Re: [PATCH] kunit: Fix kunit_kstrdup_const() with modules

From: Kees Cook
Date: Tue Aug 06 2024 - 00:06:09 EST

Next message: Andrii Nakryiko: "Re: [PATCH 00/10] perf/uprobe: Optimize uprobes"
Previous message: Ian Rogers: "Re: [PATCH v1 4/5] perf pmu-events: Remove duplicated riscv firmware event"
In reply to: David Gow: "[PATCH] kunit: Fix kunit_kstrdup_const() with modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 06, 2024 at 10:01:34AM +0800, David Gow wrote:
> In commit 7d3c33b290b1 ("kunit: Device wrappers should also manage driver name"),
> the kunit_kstrdup_const() and kunit_kfree_const() were introduced as an
> optimisation of kunit_kstrdup(), which only copy/free strings from the
> kernel rodata.
>
> However, these are inline functions, and is_kernel_rodata() only works
> for built-in code. This causes problems in two cases:
> - If kunit is built as a module, __{start,end}_rodata is not defined.
> - If a kunit test using these functions is built as a module, it will
> suffer the same fate.
>
> Restrict the is_kernel_rodata() case to when KUnit is built as a module,
> which fixes the first case, at the cost of losing the optimisation.
>
> Also, make kunit_{kstrdup,kfree}_const non-inline, so that other modules
> using them will not accidentally depend on is_kernel_rodata(). If KUnit
> is built-in, they'll benefit from the optimisation, if KUnit is not,
> they won't, but the string will be properly duplicated.

I wonder if this series should be refreshed:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=devel/hardening/is_rodata

We gained is_kernel_rodata() and is_kernel_ro_after_init() since this
original proposal, which is what the proposed core_kernel_rodata()
checks.

It adds a is_module_rodata...() check, so with the is_kernel_*() checks,
it's possible to do a check across the entire kernel and all modules.

-Kees

>
> (And fix a couple of typos in the doc comment, too.)
>
> Reported-by: Nico Pache <npache@xxxxxxxxxx>
> Closes: https://lore.kernel.org/all/CAA1CXcDKht4vOL-acxrARbm6JhGna8_k8wjYJ-vHONink8aZ=w@xxxxxxxxxxxxxx/
> Fixes: 7d3c33b290b1 ("kunit: Device wrappers should also manage driver name")
> Signed-off-by: David Gow <davidgow@xxxxxxxxxx>
> ---
> include/kunit/test.h | 16 +++-------------
> lib/kunit/test.c | 19 +++++++++++++++++++
> 2 files changed, 22 insertions(+), 13 deletions(-)
>
> diff --git a/include/kunit/test.h b/include/kunit/test.h
> index da9e84de14c0..5ac237c949a0 100644
> --- a/include/kunit/test.h
> +++ b/include/kunit/test.h
> @@ -489,11 +489,7 @@ static inline void *kunit_kcalloc(struct kunit *test, size_t n, size_t size, gfp
> * Calls kunit_kfree() only if @x is not in .rodata section.
> * See kunit_kstrdup_const() for more information.
> */
> -static inline void kunit_kfree_const(struct kunit *test, const void *x)
> -{
> - if (!is_kernel_rodata((unsigned long)x))
> - kunit_kfree(test, x);
> -}
> +void kunit_kfree_const(struct kunit *test, const void *x);
>
> /**
> * kunit_kstrdup() - Duplicates a string into a test managed allocation.
> @@ -527,16 +523,10 @@ static inline char *kunit_kstrdup(struct kunit *test, const char *str, gfp_t gfp
> * @gfp: flags passed to underlying kmalloc().
> *
> * Calls kunit_kstrdup() only if @str is not in the rodata section. Must be freed with
> - * kunit_free_const() -- not kunit_free().
> + * kunit_kfree_const() -- not kunit_kfree().
> * See kstrdup_const() and kunit_kmalloc_array() for more information.
> */
> -static inline const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
> -{
> - if (is_kernel_rodata((unsigned long)str))
> - return str;
> -
> - return kunit_kstrdup(test, str, gfp);
> -}
> +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp);
>
> /**
> * kunit_vm_mmap() - Allocate KUnit-tracked vm_mmap() area
> diff --git a/lib/kunit/test.c b/lib/kunit/test.c
> index e8b1b52a19ab..089c832e3cdb 100644
> --- a/lib/kunit/test.c
> +++ b/lib/kunit/test.c
> @@ -874,6 +874,25 @@ void kunit_kfree(struct kunit *test, const void *ptr)
> }
> EXPORT_SYMBOL_GPL(kunit_kfree);
>
> +void kunit_kfree_const(struct kunit *test, const void *x)
> +{
> +#if !IS_MODULE(CONFIG_KUNIT)
> + if (!is_kernel_rodata((unsigned long)x))
> +#endif
> + kunit_kfree(test, x);
> +}
> +EXPORT_SYMBOL_GPL(kunit_kfree_const);
> +
> +const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
> +{
> +#if !IS_MODULE(CONFIG_KUNIT)
> + if (is_kernel_rodata((unsigned long)str))
> + return str;
> +#endif
> + return kunit_kstrdup(test, str, gfp);
> +}
> +EXPORT_SYMBOL_GPL(kunit_kstrdup_const);
> +
> void kunit_cleanup(struct kunit *test)
> {
> struct kunit_resource *res;
> --
> 2.46.0.rc2.264.g509ed76dc8-goog
>

--
Kees Cook

Next message: Andrii Nakryiko: "Re: [PATCH 00/10] perf/uprobe: Optimize uprobes"
Previous message: Ian Rogers: "Re: [PATCH v1 4/5] perf pmu-events: Remove duplicated riscv firmware event"
In reply to: David Gow: "[PATCH] kunit: Fix kunit_kstrdup_const() with modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]