Re: [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* Re: [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows
       [not found] <20230407192717.636137-9-keescook@chromium.org>
@ 2023-04-08  0:33 ` kernel test robot
  2023-04-18 18:27   ` Nick Desaulniers
  0 siblings, 1 reply; 2+ messages in thread
From: kernel test robot @ 2023-04-08  0:33 UTC (permalink / raw)
  To: Kees Cook, linux-hardening
  Cc: oe-kbuild-all, Kees Cook, Andy Shevchenko, Cezary Rojewski,
	Puyou Lu, Mark Brown, Josh Poimboeuf, Peter Zijlstra,
	Brendan Higgins, David Gow, Andrew Morton,
	Linux Memory Management List, Nathan Chancellor,
	Alexander Potapenko, Zhaoyang Huang, Randy Dunlap,
	Geert Uytterhoeven, Miguel Ojeda, Alexander Lobakin,
	Nick Desaulniers, Liam Howlett, Vlastimil Babka, Dan Williams,
	Rasmus Villemoes, Yury Norov, Jason A. Donenfeld,
	Sander Vanheule, Eric Biggers, Masami Hiramatsu (Google),
	Andrey Konovalov

Hi Kees,

kernel test robot noticed the following build warnings:

[auto build test WARNING on kees/for-next/hardening]
[also build test WARNING on kees/for-next/pstore kees/for-next/kspp linus/master tip/x86/core v6.3-rc5 next-20230406]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/kunit-tool-Enable-CONFIG_FORTIFY_SOURCE-under-UML/20230408-032959
base:   https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
patch link:    https://lore.kernel.org/r/20230407192717.636137-9-keescook%40chromium.org
patch subject: [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows
config: openrisc-randconfig-r034-20230405 (https://download.01.org/0day-ci/archive/20230408/202304080811.nYP4KpPZ-lkp@intel.com/config)
compiler: or1k-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/intel-lab-lkp/linux/commit/d212962ef7682ee160bf38fa455475558f031759
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Kees-Cook/kunit-tool-Enable-CONFIG_FORTIFY_SOURCE-under-UML/20230408-032959
        git checkout d212962ef7682ee160bf38fa455475558f031759
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=openrisc olddefconfig
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=openrisc SHELL=/bin/bash lib/

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202304080811.nYP4KpPZ-lkp@intel.com/

All warnings (new ones prefixed by >>):

   In file included from lib/fortify_kunit.c:28:
   lib/fortify_kunit.c: In function 'strnlen_test':
>> lib/fortify_kunit.c:412:31: warning: 'strnlen' specified bound 33 exceeds source size 32 [-Wstringop-overread]
     412 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 1), end);
   include/kunit/test.h:584:38: note: in definition of macro 'KUNIT_BASE_BINARY_ASSERTION'
     584 |         const typeof(left) __left = (left);                                    \
         |                                      ^~~~
   include/kunit/test.h:776:9: note: in expansion of macro 'KUNIT_BINARY_INT_ASSERTION'
     776 |         KUNIT_BINARY_INT_ASSERTION(test,                                       \
         |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
   include/kunit/test.h:773:9: note: in expansion of macro 'KUNIT_EXPECT_EQ_MSG'
     773 |         KUNIT_EXPECT_EQ_MSG(test, left, right, NULL)
         |         ^~~~~~~~~~~~~~~~~~~
   lib/fortify_kunit.c:412:9: note: in expansion of macro 'KUNIT_EXPECT_EQ'
     412 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 1), end);
         |         ^~~~~~~~~~~~~~~
   lib/fortify_kunit.c:359:14: note: source object allocated here
     359 |         char buf[32];
         |              ^~~
   lib/fortify_kunit.c:414:31: warning: 'strnlen' specified bound 34 exceeds source size 32 [-Wstringop-overread]
     414 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 2), end);
   include/kunit/test.h:584:38: note: in definition of macro 'KUNIT_BASE_BINARY_ASSERTION'
     584 |         const typeof(left) __left = (left);                                    \
         |                                      ^~~~
   include/kunit/test.h:776:9: note: in expansion of macro 'KUNIT_BINARY_INT_ASSERTION'
     776 |         KUNIT_BINARY_INT_ASSERTION(test,                                       \
         |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
   include/kunit/test.h:773:9: note: in expansion of macro 'KUNIT_EXPECT_EQ_MSG'
     773 |         KUNIT_EXPECT_EQ_MSG(test, left, right, NULL)
         |         ^~~~~~~~~~~~~~~~~~~
   lib/fortify_kunit.c:414:9: note: in expansion of macro 'KUNIT_EXPECT_EQ'
     414 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 2), end);
         |         ^~~~~~~~~~~~~~~
   lib/fortify_kunit.c:359:14: note: source object allocated here
     359 |         char buf[32];
         |              ^~~


vim +/strnlen +412 lib/fortify_kunit.c

   387	
   388	static void strnlen_test(struct kunit *test)
   389	{
   390		struct fortify_padding pad = { };
   391		int i, end = sizeof(pad.buf) - 1;
   392	
   393		/* Fill 31 bytes with valid characters. */
   394		for (i = 0; i < sizeof(pad.buf) - 1; i++)
   395			pad.buf[i] = i + '0';
   396		/* Trailing bytes are still %NUL. */
   397		KUNIT_EXPECT_EQ(test, pad.buf[end], '\0');
   398		KUNIT_EXPECT_EQ(test, pad.bytes_after, 0);
   399	
   400		/* String is terminated, so strnlen() is valid. */
   401		KUNIT_EXPECT_EQ(test, strnlen(pad.buf, sizeof(pad.buf)), end);
   402		KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0);
   403		/* A truncated strnlen() will be safe, too. */
   404		KUNIT_EXPECT_EQ(test, strnlen(pad.buf, sizeof(pad.buf) / 2),
   405						sizeof(pad.buf) / 2);
   406		KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0);
   407	
   408		/* Make string unterminated, and recount. */
   409		pad.buf[end] = 'A';
   410		end = sizeof(pad.buf);
   411		/* Reading beyond with strncpy() will fail. */
 > 412		KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 1), end);
   413		KUNIT_EXPECT_EQ(test, fortify_read_overflows, 1);
   414		KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 2), end);
   415		KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2);
   416	
   417		/* Early-truncated is safe still, though. */
   418		KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end), end);
   419		KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2);
   420	
   421		end = sizeof(pad.buf) / 2;
   422		KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end), end);
   423		KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2);
   424	}
   425	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows
  2023-04-08  0:33 ` [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows kernel test robot
@ 2023-04-18 18:27   ` Nick Desaulniers
  0 siblings, 0 replies; 2+ messages in thread
From: Nick Desaulniers @ 2023-04-18 18:27 UTC (permalink / raw)
  To: kernel test robot
  Cc: Kees Cook, linux-hardening, oe-kbuild-all, Andy Shevchenko,
	Cezary Rojewski, Puyou Lu, Mark Brown, Josh Poimboeuf,
	Peter Zijlstra, Brendan Higgins, David Gow, Andrew Morton,
	Linux Memory Management List, Nathan Chancellor,
	Alexander Potapenko, Zhaoyang Huang, Randy Dunlap,
	Geert Uytterhoeven, Miguel Ojeda, Alexander Lobakin,
	Liam Howlett, Vlastimil Babka, Dan Williams, Rasmus Villemoes,
	Yury Norov, Jason A. Donenfeld, Sander Vanheule, Eric Biggers,
	Masami Hiramatsu (Google),
	Andrey Konovalov

On Fri, Apr 7, 2023 at 5:33 PM kernel test robot <lkp@intel.com> wrote:
>
> Hi Kees,
>
> kernel test robot noticed the following build warnings:
>
> [auto build test WARNING on kees/for-next/hardening]
> [also build test WARNING on kees/for-next/pstore kees/for-next/kspp linus/master tip/x86/core v6.3-rc5 next-20230406]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url:    https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/kunit-tool-Enable-CONFIG_FORTIFY_SOURCE-under-UML/20230408-032959
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening
> patch link:    https://lore.kernel.org/r/20230407192717.636137-9-keescook%40chromium.org
> patch subject: [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows
> config: openrisc-randconfig-r034-20230405 (https://download.01.org/0day-ci/archive/20230408/202304080811.nYP4KpPZ-lkp@intel.com/config)
> compiler: or1k-linux-gcc (GCC) 12.1.0
> reproduce (this is a W=1 build):
>         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # https://github.com/intel-lab-lkp/linux/commit/d212962ef7682ee160bf38fa455475558f031759
>         git remote add linux-review https://github.com/intel-lab-lkp/linux
>         git fetch --no-tags linux-review Kees-Cook/kunit-tool-Enable-CONFIG_FORTIFY_SOURCE-under-UML/20230408-032959
>         git checkout d212962ef7682ee160bf38fa455475558f031759
>         # save the config file
>         mkdir build_dir && cp config build_dir/.config
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=openrisc olddefconfig
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=openrisc SHELL=/bin/bash lib/
>
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@intel.com>
> | Link: https://lore.kernel.org/oe-kbuild-all/202304080811.nYP4KpPZ-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
>    In file included from lib/fortify_kunit.c:28:
>    lib/fortify_kunit.c: In function 'strnlen_test':
> >> lib/fortify_kunit.c:412:31: warning: 'strnlen' specified bound 33 exceeds source size 32 [-Wstringop-overread]

If we expect to validate the runtime behavior of fortify, but using
constants that the compiler can check for readability in this test,
then we might need to use the
_Pragma/__diag infrastructure from include/linux/compiler_types.h to
disable -Wstringop-overread; or disable it at the makefile level.

>      412 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 1), end);
>    include/kunit/test.h:584:38: note: in definition of macro 'KUNIT_BASE_BINARY_ASSERTION'
>      584 |         const typeof(left) __left = (left);                                    \
>          |                                      ^~~~
>    include/kunit/test.h:776:9: note: in expansion of macro 'KUNIT_BINARY_INT_ASSERTION'
>      776 |         KUNIT_BINARY_INT_ASSERTION(test,                                       \
>          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
>    include/kunit/test.h:773:9: note: in expansion of macro 'KUNIT_EXPECT_EQ_MSG'
>      773 |         KUNIT_EXPECT_EQ_MSG(test, left, right, NULL)
>          |         ^~~~~~~~~~~~~~~~~~~
>    lib/fortify_kunit.c:412:9: note: in expansion of macro 'KUNIT_EXPECT_EQ'
>      412 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 1), end);
>          |         ^~~~~~~~~~~~~~~
>    lib/fortify_kunit.c:359:14: note: source object allocated here
>      359 |         char buf[32];
>          |              ^~~
>    lib/fortify_kunit.c:414:31: warning: 'strnlen' specified bound 34 exceeds source size 32 [-Wstringop-overread]
>      414 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 2), end);
>    include/kunit/test.h:584:38: note: in definition of macro 'KUNIT_BASE_BINARY_ASSERTION'
>      584 |         const typeof(left) __left = (left);                                    \
>          |                                      ^~~~
>    include/kunit/test.h:776:9: note: in expansion of macro 'KUNIT_BINARY_INT_ASSERTION'
>      776 |         KUNIT_BINARY_INT_ASSERTION(test,                                       \
>          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
>    include/kunit/test.h:773:9: note: in expansion of macro 'KUNIT_EXPECT_EQ_MSG'
>      773 |         KUNIT_EXPECT_EQ_MSG(test, left, right, NULL)
>          |         ^~~~~~~~~~~~~~~~~~~
>    lib/fortify_kunit.c:414:9: note: in expansion of macro 'KUNIT_EXPECT_EQ'
>      414 |         KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 2), end);
>          |         ^~~~~~~~~~~~~~~
>    lib/fortify_kunit.c:359:14: note: source object allocated here
>      359 |         char buf[32];
>          |              ^~~
>
>
> vim +/strnlen +412 lib/fortify_kunit.c
>
>    387
>    388  static void strnlen_test(struct kunit *test)
>    389  {
>    390          struct fortify_padding pad = { };
>    391          int i, end = sizeof(pad.buf) - 1;
>    392
>    393          /* Fill 31 bytes with valid characters. */
>    394          for (i = 0; i < sizeof(pad.buf) - 1; i++)
>    395                  pad.buf[i] = i + '0';
>    396          /* Trailing bytes are still %NUL. */
>    397          KUNIT_EXPECT_EQ(test, pad.buf[end], '\0');
>    398          KUNIT_EXPECT_EQ(test, pad.bytes_after, 0);
>    399
>    400          /* String is terminated, so strnlen() is valid. */
>    401          KUNIT_EXPECT_EQ(test, strnlen(pad.buf, sizeof(pad.buf)), end);
>    402          KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0);
>    403          /* A truncated strnlen() will be safe, too. */
>    404          KUNIT_EXPECT_EQ(test, strnlen(pad.buf, sizeof(pad.buf) / 2),
>    405                                          sizeof(pad.buf) / 2);
>    406          KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0);
>    407
>    408          /* Make string unterminated, and recount. */
>    409          pad.buf[end] = 'A';
>    410          end = sizeof(pad.buf);
>    411          /* Reading beyond with strncpy() will fail. */
>  > 412          KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 1), end);
>    413          KUNIT_EXPECT_EQ(test, fortify_read_overflows, 1);
>    414          KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end + 2), end);
>    415          KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2);
>    416
>    417          /* Early-truncated is safe still, though. */
>    418          KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end), end);
>    419          KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2);
>    420
>    421          end = sizeof(pad.buf) / 2;
>    422          KUNIT_EXPECT_EQ(test, strnlen(pad.buf, end), end);
>    423          KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2);
>    424  }
>    425
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests



-- 
Thanks,
~Nick Desaulniers


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-04-18 18:27 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20230407192717.636137-9-keescook@chromium.org>
2023-04-08  0:33 ` [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows kernel test robot
2023-04-18 18:27   ` Nick Desaulniers

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox