From patchwork Wed Sep 4 21:39:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shuah Khan X-Patchwork-Id: 13791464 X-Patchwork-Delegate: brendanhiggins@google.com Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EEB11514F8 for ; Wed, 4 Sep 2024 21:39:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725485985; cv=none; b=uZSAIq8gc+S+ciMi7yPfXTO86oo23ugQnzkHGzKURvMfUsAcv4UeKJs7pjlrdU774OGm6d8rWY2cDcW+KvOvLiKvUZGxEfw9w2F4QwAZyzmLePympHngh2+P3LMtH213d5uFCQKTro4qJC6qD6xm+BBHFBlHcYIocinvGwVSrfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725485985; c=relaxed/simple; bh=Paag6BFcURhpeWfK5i4jM43Qb7+H9a1yCp9aenH53Dc=; h=Content-Type:Message-ID:Date:MIME-Version:To:Cc:From:Subject; b=ry/YaChodzbLqpStThj82sptRmtlmAUsJhRI0hUNW9KnxM2KP6RYyqz6Gvwhpdba3hUtpyvuup8M+IvK/oSP7+7vwWP5ko2Hk4V6VTGW0tRivxMbM+dDUvnij6MziHr8TJCL31TmCgcPnyXy+yFqkCCf0OclLfZtdmQwA+j+LzU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linuxfoundation.org; spf=pass smtp.mailfrom=linuxfoundation.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=LfdQJv+U; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="LfdQJv+U" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-20570b42f24so1552085ad.1 for ; Wed, 04 Sep 2024 14:39:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; t=1725485983; x=1726090783; darn=vger.kernel.org; h=subject:from:cc:to:content-language:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=cwfWMshAqNAR3bH5Ykm0ByElNf5VG1mmbiGlzTqRPs8=; b=LfdQJv+UXJA8Z+DSdub+7zmGuwie5n5AlOBr48FA02GAiLH1ZILl4aO9tl3XQww6Gy oZdkDm7RmpfzOqVNd9ez3N8sQq/YQCF8t4qobt3z6wR4DV0NS6o5vdbz+uWlCJZjhaaB nFBCY3DQK1ef6eCY0xj+E+JAjUsKEYU856hag= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725485983; x=1726090783; h=subject:from:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cwfWMshAqNAR3bH5Ykm0ByElNf5VG1mmbiGlzTqRPs8=; b=WSnFIB6+rJNqbux6YEVan1cQz9dp5/UnpZa8XgML71FzyZ8Yx8iLeMN95oo6+Wr5he SwjMeRp2C00h9BYSA5uztU0do+Te4lJ3nAlokfPhFkUYU3VfHkVx5w/rsTDjK0SMh+p1 b7dJ6b3jinXO4K64nK4zRUr8ZkV0wq03JYvwgNZVqo1OUaJ45BWNO6uzbebfMfUflU+p 0XL1J4M0hiBXlxJkzngi3a/ATQgRdZz1E9AKA/Ud24dH0vfzXvs87ecb+cjek1OhUzPl G7alq7f7VIu/icpFpm7p4FkvkBXd3HUYxyAyOCFR/7UklQF9fy0XlsOk1zPAtunG8kYp i59w== X-Forwarded-Encrypted: i=1; AJvYcCX+uFQ4wNmUNOWBYhtNWmI4lz0Xzd4DjCZyK9XtX59dZwTbjkR6Qmlhj1x1uHgbbXDAb+HwD1BtLW6xoSgmkF4=@vger.kernel.org X-Gm-Message-State: AOJu0YzGkO8g2Mkoq3auKUGX4WcxM75UGxqGbMtMw73WXi8+tHKE5iRS yIO9Rbf/M1qHFrz2PCK2coMN5Fj8S2B5qWzw3nZSiJNj3TT0pSqn/2JpBU6j8Lc= X-Google-Smtp-Source: AGHT+IEAA/h6f7ZFoMxwlg93ax03CUs3H89eXgOqsXr1R5YPu/3D7usW9VI0KLRUK5HfFeHTqxrFNw== X-Received: by 2002:a17:902:e5ce:b0:202:3a78:5d8a with SMTP id d9443c01a7336-20699acb74bmr79460275ad.8.1725485982330; Wed, 04 Sep 2024 14:39:42 -0700 (PDT) Received: from [192.168.1.128] ([38.175.170.29]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-206ae913b24sm17881555ad.12.2024.09.04.14.39.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Sep 2024 14:39:41 -0700 (PDT) Message-ID: <4fa8a1d6-ac65-477a-aab4-814e02eea2b8@linuxfoundation.org> Date: Wed, 4 Sep 2024 15:39:40 -0600 Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Linus Torvalds Cc: shuah , Shuah Khan , David Gow , Brendan Higgins , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org From: Shuah Khan Subject: [GIT PULL] KUnit fixes update for Linux 6.11-rc7 Hi Linus, Please pull the following KUnit fixes update for Linux 6.11-rc7. This kunit update for Linux 6.11-rc7 consist of one single fix to a use-after-free bug resulting from kunit_driver_create() failing to copy the driver name leaving it on the stack or freeing it. diff is attached. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit 8400291e289ee6b2bf9779ff1c83a291501f017b: Linux 6.11-rc1 (2024-07-28 14:19:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux_kselftest-kunit-fixes-6.11-rc7 for you to fetch changes up to f2c6dbd220170c2396fb019ead67fbada1e23ebd: kunit: Device wrappers should also manage driver name (2024-08-26 07:03:46 -0600) ---------------------------------------------------------------- linux_kselftest-kunit-fixes-6.11-rc7 This kunit update for Linux 6.11-rc7 consist of one single fix to a use-after-free bug resulting from kunit_driver_create() failing to copy the driver name leaving it on the stack or freeing it. ---------------------------------------------------------------- David Gow (1): kunit: Device wrappers should also manage driver name include/kunit/test.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/kunit/device.c | 7 +++++-- lib/kunit/test.c | 19 +++++++++++++++++++ 3 files changed, 72 insertions(+), 2 deletions(-) ---------------------------------------------------------------- diff --git a/include/kunit/test.h b/include/kunit/test.h index e2a1f0928e8b..5ac237c949a0 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -28,6 +28,7 @@ #include #include +#include /* Static key: true if any KUnit tests are currently running */ DECLARE_STATIC_KEY_FALSE(kunit_running); @@ -480,6 +481,53 @@ static inline void *kunit_kcalloc(struct kunit *test, size_t n, size_t size, gfp return kunit_kmalloc_array(test, n, size, gfp | __GFP_ZERO); } + +/** + * kunit_kfree_const() - conditionally free test managed memory + * @x: pointer to the memory + * + * Calls kunit_kfree() only if @x is not in .rodata section. + * See kunit_kstrdup_const() for more information. + */ +void kunit_kfree_const(struct kunit *test, const void *x); + +/** + * kunit_kstrdup() - Duplicates a string into a test managed allocation. + * + * @test: The test context object. + * @str: The NULL-terminated string to duplicate. + * @gfp: flags passed to underlying kmalloc(). + * + * See kstrdup() and kunit_kmalloc_array() for more information. + */ +static inline char *kunit_kstrdup(struct kunit *test, const char *str, gfp_t gfp) +{ + size_t len; + char *buf; + + if (!str) + return NULL; + + len = strlen(str) + 1; + buf = kunit_kmalloc(test, len, gfp); + if (buf) + memcpy(buf, str, len); + return buf; +} + +/** + * kunit_kstrdup_const() - Conditionally duplicates a string into a test managed allocation. + * + * @test: The test context object. + * @str: The NULL-terminated string to duplicate. + * @gfp: flags passed to underlying kmalloc(). + * + * Calls kunit_kstrdup() only if @str is not in the rodata section. Must be freed with + * kunit_kfree_const() -- not kunit_kfree(). + * See kstrdup_const() and kunit_kmalloc_array() for more information. + */ +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp); + /** * kunit_vm_mmap() - Allocate KUnit-tracked vm_mmap() area * @test: The test context object. diff --git a/lib/kunit/device.c b/lib/kunit/device.c index 25c81ed465fb..520c1fccee8a 100644 --- a/lib/kunit/device.c +++ b/lib/kunit/device.c @@ -89,7 +89,7 @@ struct device_driver *kunit_driver_create(struct kunit *test, const char *name) if (!driver) return ERR_PTR(err); - driver->name = name; + driver->name = kunit_kstrdup_const(test, name, GFP_KERNEL); driver->bus = &kunit_bus_type; driver->owner = THIS_MODULE; @@ -192,8 +192,11 @@ void kunit_device_unregister(struct kunit *test, struct device *dev) const struct device_driver *driver = to_kunit_device(dev)->driver; kunit_release_action(test, device_unregister_wrapper, dev); - if (driver) + if (driver) { + const char *driver_name = driver->name; kunit_release_action(test, driver_unregister_wrapper, (void *)driver); + kunit_kfree_const(test, driver_name); + } } EXPORT_SYMBOL_GPL(kunit_device_unregister); diff --git a/lib/kunit/test.c b/lib/kunit/test.c index e8b1b52a19ab..089c832e3cdb 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -874,6 +874,25 @@ void kunit_kfree(struct kunit *test, const void *ptr) } EXPORT_SYMBOL_GPL(kunit_kfree); +void kunit_kfree_const(struct kunit *test, const void *x) +{ +#if !IS_MODULE(CONFIG_KUNIT) + if (!is_kernel_rodata((unsigned long)x)) +#endif + kunit_kfree(test, x); +} +EXPORT_SYMBOL_GPL(kunit_kfree_const); + +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp) +{ +#if !IS_MODULE(CONFIG_KUNIT) + if (is_kernel_rodata((unsigned long)str)) + return str; +#endif + return kunit_kstrdup(test, str, gfp); +} +EXPORT_SYMBOL_GPL(kunit_kstrdup_const); + void kunit_cleanup(struct kunit *test) { struct kunit_resource *res;