From patchwork Fri Jul 8 04:48:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12910569 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B51CCCA481 for ; Fri, 8 Jul 2022 04:49:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237329AbiGHEtM (ORCPT ); Fri, 8 Jul 2022 00:49:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237338AbiGHEtJ (ORCPT ); Fri, 8 Jul 2022 00:49:09 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBC427390D for ; Thu, 7 Jul 2022 21:49:06 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id u64-20020a638543000000b00412b09eae15so3909415pgd.15 for ; Thu, 07 Jul 2022 21:49:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=VZyJYOYOmyBhccquB8jdOUnepxpHA2EaXyI1P4UgbZk=; b=OHzkH6CUxvF29C6YQodBsFfPokm7+7etvB60EYT5rIwMD9OH9U0AtmpXKx8ZweKRed oVZZWfzMiTxQCiJZmTzZFy/2zT1zAwz/QiMCizqTeCDDUMzkWm28PYce3SbM5zzYBW77 yV0Uad6HwQFnl1WR7X0N9vmmphNFvmNcYpOaRGosGMuX2CSg5QrwApAEgKVwDHQTpcxy Sky7eDBPBbF7SJ/f16wadWBTNZoJ/jocoStlAp9thvE9KSXkl3BZyWZ1QT9Zu68DamHv OkCWlI0K2FLP1JijkIPh/bzpwjR0tPLlC54olqaueZJM3XL7OldUYMDKpjvcPNHZcS7f 1tug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=VZyJYOYOmyBhccquB8jdOUnepxpHA2EaXyI1P4UgbZk=; b=nM1VLCjG+cZ4m+h+FLnPJRKB6cOB4CxzgPXkmwwj4WRZhkDbyfD1atoem5MMSPe7ga 44Rx9HsIX7g4vJrZeTX5UAENRK9rX+9IQ/XBf6uPMCLGDcWpqi/1ybmL2jImm2QMkDRv qg+d469Ly2yIRcXcxg2D/TZeGlnrqkQtkNcyHz/I5gh7DAJtjMZ5ksG0IewSdruJHseP v7poAjuMtSm+1EKqv6Y62geENN/QZt0T9JMimqtZtYHEpcz1AEZiGT+9nalqPcG/Olj5 OEymiMFD6myqtA1t/bj8Jv15/Nl+Nwmv39WeAaOTdpevEwAhgtEP0DiqxYX3uA8RyvB7 A+jw== X-Gm-Message-State: AJIora9LtKqAtatv8rYeH75ElV8HwqfbZbP9uRzRr0aa9mUCpvc+p+c/ Lsxa7yPT9vrfjLXc8oxnpeZWJu/VRkR8ow== X-Google-Smtp-Source: AGRyM1v/UKrknfucMWmYcBRyH1xUQKjKyi5ZMpliyIdbk8sMgra7H2LLCj2bXBXPVZ4KhAqUnXO25gVfJYLhfQ== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a05:6a00:1895:b0:527:f270:64de with SMTP id x21-20020a056a00189500b00527f27064demr1678536pfh.61.1657255746437; Thu, 07 Jul 2022 21:49:06 -0700 (PDT) Date: Fri, 8 Jul 2022 12:48:44 +0800 Message-Id: <20220708044847.531566-1-davidgow@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v6 1/4] panic: Taint kernel if tests are run From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada , Nathan Chancellor Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Most in-kernel tests (such as KUnit tests) are not supposed to run on production systems: they may do deliberately illegal things to trigger errors, and have security implications (for example, KUnit assertions will often deliberately leak kernel addresses). Add a new taint type, TAINT_TEST to signal that a test has been run. This will be printed as 'N' (originally for kuNit, as every other sensible letter was taken.) This should discourage people from running these tests on production systems, and to make it easier to tell if tests have been run accidentally (by loading the wrong configuration, etc.) Acked-by: Luis Chamberlain Reviewed-by: Brendan Higgins Signed-off-by: David Gow --- This is v6 of the "make tests taint the kernel" patchset. The only changes since v5 (which is the version in linux-next at time of writing) are some rather critical fixes to patch 2/4, where the cruicial check was inverted. (Oops!) The 'N' character for the taint is even less useful now that it's no longer short for kuNit, but all the letters in TEST are taken. :-( No changes since v5: https://lore.kernel.org/linux-kselftest/20220702040959.3232874-1-davidgow@google.com/ No changes since v4: https://lore.kernel.org/linux-kselftest/20220701084744.3002019-1-davidgow@google.com/ Changes since v3: https://lore.kernel.org/lkml/20220513083212.3537869-1-davidgow@google.com/ - Remove the mention of KUnit from the documentation. - Add Luis and Brendan's Acked/Reviewed-by tags. Changes since v2: https://lore.kernel.org/linux-kselftest/20220430030019.803481-1-davidgow@google.com/ - Rename TAINT_KUNIT -> TAINT_TEST. - Split into separate patches for adding the taint, and triggering it. - Taint on a kselftest_module being loaded (patch 3/3) Changes since v1: https://lore.kernel.org/linux-kselftest/20220429043913.626647-1-davidgow@google.com/ - Make the taint per-module, to handle the case when tests are in (longer lasting) modules. (Thanks Greg KH). Note that this still has checkpatch.pl warnings around bracket placement, which are intentional as part of matching the surrounding code. --- Documentation/admin-guide/tainted-kernels.rst | 1 + include/linux/panic.h | 3 ++- kernel/panic.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..7d80e8c307d1 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -100,6 +100,7 @@ Bit Log Number Reason that got the kernel tainted 15 _/K 32768 kernel has been live patched 16 _/X 65536 auxiliary taint, defined for and used by distros 17 _/T 131072 kernel was built with the struct randomization plugin + 18 _/N 262144 an in-kernel test has been run === === ====== ======================================================== Note: The character ``_`` is representing a blank in this table to make reading diff --git a/include/linux/panic.h b/include/linux/panic.h index e71161da69c4..c7759b3f2045 100644 --- a/include/linux/panic.h +++ b/include/linux/panic.h @@ -68,7 +68,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout) #define TAINT_LIVEPATCH 15 #define TAINT_AUX 16 #define TAINT_RANDSTRUCT 17 -#define TAINT_FLAGS_COUNT 18 +#define TAINT_TEST 18 +#define TAINT_FLAGS_COUNT 19 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) struct taint_flag { diff --git a/kernel/panic.c b/kernel/panic.c index a3c758dba15a..6b3369e21026 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -428,6 +428,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, [ TAINT_AUX ] = { 'X', ' ', true }, [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, + [ TAINT_TEST ] = { 'N', ' ', true }, }; /** From patchwork Fri Jul 8 04:48:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12910570 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B6B8C433EF for ; Fri, 8 Jul 2022 04:49:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237052AbiGHEtS (ORCPT ); Fri, 8 Jul 2022 00:49:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237346AbiGHEtN (ORCPT ); Fri, 8 Jul 2022 00:49:13 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5243F7393B for ; Thu, 7 Jul 2022 21:49:12 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-31c9d560435so89755717b3.21 for ; Thu, 07 Jul 2022 21:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=UquCbMkMEN53oDqhrIsDuW+/Yi+lnpJDBsKu7NltgmI=; b=SPGqZ7snq0dDaZavBhTshBo3GD/RIz16PYHpkAZP09NkIM7rSc3+bp+s6l/7++Cv7B XWa5GQMin+l++ZOP/yB/e+b60YfCQdDYXY2VcElGWwTBkz3vCLMTOOcnR9cOfsiNGmj8 tlqh1FLXZ3uERR/doIcBKL6AyyV2xy+uFI/GmTVeOB6R3o2WyolQeIvTIgXgI3a+UUqv c5paBcyBylaDfDM1yzvksVPzvjik6pRI4mF17AwFW08HuS2JXclpRWj3VnAvBFZNo7Ea 6QdKwSftZV1L52yNE7NANxbkca+Rdd+HxSkS2rq66Tt7UH0+HZ+lXRb32QqGn/pRABWO nFwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=UquCbMkMEN53oDqhrIsDuW+/Yi+lnpJDBsKu7NltgmI=; b=cJtjzXHj5wT+JutXAP325DPXlcj/nABnudFThc5OENjfv4+RLfeda6TTNQ6ozTnRj5 xumgifXCT83RD4ON11FsqsrGj0naxz8GCj1hYy+f9vxVUc3xd9EEp/NKvk1kAip4ZxD9 nYqIDg5wfC6OyMjiFzU5fRWw36+oH9QCZMdmL9I7ZRPvhdxdjOLOGm1Wvvd/zUzMD3EZ ADeFJbitG4X2au5H/ix+AsTY+1huRGO1YWtzTfIKOTWMqso9xn0Hsw8pJ4u7/UwTMlD6 yYA7Zz8+JIMkUCUbSPsM5jd1n2mgL6uLwwpe4n+A5iQHdzECqpHsLhsQlnSK35knLU6n nfOw== X-Gm-Message-State: AJIora93fOviJILxqB9A6C09eT4THwERBeVJyW0pYenm9uN/r2t+0Nna QeFJjC4z9JddiIuEq4xIIMI1oFNbRB82AA== X-Google-Smtp-Source: AGRyM1s34hRTvZB8Y7Xk9te1i17z6IbWppPGWTLYgGaU9rmBgS1u+VkLNYZr0Wk1pk93+iVd+YYx2UmXUKNKpA== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a25:ad14:0:b0:66e:cb9e:8d43 with SMTP id y20-20020a25ad14000000b0066ecb9e8d43mr1664970ybi.176.1657255751621; Thu, 07 Jul 2022 21:49:11 -0700 (PDT) Date: Fri, 8 Jul 2022 12:48:45 +0800 In-Reply-To: <20220708044847.531566-1-davidgow@google.com> Message-Id: <20220708044847.531566-2-davidgow@google.com> Mime-Version: 1.0 References: <20220708044847.531566-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v6 2/4] module: panic: Taint the kernel when selftest modules load From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada , Nathan Chancellor Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Taint the kernel with TAINT_TEST whenever a test module loads, by adding a new "TEST" module property, and setting it for all modules in the tools/testing directory. This property can also be set manually, for tests which live outside the tools/testing directory with: MODULE_INFO(test, "Y"); Reviewed-by: Luis Chamberlain Reviewed-by: Aaron Tomlin Acked-by: Brendan Higgins Signed-off-by: David Gow --- Version 6 of this patch fixes the issue pointed out by Nathan here, whereby the check for the module property was inverted: https://lore.kernel.org/linux-kselftest/Ysd9FG1fOSnzKv8d@dev-arch.thelio-3990X/ Changes since v5: https://lore.kernel.org/linux-kselftest/20220702040959.3232874-2-davidgow@google.com/ - Fix the test for the module property being inverted, making this patch do exactly the opposite of what it should. (Thanks Nathan Chancellor) - Revert to using pr_warn(), as we already don't warn if the kernel is tainted, so won't spam the logs. - Add Reviewed-, Acked-by tags. Changes since v4: https://lore.kernel.org/linux-kselftest/20220701084744.3002019-2-davidgow@google.com/ - Use pr_warn_once() to only log a warning the first time a module taints the kernel with TAINT_TEST - Loading lots of test modules is a common usecase, and this would otherwise spam the logs too much. - Thanks Luis. - Remove a superfluous newline (Thanks Greg) - Add Luis' Reviewed-by tag. This patch was new in v4 of the series. --- kernel/module/main.c | 7 +++++++ scripts/mod/modpost.c | 3 +++ 2 files changed, 10 insertions(+) diff --git a/kernel/module/main.c b/kernel/module/main.c index fed58d30725d..4723f1316709 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1988,6 +1988,13 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) /* Set up license info based on the info section */ set_license(mod, get_modinfo(info, "license")); + if (get_modinfo(info, "test")) { + if (!test_taint(TAINT_TEST)) + pr_warn("%s: loading test module taints kernel.\n", + mod->name); + add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); + } + return 0; } diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 29d5a841e215..5937212b4433 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -2191,6 +2191,9 @@ static void add_header(struct buffer *b, struct module *mod) if (strstarts(mod->name, "drivers/staging")) buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n"); + + if (strstarts(mod->name, "tools/testing")) + buf_printf(b, "\nMODULE_INFO(test, \"Y\");\n"); } static void add_exported_symbols(struct buffer *buf, struct module *mod) From patchwork Fri Jul 8 04:48:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12910571 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F851CCA47B for ; Fri, 8 Jul 2022 04:49:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237340AbiGHEt2 (ORCPT ); Fri, 8 Jul 2022 00:49:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237354AbiGHEtY (ORCPT ); Fri, 8 Jul 2022 00:49:24 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 796F476E97 for ; Thu, 7 Jul 2022 21:49:17 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id 79-20020a630252000000b004125da7d520so6243117pgc.11 for ; Thu, 07 Jul 2022 21:49:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=1A6qYqJKHf9NGGZzmDub8k30/R66by5jlEKXrPXJj44=; b=SucqxFgX5rzmSoqNlZU2wpXRBbbPqhJVl8kphJxPAiVmOyq1RCb6fPcIgZTCECgvWY ZvzyzFgvUUwI2OfgQCMK/ZMVW2DbcyvoVaCjOIk3Dd9X8NddhS2BqOJEBFi1zlZGoDG9 cBp+bBfHNgKW5bcgTDicUBNuURnwtK5JpSMpAudRip2/A0kgo09arl5cIxAqSggphD5h DlmAsg0XbQxTyWvCbiLSwdJ7D5fZkkDKn5z2B8yBbrjY7kie+eVqFCLQ95btr4MHp9KJ IkZ7oBqL3WHolRgwyxaP4j7aA4VVLVZ/jpHzsbqbpei9/XO0E7tMb7v8AsWgJnbkvxSx KOIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=1A6qYqJKHf9NGGZzmDub8k30/R66by5jlEKXrPXJj44=; b=V6pZqyTTrfnlbXOJZUOI/E8qD3X3fNDlz8odpZYKHFyuFoRV5jrXz/gAw92vwd1dCF b6oFtt2WRG0pI9Pf5E9ud72q1zBMmYSwcPbdDymy/qi9gK/i93CEb6UYeHuPIouUVLui Qu8Y+RPPv7XbZoFGZ3+FqImYiqzRJ97+YxDW9Izbhrlncva7BWem+J9yiAd5K0nqGxqc exEYUP/MVqb/fMn7b1agwMkuEWrCAYcIWuj5+UGT4/2QpOn7Hx/164WR8hFVhcRAYy+B 2E15kTn7tBRIEJ/gJRYLhU2YR5oIjy/or0SDJXR8+4Fl+ADy+/FV/YxMxfb57Fg+8Vhu nSqQ== X-Gm-Message-State: AJIora+90epHC8+7JvpsOuil8B6zCnQzkKsIdF20+K6S6OZB7DH50G1c KvnTE8uRfhfd2g7n0q2YjvEqvopMR3sNKQ== X-Google-Smtp-Source: AGRyM1sNiqa//ZLeKy8OfqscWC5TleJ9FjN0cVegp4W+XLXK7wRYhByeorgwSFiNKTOHYZCDeoM1MTU2M/LAsw== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a17:90a:249:b0:1e0:a8a3:3c6c with SMTP id t9-20020a17090a024900b001e0a8a33c6cmr4643pje.0.1657255756113; Thu, 07 Jul 2022 21:49:16 -0700 (PDT) Date: Fri, 8 Jul 2022 12:48:46 +0800 In-Reply-To: <20220708044847.531566-1-davidgow@google.com> Message-Id: <20220708044847.531566-3-davidgow@google.com> Mime-Version: 1.0 References: <20220708044847.531566-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v6 3/4] kunit: Taint the kernel when KUnit tests are run From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada , Nathan Chancellor Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Make KUnit trigger the new TAINT_TEST taint when any KUnit test is run. Due to KUnit tests not being intended to run on production systems, and potentially causing problems (or security issues like leaking kernel addresses), the kernel's state should not be considered safe for production use after KUnit tests are run. This both marks KUnit modules as test modules using MODULE_INFO() and manually taints the kernel when tests are run (which catches builtin tests). Acked-by: Luis Chamberlain Tested-by: Daniel Latypov Reviewed-by: Brendan Higgins Signed-off-by: David Gow --- No changes since v5: https://lore.kernel.org/linux-kselftest/20220702040959.3232874-3-davidgow@google.com/ No changes since v4: https://lore.kernel.org/linux-kselftest/20220701084744.3002019-3-davidgow@google.com/ Changes since v3: https://lore.kernel.org/lkml/20220513083212.3537869-2-davidgow@google.com/ - Use MODULE_INFO() for KUnit modules. - This is technically redundant, as the KUnit executor will taint the kernel when _any_ KUnit tests are run, but may be useful if some other tool will parse the 'test' property. - Add {Acked,Tested,Reviewed}-by tags. --- include/kunit/test.h | 3 ++- lib/kunit/test.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index 8ffcd7de9607..ccae848720dc 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -277,7 +277,8 @@ static inline int kunit_run_all_tests(void) { \ return __kunit_test_suites_exit(__suites); \ } \ - module_exit(kunit_test_suites_exit) + module_exit(kunit_test_suites_exit) \ + MODULE_INFO(test, "Y"); #else #define kunit_test_suites_for_module(__suites) #endif /* MODULE */ diff --git a/lib/kunit/test.c b/lib/kunit/test.c index a5053a07409f..8b11552dc215 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -501,6 +502,9 @@ int kunit_run_tests(struct kunit_suite *suite) struct kunit_result_stats suite_stats = { 0 }; struct kunit_result_stats total_stats = { 0 }; + /* Taint the kernel so we know we've run tests. */ + add_taint(TAINT_TEST, LOCKDEP_STILL_OK); + if (suite->suite_init) { suite->suite_init_err = suite->suite_init(suite); if (suite->suite_init_err) { From patchwork Fri Jul 8 04:48:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 12910572 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D1B1C43334 for ; Fri, 8 Jul 2022 04:49:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237395AbiGHEtt (ORCPT ); Fri, 8 Jul 2022 00:49:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237373AbiGHEtY (ORCPT ); Fri, 8 Jul 2022 00:49:24 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C17176EB5 for ; Thu, 7 Jul 2022 21:49:21 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id b129-20020a25e487000000b0066e1c52ac55so12428406ybh.11 for ; Thu, 07 Jul 2022 21:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=6xul3k/V0LAkdN8g3oGpIo31VJu1MYmTbIXu79NJSDg=; b=aDpNy+75E3mcPP7KBpLgdT1SAr2dHsw4eslbdLBX/r7lYjiVoZ5cmPc2M43Pj11P3f kch7BTM4NXRiKbDt1CEtWwTky4QK7BNwrceAWe9L9iFHFzGmyZzFCSebngXHlz23wP07 8Zc9T9OuQq6Yx/2mKR3gkcZLHi1ZzV/cJBz8V4q8XyVlgDx7yYZfuO9k0BvSms5Mwipp 7XBGBkrrqobYx+QyXkcvyy3n/4lqHSpK6HIVBByT1kcqKGdFNhBYVXNiyaG+gXOukYDq zHsgIg6IueqEnTtY1qwpCH6I9VzIQaGjYPPtIk8pdO9eXemcYgGF58/en3Ub4BCrsYgi tOZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=6xul3k/V0LAkdN8g3oGpIo31VJu1MYmTbIXu79NJSDg=; b=TbLQ/mO1diZxziPFFBgz+NxZlUUEMQGpMRS+99SE9F1X/3r6xDReCdFKzA1FCldn/z 3zDLQGtpBFLKGhVbPuhc0yyn0mZQViIqpIItab08WwVIFTikj41awu+g4+VwUW/U4Vwm rjgXOeLUe6wx6SEwgz2HL0n0z+PPrQCQjkTnR6IEKlgnu9RBNN0Zehq/k+zd1hTrig72 Ni+/syZHfqtbphIrVoo/g+HqZJmRpHregh8NgFs3WLiGj5T9GmZxl7dy09Ls9uiim+oP ZwTt8CUxNc8htpr+ICcjXctZrgPhloC4ZbswwG9XLUw9MKS7SREZpb5Zh9lPZWuBT2zf pVnA== X-Gm-Message-State: AJIora+/vqD6n+Wy25VUhDI6GIzgIqjZN3V3ww5Hglzerv6h9stvYhZh J/KtlSjrk0gafv5FY7qaMN2hVpFRcoGA+g== X-Google-Smtp-Source: AGRyM1vYICx6sgyLY0eIH4w2y44yetzDaPhW0JYcwhxcz1tqUNq1ZpnKz/fW69P77v4SNqIXkp2pqBHUOkQkNg== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a05:6902:1508:b0:66d:212e:78c0 with SMTP id q8-20020a056902150800b0066d212e78c0mr1657158ybu.184.1657255761071; Thu, 07 Jul 2022 21:49:21 -0700 (PDT) Date: Fri, 8 Jul 2022 12:48:47 +0800 In-Reply-To: <20220708044847.531566-1-davidgow@google.com> Message-Id: <20220708044847.531566-4-davidgow@google.com> Mime-Version: 1.0 References: <20220708044847.531566-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v6 4/4] selftest: Taint kernel when test module loaded From: David Gow To: Brendan Higgins , Andy Shevchenko , Jonathan Corbet , Andrew Morton , Kees Cook , Shuah Khan , Greg KH , Luis Chamberlain , Masahiro Yamada , Nathan Chancellor Cc: David Gow , "Guilherme G . Piccoli" , Sebastian Reichel , John Ogness , Joe Fradley , Daniel Latypov , kunit-dev@googlegroups.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Jani Nikula , Lucas De Marchi , Aaron Tomlin , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Michal Marek , Nick Desaulniers , linux-kbuild@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org Make any kselftest test module (using the kselftest_module framework) taint the kernel with TAINT_TEST on module load. Also mark the module as a test module using MODULE_INFO(test, "Y") so that other tools can tell this is a test module. We can't rely solely on this, though, as these test modules are also often built-in. Finally, update the kselftest documentation to mention that the kernel should be tainted, and how to do so manually (as below). Note that several selftests use kernel modules which are not based on the kselftest_module framework, and so will not automatically taint the kernel. This can be done in two ways: - Moving the module to the tools/testing directory. All modules under this directory will taint the kernel. - Adding the 'test' module property with: MODULE_INFO(test, "Y") Similarly, selftests which do not load modules into the kernel generally should not taint the kernel (or possibly should only do so on failure), as it's assumed that testing from user-space should be safe. Regardless, they can write to /proc/sys/kernel/tainted if required. Reviewed-by: Luis Chamberlain Acked-by: Brendan Higgins Signed-off-by: David Gow --- Changes since v5: https://lore.kernel.org/linux-kselftest/20220702040959.3232874-4-davidgow@google.com/ - Add Brendan's Acked-by tag. Changes since v4: https://lore.kernel.org/lkml/20220513083212.3537869-3-davidgow@google.com/ - Actually use the new TAINT_TEST name, instead of TAINT_KUNIT (Thanks, kernel-test-robot) - Document how to use this (or MODULE_INFO()) to taint the kernel. (Thanks, Luis) - Also add MODULE_INFO(test, "Y") to embed the fact that this is a test module into the .ko - Nothing depends on it now, but it should allow us to tell this is a test module without executing it in the future. No changes since v3: https://lore.kernel.org/lkml/20220513083212.3537869-3-davidgow@google.com/ --- Documentation/dev-tools/kselftest.rst | 9 +++++++++ tools/testing/selftests/kselftest_module.h | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/Documentation/dev-tools/kselftest.rst b/Documentation/dev-tools/kselftest.rst index a833ecf12fbc..1096a9833550 100644 --- a/Documentation/dev-tools/kselftest.rst +++ b/Documentation/dev-tools/kselftest.rst @@ -250,6 +250,14 @@ assist writing kernel modules that are for use with kselftest: - ``tools/testing/selftests/kselftest_module.h`` - ``tools/testing/selftests/kselftest/module.sh`` +Note that test modules should taint the kernel with TAINT_TEST. This will +happen automatically for modules which are in the ``tools/testing/`` +directory, or for modules which use the ``kselftest_module.h`` header above. +Otherwise, you'll need to add ``MODULE_INFO(test, "Y")`` to your module +source. selftests which do not load modules typically should not taint the +kernel, but in cases where a non-test module is loaded, TEST_TAINT can be +applied from userspace by writing to ``/proc/sys/kernel/tainted``. + How to use ---------- @@ -308,6 +316,7 @@ A bare bones test module might look like this: KSTM_MODULE_LOADERS(test_foo); MODULE_AUTHOR("John Developer "); MODULE_LICENSE("GPL"); + MODULE_INFO(test, "Y"); Example test script ------------------- diff --git a/tools/testing/selftests/kselftest_module.h b/tools/testing/selftests/kselftest_module.h index e2ea41de3f35..63cd7487373f 100644 --- a/tools/testing/selftests/kselftest_module.h +++ b/tools/testing/selftests/kselftest_module.h @@ -3,6 +3,7 @@ #define __KSELFTEST_MODULE_H #include +#include /* * Test framework for writing test modules to be loaded by kselftest. @@ -41,6 +42,7 @@ static inline int kstm_report(unsigned int total_tests, unsigned int failed_test static int __init __module##_init(void) \ { \ pr_info("loaded.\n"); \ + add_taint(TAINT_TEST, LOCKDEP_STILL_OK); \ selftest(); \ return kstm_report(total_tests, failed_tests, skipped_tests); \ } \ @@ -51,4 +53,6 @@ static void __exit __module##_exit(void) \ module_init(__module##_init); \ module_exit(__module##_exit) +MODULE_INFO(test, "Y"); + #endif /* __KSELFTEST_MODULE_H */