diff mbox series

[v4,3/4] kunit: Taint the kernel when KUnit tests are run

Message ID 20220701084744.3002019-3-davidgow@google.com (mailing list archive)
State New, archived
Headers show
Series [v4,1/4] panic: Taint kernel if tests are run | expand

Commit Message

David Gow July 1, 2022, 8:47 a.m. UTC
Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
Due to KUnit tests not being intended to run on production systems, and
potentially causing problems (or security issues like leaking kernel
addresses), the kernel's state should not be considered safe for
production use after KUnit tests are run.

This both marks KUnit modules as test modules using MODULE_INFO() and
manually taints the kernel when tests are run (which catches builtin
tests).

Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Tested-by: Daniel Latypov <dlatypov@google.com>
Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: David Gow <davidgow@google.com>
---

Changes since v3:
https://lore.kernel.org/lkml/20220513083212.3537869-2-davidgow@google.com/
- Use MODULE_INFO() for KUnit modules.
  - This is technically redundant, as the KUnit executor will taint the
    kernel when _any_ KUnit tests are run, but may be useful if some
    other tool will parse the 'test' property.
- Add {Acked,Tested,Reviewed}-by tags.

---
 include/kunit/test.h | 3 ++-
 lib/kunit/test.c     | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

Comments

Maíra Canal July 1, 2022, 11:55 a.m. UTC | #1
On 7/1/22 05:47, 'David Gow' via KUnit Development wrote:
> Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run.
> Due to KUnit tests not being intended to run on production systems, and
> potentially causing problems (or security issues like leaking kernel
> addresses), the kernel's state should not be considered safe for
> production use after KUnit tests are run.
> 
> This both marks KUnit modules as test modules using MODULE_INFO() and
> manually taints the kernel when tests are run (which catches builtin
> tests).
> 
> Acked-by: Luis Chamberlain <mcgrof@kernel.org>
> Tested-by: Daniel Latypov <dlatypov@google.com>
> Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
> Signed-off-by: David Gow <davidgow@google.com>
> ---

Tested with DRM KUnit tests on x86_64.

Tested-By: Maíra Canal <mairacanal@riseup.net>

Best Regards
- Maíra Canal

> 
> Changes since v3:
> https://lore.kernel.org/lkml/20220513083212.3537869-2-davidgow@google.com/
> - Use MODULE_INFO() for KUnit modules.
>   - This is technically redundant, as the KUnit executor will taint the
>     kernel when _any_ KUnit tests are run, but may be useful if some
>     other tool will parse the 'test' property.
> - Add {Acked,Tested,Reviewed}-by tags.
> 
> ---
>  include/kunit/test.h | 3 ++-
>  lib/kunit/test.c     | 4 ++++
>  2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index 8ffcd7de9607..ccae848720dc 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -277,7 +277,8 @@ static inline int kunit_run_all_tests(void)
>  	{								\
>  		return __kunit_test_suites_exit(__suites);		\
>  	}								\
> -	module_exit(kunit_test_suites_exit)
> +	module_exit(kunit_test_suites_exit)				\
> +	MODULE_INFO(test, "Y");
>  #else
>  #define kunit_test_suites_for_module(__suites)
>  #endif /* MODULE */
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index a5053a07409f..8b11552dc215 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -11,6 +11,7 @@
>  #include <kunit/test-bug.h>
>  #include <linux/kernel.h>
>  #include <linux/moduleparam.h>
> +#include <linux/panic.h>
>  #include <linux/sched/debug.h>
>  #include <linux/sched.h>
>  
> @@ -501,6 +502,9 @@ int kunit_run_tests(struct kunit_suite *suite)
>  	struct kunit_result_stats suite_stats = { 0 };
>  	struct kunit_result_stats total_stats = { 0 };
>  
> +	/* Taint the kernel so we know we've run tests. */
> +	add_taint(TAINT_TEST, LOCKDEP_STILL_OK);
> +
>  	if (suite->suite_init) {
>  		suite->suite_init_err = suite->suite_init(suite);
>  		if (suite->suite_init_err) {
diff mbox series

Patch

diff --git a/include/kunit/test.h b/include/kunit/test.h
index 8ffcd7de9607..ccae848720dc 100644
--- a/include/kunit/test.h
+++ b/include/kunit/test.h
@@ -277,7 +277,8 @@  static inline int kunit_run_all_tests(void)
 	{								\
 		return __kunit_test_suites_exit(__suites);		\
 	}								\
-	module_exit(kunit_test_suites_exit)
+	module_exit(kunit_test_suites_exit)				\
+	MODULE_INFO(test, "Y");
 #else
 #define kunit_test_suites_for_module(__suites)
 #endif /* MODULE */
diff --git a/lib/kunit/test.c b/lib/kunit/test.c
index a5053a07409f..8b11552dc215 100644
--- a/lib/kunit/test.c
+++ b/lib/kunit/test.c
@@ -11,6 +11,7 @@ 
 #include <kunit/test-bug.h>
 #include <linux/kernel.h>
 #include <linux/moduleparam.h>
+#include <linux/panic.h>
 #include <linux/sched/debug.h>
 #include <linux/sched.h>
 
@@ -501,6 +502,9 @@  int kunit_run_tests(struct kunit_suite *suite)
 	struct kunit_result_stats suite_stats = { 0 };
 	struct kunit_result_stats total_stats = { 0 };
 
+	/* Taint the kernel so we know we've run tests. */
+	add_taint(TAINT_TEST, LOCKDEP_STILL_OK);
+
 	if (suite->suite_init) {
 		suite->suite_init_err = suite->suite_init(suite);
 		if (suite->suite_init_err) {