar function here, and add an optional "name" field
> > > to kunit resources to simplify things.  Anyway here you'd
> > > use something like:
> > >
> > >         kasan_report_resource = kunit_resource_find(test, matchfn,
> > >                                                     NULL, matchdata);
> > >
> > >
> > > Are there any barriers to taking this sort of approach (apart
> > > from the support for static resources not being there yet)?
> > >
> >
> > I'm not sure. I don't have any experience with kunit resources so I
> > would have to put some more effort into understanding how this would
> > work for myself. I wonder if this might be a bit of an over
> > complicated way of eliminating an extraneous boolean... maybe we can
> > find a simpler solution for the first version of this patch and add
> > the notion of a static resource for generic use later.
> >
>
> My personal preference would be to try and learn what's needed
> by KASAN and improve the KUnit APIs so the next developer finds
> life a bit easier. More hassle for you I know, but actual use cases
> like this are invaluable for improving the API.  I've sent
> out an RFC patchset which has the functionality I _think_ you
> need but I may be missing something:
>
> https://lore.kernel.org/linux-kselftest/1583251361-12748-1-git-send-email-alan.maguire@oracle.com/T/#t
>
> The idea is your test can do something like this:
>
> struct kasan_data {
>         bool report_expected;
>         bool report_found;
> };
>
>
> my_kasan_test(struct kunit *test)
> {
>         struct kunit_resource resource;
>         struct kasan_data kasan_data;
>
> ...
>         // add our named resource using static resource/data
>         kunit_add_named_resource(test, NULL, NULL, &resource,
>                                  "kasan_data", &kasan_data);
> ...
>
> }
Does this require the user to set up this kasan_data resource in each
KASAN test? Or can we set up the resource on the KUnit side whenever a
user writes a test that expects a KASAN failure? I've been playing
around with it and I can only seem to get it to work when I add the
resource within the test, but I could be missing something.

>
> (The NULLs in the function arguments above reflect the fact we
> don't require initialization or cleanup for such static resources)
>
> Then, in KASAN context you can look the above resource up like so:
>
>         struct kunit_resource *resource;
>         struct kasan_data *kasan_data;
>
>         resource = kunit_find_named_resource(test, "kasan_data");
>         kasan_data = resource->data;
>
>         // when finished, reduce reference count on resource
>         kunit_put_resource(resource);
>
> Does that work for your use case?
>
> > > >  void kunit_init_test(struct kunit *test, const char *name);
> > > > @@ -941,6 +946,25 @@ do {                                                                            \
> > > >                                               ptr,                           \
> > > >                                               NULL)
> > > >
> > > > +/**
> > > > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > > > + * not cause a KASAN error.
> > > > + *
> > > > + */
> > > > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {        \
> > > > +     test->kasan_report_expected = true;     \
> > > > +     test->kasan_report_found = false; \
> > > > +     condition; \
> > > > +     if (test->kasan_report_found == test->kasan_report_expected) { \
> > > > +             pr_info("%d has passed", __LINE__); \
> > > > +     } else { \
> > > > +             kunit_set_failure(test); \
> > > > +             pr_info("%d has failed", __LINE__); \
> > > > +     } \
> > > > +     test->kasan_report_expected = false;    \
> > > > +     test->kasan_report_found = false;       \
> > > > +} while (0)
> > > > +
> > >
> > > Feels like this belongs in test_kasan.c, and could be reworked
> > > to avoid adding test->kasan_report_[expected|found] as described
> > > above.
> >
> > You're right. Since I don't see any reason why any other tests should
> > want to expect a KASAN error, it does make sense to move this logic
> > inside test_kasan.c. If, in the future, there is a need for this
> > elsewhere, we can always move it back then.
> >
> > >  Instead of having your own pass/fail logic couldn't you
> > > do this:
> > >
> > >         KUNIT_EXPECT_EQ(test, expected, found);
> > >
> > > ? That will set the failure state too so no need to export
> > > a separate function for that, and no need to log anything
> > > as KUNIT_EXPECT_EQ() should do that for you.
> > >
> >
> > This is a great idea - I feel a little silly that I didn't think of
> > that myself! Do we think the failure message for the KUNIT_EXPECT_EQ()
> > would be sufficient for KASAN developers?
> > i.e. "Expected kasan_report_expected == kasan_report_found, but
> > kasan_report_expected == true
> > kasan_report_found == false"
> >
>
> I guess the missing piece above is the line number where
> the test failure was encountered, is that the concern?
>
> > > >  /**
> > > >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> > > >   * @test: The test context object.
> > > > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > > > index 04278493bf15..db23d56061e7 100644
> > > > --- a/include/linux/sched.h
> > > > +++ b/include/linux/sched.h
> > > > @@ -32,6 +32,8 @@
> > > >  #include <linux/posix-timers.h>
> > > >  #include <linux/rseq.h>
> > > >
> > > > +#include <kunit/test.h>
> > > > +
> > >
> > > This feels like the wrong place to add this #include, and
> > > when I attempted to build to test I ran into a bunch of
> > > compilation errors; for example:
> > >
> > >  CC      kernel/sched/core.o
> > > In file included from ./include/linux/uaccess.h:11,
> > >                  from ./arch/x86/include/asm/fpu/xstate.h:5,
> > >                  from ./arch/x86/include/asm/pgtable.h:26,
> > >                  from ./include/linux/kasan.h:16,
> > >                  from ./include/linux/slab.h:136,
> > >                  from ./include/kunit/test.h:16,
> > >                  from ./include/linux/sched.h:35,
> > >                  from init/do_mounts.c:3:
> > > ./arch/x86/include/asm/uaccess.h: In function 'set_fs':
> > > ./arch/x86/include/asm/uaccess.h:32:9: error: dereferencing pointer to
> > > incomplete type 'struct task_struct'
> > >   current->thread.addr_limit = fs;
> > >
> > > (I'm testing with CONFIG_SLUB). Removing this #include
> > > resolves these errors, but then causes problems for
> > > lib/test_kasan.c. I'll dig around a bit more.
> > >
> >
> > Yes, I was only testing with UML. Removing that #include fixed the
> > problem for me for both x86 and UML. Could you share more about the
> > errors you have encountered in lib/test_kasan.c?
> >
>
> I'll try this again and send details.
>
> I think broadly the issue is that if we #include kunit headers
> in the kasan headers, we end up creating all kinds of problems
> for ourselves, since the kasan headers are in turn included
> in so many places (including the kunit headers themselves, since
> kunit uses memory allocation APIs). I suspect the way forward is
> to try and ensure that we don't utilize the kunit headers in any
> of the kasan headers, but rather just include kunit headers
> in test_kasan.c, and any other kasan .c files we need KUnit APIs
> for. Not sure if that's possible, but it's likely the best way to
> go if it is.
>
> > > >  /* task_struct member predeclarations (sorted alphabetically): */
> > > >  struct audit_context;
> > > >  struct backing_dev_info;
> > > > @@ -1178,7 +1180,10 @@ struct task_struct {
> > > >
> > > >  #ifdef CONFIG_KASAN
> > > >       unsigned int                    kasan_depth;
> > > > -#endif
> > > > +#ifdef CONFIG_KUNIT
> > > > +     struct kunit *kasan_kunit_test;
> > > > +#endif /* CONFIG_KUNIT */
> > > > +#endif /* CONFIG_KASAN */
> > > >
> > > >  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
> > > >       /* Index of current stored address in ret_stack: */
> > > > diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> > > > index 9242f932896c..d266b9495c67 100644
> > > > --- a/lib/kunit/test.c
> > > > +++ b/lib/kunit/test.c
> > > > @@ -9,11 +9,12 @@
> > > >  #include <kunit/test.h>
> > > >  #include <linux/kernel.h>
> > > >  #include <linux/sched/debug.h>
> > > > +#include <linux/sched.h>
> > > >
> > > >  #include "string-stream.h"
> > > >  #include "try-catch-impl.h"
> > > >
> > > > -static void kunit_set_failure(struct kunit *test)
> > > > +void kunit_set_failure(struct kunit *test)
> > > >  {
> > > >       WRITE_ONCE(test->success, false);
> > > >  }
> > > > @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
> > > >       struct kunit_suite *suite = ctx->suite;
> > > >       struct kunit_case *test_case = ctx->test_case;
> > > >
> > > > +#ifdef CONFIG_KASAN
> > > > +     current->kasan_kunit_test = test;
> > > > +#endif
> > > > +
> > > >       /*
> > > >        * kunit_run_case_internal may encounter a fatal error; if it does,
> > > >        * abort will be called, this thread will exit, and finally the parent
> > > > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > > > index 5ef9f24f566b..5554d23799a5 100644
> > > > --- a/mm/kasan/report.c
> > > > +++ b/mm/kasan/report.c
> > > > @@ -32,6 +32,8 @@
> > > >
> > > >  #include <asm/sections.h>
> > > >
> > > > +#include <kunit/test.h>
> > > > +
> > > >  #include "kasan.h"
> > > >  #include "../slab.h"
> > > >
> > > > @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
> > > >       u8 tag = get_tag(object);
> > > >
> > > >       object = reset_tag(object);
> > > > +
> > > > +     if (current->kasan_kunit_test) {
> > > > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > > > +                     current->kasan_kunit_test->kasan_report_found = true;
> > > > +                     return;
> > > > +             }
> > > > +             kunit_set_failure(current->kasan_kunit_test);
> > > > +     }
> > > > +
> > > >       start_report(&flags);
> > > >       pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
> > > >       print_tags(tag, object);
> > > > @@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
> > > >       if (likely(!report_enabled()))
> > > >               return;
> > > >
> > > > +     if (current->kasan_kunit_test) {
> > > > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > > > +                     current->kasan_kunit_test->kasan_report_found = true;
> > > > +                     return;
> > > > +             }
> > > > +             kunit_set_failure(current->kasan_kunit_test);
> > > > +     }
> > > > +
> > > >       disable_trace_on_warning();
> > > >
> > > >       tagged_addr = (void *)addr;
> > > > diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
> > > > index cc5d844ecca1..63eab18a8c34 100644
> > > > --- a/tools/testing/kunit/kunit_kernel.py
> > > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > > >               return True
> > > >
> > > >       def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > > -             args.extend(['mem=256M'])
> > > > +             args.extend(['mem=256M', 'kasan_multi_shot'])
> > > >               process = self._ops.linux_bin(args, timeout, build_dir)
> > > >               with open(os.path.join(build_dir, 'test.log'), 'w') as f:
> > > >                       for line in process.stdout:
> > >
> > > I tried applying this to the "kunit" branch of linux-kselftest, and
> > > the above failed. Which branch are you building with? Probably
> > > best to use the kunit branch I think. Thanks!
> > >
> > I believe I am on Torvalds/master. There was some debate as to which
> > branch I should be developing on when I started, but it probably makes
> > sense for me to move to the "kunit" branch.
> >
>
> I think for this case - given that we may need some new KUnit
> functionality - that would be best. Thanks!
>
> Alan
>
> > > Alan
> > >
> > > > --
> > > > 2.25.0.265.gbab2e86ba0-goog
> > > >
> > > >
> >
> > --
> > Thank you for all your comments!
> > Patricia Alfonso
> >



-- 

Patricia Alfonso
Software Engineer
trishalfonso@google.com

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-05  0:07             ` Patricia Alfonso
@ 2020-03-05  6:44               ` Dmitry Vyukov
  0 siblings, 0 replies; 33+ messages in thread
From: Dmitry Vyukov @ 2020-03-05  6:44 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Mar 5, 2020 at 1:08 AM Patricia Alfonso <trishalfonso@google.com> wrote:
> > > On Sat, Feb 29, 2020 at 10:29 PM Dmitry Vyukov <dvyukov@google.com> wrote:
> > > >
> > > > On Sat, Feb 29, 2020 at 2:23 AM Patricia Alfonso
> > > > <trishalfonso@google.com> wrote:
> > > > > >
> > > > > > On Thu, Feb 27, 2020 at 3:44 AM 'Patricia Alfonso' via kasan-dev
> > > > > > <kasan-dev@googlegroups.com> wrote:
> > > > > > >
> > > > > > > --- a/tools/testing/kunit/kunit_kernel.py
> > > > > > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > > > > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > > > > > >                 return True
> > > > > > >
> > > > > > >         def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > > > > > -               args.extend(['mem=256M'])
> > > > > > > +               args.extend(['mem=256M', 'kasan_multi_shot'])
> > > > > >
> > > > > > This is better done somewhere else (different default value if
> > > > > > KASAN_TEST is enabled or something). Or overridden in the KASAN tests.
> > > > > > Not everybody uses tools/testing/kunit/kunit_kernel.py and this seems
> > > > > > to be a mandatory part now. This means people will always hit this, be
> > > > > > confused, figure out they need to flip the value, and only then be
> > > > > > able to run kunit+kasan.
> > > > > >
> > > > > I agree. Is the best way to do this with "bool multishot =
> > > > > kasan_save_enable_multi_shot();"  and
> > > > > "kasan_restore_multi_shot(multishot);" inside test_kasan.c like what
> > > > > was done in the tests before?
> > > >
> > > > This will fix KASAN tests, but not non-KASAN tests running under KUNIT
> > > > and triggering KASAN reports.
> > > > You set kasan_multi_shot for all KUNIT tests. I am reading this as
> > > > that we don't want to abort on the first test that triggered a KASAN
> > > > report. Or not?
> > >
> > > I don't think I understand the question, but let me try to explain my
> > > thinking and see if that resonates with you. We know that the KASAN
> > > tests will require more than one report, and we want that. For most
> > > users, since a KASAN error can cause unexpected kernel behavior for
> > > anything after a KASAN error, it is best for just one unexpected KASAN
> > > error to be the only error printed to the user, unless they specify
> > > kasan-multi-shot. The way I understand it, the way to implement this
> > > is to use  "bool multishot = kasan_save_enable_multi_shot();"  and
> > > "kasan_restore_multi_shot(multishot);" around the KASAN tests so that
> > > kasan-multi-shot is temporarily enabled for the tests we expect
> > > multiple reports. I assume "kasan_restore_multi_shot(multishot);"
> > > restores the value to what the user input was so after the KASAN tests
> > > are finished, if the user did not specify kasan-multi-shot and an
> > > unexpected kasan error is reported, it will print the full report and
> > > only that first one. Is this understanding correct? If you have a
> > > better way of implementing this or a better expected behavior, I
> > > appreciate your thoughts.
> >
> > Everything you say is correct.
> > What I tried to point at is that this new behavior is different from
> > the original behavior of your change. Initially you added
> > kasan_multi_shot to command line for _all_ kunit tests (not just
> > KASAN). The question is: do we want kasan_multi_shot for non-KASAN
> > tests or not?
>
> Ah, yes. I thought your first comment was suggesting I change it from
> printing all KASAN tests by default because the intended behavior of
> KASAN is to only print the first report. I think I'll pose the
> question back to you. Do we want kasan_multi_shot for non-KASAN tests?
> For functionality sake, it is only required for the KASAN tests so
> this is more of a judgement call for the user experience.

Good question. I don't see strong arguments either way. So I guess we
can leave the current version (only for kasan tests) and wait when/if
somebody has real arguments. I wanted to point to change in behavior
and understand if it's intentional/accidental.

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-05  2:14         ` Patricia Alfonso
@ 2020-03-05  7:46           ` Alan Maguire
  2020-03-10 21:42             ` Brendan Higgins
  0 siblings, 1 reply; 33+ messages in thread
From: Alan Maguire @ 2020-03-05  7:46 UTC (permalink / raw)
  To: Patricia Alfonso
  Cc: Alan Maguire, Andrey Ryabinin, Dmitry Vyukov, Brendan Higgins,
	David Gow, Ingo Molnar, Peter Zijlstra, Juri Lelli,
	Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Wed, 4 Mar 2020, Patricia Alfonso wrote:

> On Tue, Mar 3, 2020 at 8:40 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> >
> > On Fri, 28 Feb 2020, Patricia Alfonso wrote:
> >
> > > On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> > > >
> > > > On Wed, 26 Feb 2020, Patricia Alfonso wrote:
> > > >
> > > > > Integrate KASAN into KUnit testing framework.
> > > >
> > > > This is a great idea! Some comments/suggestions below...
> > > >
> > >
> > > Thank you so much for your suggestions!
> > >
> >
> > No problem! Extending KUnit to test things like KASAN
> > is really valuable, as it shows us ways we can improve
> > the framework. More below...
> >
> > > > >  - Fail tests when KASAN reports an error that is not expected
> > > > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > > > >  - KUnit struct added to current task to keep track of the current test
> > > > > from KASAN code
> > > > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > > > >  report is found added to kunit struct
> > > > >  - This prints "line# has passed" or "line# has failed"
> > > > >
> > > > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > > > ---
> > > > > If anyone has any suggestions on how best to print the failure
> > > > > messages, please share!
> > > > >
> > > > > One issue I have found while testing this is the allocation fails in
> > > > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > > > does cause the test to fail on the KUnit side, as expected, but it
> > > > > seems to skip all the tests before this one because the output starts
> > > > > with this failure instead of with the first test, kmalloc_oob_right().
> > > > >
> > > > >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> > > > >  include/linux/sched.h               |  7 ++++++-
> > > > >  lib/kunit/test.c                    |  7 ++++++-
> > > > >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> > > > >  tools/testing/kunit/kunit_kernel.py |  2 +-
> > > > >  5 files changed, 56 insertions(+), 3 deletions(-)
> > > > >
> > > > > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > > > > index 2dfb550c6723..2e388f8937f3 100644
> > > > > --- a/include/kunit/test.h
> > > > > +++ b/include/kunit/test.h
> > > > > @@ -21,6 +21,8 @@ struct kunit_resource;
> > > > >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> > > > >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> > > > >
> > > > > +void kunit_set_failure(struct kunit *test);
> > > > > +
> > > > >  /**
> > > > >   * struct kunit_resource - represents a *test managed resource*
> > > > >   * @allocation: for the user to store arbitrary data.
> > > > > @@ -191,6 +193,9 @@ struct kunit {
> > > > >        * protect it with some type of lock.
> > > > >        */
> > > > >       struct list_head resources; /* Protected by lock. */
> > > > > +
> > > > > +     bool kasan_report_expected;
> > > > > +     bool kasan_report_found;
> > > > >  };
> > > > >
> > > >
> > > > Is this needed here? You're testing something pretty
> > > > specific so it seems wrong to add to the generic
> > > > kunit resource unless there's a good reason. I see the
> > > > code around setting these values in mm/kasan/report.c,
> > > > but I wonder if we could do something more generic.
> > > >
> > > > How about the concept of a static resource (assuming a
> > > > dynamically allocated one is out because it messes
> > > > with memory allocation tests)? Something like this:
> > > >
> > > > #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
> > > >         do {                                                            \
> > > >                 spin_lock(&test->lock);                                 \
> > > >                 (resource_ptr)->resource_field.init = NULL;             \
> > > >                 (resource_ptr)->resource_field.free = NULL;             \
> > > >                 list_add_tail(&(resource_ptr)->resource_field,          \
> > > >                               &test->resources);                        \
> > > >                 spin_unlock(&test->lock);                               \
> > > >         } while (0)
> > > >
> > > >
> > > > Within your kasan code you could then create a kasan-specific
> > > > structure that embends a kunit_resource, and contains the
> > > > values you need:
> > > >
> > > > struct kasan_report_resource {
> > > >         struct kunit_resource res;
> > > >         bool kasan_report_expected;
> > > >         bool kasan_report_found;
> > > > };
> > > >
> > > > (One thing we'd need to do for such static resources is fix
> > > > kunit_resource_free() to check if there's a free() function,
> > > > and if not assume a static resource)
> > > >
> > > > If you then create an init() function associated with your
> > > > kunit suite (which will be run for every case) it can do this:
> > > >
> > > > int kunit_kasan_test_init(struct kunit *test)
> > > > {
> > > >         kunit_add_static_resource(test, &my_kasan_report_resource, res);
> > > >         ...
> > > > }
> > > >
> > > > The above should also be used to initialize current->kasan_unit_test
> > > > instead of doing that in kunit_try_run_case().  With those
> > > > changes, you don't (I think) need to change anything in core
> > > > kunit (assuming support for static resources).
> > > >
> > > > To retrieve the resource during tests or in kasan context, the
> > > > method seems to be to use kunit_resource_find(). However, that
> > > > requires a match function which seems a bit heavyweight for the
> > > > static case.  We should probably have a default "find by name"
> > > > or similar function here, and add an optional "name" field
> > > > to kunit resources to simplify things.  Anyway here you'd
> > > > use something like:
> > > >
> > > >         kasan_report_resource = kunit_resource_find(test, matchfn,
> > > >                                                     NULL, matchdata);
> > > >
> > > >
> > > > Are there any barriers to taking this sort of approach (apart
> > > > from the support for static resources not being there yet)?
> > > >
> > >
> > > I'm not sure. I don't have any experience with kunit resources so I
> > > would have to put some more effort into understanding how this would
> > > work for myself. I wonder if this might be a bit of an over
> > > complicated way of eliminating an extraneous boolean... maybe we can
> > > find a simpler solution for the first version of this patch and add
> > > the notion of a static resource for generic use later.
> > >
> >
> > My personal preference would be to try and learn what's needed
> > by KASAN and improve the KUnit APIs so the next developer finds
> > life a bit easier. More hassle for you I know, but actual use cases
> > like this are invaluable for improving the API.  I've sent
> > out an RFC patchset which has the functionality I _think_ you
> > need but I may be missing something:
> >
> > https://lore.kernel.org/linux-kselftest/1583251361-12748-1-git-send-email-alan.maguire@oracle.com/T/#t
> >
> > The idea is your test can do something like this:
> >
> > struct kasan_data {
> >         bool report_expected;
> >         bool report_found;
> > };
> >
> >
> > my_kasan_test(struct kunit *test)
> > {
> >         struct kunit_resource resource;
> >         struct kasan_data kasan_data;
> >
> > ...
> >         // add our named resource using static resource/data
> >         kunit_add_named_resource(test, NULL, NULL, &resource,
> >                                  "kasan_data", &kasan_data);
> > ...
> >
> > }
> Does this require the user to set up this kasan_data resource in each
> KASAN test? Or can we set up the resource on the KUnit side whenever a
> user writes a test that expects a KASAN failure? I've been playing
> around with it and I can only seem to get it to work when I add the
> resource within the test, but I could be missing something.
> 

The current model of resources is they are associated with
the running state of a test for the lifetime of that test.
If it's a resource common to many/most tests, I'd suggest
creating an init() function for the associated suite; this
will get run prior to executing each test, and in it you
could initialize your resource. If the resource isn't
used in the test, it doesn't really matter so this might be
the simplest way to handle things:

struct kasan_data {
         bool report_expected;
         bool report_found;
};

struct kasan_data kasan_data;
struct kunit_resource resource;

kasan_init(struct kunit *test)
{                                

         // add our named resource using static resource/data
         kunit_add_named_resource(test, NULL, NULL, &resource,
                                  "kasan_data", &kasan_data);

	return 0;
}

static struct kunit_suite kasan_suite = {
	.name = "kasan",
	.init = kasan_init,
	...
};


This all presumes however that KASAN will only need access to the
resource during the lifetime of each test.  There's currently
no concept of free-floating resources outside of test execution
context.

Alan

> >
> > (The NULLs in the function arguments above reflect the fact we
> > don't require initialization or cleanup for such static resources)
> >
> > Then, in KASAN context you can look the above resource up like so:
> >
> >         struct kunit_resource *resource;
> >         struct kasan_data *kasan_data;
> >
> >         resource = kunit_find_named_resource(test, "kasan_data");
> >         kasan_data = resource->data;
> >
> >         // when finished, reduce reference count on resource
> >         kunit_put_resource(resource);
> >
> > Does that work for your use case?
> >
> > > > >  void kunit_init_test(struct kunit *test, const char *name);
> > > > > @@ -941,6 +946,25 @@ do {                                                                            \
> > > > >                                               ptr,                           \
> > > > >                                               NULL)
> > > > >
> > > > > +/**
> > > > > + * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> > > > > + * not cause a KASAN error.
> > > > > + *
> > > > > + */
> > > > > +#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do {        \
> > > > > +     test->kasan_report_expected = true;     \
> > > > > +     test->kasan_report_found = false; \
> > > > > +     condition; \
> > > > > +     if (test->kasan_report_found == test->kasan_report_expected) { \
> > > > > +             pr_info("%d has passed", __LINE__); \
> > > > > +     } else { \
> > > > > +             kunit_set_failure(test); \
> > > > > +             pr_info("%d has failed", __LINE__); \
> > > > > +     } \
> > > > > +     test->kasan_report_expected = false;    \
> > > > > +     test->kasan_report_found = false;       \
> > > > > +} while (0)
> > > > > +
> > > >
> > > > Feels like this belongs in test_kasan.c, and could be reworked
> > > > to avoid adding test->kasan_report_[expected|found] as described
> > > > above.
> > >
> > > You're right. Since I don't see any reason why any other tests should
> > > want to expect a KASAN error, it does make sense to move this logic
> > > inside test_kasan.c. If, in the future, there is a need for this
> > > elsewhere, we can always move it back then.
> > >
> > > >  Instead of having your own pass/fail logic couldn't you
> > > > do this:
> > > >
> > > >         KUNIT_EXPECT_EQ(test, expected, found);
> > > >
> > > > ? That will set the failure state too so no need to export
> > > > a separate function for that, and no need to log anything
> > > > as KUNIT_EXPECT_EQ() should do that for you.
> > > >
> > >
> > > This is a great idea - I feel a little silly that I didn't think of
> > > that myself! Do we think the failure message for the KUNIT_EXPECT_EQ()
> > > would be sufficient for KASAN developers?
> > > i.e. "Expected kasan_report_expected == kasan_report_found, but
> > > kasan_report_expected == true
> > > kasan_report_found == false"
> > >
> >
> > I guess the missing piece above is the line number where
> > the test failure was encountered, is that the concern?
> >
> > > > >  /**
> > > > >   * KUNIT_EXPECT_TRUE() - Causes a test failure when the expression is not true.
> > > > >   * @test: The test context object.
> > > > > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > > > > index 04278493bf15..db23d56061e7 100644
> > > > > --- a/include/linux/sched.h
> > > > > +++ b/include/linux/sched.h
> > > > > @@ -32,6 +32,8 @@
> > > > >  #include <linux/posix-timers.h>
> > > > >  #include <linux/rseq.h>
> > > > >
> > > > > +#include <kunit/test.h>
> > > > > +
> > > >
> > > > This feels like the wrong place to add this #include, and
> > > > when I attempted to build to test I ran into a bunch of
> > > > compilation errors; for example:
> > > >
> > > >  CC      kernel/sched/core.o
> > > > In file included from ./include/linux/uaccess.h:11,
> > > >                  from ./arch/x86/include/asm/fpu/xstate.h:5,
> > > >                  from ./arch/x86/include/asm/pgtable.h:26,
> > > >                  from ./include/linux/kasan.h:16,
> > > >                  from ./include/linux/slab.h:136,
> > > >                  from ./include/kunit/test.h:16,
> > > >                  from ./include/linux/sched.h:35,
> > > >                  from init/do_mounts.c:3:
> > > > ./arch/x86/include/asm/uaccess.h: In function 'set_fs':
> > > > ./arch/x86/include/asm/uaccess.h:32:9: error: dereferencing pointer to
> > > > incomplete type 'struct task_struct'
> > > >   current->thread.addr_limit = fs;
> > > >
> > > > (I'm testing with CONFIG_SLUB). Removing this #include
> > > > resolves these errors, but then causes problems for
> > > > lib/test_kasan.c. I'll dig around a bit more.
> > > >
> > >
> > > Yes, I was only testing with UML. Removing that #include fixed the
> > > problem for me for both x86 and UML. Could you share more about the
> > > errors you have encountered in lib/test_kasan.c?
> > >
> >
> > I'll try this again and send details.
> >
> > I think broadly the issue is that if we #include kunit headers
> > in the kasan headers, we end up creating all kinds of problems
> > for ourselves, since the kasan headers are in turn included
> > in so many places (including the kunit headers themselves, since
> > kunit uses memory allocation APIs). I suspect the way forward is
> > to try and ensure that we don't utilize the kunit headers in any
> > of the kasan headers, but rather just include kunit headers
> > in test_kasan.c, and any other kasan .c files we need KUnit APIs
> > for. Not sure if that's possible, but it's likely the best way to
> > go if it is.
> >
> > > > >  /* task_struct member predeclarations (sorted alphabetically): */
> > > > >  struct audit_context;
> > > > >  struct backing_dev_info;
> > > > > @@ -1178,7 +1180,10 @@ struct task_struct {
> > > > >
> > > > >  #ifdef CONFIG_KASAN
> > > > >       unsigned int                    kasan_depth;
> > > > > -#endif
> > > > > +#ifdef CONFIG_KUNIT
> > > > > +     struct kunit *kasan_kunit_test;
> > > > > +#endif /* CONFIG_KUNIT */
> > > > > +#endif /* CONFIG_KASAN */
> > > > >
> > > > >  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
> > > > >       /* Index of current stored address in ret_stack: */
> > > > > diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> > > > > index 9242f932896c..d266b9495c67 100644
> > > > > --- a/lib/kunit/test.c
> > > > > +++ b/lib/kunit/test.c
> > > > > @@ -9,11 +9,12 @@
> > > > >  #include <kunit/test.h>
> > > > >  #include <linux/kernel.h>
> > > > >  #include <linux/sched/debug.h>
> > > > > +#include <linux/sched.h>
> > > > >
> > > > >  #include "string-stream.h"
> > > > >  #include "try-catch-impl.h"
> > > > >
> > > > > -static void kunit_set_failure(struct kunit *test)
> > > > > +void kunit_set_failure(struct kunit *test)
> > > > >  {
> > > > >       WRITE_ONCE(test->success, false);
> > > > >  }
> > > > > @@ -236,6 +237,10 @@ static void kunit_try_run_case(void *data)
> > > > >       struct kunit_suite *suite = ctx->suite;
> > > > >       struct kunit_case *test_case = ctx->test_case;
> > > > >
> > > > > +#ifdef CONFIG_KASAN
> > > > > +     current->kasan_kunit_test = test;
> > > > > +#endif
> > > > > +
> > > > >       /*
> > > > >        * kunit_run_case_internal may encounter a fatal error; if it does,
> > > > >        * abort will be called, this thread will exit, and finally the parent
> > > > > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > > > > index 5ef9f24f566b..5554d23799a5 100644
> > > > > --- a/mm/kasan/report.c
> > > > > +++ b/mm/kasan/report.c
> > > > > @@ -32,6 +32,8 @@
> > > > >
> > > > >  #include <asm/sections.h>
> > > > >
> > > > > +#include <kunit/test.h>
> > > > > +
> > > > >  #include "kasan.h"
> > > > >  #include "../slab.h"
> > > > >
> > > > > @@ -461,6 +463,15 @@ void kasan_report_invalid_free(void *object, unsigned long ip)
> > > > >       u8 tag = get_tag(object);
> > > > >
> > > > >       object = reset_tag(object);
> > > > > +
> > > > > +     if (current->kasan_kunit_test) {
> > > > > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > > > > +                     current->kasan_kunit_test->kasan_report_found = true;
> > > > > +                     return;
> > > > > +             }
> > > > > +             kunit_set_failure(current->kasan_kunit_test);
> > > > > +     }
> > > > > +
> > > > >       start_report(&flags);
> > > > >       pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", (void *)ip);
> > > > >       print_tags(tag, object);
> > > > > @@ -481,6 +492,14 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
> > > > >       if (likely(!report_enabled()))
> > > > >               return;
> > > > >
> > > > > +     if (current->kasan_kunit_test) {
> > > > > +             if (current->kasan_kunit_test->kasan_report_expected) {
> > > > > +                     current->kasan_kunit_test->kasan_report_found = true;
> > > > > +                     return;
> > > > > +             }
> > > > > +             kunit_set_failure(current->kasan_kunit_test);
> > > > > +     }
> > > > > +
> > > > >       disable_trace_on_warning();
> > > > >
> > > > >       tagged_addr = (void *)addr;
> > > > > diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py
> > > > > index cc5d844ecca1..63eab18a8c34 100644
> > > > > --- a/tools/testing/kunit/kunit_kernel.py
> > > > > +++ b/tools/testing/kunit/kunit_kernel.py
> > > > > @@ -141,7 +141,7 @@ class LinuxSourceTree(object):
> > > > >               return True
> > > > >
> > > > >       def run_kernel(self, args=[], timeout=None, build_dir=''):
> > > > > -             args.extend(['mem=256M'])
> > > > > +             args.extend(['mem=256M', 'kasan_multi_shot'])
> > > > >               process = self._ops.linux_bin(args, timeout, build_dir)
> > > > >               with open(os.path.join(build_dir, 'test.log'), 'w') as f:
> > > > >                       for line in process.stdout:
> > > >
> > > > I tried applying this to the "kunit" branch of linux-kselftest, and
> > > > the above failed. Which branch are you building with? Probably
> > > > best to use the kunit branch I think. Thanks!
> > > >
> > > I believe I am on Torvalds/master. There was some debate as to which
> > > branch I should be developing on when I started, but it probably makes
> > > sense for me to move to the "kunit" branch.
> > >
> >
> > I think for this case - given that we may need some new KUnit
> > functionality - that would be best. Thanks!
> >
> > Alan
> >
> > > > Alan
> > > >
> > > > > --
> > > > > 2.25.0.265.gbab2e86ba0-goog
> > > > >
> > > > >
> > >
> > > --
> > > Thank you for all your comments!
> > > Patricia Alfonso
> > >
> 
> 
> 
> -- 
> 
> Patricia Alfonso
> Software Engineer
> trishalfonso@google.com
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 1/2] Port KASAN Tests to KUnit
  2020-02-27 14:19 ` Dmitry Vyukov
  2020-02-29  1:56   ` Patricia Alfonso
@ 2020-03-06 23:58   ` Patricia Alfonso
  1 sibling, 0 replies; 33+ messages in thread
From: Patricia Alfonso @ 2020-03-06 23:58 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Andrey Ryabinin, Brendan Higgins, David Gow, Ingo Molnar,
	Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, kunit-dev

On Thu, Feb 27, 2020 at 6:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> .On Thu, Feb 27, 2020 at 3:44 AM Patricia Alfonso
> <trishalfonso@google.com> wrote:
> >
> > Transfer all previous tests for KASAN to KUnit so they can be run
> > more easily. With proper KASAN integration into KUnit, developers can
> > run these tests with their other KUnit tests and see "pass" or "fail"
> > with the appropriate KASAN report instead of needing to parse each KASAN
> > report to test KASAN functionalities.
> >
> > Stack tests do not work in UML so those tests are protected inside an
> > "#if (CONFIG_KASAN_STACK == 1)" so this only runs if stack
> > instrumentation is enabled.
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---

> >
> > -static noinline void __init kasan_bitops(void)
> > +static noinline void kasan_bitops(void)
> >  {
> >         /*
> >          * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
> > @@ -676,70 +598,52 @@ static noinline void __init kasan_bitops(void)
> >          * below accesses are still out-of-bounds, since bitops are defined to
> >          * operate on the whole long the bit is in.
> >          */
> > -       pr_info("out-of-bounds in set_bit\n");
> >         set_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __set_bit\n");
> >         __set_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in clear_bit\n");
> >         clear_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __clear_bit\n");
> >         __clear_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in clear_bit_unlock\n");
> >         clear_bit_unlock(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __clear_bit_unlock\n");
> >         __clear_bit_unlock(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in change_bit\n");
> >         change_bit(BITS_PER_LONG, bits);
> >
> > -       pr_info("out-of-bounds in __change_bit\n");
> >         __change_bit(BITS_PER_LONG, bits);
> >
> >         /*
> >          * Below calls try to access bit beyond allocated memory.
> >          */
> > -       pr_info("out-of-bounds in test_and_set_bit\n");
> >         test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_set_bit\n");
> >         __test_and_set_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_set_bit_lock\n");
> >         test_and_set_bit_lock(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_clear_bit\n");
> >         test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_clear_bit\n");
> >         __test_and_clear_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_and_change_bit\n");
> >         test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in __test_and_change_bit\n");
> >         __test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> > -       pr_info("out-of-bounds in test_bit\n");
> >         (void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >
> >  #if defined(clear_bit_unlock_is_negative_byte)
> > -       pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
> >         clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
> >  #endif
> >         kfree(bits);
> >  }
> >
> > -static noinline void __init kmalloc_double_kzfree(void)
> > +static noinline void kmalloc_double_kzfree(void)
>
> Since it seems we will need v2, it will help if you move these
> mechanical diffs to a separate patch. I mean removal of __init and
> pr_info. These produce lots of changes and it's hard to separate out
> more meaningful changes from this mechanical noise.
>
While making changes, I have edited enough where I don't think
separating out the __init and pr_info changes will make much of a
difference with readability of the patch. Making
KUNIT_EXPECT_KASAN_FAIL local to the test requires changes in those
same lines. If this is still a problem in v2 and you see a clean way
to separate the changes, I'd be happy to fix it for the next version.

> >  {
> >         char *ptr;
> >         size_t size = 16;
> >
> > -       pr_info("double-free (kzfree)\n");
> >         ptr = kmalloc(size, GFP_KERNEL);
> >         if (!ptr) {
> >                 pr_err("Allocation failed\n");
> > @@ -750,29 +654,130 @@ static noinline void __init kmalloc_double_kzfree(void)
> >         kzfree(ptr);
> >  }
> >
> > -#ifdef CONFIG_KASAN_VMALLOC
> > -static noinline void __init vmalloc_oob(void)
> > +static void kunit_test_oob(struct kunit *test)
> > +{
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_right());
>
> I think the 2 patches need to be reordered. This
> KUNIT_EXPECT_KASAN_FAIL is introduced only in the next patch. This
> will break build during bisections.
>
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_left());
>
> I am wondering if it makes sense to have the "KASAN_FAIL" part be part
> of the test itself. It will make the test and assertion local to each
> other. I hope later we will add some negative tests as well (without
> kasan errors), then people will start copy-pasting these macros and
> it's possible I copy-paste macro that checks that the test does not
> produce kasan error for my test, which I actually want the macro that
> checks for report. Then if my test does not fail, it will be
> unnoticed. I may be good to have assertion local to the test itself.
> Thoughts?
>
Absolutely! I don't think I fully understood this comment in my first
response, but as I mentioned above I have been making the
KUNIT_EXPECT_KASAN_FAIL local to each test. I'll send out v2 soon but
just as an example, this is what kmalloc_oob_right() will look like:
static void kmalloc_oob_right(struct kunit *test)
{
char *ptr;
size_t size = 123;

ptr = kmalloc(size, GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);

KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 'x');
kfree(ptr);
}

This way, the expectation is for the exact condition that is expected
to cause the failure, and the ASSERT has replaced
         if (!ptr) {
                 pr_err("Allocation failed\n");
         }
This will cause the test case to fail and immediately abort if ptr is NULL.

> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_node_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_large_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_more());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_krealloc_less());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_16());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_in_memset());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_2());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_4());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_8());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_oob_memset_16());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_global_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, ksize_unpoisons_memory());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memchr());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_memcmp());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_strings());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_bitops());
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_oob_right());
> > +#endif /* CONFIG_SLUB */
> > +
> > +#if (CONFIG_KASAN_STACK == 1)
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_stack_oob());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_right());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kasan_alloca_oob_left());
> > +#endif /*CONFIG_KASAN_STACK*/
> > +}
> > +
> > +static void kunit_test_uaf(struct kunit *test)
> > +{
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_uaf());
> > +#endif
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf_memset());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_uaf2());
> > +}
> > +
> > +static void kunit_test_invalid_free(struct kunit *test)
> >  {
> > -       void *area;
> > +#ifdef CONFIG_SLUB
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_pagealloc_invalid_free());
> > +#endif
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_invalid_free());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_double_free());
> > +       KUNIT_EXPECT_KASAN_FAIL(test, kmalloc_double_kzfree());
> > +}
> >
> > -       pr_info("vmalloc out-of-bounds\n");
> > +static void kunit_test_false_positives(struct kunit *test)
> > +{
> > +       kfree_via_page();
> > +       kfree_via_phys();
> > +}
> >
> > -       /*
> > -        * We have to be careful not to hit the guard page.
> > -        * The MMU will catch that and crash us.
> > -        */
> > -       area = vmalloc(3000);
> > -       if (!area) {
> > -               pr_err("Allocation failed\n");
> > +static void kunit_test_memcg(struct kunit *test)
> > +{
> > +       memcg_accounted_kmem_cache();
> > +}
> > +
> > +static struct kunit_case kasan_kunit_test_cases[] = {
> > +       KUNIT_CASE(kunit_test_oob),
> > +       KUNIT_CASE(kunit_test_uaf),
> > +       KUNIT_CASE(kunit_test_invalid_free),
> > +       KUNIT_CASE(kunit_test_false_positives),
> > +       KUNIT_CASE(kunit_test_memcg),
> > +       {}
> > +};
> > +
> > +static struct kunit_suite kasan_kunit_test_suite = {
> > +       .name = "kasan_kunit_test",
> > +       .test_cases = kasan_kunit_test_cases,
> > +};
> > +
> > +kunit_test_suite(kasan_kunit_test_suite);
> > +
> > +#if IS_MODULE(CONFIG_TEST_KASAN)
> > +static noinline void __init copy_user_test(void)
> > +{
> > +       char *kmem;
> > +       char __user *usermem;
> > +       size_t size = 10;
> > +       int unused;
> > +
> > +       kmem = kmalloc(size, GFP_KERNEL);
> > +       if (!kmem)
> > +               return;
> > +
> > +       usermem = (char __user *)vm_mmap(NULL, 0, PAGE_SIZE,
> > +                           PROT_READ | PROT_WRITE | PROT_EXEC,
> > +                           MAP_ANONYMOUS | MAP_PRIVATE, 0);
> > +       if (IS_ERR(usermem)) {
> > +               pr_err("Failed to allocate user memory\n");
> > +               kfree(kmem);
> >                 return;
> >         }
> >
> > -       ((volatile char *)area)[3100];
> > -       vfree(area);
> > +       pr_info("out-of-bounds in copy_from_user()\n");
> > +       unused = copy_from_user(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in copy_to_user()\n");
> > +       unused = copy_to_user(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_from_user()\n");
> > +       unused = __copy_from_user(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_to_user()\n");
> > +       unused = __copy_to_user(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_from_user_inatomic()\n");
> > +       unused = __copy_from_user_inatomic(kmem, usermem, size + 1);
> > +
> > +       pr_info("out-of-bounds in __copy_to_user_inatomic()\n");
> > +       unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
> > +
> > +       pr_info("out-of-bounds in strncpy_from_user()\n");
> > +       unused = strncpy_from_user(kmem, usermem, size + 1);
> > +
> > +       vm_munmap((unsigned long)usermem, PAGE_SIZE);
> > +       kfree(kmem);
> >  }
> > -#else
> > -static void __init vmalloc_oob(void) {}
> > -#endif
> >
> >  static int __init kmalloc_tests_init(void)
> >  {
> > @@ -782,44 +787,7 @@ static int __init kmalloc_tests_init(void)
> >          */
> >         bool multishot = kasan_save_enable_multi_shot();
> >
> > -       kmalloc_oob_right();
> > -       kmalloc_oob_left();
> > -       kmalloc_node_oob_right();
> > -#ifdef CONFIG_SLUB
> > -       kmalloc_pagealloc_oob_right();
> > -       kmalloc_pagealloc_uaf();
> > -       kmalloc_pagealloc_invalid_free();
> > -#endif
> > -       kmalloc_large_oob_right();
> > -       kmalloc_oob_krealloc_more();
> > -       kmalloc_oob_krealloc_less();
> > -       kmalloc_oob_16();
> > -       kmalloc_oob_in_memset();
> > -       kmalloc_oob_memset_2();
> > -       kmalloc_oob_memset_4();
> > -       kmalloc_oob_memset_8();
> > -       kmalloc_oob_memset_16();
> > -       kmalloc_uaf();
> > -       kmalloc_uaf_memset();
> > -       kmalloc_uaf2();
> > -       kfree_via_page();
> > -       kfree_via_phys();
> > -       kmem_cache_oob();
> > -       memcg_accounted_kmem_cache();
> > -       kasan_stack_oob();
> > -       kasan_global_oob();
> > -       kasan_alloca_oob_left();
> > -       kasan_alloca_oob_right();
> > -       ksize_unpoisons_memory();
> >         copy_user_test();
> > -       kmem_cache_double_free();
> > -       kmem_cache_invalid_free();
> > -       kasan_memchr();
> > -       kasan_memcmp();
> > -       kasan_strings();
> > -       kasan_bitops();
> > -       kmalloc_double_kzfree();
> > -       vmalloc_oob();
> >
> >         kasan_restore_multi_shot(multishot);
> >
> > @@ -827,4 +795,4 @@ static int __init kmalloc_tests_init(void)
> >  }
> >
> >  module_init(kmalloc_tests_init);
> > -MODULE_LICENSE("GPL");
> > +#endif /* IS_MODULE(CONFIG_TEST_KASAN) */
> > --
> > 2.25.0.265.gbab2e86ba0-goog
> >



-- 
Best,
Patricia Alfonso

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-02-27 14:04   ` Alan Maguire
  2020-02-29  0:46     ` Patricia Alfonso
@ 2020-03-10 21:39     ` Brendan Higgins
  2020-03-10 21:39       ` Brendan Higgins
  1 sibling, 1 reply; 33+ messages in thread
From: Brendan Higgins @ 2020-03-10 21:39 UTC (permalink / raw)
  To: Alan Maguire
  Cc: Patricia Alfonso, Andrey Ryabinin, Dmitry Vyukov, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot,
	Linux Kernel Mailing List, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, KUnit Development

On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:

Sorry for the delay in reviews. I have been preoccupied by some Google
internal stuff.

> On Wed, 26 Feb 2020, Patricia Alfonso wrote:
>
> > Integrate KASAN into KUnit testing framework.
>
> This is a great idea! Some comments/suggestions below...
>
> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > If anyone has any suggestions on how best to print the failure
> > messages, please share!
> >
> > One issue I have found while testing this is the allocation fails in
> > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > does cause the test to fail on the KUnit side, as expected, but it
> > seems to skip all the tests before this one because the output starts
> > with this failure instead of with the first test, kmalloc_oob_right().
> >
> >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> >  include/linux/sched.h               |  7 ++++++-
> >  lib/kunit/test.c                    |  7 ++++++-
> >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> >  tools/testing/kunit/kunit_kernel.py |  2 +-
> >  5 files changed, 56 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > index 2dfb550c6723..2e388f8937f3 100644
> > --- a/include/kunit/test.h
> > +++ b/include/kunit/test.h
> > @@ -21,6 +21,8 @@ struct kunit_resource;
> >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> >
> > +void kunit_set_failure(struct kunit *test);
> > +
> >  /**
> >   * struct kunit_resource - represents a *test managed resource*
> >   * @allocation: for the user to store arbitrary data.
> > @@ -191,6 +193,9 @@ struct kunit {
> >        * protect it with some type of lock.
> >        */
> >       struct list_head resources; /* Protected by lock. */
> > +
> > +     bool kasan_report_expected;
> > +     bool kasan_report_found;
> >  };
> >
>
> Is this needed here? You're testing something pretty
> specific so it seems wrong to add to the generic
> kunit resource unless there's a good reason. I see the
> code around setting these values in mm/kasan/report.c,
> but I wonder if we could do something more generic.
>
> How about the concept of a static resource (assuming a
> dynamically allocated one is out because it messes
> with memory allocation tests)? Something like this:
>
> #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
>         do {                                                            \
>                 spin_lock(&test->lock);                                 \
>                 (resource_ptr)->resource_field.init = NULL;             \
>                 (resource_ptr)->resource_field.free = NULL;             \
>                 list_add_tail(&(resource_ptr)->resource_field,          \
>                               &test->resources);                        \
>                 spin_unlock(&test->lock);                               \
>         } while (0)
>
>
> Within your kasan code you could then create a kasan-specific
> structure that embends a kunit_resource, and contains the
> values you need:
>
> struct kasan_report_resource {
>         struct kunit_resource res;
>         bool kasan_report_expected;
>         bool kasan_report_found;
> };
>
> (One thing we'd need to do for such static resources is fix
> kunit_resource_free() to check if there's a free() function,
> and if not assume a static resource)
>
> If you then create an init() function associated with your
> kunit suite (which will be run for every case) it can do this:
>
> int kunit_kasan_test_init(struct kunit *test)
> {
>         kunit_add_static_resource(test, &my_kasan_report_resource, res);
>         ...
> }
>
> The above should also be used to initialize current->kasan_unit_test
> instead of doing that in kunit_try_run_case().  With those
> changes, you don't (I think) need to change anything in core
> kunit (assuming support for static resources).
>
> To retrieve the resource during tests or in kasan context, the
> method seems to be to use kunit_resource_find(). However, that
> requires a match function which seems a bit heavyweight for the
> static case.  We should probably have a default "find by name"
> or similar function here, and add an optional "name" field
> to kunit resources to simplify things.  Anyway here you'd
> use something like:
>
>         kasan_report_resource = kunit_resource_find(test, matchfn,
>                                                     NULL, matchdata);
>
>
> Are there any barriers to taking this sort of approach (apart
> from the support for static resources not being there yet)?

This is a really interesting idea, Alan! I never imagined
kunit_resources being used this way, and I like it. I saw you sent
some patches to implement this stuff, so I will withhold further
comments on that here.

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-10 21:39     ` Brendan Higgins
@ 2020-03-10 21:39       ` Brendan Higgins
  0 siblings, 0 replies; 33+ messages in thread
From: Brendan Higgins @ 2020-03-10 21:39 UTC (permalink / raw)
  To: Alan Maguire
  Cc: Patricia Alfonso, Andrey Ryabinin, Dmitry Vyukov, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot,
	Linux Kernel Mailing List, kasan-dev,
	open list:KERNEL SELFTEST FRAMEWORK, KUnit Development

On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:

Sorry for the delay in reviews. I have been preoccupied by some Google
internal stuff.

> On Wed, 26 Feb 2020, Patricia Alfonso wrote:
>
> > Integrate KASAN into KUnit testing framework.
>
> This is a great idea! Some comments/suggestions below...
>
> >  - Fail tests when KASAN reports an error that is not expected
> >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> >  - KUnit struct added to current task to keep track of the current test
> > from KASAN code
> >  - Booleans representing if a KASAN report is expected and if a KASAN
> >  report is found added to kunit struct
> >  - This prints "line# has passed" or "line# has failed"
> >
> > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > ---
> > If anyone has any suggestions on how best to print the failure
> > messages, please share!
> >
> > One issue I have found while testing this is the allocation fails in
> > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > does cause the test to fail on the KUnit side, as expected, but it
> > seems to skip all the tests before this one because the output starts
> > with this failure instead of with the first test, kmalloc_oob_right().
> >
> >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> >  include/linux/sched.h               |  7 ++++++-
> >  lib/kunit/test.c                    |  7 ++++++-
> >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> >  tools/testing/kunit/kunit_kernel.py |  2 +-
> >  5 files changed, 56 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > index 2dfb550c6723..2e388f8937f3 100644
> > --- a/include/kunit/test.h
> > +++ b/include/kunit/test.h
> > @@ -21,6 +21,8 @@ struct kunit_resource;
> >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> >
> > +void kunit_set_failure(struct kunit *test);
> > +
> >  /**
> >   * struct kunit_resource - represents a *test managed resource*
> >   * @allocation: for the user to store arbitrary data.
> > @@ -191,6 +193,9 @@ struct kunit {
> >        * protect it with some type of lock.
> >        */
> >       struct list_head resources; /* Protected by lock. */
> > +
> > +     bool kasan_report_expected;
> > +     bool kasan_report_found;
> >  };
> >
>
> Is this needed here? You're testing something pretty
> specific so it seems wrong to add to the generic
> kunit resource unless there's a good reason. I see the
> code around setting these values in mm/kasan/report.c,
> but I wonder if we could do something more generic.
>
> How about the concept of a static resource (assuming a
> dynamically allocated one is out because it messes
> with memory allocation tests)? Something like this:
>
> #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
>         do {                                                            \
>                 spin_lock(&test->lock);                                 \
>                 (resource_ptr)->resource_field.init = NULL;             \
>                 (resource_ptr)->resource_field.free = NULL;             \
>                 list_add_tail(&(resource_ptr)->resource_field,          \
>                               &test->resources);                        \
>                 spin_unlock(&test->lock);                               \
>         } while (0)
>
>
> Within your kasan code you could then create a kasan-specific
> structure that embends a kunit_resource, and contains the
> values you need:
>
> struct kasan_report_resource {
>         struct kunit_resource res;
>         bool kasan_report_expected;
>         bool kasan_report_found;
> };
>
> (One thing we'd need to do for such static resources is fix
> kunit_resource_free() to check if there's a free() function,
> and if not assume a static resource)
>
> If you then create an init() function associated with your
> kunit suite (which will be run for every case) it can do this:
>
> int kunit_kasan_test_init(struct kunit *test)
> {
>         kunit_add_static_resource(test, &my_kasan_report_resource, res);
>         ...
> }
>
> The above should also be used to initialize current->kasan_unit_test
> instead of doing that in kunit_try_run_case().  With those
> changes, you don't (I think) need to change anything in core
> kunit (assuming support for static resources).
>
> To retrieve the resource during tests or in kasan context, the
> method seems to be to use kunit_resource_find(). However, that
> requires a match function which seems a bit heavyweight for the
> static case.  We should probably have a default "find by name"
> or similar function here, and add an optional "name" field
> to kunit resources to simplify things.  Anyway here you'd
> use something like:
>
>         kasan_report_resource = kunit_resource_find(test, matchfn,
>                                                     NULL, matchdata);
>
>
> Are there any barriers to taking this sort of approach (apart
> from the support for static resources not being there yet)?

This is a really interesting idea, Alan! I never imagined
kunit_resources being used this way, and I like it. I saw you sent
some patches to implement this stuff, so I will withhold further
comments on that here.


^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-05  7:46           ` Alan Maguire
@ 2020-03-10 21:42             ` Brendan Higgins
  2020-03-10 21:42               ` Brendan Higgins
  0 siblings, 1 reply; 33+ messages in thread
From: Brendan Higgins @ 2020-03-10 21:42 UTC (permalink / raw)
  To: Alan Maguire
  Cc: Patricia Alfonso, Andrey Ryabinin, Dmitry Vyukov, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK,
	KUnit Development

On Wed, Mar 4, 2020 at 11:47 PM Alan Maguire <alan.maguire@oracle.com> wrote:
>
> On Wed, 4 Mar 2020, Patricia Alfonso wrote:
>
> > On Tue, Mar 3, 2020 at 8:40 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> > >
> > > On Fri, 28 Feb 2020, Patricia Alfonso wrote:
> > >
> > > > On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> > > > >
> > > > > On Wed, 26 Feb 2020, Patricia Alfonso wrote:
> > > > >
> > > > > > Integrate KASAN into KUnit testing framework.
> > > > >
> > > > > This is a great idea! Some comments/suggestions below...
> > > > >
> > > >
> > > > Thank you so much for your suggestions!
> > > >
> > >
> > > No problem! Extending KUnit to test things like KASAN
> > > is really valuable, as it shows us ways we can improve
> > > the framework. More below...
> > >
> > > > > >  - Fail tests when KASAN reports an error that is not expected
> > > > > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > > > > >  - KUnit struct added to current task to keep track of the current test
> > > > > > from KASAN code
> > > > > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > > > > >  report is found added to kunit struct
> > > > > >  - This prints "line# has passed" or "line# has failed"
> > > > > >
> > > > > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > > > > ---
> > > > > > If anyone has any suggestions on how best to print the failure
> > > > > > messages, please share!
> > > > > >
> > > > > > One issue I have found while testing this is the allocation fails in
> > > > > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > > > > does cause the test to fail on the KUnit side, as expected, but it
> > > > > > seems to skip all the tests before this one because the output starts
> > > > > > with this failure instead of with the first test, kmalloc_oob_right().
> > > > > >
> > > > > >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> > > > > >  include/linux/sched.h               |  7 ++++++-
> > > > > >  lib/kunit/test.c                    |  7 ++++++-
> > > > > >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> > > > > >  tools/testing/kunit/kunit_kernel.py |  2 +-
> > > > > >  5 files changed, 56 insertions(+), 3 deletions(-)
> > > > > >
> > > > > > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > > > > > index 2dfb550c6723..2e388f8937f3 100644
> > > > > > --- a/include/kunit/test.h
> > > > > > +++ b/include/kunit/test.h
> > > > > > @@ -21,6 +21,8 @@ struct kunit_resource;
> > > > > >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> > > > > >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> > > > > >
> > > > > > +void kunit_set_failure(struct kunit *test);
> > > > > > +
> > > > > >  /**
> > > > > >   * struct kunit_resource - represents a *test managed resource*
> > > > > >   * @allocation: for the user to store arbitrary data.
> > > > > > @@ -191,6 +193,9 @@ struct kunit {
> > > > > >        * protect it with some type of lock.
> > > > > >        */
> > > > > >       struct list_head resources; /* Protected by lock. */
> > > > > > +
> > > > > > +     bool kasan_report_expected;
> > > > > > +     bool kasan_report_found;
> > > > > >  };
> > > > > >
> > > > >
> > > > > Is this needed here? You're testing something pretty
> > > > > specific so it seems wrong to add to the generic
> > > > > kunit resource unless there's a good reason. I see the
> > > > > code around setting these values in mm/kasan/report.c,
> > > > > but I wonder if we could do something more generic.
> > > > >
> > > > > How about the concept of a static resource (assuming a
> > > > > dynamically allocated one is out because it messes
> > > > > with memory allocation tests)? Something like this:
> > > > >
> > > > > #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
> > > > >         do {                                                            \
> > > > >                 spin_lock(&test->lock);                                 \
> > > > >                 (resource_ptr)->resource_field.init = NULL;             \
> > > > >                 (resource_ptr)->resource_field.free = NULL;             \
> > > > >                 list_add_tail(&(resource_ptr)->resource_field,          \
> > > > >                               &test->resources);                        \
> > > > >                 spin_unlock(&test->lock);                               \
> > > > >         } while (0)
> > > > >
> > > > >
> > > > > Within your kasan code you could then create a kasan-specific
> > > > > structure that embends a kunit_resource, and contains the
> > > > > values you need:
> > > > >
> > > > > struct kasan_report_resource {
> > > > >         struct kunit_resource res;
> > > > >         bool kasan_report_expected;
> > > > >         bool kasan_report_found;
> > > > > };
> > > > >
> > > > > (One thing we'd need to do for such static resources is fix
> > > > > kunit_resource_free() to check if there's a free() function,
> > > > > and if not assume a static resource)
> > > > >
> > > > > If you then create an init() function associated with your
> > > > > kunit suite (which will be run for every case) it can do this:
> > > > >
> > > > > int kunit_kasan_test_init(struct kunit *test)
> > > > > {
> > > > >         kunit_add_static_resource(test, &my_kasan_report_resource, res);
> > > > >         ...
> > > > > }
> > > > >
> > > > > The above should also be used to initialize current->kasan_unit_test
> > > > > instead of doing that in kunit_try_run_case().  With those
> > > > > changes, you don't (I think) need to change anything in core
> > > > > kunit (assuming support for static resources).
> > > > >
> > > > > To retrieve the resource during tests or in kasan context, the
> > > > > method seems to be to use kunit_resource_find(). However, that
> > > > > requires a match function which seems a bit heavyweight for the
> > > > > static case.  We should probably have a default "find by name"
> > > > > or similar function here, and add an optional "name" field
> > > > > to kunit resources to simplify things.  Anyway here you'd
> > > > > use something like:
> > > > >
> > > > >         kasan_report_resource = kunit_resource_find(test, matchfn,
> > > > >                                                     NULL, matchdata);
> > > > >
> > > > >
> > > > > Are there any barriers to taking this sort of approach (apart
> > > > > from the support for static resources not being there yet)?
> > > > >
> > > >
> > > > I'm not sure. I don't have any experience with kunit resources so I
> > > > would have to put some more effort into understanding how this would
> > > > work for myself. I wonder if this might be a bit of an over
> > > > complicated way of eliminating an extraneous boolean... maybe we can
> > > > find a simpler solution for the first version of this patch and add
> > > > the notion of a static resource for generic use later.
> > > >
> > >
> > > My personal preference would be to try and learn what's needed
> > > by KASAN and improve the KUnit APIs so the next developer finds
> > > life a bit easier. More hassle for you I know, but actual use cases
> > > like this are invaluable for improving the API.  I've sent
> > > out an RFC patchset which has the functionality I _think_ you
> > > need but I may be missing something:
> > >
> > > https://lore.kernel.org/linux-kselftest/1583251361-12748-1-git-send-email-alan.maguire@oracle.com/T/#t
> > >
> > > The idea is your test can do something like this:
> > >
> > > struct kasan_data {
> > >         bool report_expected;
> > >         bool report_found;
> > > };
> > >
> > >
> > > my_kasan_test(struct kunit *test)
> > > {
> > >         struct kunit_resource resource;
> > >         struct kasan_data kasan_data;
> > >
> > > ...
> > >         // add our named resource using static resource/data
> > >         kunit_add_named_resource(test, NULL, NULL, &resource,
> > >                                  "kasan_data", &kasan_data);
> > > ...
> > >
> > > }
> > Does this require the user to set up this kasan_data resource in each
> > KASAN test? Or can we set up the resource on the KUnit side whenever a
> > user writes a test that expects a KASAN failure? I've been playing
> > around with it and I can only seem to get it to work when I add the
> > resource within the test, but I could be missing something.
> >
>
> The current model of resources is they are associated with
> the running state of a test for the lifetime of that test.
> If it's a resource common to many/most tests, I'd suggest
> creating an init() function for the associated suite; this
> will get run prior to executing each test, and in it you
> could initialize your resource. If the resource isn't
> used in the test, it doesn't really matter so this might be
> the simplest way to handle things:
>
> struct kasan_data {
>          bool report_expected;
>          bool report_found;
> };
>
> struct kasan_data kasan_data;
> struct kunit_resource resource;
>
> kasan_init(struct kunit *test)
> {
>
>          // add our named resource using static resource/data
>          kunit_add_named_resource(test, NULL, NULL, &resource,
>                                   "kasan_data", &kasan_data);
>
>         return 0;
> }
>
> static struct kunit_suite kasan_suite = {
>         .name = "kasan",
>         .init = kasan_init,
>         ...
> };
>
>
> This all presumes however that KASAN will only need access to the
> resource during the lifetime of each test.  There's currently
> no concept of free-floating resources outside of test execution
> context.

So we do have some patches lying around that add support for resources
associated with a suite of tests that I can send out if anyone is
interested; nevertheless, I think it makes sense for KASAN to only
care about tests cases; you still get the KASAN report either way and
KUnit isn't really supposed to care what happens outside of KUnit.

Cheers

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [RFC PATCH 2/2] KUnit: KASAN Integration
  2020-03-10 21:42             ` Brendan Higgins
@ 2020-03-10 21:42               ` Brendan Higgins
  0 siblings, 0 replies; 33+ messages in thread
From: Brendan Higgins @ 2020-03-10 21:42 UTC (permalink / raw)
  To: Alan Maguire
  Cc: Patricia Alfonso, Andrey Ryabinin, Dmitry Vyukov, David Gow,
	Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, LKML,
	kasan-dev, open list:KERNEL SELFTEST FRAMEWORK,
	KUnit Development

On Wed, Mar 4, 2020 at 11:47 PM Alan Maguire <alan.maguire@oracle.com> wrote:
>
> On Wed, 4 Mar 2020, Patricia Alfonso wrote:
>
> > On Tue, Mar 3, 2020 at 8:40 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> > >
> > > On Fri, 28 Feb 2020, Patricia Alfonso wrote:
> > >
> > > > On Thu, Feb 27, 2020 at 6:04 AM Alan Maguire <alan.maguire@oracle.com> wrote:
> > > > >
> > > > > On Wed, 26 Feb 2020, Patricia Alfonso wrote:
> > > > >
> > > > > > Integrate KASAN into KUnit testing framework.
> > > > >
> > > > > This is a great idea! Some comments/suggestions below...
> > > > >
> > > >
> > > > Thank you so much for your suggestions!
> > > >
> > >
> > > No problem! Extending KUnit to test things like KASAN
> > > is really valuable, as it shows us ways we can improve
> > > the framework. More below...
> > >
> > > > > >  - Fail tests when KASAN reports an error that is not expected
> > > > > >  - Use KUNIT_EXPECT_KASAN_FAIL to expect a KASAN error in KASAN tests
> > > > > >  - KUnit struct added to current task to keep track of the current test
> > > > > > from KASAN code
> > > > > >  - Booleans representing if a KASAN report is expected and if a KASAN
> > > > > >  report is found added to kunit struct
> > > > > >  - This prints "line# has passed" or "line# has failed"
> > > > > >
> > > > > > Signed-off-by: Patricia Alfonso <trishalfonso@google.com>
> > > > > > ---
> > > > > > If anyone has any suggestions on how best to print the failure
> > > > > > messages, please share!
> > > > > >
> > > > > > One issue I have found while testing this is the allocation fails in
> > > > > > kmalloc_pagealloc_oob_right() sometimes, but not consistently. This
> > > > > > does cause the test to fail on the KUnit side, as expected, but it
> > > > > > seems to skip all the tests before this one because the output starts
> > > > > > with this failure instead of with the first test, kmalloc_oob_right().
> > > > > >
> > > > > >  include/kunit/test.h                | 24 ++++++++++++++++++++++++
> > > > > >  include/linux/sched.h               |  7 ++++++-
> > > > > >  lib/kunit/test.c                    |  7 ++++++-
> > > > > >  mm/kasan/report.c                   | 19 +++++++++++++++++++
> > > > > >  tools/testing/kunit/kunit_kernel.py |  2 +-
> > > > > >  5 files changed, 56 insertions(+), 3 deletions(-)
> > > > > >
> > > > > > diff --git a/include/kunit/test.h b/include/kunit/test.h
> > > > > > index 2dfb550c6723..2e388f8937f3 100644
> > > > > > --- a/include/kunit/test.h
> > > > > > +++ b/include/kunit/test.h
> > > > > > @@ -21,6 +21,8 @@ struct kunit_resource;
> > > > > >  typedef int (*kunit_resource_init_t)(struct kunit_resource *, void *);
> > > > > >  typedef void (*kunit_resource_free_t)(struct kunit_resource *);
> > > > > >
> > > > > > +void kunit_set_failure(struct kunit *test);
> > > > > > +
> > > > > >  /**
> > > > > >   * struct kunit_resource - represents a *test managed resource*
> > > > > >   * @allocation: for the user to store arbitrary data.
> > > > > > @@ -191,6 +193,9 @@ struct kunit {
> > > > > >        * protect it with some type of lock.
> > > > > >        */
> > > > > >       struct list_head resources; /* Protected by lock. */
> > > > > > +
> > > > > > +     bool kasan_report_expected;
> > > > > > +     bool kasan_report_found;
> > > > > >  };
> > > > > >
> > > > >
> > > > > Is this needed here? You're testing something pretty
> > > > > specific so it seems wrong to add to the generic
> > > > > kunit resource unless there's a good reason. I see the
> > > > > code around setting these values in mm/kasan/report.c,
> > > > > but I wonder if we could do something more generic.
> > > > >
> > > > > How about the concept of a static resource (assuming a
> > > > > dynamically allocated one is out because it messes
> > > > > with memory allocation tests)? Something like this:
> > > > >
> > > > > #define kunit_add_static_resource(test, resource_ptr, resource_field)   \
> > > > >         do {                                                            \
> > > > >                 spin_lock(&test->lock);                                 \
> > > > >                 (resource_ptr)->resource_field.init = NULL;             \
> > > > >                 (resource_ptr)->resource_field.free = NULL;             \
> > > > >                 list_add_tail(&(resource_ptr)->resource_field,          \
> > > > >                               &test->resources);                        \
> > > > >                 spin_unlock(&test->lock);                               \
> > > > >         } while (0)
> > > > >
> > > > >
> > > > > Within your kasan code you could then create a kasan-specific
> > > > > structure that embends a kunit_resource, and contains the
> > > > > values you need:
> > > > >
> > > > > struct kasan_report_resource {
> > > > >         struct kunit_resource res;
> > > > >         bool kasan_report_expected;
> > > > >         bool kasan_report_found;
> > > > > };
> > > > >
> > > > > (One thing we'd need to do for such static resources is fix
> > > > > kunit_resource_free() to check if there's a free() function,
> > > > > and if not assume a static resource)
> > > > >
> > > > > If you then create an init() function associated with your
> > > > > kunit suite (which will be run for every case) it can do this:
> > > > >
> > > > > int kunit_kasan_test_init(struct kunit *test)
> > > > > {
> > > > >         kunit_add_static_resource(test, &my_kasan_report_resource, res);
> > > > >         ...
> > > > > }
> > > > >
> > > > > The above should also be used to initialize current->kasan_unit_test
> > > > > instead of doing that in kunit_try_run_case().  With those
> > > > > changes, you don't (I think) need to change anything in core
> > > > > kunit (assuming support for static resources).
> > > > >
> > > > > To retrieve the resource during tests or in kasan context, the
> > > > > method seems to be to use kunit_resource_find(). However, that
> > > > > requires a match function which seems a bit heavyweight for the
> > > > > static case.  We should probably have a default "find by name"
> > > > > or similar function here, and add an optional "name" field
> > > > > to kunit resources to simplify things.  Anyway here you'd
> > > > > use something like:
> > > > >
> > > > >         kasan_report_resource = kunit_resource_find(test, matchfn,
> > > > >                                                     NULL, matchdata);
> > > > >
> > > > >
> > > > > Are there any barriers to taking this sort of approach (apart
> > > > > from the support for static resources not being there yet)?
> > > > >
> > > >
> > > > I'm not sure. I don't have any experience with kunit resources so I
> > > > would have to put some more effort into understanding how this would
> > > > work for myself. I wonder if this might be a bit of an over
> > > > complicated way of eliminating an extraneous boolean... maybe we can
> > > > find a simpler solution for the first version of this patch and add
> > > > the notion of a static resource for generic use later.
> > > >
> > >
> > > My personal preference would be to try and learn what's needed
> > > by KASAN and improve the KUnit APIs so the next developer finds
> > > life a bit easier. More hassle for you I know, but actual use cases
> > > like this are invaluable for improving the API.  I've sent
> > > out an RFC patchset which has the functionality I _think_ you
> > > need but I may be missing something:
> > >
> > > https://lore.kernel.org/linux-kselftest/1583251361-12748-1-git-send-email-alan.maguire@oracle.com/T/#t
> > >
> > > The idea is your test can do something like this:
> > >
> > > struct kasan_data {
> > >         bool report_expected;
> > >         bool report_found;
> > > };
> > >
> > >
> > > my_kasan_test(struct kunit *test)
> > > {
> > >         struct kunit_resource resource;
> > >         struct kasan_data kasan_data;
> > >
> > > ...
> > >         // add our named resource using static resource/data
> > >         kunit_add_named_resource(test, NULL, NULL, &resource,
> > >                                  "kasan_data", &kasan_data);
> > > ...
> > >
> > > }
> > Does this require the user to set up this kasan_data resource in each
> > KASAN test? Or can we set up the resource on the KUnit side whenever a
> > user writes a test that expects a KASAN failure? I've been playing
> > around with it and I can only seem to get it to work when I add the
> > resource within the test, but I could be missing something.
> >
>
> The current model of resources is they are associated with
> the running state of a test for the lifetime of that test.
> If it's a resource common to many/most tests, I'd suggest
> creating an init() function for the associated suite; this
> will get run prior to executing each test, and in it you
> could initialize your resource. If the resource isn't
> used in the test, it doesn't really matter so this might be
> the simplest way to handle things:
>
> struct kasan_data {
>          bool report_expected;
>          bool report_found;
> };
>
> struct kasan_data kasan_data;
> struct kunit_resource resource;
>
> kasan_init(struct kunit *test)
> {
>
>          // add our named resource using static resource/data
>          kunit_add_named_resource(test, NULL, NULL, &resource,
>                                   "kasan_data", &kasan_data);
>
>         return 0;
> }
>
> static struct kunit_suite kasan_suite = {
>         .name = "kasan",
>         .init = kasan_init,
>         ...
> };
>
>
> This all presumes however that KASAN will only need access to the
> resource during the lifetime of each test.  There's currently
> no concept of free-floating resources outside of test execution
> context.

So we do have some patches lying around that add support for resources
associated with a suite of tests that I can send out if anyone is
interested; nevertheless, I think it makes sense for KASAN to only
care about tests cases; you still get the KASAN report either way and
KUnit isn't really supposed to care what happens outside of KUnit.

Cheers


^ permalink raw reply	[flat|nested] 33+ messages in thread

end of thread, other threads:[~2020-03-10 21:42 UTC | newest]

Thread overview: 33+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-27  2:43 [RFC PATCH 1/2] Port KASAN Tests to KUnit Patricia Alfonso
2020-02-27  2:43 ` [RFC PATCH 2/2] KUnit: KASAN Integration Patricia Alfonso
2020-02-27 14:04   ` Alan Maguire
2020-02-29  0:46     ` Patricia Alfonso
2020-03-03 16:40       ` Alan Maguire
2020-03-05  2:14         ` Patricia Alfonso
2020-03-05  7:46           ` Alan Maguire
2020-03-10 21:42             ` Brendan Higgins
2020-03-10 21:42               ` Brendan Higgins
2020-03-10 21:39     ` Brendan Higgins
2020-03-10 21:39       ` Brendan Higgins
2020-02-27 14:39   ` Dmitry Vyukov
2020-02-29  1:09     ` Patricia Alfonso
2020-03-01  6:26       ` Dmitry Vyukov
2020-02-27 14:43   ` Dmitry Vyukov
2020-02-29  1:23     ` Patricia Alfonso
2020-03-01  6:29       ` Dmitry Vyukov
2020-03-04  1:26         ` Patricia Alfonso
2020-03-04  6:23           ` Dmitry Vyukov
2020-03-05  0:07             ` Patricia Alfonso
2020-03-05  6:44               ` Dmitry Vyukov
2020-02-27 14:45   ` Dmitry Vyukov
2020-02-29  0:49     ` Patricia Alfonso
2020-03-04  6:35   ` Dmitry Vyukov
2020-02-27 13:56 ` [RFC PATCH 1/2] Port KASAN Tests to KUnit Andrey Konovalov
2020-02-27 15:16   ` Alan Maguire
2020-02-27 14:19 ` Dmitry Vyukov
2020-02-29  1:56   ` Patricia Alfonso
2020-03-01  6:39     ` Dmitry Vyukov
2020-03-02 17:52       ` Kees Cook
2020-03-02 22:36         ` Brendan Higgins
2020-03-02 23:02           ` Kees Cook
2020-03-06 23:58   ` Patricia Alfonso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).