From patchwork Sat Jul 2 04:09:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12903883 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8855EC43334 for ; Sat, 2 Jul 2022 04:10:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231520AbiGBEKI (ORCPT ); Sat, 2 Jul 2022 00:10:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229782AbiGBEKG (ORCPT ); Sat, 2 Jul 2022 00:10:06 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CC412ED78 for ; Fri, 1 Jul 2022 21:10:05 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id li4-20020a17090b48c400b001eeec855ae1so1939003pjb.3 for ; Fri, 01 Jul 2022 21:10:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=JYBUfu4dRUjoMzW6ZjvMbfNS2SXXbcilGbZXDricLmU=; b=M4MJU8ZtAznGxGY7dmrESXmUeUdfwxVXaZ3LRTPPliqlD1cjIRvh0Kuu9p+55etK+G ssHoq9j+4VuU5ypw24KgRs00V2EOx2rP48tiZMH3uEzPs5p/ypPIdoka9KFEA9LJXTQO YzLU4cyHzky6gMG3CCcxBVEGqCTRajbCWW4NYFEUTUqpbATF8M7Foysv+CtQISLM5ZIn NqDoOQcVM5GL1QMEgtyJy0tUXiAoJs9bGYtAqIcihC0i09A0y5JYYaQ8ShZs5hbaZmqC weflkr6UfyLGZSWRz6003TMwH7ooADO1uCeZg7H3kRFgDmJ/5xwajyv+Vd3nEvcakbue TLqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=JYBUfu4dRUjoMzW6ZjvMbfNS2SXXbcilGbZXDricLmU=; b=oih0f6Kr1M07BWpVbxLskbqMrppjlKIh7lBj8t23s06SqvKt8+7Konhtrl0hKv+OPd 4KQ5zxaX9TY7VOCApWyfNzPDYsp1rY/oW10X6QyRYQHtWrSbEcw6gv/wqc6WyRmzh82+ biquGP0B5sS3xU9V9J3nFt4OilKjrZFBqnc0BLE8wP6DXDMj9+loRCSs2mz60XL00sgC 3OjKhe6LBbt6qR4QrLRlTi52hO/xKtH6GrwrqxSK3ODEcUe39ZdGhYXemuE3lHYa2bhO JyrX+nBERmvBFCBtjg+NXOvtnHct4N6prkUGUrk1Nmd3Nga8Co9csAxLfYQKNQjlBTuj 51cg== X-Gm-Message-State: AJIora/uP0PewXROH4zKT+GR6ZhAseQzOBPzu4tBgNfvaI5mVkQB7F6G ljoF4CG0SPNwBGA4ShdeYDLwQjoUtlI1TA== X-Google-Smtp-Source: AGRyM1tc9Vqs6oy+LUsRBTDq9oRr1m1I1QWjO6kc0pe/ucgnGBlQ/kUFBPdYqaY/2AaS/BgbvI64xKTE8IhJgw== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a05:6a00:c84:b0:528:3c39:f42d with SMTP id a4-20020a056a000c8400b005283c39f42dmr4507362pfv.76.1656735004933; Fri, 01 Jul 2022 21:10:04 -0700 (PDT) Date: Sat, 2 Jul 2022 12:09:56 +0800 Message-Id: <20220702040959.3232874-1-davidgow@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v5 1/4] panic: Taint kernel if tests are run From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Most in-kernel tests (such as KUnit tests) are not supposed to run on production systems: they may do deliberately illegal things to trigger errors, and have security implications (for example, KUnit assertions will often deliberately leak kernel addresses). Add a new taint type, TAINT_TEST to signal that a test has been run. This will be printed as 'N' (originally for kuNit, as every other sensible letter was taken.) This should discourage people from running these tests on production systems, and to make it easier to tell if tests have been run accidentally (by loading the wrong configuration, etc.) Acked-by: Luis Chamberlain Reviewed-by: Brendan Higgins Signed-off-by: David Gow --- Documentation/admin-guide/tainted-kernels.rst | 1 + include/linux/panic.h | 3 ++- kernel/panic.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..7d80e8c307d1 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted 15 _/K 32768 kernel has been live patched 16 _/X 65536 auxiliary taint, defined for and used by distros 17 _/T 131072 kernel was built with the struct randomization plugin + 18 _/N 262144 an in-kernel test has been run === === ====== ======================================================== Note: The character ``_`` is representing a blank in this table to make reading diff --git a/include/linux/panic.h b/include/linux/panic.h index e71161da69c4..c7759b3f2045 100644 --- a/include/linux/panic.h +++ b/include/linux/panic.h @@ -68,7 +68,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout) #define TAINT_LIVEPATCH 15 #define TAINT_AUX 16 #define TAINT_RANDSTRUCT 17 -#define TAINT_FLAGS_COUNT 18 +#define TAINT_TEST 18 +#define TAINT_FLAGS_COUNT 19 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) struct taint_flag { diff --git a/kernel/panic.c b/kernel/panic.c index a3c758dba15a..6b3369e21026 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, [ TAINT_AUX ] = { 'X', ' ', true }, [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, + [ TAINT_TEST ] = { 'N', ' ', true }, }; /** From patchwork Sat Jul 2 04:09:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12903884 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE3BFC43334 for ; Sat, 2 Jul 2022 04:10:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231299AbiGBEKP (ORCPT ); Sat, 2 Jul 2022 00:10:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231897AbiGBEKM (ORCPT ); Sat, 2 Jul 2022 00:10:12 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 765B22F39C for ; Fri, 1 Jul 2022 21:10:10 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id 5-20020a620605000000b00527ca01f8a3so1302423pfg.19 for ; Fri, 01 Jul 2022 21:10:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=2l3RLFgAAfB5gJrS1WFhkf1GPwe6iqzG1+pocvCkvn8=; b=n85fmgV8YL13NHOXAmDkw3hynV0Gh5QmNiSYsQm9jCdqtwslpAV93ZkYc8QzXG/8ep v9U2XDzaCoZBQ8BppCGZehEzLXTSKwGi+Zpi4ojVgQAxgVqVHZXNO0duA3b4gAoTMt80 +sHwKmRZxha0fJjw+Qztxf8qBWq1NZ/3BSsSp0HINUSML2vIsTS0UIbfMcbG+aeYsgD4 sPJ6AgB6kCdT7jUGinD6jUuhntlOLxQ0Be12GKo/Ra20XkoVtDN1yGG6N6aadBczZ4dQ WsL/dZ1TVlt+6M9D6Oeoci3tRrtxwPx+1Ii+kKcRy9o4ydGTIlLMjK0kgyXLl4CcWRNI 2q1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=2l3RLFgAAfB5gJrS1WFhkf1GPwe6iqzG1+pocvCkvn8=; b=Ymleo5/feh2sIkiyTpg/x4sWK/d4SugrXxpLM7/mqPNZY6V70nXy+l5F2JNbgvD/hB yDFXOD9YGopG9Vua5EchhpptLm0NAPmvUttOHQYgRd2MKsFja9QXHtLi/EaiPIZhAjK7 8ZY4FsI5OXMLu4m+jIZuctunuqOJYgNre0+cn63UqFpTtV5lQoOlNH+BBGLSS/EwvJtX psqqHYMV0FxCeaOHBqns1nIEtz4eZ8OpT92OK/Q6HsEzFy6x0NRy2zae759N479KyLZX H1F4pmn0KQQZ5mE+fru86roxbvHwKZ3hRbuqzL/w96aB+PYvP5/m5gganN6nMWYGphpR jRtA== X-Gm-Message-State: AJIora+Oc7lMAUkD79nt3u1BK1V+N1MQJrqfa93aZ6bWnhGBIkkg3//u 0c+EAf32pXhsN2bMeBJewCq5vq3LiPQYRg== X-Google-Smtp-Source: AGRyM1t57UbR+SZZR/NQAR1HDFq+gH9joW4fT50YArEFanjs2sHJOJuDfSxR47/JHfZFnFLUaBY6Az3aScZMCg== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a17:902:e5cd:b0:16a:6f96:eb9 with SMTP id u13-20020a170902e5cd00b0016a6f960eb9mr23833900plf.69.1656735009687; Fri, 01 Jul 2022 21:10:09 -0700 (PDT) Date: Sat, 2 Jul 2022 12:09:57 +0800 In-Reply-To: <20220702040959.3232874-1-davidgow@google.com> Message-Id: <20220702040959.3232874-2-davidgow@google.com> Mime-Version: 1.0 References: <20220702040959.3232874-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v5 2/4] module: panic: Taint the kernel when selftest modules load From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Taint the kernel with TAINT_TEST whenever a test module loads, by adding a new "TEST" module property, and setting it for all modules in the tools/testing directory. This property can also be set manually, for tests which live outside the tools/testing directory with: MODULE_INFO(test, "Y"); Reviewed-by: Luis Chamberlain Signed-off-by: David Gow Reviewed-by: Aaron Tomlin Acked-by: Brendan Higgins --- kernel/module/main.c | 7 +++++++ scripts/mod/modpost.c | 3 +++ 2 files changed, 10 insertions(+) diff --git a/kernel/module/main.c b/kernel/module/main.c index fed58d30725d..730503561eb0 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1988,6 +1988,13 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) /* Set up license info based on the info section */ set_license(mod, get_modinfo(info, "license")); + if (!get_modinfo(info, "test")) { + if (!test_taint(TAINT_TEST)) + pr_warn_once("%s: loading test module taints kernel.\n", + mod->name); + add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); + } + return 0; } diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 29d5a841e215..5937212b4433 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -2191,6 +2191,9 @@ static void add_header(struct buffer *b, struct module *mod) if (strstarts(mod->name, "drivers/staging")) buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n"); + + if (strstarts(mod->name, "tools/testing")) + buf_printf(b, "\nMODULE_INFO(test, \"Y\");\n"); } static void add_exported_symbols(struct buffer *buf, struct module *mod) From patchwork Sat Jul 2 04:09:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12903885 X-Patchwork-Delegate: brendanhiggins@google.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C35DCCA481 for ; Sat, 2 Jul 2022 04:10:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231958AbiGBEKV (ORCPT ); Sat, 2 Jul 2022 00:10:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232013AbiGBEKQ (ORCPT ); Sat, 2 Jul 2022 00:10:16 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EA6130560 for ; Fri, 1 Jul 2022 21:10:15 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id u13-20020a17090a4bcd00b001eefd8fa171so1941911pjl.2 for ; Fri, 01 Jul 2022 21:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=PtLO6IdA/ejKq3y5cNTb8tv3Fwaz8VhRhGcv2qLEc+w=; b=PBmdJc1M/oHFNfRQca5cVRdely/fXH+p63r8m9g1bKicCm/1KfuNbC+U1Nj38uk30x zm/qFkQte1xbHx99xZBbYpJXEqePj0P+z1QGO1x+Egflz6Y5DMcTZrPWHt6jF1Z0Kw4C 8Lp6x5tx3ttTzKiEMICNgbMkzEYcIO9Amnet/pYwMMf9tsXFxfE54ey+EW1sKUy3yX9o Mq2j8XCIL4MmEUQwe63f+4JY3uc/LGTMqUnKBk6+Jub5l045zizu6On17vVXZCORYDvp O1ME/T3feTZNJs8dZi0S2xVT8jYCSSNyZ1nz9X8ZVvC0PwYrh83cdzhQDiMNLjjnORB+ ZcFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=PtLO6IdA/ejKq3y5cNTb8tv3Fwaz8VhRhGcv2qLEc+w=; b=qpRjAHMtkV0JeuVMoDU7nKd0pOKcdmXERHVOihOWtUK1H2/X8/ETsICQqwoEq+vM0Y Krahyx6UTtU7QDF76bxBp3ARdYBjiBrgrmenkOBP4zLzzqW3rVuY14r2DKP2/d9X3Pkn QnHfHc9Lnsx62NrjsMICv5msLMRo8jaET3HwvrtD1jyKV4EY1mVY321uS82XlojU3ej3 Tap7VEHOIXjn6Wf1WerEyiSX0GRZiXZbW7xEKluLYC/u7aM2UkXoyBtTRIoJVyeLDRE5 jR7FdCUC0pW6rdMF1n+wpgBj5pcI7pM33g0YNE952FMHJMjJ/JXu+bR7oSRYtfKH6OcR mjdw== X-Gm-Message-State: AJIora/sCbiMPz8xtP+imRC6cgbZgh4/BCABVcx8Ju6uiKp2USjbhRom +S9V2Y1/sugQSmgCso6fH3ixQRtjbxSf/g== X-Google-Smtp-Source: AGRyM1u47dhGQ5WGDHXPJOq9QdoYh4Ivg8v1FNCAipU9iw/L1xMWwUtVSl3eTWQoOraMr89FZocBiPoLvkYXXQ== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a05:6a00:2295:b0:525:6c57:8dea with SMTP id f21-20020a056a00229500b005256c578deamr23491809pfe.62.1656735014424; Fri, 01 Jul 2022 21:10:14 -0700 (PDT) Date: Sat, 2 Jul 2022 12:09:58 +0800 In-Reply-To: <20220702040959.3232874-1-davidgow@google.com> Message-Id: <20220702040959.3232874-3-davidgow@google.com> Mime-Version: 1.0 References: <20220702040959.3232874-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v5 3/4] kunit: Taint the kernel when KUnit tests are run From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run. Due to KUnit tests not being intended to run on production systems, and potentially causing problems (or security issues like leaking kernel addresses), the kernel's state should not be considered safe for production use after KUnit tests are run. This both marks KUnit modules as test modules using MODULE_INFO() and manually taints the kernel when tests are run (which catches builtin tests). Acked-by: Luis Chamberlain Tested-by: Daniel Latypov Reviewed-by: Brendan Higgins Signed-off-by: David Gow --- include/kunit/test.h | 3 ++- lib/kunit/test.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index 8ffcd7de9607..ccae848720dc 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -277,7 +277,8 @@ static inline int kunit_run_all_tests(void) { \ return __kunit_test_suites_exit(__suites); \ } \ - module_exit(kunit_test_suites_exit) + module_exit(kunit_test_suites_exit) \ + MODULE_INFO(test, "Y"); #else #define kunit_test_suites_for_module(__suites) #endif /* MODULE */ diff --git a/lib/kunit/test.c b/lib/kunit/test.c index a5053a07409f..8b11552dc215 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -501,6 +502,9 @@ int kunit_run_tests(struct kunit_suite *suite) struct kunit_result_stats suite_stats = { 0 }; struct kunit_result_stats total_stats = { 0 }; + /* Taint the kernel so we know we've run tests. */ + add_taint(TAINT_TEST, LOCKDEP_STILL_OK); + if (suite->suite_init) { suite->suite_init_err = suite->suite_init(suite); if (suite->suite_init_err) { From patchwork Sat Jul 2 04:09:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12903886 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9761C43334 for ; Sat, 2 Jul 2022 04:10:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232214AbiGBEKs (ORCPT ); Sat, 2 Jul 2022 00:10:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49458 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232147AbiGBEKi (ORCPT ); Sat, 2 Jul 2022 00:10:38 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E7672F649 for ; Fri, 1 Jul 2022 21:10:19 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id s131-20020a254589000000b0066cb1230608so3318517yba.3 for ; Fri, 01 Jul 2022 21:10:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=HBYnSHzQWg2Lp2cioqz+iG/q+4XSrXc7FbjoZdcHpbA=; b=lxI8R+2BiFyIZIQT3Z8E6VUUX7SJWJwlS4m8uYrDpLk9tJq1hJfYZ/wKsRPQ7un8xP BGC68H6zMkzJxgQEO3lAogc4mt1HjWX0CL0tpdOx+ihRO8huvjSujzsHIJDwr0qFUA+R HH0TCAR3RB5ZVNcDHtskNIwPUBSOmp/viRstPTFEgyxsS+clwidWKThmtmPKLi0+3lzh tcVE0aSlTOG60UOz8sUQtA5g3WgC/7svYkE/JA9yy5UrVvgWWwcwGc80vG+3PfHt9O+O L+PopdPOgg43U82wOfInv41nEGulTRdZOcZGJmmvghaGL9GT1q912vvmXvPuq5FlMN7v jsPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=HBYnSHzQWg2Lp2cioqz+iG/q+4XSrXc7FbjoZdcHpbA=; b=Uxrxx7+G4Sls24dn3rj0WkKVarUNfJ7rsNGdv6TDMVhRxHLyDzd/miVf9tfcKNovdG azsCc7yTvV+HIjRb3265OrvLY2nzLU8mvIjMgk+AzHFjS7UQh7AwCgLCgtK9kE3E2vB/ s5VBef3Kls5MfZQAAS8I1Fj3UY8NBXWxtUEAjAv07FIlRUN5r9i5TYFr/wt/iQD+WUOu 4dvETKaORh9cRDVlKMj9IsMXF5Bg0axROeWKBY+1AEUr79+33gFBm31udN1Yj/4bu70a 2WjqVvb+ChhhNsEqfRbtUICw+r+ikPe1qr05ZTOQwGO6zUUfYi1aUj2kKfmfae6THWbM t5lQ== X-Gm-Message-State: AJIora+tgmqjwzAG1TH/SzxuqqQVzs6GLgeadGbZHFKKX2qwpujEhI22 fqrARjVg9v9Pwe73oZgwSCzijKZ1+MZJpA== X-Google-Smtp-Source: AGRyM1sGhN3kPsCRXpGwIS0KN1F+hayAdFlP3aPqIerwHYupXDbnptnxmhxIJYlrF/5cw+l2900yFBjIdeAaaQ== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a81:74a:0:b0:31c:c28:a620 with SMTP id 71-20020a81074a000000b0031c0c28a620mr21591367ywh.137.1656735018635; Fri, 01 Jul 2022 21:10:18 -0700 (PDT) Date: Sat, 2 Jul 2022 12:09:59 +0800 In-Reply-To: <20220702040959.3232874-1-davidgow@google.com> Message-Id: <20220702040959.3232874-4-davidgow@google.com> Mime-Version: 1.0 References: <20220702040959.3232874-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v5 4/4] selftest: Taint kernel when test module loaded From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Make any kselftest test module (using the kselftest_module framework) taint the kernel with TAINT_TEST on module load. Also mark the module as a test module using MODULE_INFO(test, "Y") so that other tools can tell this is a test module. We can't rely solely on this, though, as these test modules are also often built-in. Finally, update the kselftest documentation to mention that the kernel should be tainted, and how to do so manually (as below). Note that several selftests use kernel modules which are not based on the kselftest_module framework, and so will not automatically taint the kernel. This can be done in two ways: - Moving the module to the tools/testing directory. All modules under this directory will taint the kernel. - Adding the 'test' module property with: MODULE_INFO(test, "Y") Similarly, selftests which do not load modules into the kernel generally should not taint the kernel (or possibly should only do so on failure), as it's assumed that testing from user-space should be safe. Regardless, they can write to /proc/sys/kernel/tainted if required. Reviewed-by: Luis Chamberlain Signed-off-by: David Gow Acked-by: Brendan Higgins --- Documentation/dev-tools/kselftest.rst | 9 +++++++++ tools/testing/selftests/kselftest_module.h | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/Documentation/dev-tools/kselftest.rst b/Documentation/dev-tools/kselftest.rst index a833ecf12fbc..1096a9833550 100644 --- a/Documentation/dev-tools/kselftest.rst +++ b/Documentation/dev-tools/kselftest.rst @@ -250,6 +250,14 @@ assist writing kernel modules that are for use with kselftest: - ``tools/testing/selftests/kselftest_module.h`` - ``tools/testing/selftests/kselftest/module.sh`` +Note that test modules should taint the kernel with TAINT_TEST. This will +happen automatically for modules which are in the ``tools/testing/`` +directory, or for modules which use the ``kselftest_module.h`` header above. +Otherwise, you'll need to add ``MODULE_INFO(test, "Y")`` to your module +source. selftests which do not load modules typically should not taint the +kernel, but in cases where a non-test module is loaded, TEST_TAINT can be +applied from userspace by writing to ``/proc/sys/kernel/tainted``. + How to use ---------- @@ -308,6 +316,7 @@ A bare bones test module might look like this: KSTM_MODULE_LOADERS(test_foo); MODULE_AUTHOR("John Developer "); MODULE_LICENSE("GPL"); + MODULE_INFO(test, "Y"); Example test script ------------------- diff --git a/tools/testing/selftests/kselftest_module.h b/tools/testing/selftests/kselftest_module.h index e2ea41de3f35..63cd7487373f 100644 --- a/tools/testing/selftests/kselftest_module.h +++ b/tools/testing/selftests/kselftest_module.h @@ -3,6 +3,7 @@ #define __KSELFTEST_MODULE_H #include +#include /* * Test framework for writing test modules to be loaded by kselftest. @@ -41,6 +42,7 @@ static inline int kstm_report(unsigned int total_tests, unsigned int failed_test static int __init __module##_init(void) \ { \ pr_info("loaded.\n"); \ + add_taint(TAINT_TEST, LOCKDEP_STILL_OK); \ selftest(); \ return kstm_report(total_tests, failed_tests, skipped_tests); \ } \ @@ -51,4 +53,6 @@ static void __exit __module##_exit(void) \ module_init(__module##_init); \ module_exit(__module##_exit) +MODULE_INFO(test, "Y"); + #endif /* __KSELFTEST_MODULE_H */