tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'overflow-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull overflow updates from Kees Cook:
"These changes come in roughly two halves: support of Gustavo A. R.
Silva's struct_size() work via additional helpers for catching
overflow allocation size calculations, and conversions of selftests to
KUnit (which includes some tweaks for UML + Clang):

- Convert overflow selftest to KUnit

- Convert stackinit selftest to KUnit

- Implement size_t saturating arithmetic helpers

- Allow struct_size() to be used in initializers"

* tag 'overflow-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
lib: stackinit: Convert to KUnit
um: Allow builds with Clang
lib: overflow: Convert to Kunit
overflow: Provide constant expression struct_size
overflow: Implement size_t saturating arithmetic helpers
test_overflow: Regularize test reporting output

Linus Torvalds d0858cbd 2142b7f0

+525 -465
+17 -3
Documentation/process/deprecated.rst
··· 71 71 72 72 foo = kmalloc_array(count, size, GFP_KERNEL); 73 73 74 + Specifically, kmalloc() can be replaced with kmalloc_array(), and 75 + kzalloc() can be replaced with kcalloc(). 76 + 74 77 If no 2-factor form is available, the saturate-on-overflow helpers should 75 78 be used:: 76 79 ··· 94 91 array usage and switch to a `flexible array member 95 92 <#zero-length-and-one-element-arrays>`_ instead. 96 93 97 - See array_size(), array3_size(), and struct_size(), 98 - for more details as well as the related check_add_overflow() and 99 - check_mul_overflow() family of functions. 94 + For other calculations, please compose the use of the size_mul(), 95 + size_add(), and size_sub() helpers. For example, in the case of:: 96 + 97 + foo = krealloc(current_size + chunk_size * (count - 3), GFP_KERNEL); 98 + 99 + Instead, use the helpers:: 100 + 101 + foo = krealloc(size_add(current_size, 102 + size_mul(chunk_size, 103 + size_sub(count, 3))), GFP_KERNEL); 104 + 105 + For more details, also see array3_size() and flex_array_size(), 106 + as well as the related check_mul_overflow(), check_add_overflow(), 107 + check_sub_overflow(), and check_shl_overflow() family of functions. 100 108 101 109 simple_strtol(), simple_strtoll(), simple_strtoul(), simple_strtoull() 102 110 ----------------------------------------------------------------------
+1
arch/um/os-Linux/execvp.c
··· 93 93 up finding no executable we can use, we want to diagnose 94 94 that we did find one but were denied access. */ 95 95 got_eacces = 1; 96 + break; 96 97 case ENOENT: 97 98 case ESTALE: 98 99 case ENOTDIR:
+4 -5
arch/x86/um/user-offsets.c
··· 8 8 #define __FRAME_OFFSETS 9 9 #include <linux/ptrace.h> 10 10 #include <asm/types.h> 11 + #include <linux/kbuild.h> 11 12 12 - #define DEFINE(sym, val) \ 13 - asm volatile("\n->" #sym " %0 " #val : : "i" (val)) 14 - 15 - #define DEFINE_LONGS(sym, val) \ 16 - asm volatile("\n->" #sym " %0 " #val : : "i" (val/sizeof(unsigned long))) 13 + #define DEFINE_LONGS(sym, val) \ 14 + COMMENT(#val " / sizeof(unsigned long)"); \ 15 + DEFINE(sym, val / sizeof(unsigned long)) 17 16 18 17 void foo(void) 19 18 {
+86 -54
include/linux/overflow.h
··· 4 4 5 5 #include <linux/compiler.h> 6 6 #include <linux/limits.h> 7 + #include <linux/const.h> 7 8 8 9 /* 9 10 * We need to compute the minimum and maximum values representable in a given ··· 119 118 })) 120 119 121 120 /** 121 + * size_mul() - Calculate size_t multiplication with saturation at SIZE_MAX 122 + * 123 + * @factor1: first factor 124 + * @factor2: second factor 125 + * 126 + * Returns: calculate @factor1 * @factor2, both promoted to size_t, 127 + * with any overflow causing the return value to be SIZE_MAX. The 128 + * lvalue must be size_t to avoid implicit type conversion. 129 + */ 130 + static inline size_t __must_check size_mul(size_t factor1, size_t factor2) 131 + { 132 + size_t bytes; 133 + 134 + if (check_mul_overflow(factor1, factor2, &bytes)) 135 + return SIZE_MAX; 136 + 137 + return bytes; 138 + } 139 + 140 + /** 141 + * size_add() - Calculate size_t addition with saturation at SIZE_MAX 142 + * 143 + * @addend1: first addend 144 + * @addend2: second addend 145 + * 146 + * Returns: calculate @addend1 + @addend2, both promoted to size_t, 147 + * with any overflow causing the return value to be SIZE_MAX. The 148 + * lvalue must be size_t to avoid implicit type conversion. 149 + */ 150 + static inline size_t __must_check size_add(size_t addend1, size_t addend2) 151 + { 152 + size_t bytes; 153 + 154 + if (check_add_overflow(addend1, addend2, &bytes)) 155 + return SIZE_MAX; 156 + 157 + return bytes; 158 + } 159 + 160 + /** 161 + * size_sub() - Calculate size_t subtraction with saturation at SIZE_MAX 162 + * 163 + * @minuend: value to subtract from 164 + * @subtrahend: value to subtract from @minuend 165 + * 166 + * Returns: calculate @minuend - @subtrahend, both promoted to size_t, 167 + * with any overflow causing the return value to be SIZE_MAX. For 168 + * composition with the size_add() and size_mul() helpers, neither 169 + * argument may be SIZE_MAX (or the result with be forced to SIZE_MAX). 170 + * The lvalue must be size_t to avoid implicit type conversion. 171 + */ 172 + static inline size_t __must_check size_sub(size_t minuend, size_t subtrahend) 173 + { 174 + size_t bytes; 175 + 176 + if (minuend == SIZE_MAX || subtrahend == SIZE_MAX || 177 + check_sub_overflow(minuend, subtrahend, &bytes)) 178 + return SIZE_MAX; 179 + 180 + return bytes; 181 + } 182 + 183 + /** 122 184 * array_size() - Calculate size of 2-dimensional array. 123 185 * 124 186 * @a: dimension one ··· 192 128 * Returns: number of bytes needed to represent the array or SIZE_MAX on 193 129 * overflow. 194 130 */ 195 - static inline __must_check size_t array_size(size_t a, size_t b) 196 - { 197 - size_t bytes; 198 - 199 - if (check_mul_overflow(a, b, &bytes)) 200 - return SIZE_MAX; 201 - 202 - return bytes; 203 - } 131 + #define array_size(a, b) size_mul(a, b) 204 132 205 133 /** 206 134 * array3_size() - Calculate size of 3-dimensional array. ··· 206 150 * Returns: number of bytes needed to represent the array or SIZE_MAX on 207 151 * overflow. 208 152 */ 209 - static inline __must_check size_t array3_size(size_t a, size_t b, size_t c) 210 - { 211 - size_t bytes; 212 - 213 - if (check_mul_overflow(a, b, &bytes)) 214 - return SIZE_MAX; 215 - if (check_mul_overflow(bytes, c, &bytes)) 216 - return SIZE_MAX; 217 - 218 - return bytes; 219 - } 220 - 221 - /* 222 - * Compute a*b+c, returning SIZE_MAX on overflow. Internal helper for 223 - * struct_size() below. 224 - */ 225 - static inline __must_check size_t __ab_c_size(size_t a, size_t b, size_t c) 226 - { 227 - size_t bytes; 228 - 229 - if (check_mul_overflow(a, b, &bytes)) 230 - return SIZE_MAX; 231 - if (check_add_overflow(bytes, c, &bytes)) 232 - return SIZE_MAX; 233 - 234 - return bytes; 235 - } 236 - 237 - /** 238 - * struct_size() - Calculate size of structure with trailing array. 239 - * @p: Pointer to the structure. 240 - * @member: Name of the array member. 241 - * @count: Number of elements in the array. 242 - * 243 - * Calculates size of memory needed for structure @p followed by an 244 - * array of @count number of @member elements. 245 - * 246 - * Return: number of bytes needed or SIZE_MAX on overflow. 247 - */ 248 - #define struct_size(p, member, count) \ 249 - __ab_c_size(count, \ 250 - sizeof(*(p)->member) + __must_be_array((p)->member),\ 251 - sizeof(*(p))) 153 + #define array3_size(a, b, c) size_mul(size_mul(a, b), c) 252 154 253 155 /** 254 156 * flex_array_size() - Calculate size of a flexible array member ··· 222 208 * Return: number of bytes needed or SIZE_MAX on overflow. 223 209 */ 224 210 #define flex_array_size(p, member, count) \ 225 - array_size(count, \ 226 - sizeof(*(p)->member) + __must_be_array((p)->member)) 211 + __builtin_choose_expr(__is_constexpr(count), \ 212 + (count) * sizeof(*(p)->member) + __must_be_array((p)->member), \ 213 + size_mul(count, sizeof(*(p)->member) + __must_be_array((p)->member))) 214 + 215 + /** 216 + * struct_size() - Calculate size of structure with trailing flexible array. 217 + * 218 + * @p: Pointer to the structure. 219 + * @member: Name of the array member. 220 + * @count: Number of elements in the array. 221 + * 222 + * Calculates size of memory needed for structure @p followed by an 223 + * array of @count number of @member elements. 224 + * 225 + * Return: number of bytes needed or SIZE_MAX on overflow. 226 + */ 227 + #define struct_size(p, member, count) \ 228 + __builtin_choose_expr(__is_constexpr(count), \ 229 + sizeof(*(p)) + flex_array_size(p, member, count), \ 230 + size_add(sizeof(*(p)), flex_array_size(p, member, count))) 227 231 228 232 #endif /* __LINUX_OVERFLOW_H */
+24 -14
lib/Kconfig.debug
··· 2214 2214 config TEST_XARRAY 2215 2215 tristate "Test the XArray code at runtime" 2216 2216 2217 - config TEST_OVERFLOW 2218 - tristate "Test check_*_overflow() functions at runtime" 2219 - 2220 2217 config TEST_RHASHTABLE 2221 2218 tristate "Perform selftest on resizable hash table" 2222 2219 help ··· 2498 2501 2499 2502 If unsure, say N. 2500 2503 2504 + config OVERFLOW_KUNIT_TEST 2505 + tristate "Test check_*_overflow() functions at runtime" if !KUNIT_ALL_TESTS 2506 + depends on KUNIT 2507 + default KUNIT_ALL_TESTS 2508 + help 2509 + Builds unit tests for the check_*_overflow(), size_*(), allocation, and 2510 + related functions. 2511 + 2512 + For more information on KUnit and unit tests in general please refer 2513 + to the KUnit documentation in Documentation/dev-tools/kunit/. 2514 + 2515 + If unsure, say N. 2516 + 2517 + config STACKINIT_KUNIT_TEST 2518 + tristate "Test level of stack variable initialization" if !KUNIT_ALL_TESTS 2519 + depends on KUNIT 2520 + default KUNIT_ALL_TESTS 2521 + help 2522 + Test if the kernel is zero-initializing stack variables and 2523 + padding. Coverage is controlled by compiler flags, 2524 + CONFIG_INIT_STACK_ALL_PATTERN, CONFIG_INIT_STACK_ALL_ZERO, 2525 + CONFIG_GCC_PLUGIN_STRUCTLEAK, CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF, 2526 + or CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. 2527 + 2501 2528 config TEST_UDELAY 2502 2529 tristate "udelay test driver" 2503 2530 help ··· 2612 2591 help 2613 2592 Enable this option to test object aggregation manager on boot 2614 2593 (or module load). 2615 - 2616 - 2617 - config TEST_STACKINIT 2618 - tristate "Test level of stack variable initialization" 2619 - help 2620 - Test if the kernel is zero-initializing stack variables and 2621 - padding. Coverage is controlled by compiler flags, 2622 - CONFIG_GCC_PLUGIN_STRUCTLEAK, CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF, 2623 - or CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. 2624 - 2625 - If unsure, say N. 2626 2594 2627 2595 config TEST_MEMINIT 2628 2596 tristate "Test heap/page initialization"
+3 -3
lib/Makefile
··· 77 77 obj-$(CONFIG_TEST_MIN_HEAP) += test_min_heap.o 78 78 obj-$(CONFIG_TEST_LKM) += test_module.o 79 79 obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o 80 - obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o 81 80 obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o 82 81 obj-$(CONFIG_TEST_SORT) += test_sort.o 83 82 obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o ··· 93 94 obj-$(CONFIG_TEST_DEBUG_VIRTUAL) += test_debug_virtual.o 94 95 obj-$(CONFIG_TEST_MEMCAT_P) += test_memcat_p.o 95 96 obj-$(CONFIG_TEST_OBJAGG) += test_objagg.o 96 - CFLAGS_test_stackinit.o += $(call cc-disable-warning, switch-unreachable) 97 - obj-$(CONFIG_TEST_STACKINIT) += test_stackinit.o 98 97 obj-$(CONFIG_TEST_BLACKHOLE_DEV) += test_blackhole_dev.o 99 98 obj-$(CONFIG_TEST_MEMINIT) += test_meminit.o 100 99 obj-$(CONFIG_TEST_LOCKUP) += test_lockup.o ··· 360 363 obj-$(CONFIG_CMDLINE_KUNIT_TEST) += cmdline_kunit.o 361 364 obj-$(CONFIG_SLUB_KUNIT_TEST) += slub_kunit.o 362 365 obj-$(CONFIG_MEMCPY_KUNIT_TEST) += memcpy_kunit.o 366 + obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow_kunit.o 367 + CFLAGS_stackinit_kunit.o += $(call cc-disable-warning, switch-unreachable) 368 + obj-$(CONFIG_STACKINIT_KUNIT_TEST) += stackinit_kunit.o 363 369 364 370 obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o 365 371
+284 -228
lib/test_overflow.c lib/overflow_kunit.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0 OR MIT 2 2 /* 3 - * Test cases for arithmetic overflow checks. 3 + * Test cases for arithmetic overflow checks. See: 4 + * https://www.kernel.org/doc/html/latest/dev-tools/kunit/kunit-tool.html#configuring-building-and-running-tests 5 + * ./tools/testing/kunit/kunit.py run overflow [--raw_output] 4 6 */ 5 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 6 8 9 + #include <kunit/test.h> 7 10 #include <linux/device.h> 8 - #include <linux/init.h> 9 11 #include <linux/kernel.h> 10 12 #include <linux/mm.h> 11 13 #include <linux/module.h> ··· 21 19 t a, b; \ 22 20 t sum, diff, prod; \ 23 21 bool s_of, d_of, p_of; \ 24 - } t ## _tests[] __initconst 22 + } t ## _tests[] 25 23 26 24 DEFINE_TEST_ARRAY(u8) = { 27 25 {0, 0, 0, 0, 0, false, false, false}, ··· 222 220 bool _of; \ 223 221 \ 224 222 _of = check_ ## op ## _overflow(a, b, &_r); \ 225 - if (_of != of) { \ 226 - pr_warn("expected "fmt" "sym" "fmt \ 227 - " to%s overflow (type %s)\n", \ 228 - a, b, of ? "" : " not", #t); \ 229 - err = 1; \ 230 - } \ 231 - if (_r != r) { \ 232 - pr_warn("expected "fmt" "sym" "fmt" == " \ 233 - fmt", got "fmt" (type %s)\n", \ 234 - a, b, r, _r, #t); \ 235 - err = 1; \ 236 - } \ 223 + KUNIT_EXPECT_EQ_MSG(test, _of, of, \ 224 + "expected "fmt" "sym" "fmt" to%s overflow (type %s)\n", \ 225 + a, b, of ? "" : " not", #t); \ 226 + KUNIT_EXPECT_EQ_MSG(test, _r, r, \ 227 + "expected "fmt" "sym" "fmt" == "fmt", got "fmt" (type %s)\n", \ 228 + a, b, r, _r, #t); \ 237 229 } while (0) 238 230 239 231 #define DEFINE_TEST_FUNC(t, fmt) \ 240 - static int __init do_test_ ## t(const struct test_ ## t *p) \ 232 + static void do_test_ ## t(struct kunit *test, const struct test_ ## t *p) \ 241 233 { \ 242 - int err = 0; \ 243 - \ 244 234 check_one_op(t, fmt, add, "+", p->a, p->b, p->sum, p->s_of); \ 245 235 check_one_op(t, fmt, add, "+", p->b, p->a, p->sum, p->s_of); \ 246 236 check_one_op(t, fmt, sub, "-", p->a, p->b, p->diff, p->d_of); \ 247 237 check_one_op(t, fmt, mul, "*", p->a, p->b, p->prod, p->p_of); \ 248 238 check_one_op(t, fmt, mul, "*", p->b, p->a, p->prod, p->p_of); \ 249 - \ 250 - return err; \ 251 239 } \ 252 240 \ 253 - static int __init test_ ## t ## _overflow(void) { \ 254 - int err = 0; \ 241 + static void t ## _overflow_test(struct kunit *test) { \ 255 242 unsigned i; \ 256 243 \ 257 - pr_info("%-3s: %zu arithmetic tests\n", #t, \ 258 - ARRAY_SIZE(t ## _tests)); \ 259 244 for (i = 0; i < ARRAY_SIZE(t ## _tests); ++i) \ 260 - err |= do_test_ ## t(&t ## _tests[i]); \ 261 - return err; \ 245 + do_test_ ## t(test, &t ## _tests[i]); \ 246 + kunit_info(test, "%zu %s arithmetic tests finished\n", \ 247 + ARRAY_SIZE(t ## _tests), #t); \ 262 248 } 263 249 264 250 DEFINE_TEST_FUNC(u8, "%d"); ··· 260 270 DEFINE_TEST_FUNC(s64, "%lld"); 261 271 #endif 262 272 263 - static int __init test_overflow_calculation(void) 273 + static void overflow_shift_test(struct kunit *test) 264 274 { 265 - int err = 0; 266 - 267 - err |= test_u8_overflow(); 268 - err |= test_s8_overflow(); 269 - err |= test_u16_overflow(); 270 - err |= test_s16_overflow(); 271 - err |= test_u32_overflow(); 272 - err |= test_s32_overflow(); 273 - #if BITS_PER_LONG == 64 274 - err |= test_u64_overflow(); 275 - err |= test_s64_overflow(); 276 - #endif 277 - 278 - return err; 279 - } 280 - 281 - static int __init test_overflow_shift(void) 282 - { 283 - int err = 0; 275 + int count = 0; 284 276 285 277 /* Args are: value, shift, type, expected result, overflow expected */ 286 - #define TEST_ONE_SHIFT(a, s, t, expect, of) ({ \ 287 - int __failed = 0; \ 278 + #define TEST_ONE_SHIFT(a, s, t, expect, of) do { \ 288 279 typeof(a) __a = (a); \ 289 280 typeof(s) __s = (s); \ 290 281 t __e = (expect); \ 291 282 t __d; \ 292 283 bool __of = check_shl_overflow(__a, __s, &__d); \ 293 284 if (__of != of) { \ 294 - pr_warn("expected (%s)(%s << %s) to%s overflow\n", \ 285 + KUNIT_EXPECT_EQ_MSG(test, __of, of, \ 286 + "expected (%s)(%s << %s) to%s overflow\n", \ 295 287 #t, #a, #s, of ? "" : " not"); \ 296 - __failed = 1; \ 297 288 } else if (!__of && __d != __e) { \ 298 - pr_warn("expected (%s)(%s << %s) == %s\n", \ 289 + KUNIT_EXPECT_EQ_MSG(test, __d, __e, \ 290 + "expected (%s)(%s << %s) == %s\n", \ 299 291 #t, #a, #s, #expect); \ 300 292 if ((t)-1 < 0) \ 301 - pr_warn("got %lld\n", (s64)__d); \ 293 + kunit_info(test, "got %lld\n", (s64)__d); \ 302 294 else \ 303 - pr_warn("got %llu\n", (u64)__d); \ 304 - __failed = 1; \ 295 + kunit_info(test, "got %llu\n", (u64)__d); \ 305 296 } \ 306 - if (!__failed) \ 307 - pr_info("ok: (%s)(%s << %s) == %s\n", #t, #a, #s, \ 308 - of ? "overflow" : #expect); \ 309 - __failed; \ 310 - }) 297 + count++; \ 298 + } while (0) 311 299 312 300 /* Sane shifts. */ 313 - err |= TEST_ONE_SHIFT(1, 0, u8, 1 << 0, false); 314 - err |= TEST_ONE_SHIFT(1, 4, u8, 1 << 4, false); 315 - err |= TEST_ONE_SHIFT(1, 7, u8, 1 << 7, false); 316 - err |= TEST_ONE_SHIFT(0xF, 4, u8, 0xF << 4, false); 317 - err |= TEST_ONE_SHIFT(1, 0, u16, 1 << 0, false); 318 - err |= TEST_ONE_SHIFT(1, 10, u16, 1 << 10, false); 319 - err |= TEST_ONE_SHIFT(1, 15, u16, 1 << 15, false); 320 - err |= TEST_ONE_SHIFT(0xFF, 8, u16, 0xFF << 8, false); 321 - err |= TEST_ONE_SHIFT(1, 0, int, 1 << 0, false); 322 - err |= TEST_ONE_SHIFT(1, 16, int, 1 << 16, false); 323 - err |= TEST_ONE_SHIFT(1, 30, int, 1 << 30, false); 324 - err |= TEST_ONE_SHIFT(1, 0, s32, 1 << 0, false); 325 - err |= TEST_ONE_SHIFT(1, 16, s32, 1 << 16, false); 326 - err |= TEST_ONE_SHIFT(1, 30, s32, 1 << 30, false); 327 - err |= TEST_ONE_SHIFT(1, 0, unsigned int, 1U << 0, false); 328 - err |= TEST_ONE_SHIFT(1, 20, unsigned int, 1U << 20, false); 329 - err |= TEST_ONE_SHIFT(1, 31, unsigned int, 1U << 31, false); 330 - err |= TEST_ONE_SHIFT(0xFFFFU, 16, unsigned int, 0xFFFFU << 16, false); 331 - err |= TEST_ONE_SHIFT(1, 0, u32, 1U << 0, false); 332 - err |= TEST_ONE_SHIFT(1, 20, u32, 1U << 20, false); 333 - err |= TEST_ONE_SHIFT(1, 31, u32, 1U << 31, false); 334 - err |= TEST_ONE_SHIFT(0xFFFFU, 16, u32, 0xFFFFU << 16, false); 335 - err |= TEST_ONE_SHIFT(1, 0, u64, 1ULL << 0, false); 336 - err |= TEST_ONE_SHIFT(1, 40, u64, 1ULL << 40, false); 337 - err |= TEST_ONE_SHIFT(1, 63, u64, 1ULL << 63, false); 338 - err |= TEST_ONE_SHIFT(0xFFFFFFFFULL, 32, u64, 339 - 0xFFFFFFFFULL << 32, false); 301 + TEST_ONE_SHIFT(1, 0, u8, 1 << 0, false); 302 + TEST_ONE_SHIFT(1, 4, u8, 1 << 4, false); 303 + TEST_ONE_SHIFT(1, 7, u8, 1 << 7, false); 304 + TEST_ONE_SHIFT(0xF, 4, u8, 0xF << 4, false); 305 + TEST_ONE_SHIFT(1, 0, u16, 1 << 0, false); 306 + TEST_ONE_SHIFT(1, 10, u16, 1 << 10, false); 307 + TEST_ONE_SHIFT(1, 15, u16, 1 << 15, false); 308 + TEST_ONE_SHIFT(0xFF, 8, u16, 0xFF << 8, false); 309 + TEST_ONE_SHIFT(1, 0, int, 1 << 0, false); 310 + TEST_ONE_SHIFT(1, 16, int, 1 << 16, false); 311 + TEST_ONE_SHIFT(1, 30, int, 1 << 30, false); 312 + TEST_ONE_SHIFT(1, 0, s32, 1 << 0, false); 313 + TEST_ONE_SHIFT(1, 16, s32, 1 << 16, false); 314 + TEST_ONE_SHIFT(1, 30, s32, 1 << 30, false); 315 + TEST_ONE_SHIFT(1, 0, unsigned int, 1U << 0, false); 316 + TEST_ONE_SHIFT(1, 20, unsigned int, 1U << 20, false); 317 + TEST_ONE_SHIFT(1, 31, unsigned int, 1U << 31, false); 318 + TEST_ONE_SHIFT(0xFFFFU, 16, unsigned int, 0xFFFFU << 16, false); 319 + TEST_ONE_SHIFT(1, 0, u32, 1U << 0, false); 320 + TEST_ONE_SHIFT(1, 20, u32, 1U << 20, false); 321 + TEST_ONE_SHIFT(1, 31, u32, 1U << 31, false); 322 + TEST_ONE_SHIFT(0xFFFFU, 16, u32, 0xFFFFU << 16, false); 323 + TEST_ONE_SHIFT(1, 0, u64, 1ULL << 0, false); 324 + TEST_ONE_SHIFT(1, 40, u64, 1ULL << 40, false); 325 + TEST_ONE_SHIFT(1, 63, u64, 1ULL << 63, false); 326 + TEST_ONE_SHIFT(0xFFFFFFFFULL, 32, u64, 0xFFFFFFFFULL << 32, false); 340 327 341 328 /* Sane shift: start and end with 0, without a too-wide shift. */ 342 - err |= TEST_ONE_SHIFT(0, 7, u8, 0, false); 343 - err |= TEST_ONE_SHIFT(0, 15, u16, 0, false); 344 - err |= TEST_ONE_SHIFT(0, 31, unsigned int, 0, false); 345 - err |= TEST_ONE_SHIFT(0, 31, u32, 0, false); 346 - err |= TEST_ONE_SHIFT(0, 63, u64, 0, false); 329 + TEST_ONE_SHIFT(0, 7, u8, 0, false); 330 + TEST_ONE_SHIFT(0, 15, u16, 0, false); 331 + TEST_ONE_SHIFT(0, 31, unsigned int, 0, false); 332 + TEST_ONE_SHIFT(0, 31, u32, 0, false); 333 + TEST_ONE_SHIFT(0, 63, u64, 0, false); 347 334 348 335 /* Sane shift: start and end with 0, without reaching signed bit. */ 349 - err |= TEST_ONE_SHIFT(0, 6, s8, 0, false); 350 - err |= TEST_ONE_SHIFT(0, 14, s16, 0, false); 351 - err |= TEST_ONE_SHIFT(0, 30, int, 0, false); 352 - err |= TEST_ONE_SHIFT(0, 30, s32, 0, false); 353 - err |= TEST_ONE_SHIFT(0, 62, s64, 0, false); 336 + TEST_ONE_SHIFT(0, 6, s8, 0, false); 337 + TEST_ONE_SHIFT(0, 14, s16, 0, false); 338 + TEST_ONE_SHIFT(0, 30, int, 0, false); 339 + TEST_ONE_SHIFT(0, 30, s32, 0, false); 340 + TEST_ONE_SHIFT(0, 62, s64, 0, false); 354 341 355 342 /* Overflow: shifted the bit off the end. */ 356 - err |= TEST_ONE_SHIFT(1, 8, u8, 0, true); 357 - err |= TEST_ONE_SHIFT(1, 16, u16, 0, true); 358 - err |= TEST_ONE_SHIFT(1, 32, unsigned int, 0, true); 359 - err |= TEST_ONE_SHIFT(1, 32, u32, 0, true); 360 - err |= TEST_ONE_SHIFT(1, 64, u64, 0, true); 343 + TEST_ONE_SHIFT(1, 8, u8, 0, true); 344 + TEST_ONE_SHIFT(1, 16, u16, 0, true); 345 + TEST_ONE_SHIFT(1, 32, unsigned int, 0, true); 346 + TEST_ONE_SHIFT(1, 32, u32, 0, true); 347 + TEST_ONE_SHIFT(1, 64, u64, 0, true); 361 348 362 349 /* Overflow: shifted into the signed bit. */ 363 - err |= TEST_ONE_SHIFT(1, 7, s8, 0, true); 364 - err |= TEST_ONE_SHIFT(1, 15, s16, 0, true); 365 - err |= TEST_ONE_SHIFT(1, 31, int, 0, true); 366 - err |= TEST_ONE_SHIFT(1, 31, s32, 0, true); 367 - err |= TEST_ONE_SHIFT(1, 63, s64, 0, true); 350 + TEST_ONE_SHIFT(1, 7, s8, 0, true); 351 + TEST_ONE_SHIFT(1, 15, s16, 0, true); 352 + TEST_ONE_SHIFT(1, 31, int, 0, true); 353 + TEST_ONE_SHIFT(1, 31, s32, 0, true); 354 + TEST_ONE_SHIFT(1, 63, s64, 0, true); 368 355 369 356 /* Overflow: high bit falls off unsigned types. */ 370 357 /* 10010110 */ 371 - err |= TEST_ONE_SHIFT(150, 1, u8, 0, true); 358 + TEST_ONE_SHIFT(150, 1, u8, 0, true); 372 359 /* 1000100010010110 */ 373 - err |= TEST_ONE_SHIFT(34966, 1, u16, 0, true); 360 + TEST_ONE_SHIFT(34966, 1, u16, 0, true); 374 361 /* 10000100000010001000100010010110 */ 375 - err |= TEST_ONE_SHIFT(2215151766U, 1, u32, 0, true); 376 - err |= TEST_ONE_SHIFT(2215151766U, 1, unsigned int, 0, true); 362 + TEST_ONE_SHIFT(2215151766U, 1, u32, 0, true); 363 + TEST_ONE_SHIFT(2215151766U, 1, unsigned int, 0, true); 377 364 /* 1000001000010000010000000100000010000100000010001000100010010110 */ 378 - err |= TEST_ONE_SHIFT(9372061470395238550ULL, 1, u64, 0, true); 365 + TEST_ONE_SHIFT(9372061470395238550ULL, 1, u64, 0, true); 379 366 380 367 /* Overflow: bit shifted into signed bit on signed types. */ 381 368 /* 01001011 */ 382 - err |= TEST_ONE_SHIFT(75, 1, s8, 0, true); 369 + TEST_ONE_SHIFT(75, 1, s8, 0, true); 383 370 /* 0100010001001011 */ 384 - err |= TEST_ONE_SHIFT(17483, 1, s16, 0, true); 371 + TEST_ONE_SHIFT(17483, 1, s16, 0, true); 385 372 /* 01000010000001000100010001001011 */ 386 - err |= TEST_ONE_SHIFT(1107575883, 1, s32, 0, true); 387 - err |= TEST_ONE_SHIFT(1107575883, 1, int, 0, true); 373 + TEST_ONE_SHIFT(1107575883, 1, s32, 0, true); 374 + TEST_ONE_SHIFT(1107575883, 1, int, 0, true); 388 375 /* 0100000100001000001000000010000001000010000001000100010001001011 */ 389 - err |= TEST_ONE_SHIFT(4686030735197619275LL, 1, s64, 0, true); 376 + TEST_ONE_SHIFT(4686030735197619275LL, 1, s64, 0, true); 390 377 391 378 /* Overflow: bit shifted past signed bit on signed types. */ 392 379 /* 01001011 */ 393 - err |= TEST_ONE_SHIFT(75, 2, s8, 0, true); 380 + TEST_ONE_SHIFT(75, 2, s8, 0, true); 394 381 /* 0100010001001011 */ 395 - err |= TEST_ONE_SHIFT(17483, 2, s16, 0, true); 382 + TEST_ONE_SHIFT(17483, 2, s16, 0, true); 396 383 /* 01000010000001000100010001001011 */ 397 - err |= TEST_ONE_SHIFT(1107575883, 2, s32, 0, true); 398 - err |= TEST_ONE_SHIFT(1107575883, 2, int, 0, true); 384 + TEST_ONE_SHIFT(1107575883, 2, s32, 0, true); 385 + TEST_ONE_SHIFT(1107575883, 2, int, 0, true); 399 386 /* 0100000100001000001000000010000001000010000001000100010001001011 */ 400 - err |= TEST_ONE_SHIFT(4686030735197619275LL, 2, s64, 0, true); 387 + TEST_ONE_SHIFT(4686030735197619275LL, 2, s64, 0, true); 401 388 402 389 /* Overflow: values larger than destination type. */ 403 - err |= TEST_ONE_SHIFT(0x100, 0, u8, 0, true); 404 - err |= TEST_ONE_SHIFT(0xFF, 0, s8, 0, true); 405 - err |= TEST_ONE_SHIFT(0x10000U, 0, u16, 0, true); 406 - err |= TEST_ONE_SHIFT(0xFFFFU, 0, s16, 0, true); 407 - err |= TEST_ONE_SHIFT(0x100000000ULL, 0, u32, 0, true); 408 - err |= TEST_ONE_SHIFT(0x100000000ULL, 0, unsigned int, 0, true); 409 - err |= TEST_ONE_SHIFT(0xFFFFFFFFUL, 0, s32, 0, true); 410 - err |= TEST_ONE_SHIFT(0xFFFFFFFFUL, 0, int, 0, true); 411 - err |= TEST_ONE_SHIFT(0xFFFFFFFFFFFFFFFFULL, 0, s64, 0, true); 390 + TEST_ONE_SHIFT(0x100, 0, u8, 0, true); 391 + TEST_ONE_SHIFT(0xFF, 0, s8, 0, true); 392 + TEST_ONE_SHIFT(0x10000U, 0, u16, 0, true); 393 + TEST_ONE_SHIFT(0xFFFFU, 0, s16, 0, true); 394 + TEST_ONE_SHIFT(0x100000000ULL, 0, u32, 0, true); 395 + TEST_ONE_SHIFT(0x100000000ULL, 0, unsigned int, 0, true); 396 + TEST_ONE_SHIFT(0xFFFFFFFFUL, 0, s32, 0, true); 397 + TEST_ONE_SHIFT(0xFFFFFFFFUL, 0, int, 0, true); 398 + TEST_ONE_SHIFT(0xFFFFFFFFFFFFFFFFULL, 0, s64, 0, true); 412 399 413 400 /* Nonsense: negative initial value. */ 414 - err |= TEST_ONE_SHIFT(-1, 0, s8, 0, true); 415 - err |= TEST_ONE_SHIFT(-1, 0, u8, 0, true); 416 - err |= TEST_ONE_SHIFT(-5, 0, s16, 0, true); 417 - err |= TEST_ONE_SHIFT(-5, 0, u16, 0, true); 418 - err |= TEST_ONE_SHIFT(-10, 0, int, 0, true); 419 - err |= TEST_ONE_SHIFT(-10, 0, unsigned int, 0, true); 420 - err |= TEST_ONE_SHIFT(-100, 0, s32, 0, true); 421 - err |= TEST_ONE_SHIFT(-100, 0, u32, 0, true); 422 - err |= TEST_ONE_SHIFT(-10000, 0, s64, 0, true); 423 - err |= TEST_ONE_SHIFT(-10000, 0, u64, 0, true); 401 + TEST_ONE_SHIFT(-1, 0, s8, 0, true); 402 + TEST_ONE_SHIFT(-1, 0, u8, 0, true); 403 + TEST_ONE_SHIFT(-5, 0, s16, 0, true); 404 + TEST_ONE_SHIFT(-5, 0, u16, 0, true); 405 + TEST_ONE_SHIFT(-10, 0, int, 0, true); 406 + TEST_ONE_SHIFT(-10, 0, unsigned int, 0, true); 407 + TEST_ONE_SHIFT(-100, 0, s32, 0, true); 408 + TEST_ONE_SHIFT(-100, 0, u32, 0, true); 409 + TEST_ONE_SHIFT(-10000, 0, s64, 0, true); 410 + TEST_ONE_SHIFT(-10000, 0, u64, 0, true); 424 411 425 412 /* Nonsense: negative shift values. */ 426 - err |= TEST_ONE_SHIFT(0, -5, s8, 0, true); 427 - err |= TEST_ONE_SHIFT(0, -5, u8, 0, true); 428 - err |= TEST_ONE_SHIFT(0, -10, s16, 0, true); 429 - err |= TEST_ONE_SHIFT(0, -10, u16, 0, true); 430 - err |= TEST_ONE_SHIFT(0, -15, int, 0, true); 431 - err |= TEST_ONE_SHIFT(0, -15, unsigned int, 0, true); 432 - err |= TEST_ONE_SHIFT(0, -20, s32, 0, true); 433 - err |= TEST_ONE_SHIFT(0, -20, u32, 0, true); 434 - err |= TEST_ONE_SHIFT(0, -30, s64, 0, true); 435 - err |= TEST_ONE_SHIFT(0, -30, u64, 0, true); 413 + TEST_ONE_SHIFT(0, -5, s8, 0, true); 414 + TEST_ONE_SHIFT(0, -5, u8, 0, true); 415 + TEST_ONE_SHIFT(0, -10, s16, 0, true); 416 + TEST_ONE_SHIFT(0, -10, u16, 0, true); 417 + TEST_ONE_SHIFT(0, -15, int, 0, true); 418 + TEST_ONE_SHIFT(0, -15, unsigned int, 0, true); 419 + TEST_ONE_SHIFT(0, -20, s32, 0, true); 420 + TEST_ONE_SHIFT(0, -20, u32, 0, true); 421 + TEST_ONE_SHIFT(0, -30, s64, 0, true); 422 + TEST_ONE_SHIFT(0, -30, u64, 0, true); 436 423 437 424 /* Overflow: shifted at or beyond entire type's bit width. */ 438 - err |= TEST_ONE_SHIFT(0, 8, u8, 0, true); 439 - err |= TEST_ONE_SHIFT(0, 9, u8, 0, true); 440 - err |= TEST_ONE_SHIFT(0, 8, s8, 0, true); 441 - err |= TEST_ONE_SHIFT(0, 9, s8, 0, true); 442 - err |= TEST_ONE_SHIFT(0, 16, u16, 0, true); 443 - err |= TEST_ONE_SHIFT(0, 17, u16, 0, true); 444 - err |= TEST_ONE_SHIFT(0, 16, s16, 0, true); 445 - err |= TEST_ONE_SHIFT(0, 17, s16, 0, true); 446 - err |= TEST_ONE_SHIFT(0, 32, u32, 0, true); 447 - err |= TEST_ONE_SHIFT(0, 33, u32, 0, true); 448 - err |= TEST_ONE_SHIFT(0, 32, int, 0, true); 449 - err |= TEST_ONE_SHIFT(0, 33, int, 0, true); 450 - err |= TEST_ONE_SHIFT(0, 32, s32, 0, true); 451 - err |= TEST_ONE_SHIFT(0, 33, s32, 0, true); 452 - err |= TEST_ONE_SHIFT(0, 64, u64, 0, true); 453 - err |= TEST_ONE_SHIFT(0, 65, u64, 0, true); 454 - err |= TEST_ONE_SHIFT(0, 64, s64, 0, true); 455 - err |= TEST_ONE_SHIFT(0, 65, s64, 0, true); 425 + TEST_ONE_SHIFT(0, 8, u8, 0, true); 426 + TEST_ONE_SHIFT(0, 9, u8, 0, true); 427 + TEST_ONE_SHIFT(0, 8, s8, 0, true); 428 + TEST_ONE_SHIFT(0, 9, s8, 0, true); 429 + TEST_ONE_SHIFT(0, 16, u16, 0, true); 430 + TEST_ONE_SHIFT(0, 17, u16, 0, true); 431 + TEST_ONE_SHIFT(0, 16, s16, 0, true); 432 + TEST_ONE_SHIFT(0, 17, s16, 0, true); 433 + TEST_ONE_SHIFT(0, 32, u32, 0, true); 434 + TEST_ONE_SHIFT(0, 33, u32, 0, true); 435 + TEST_ONE_SHIFT(0, 32, int, 0, true); 436 + TEST_ONE_SHIFT(0, 33, int, 0, true); 437 + TEST_ONE_SHIFT(0, 32, s32, 0, true); 438 + TEST_ONE_SHIFT(0, 33, s32, 0, true); 439 + TEST_ONE_SHIFT(0, 64, u64, 0, true); 440 + TEST_ONE_SHIFT(0, 65, u64, 0, true); 441 + TEST_ONE_SHIFT(0, 64, s64, 0, true); 442 + TEST_ONE_SHIFT(0, 65, s64, 0, true); 456 443 457 444 /* 458 445 * Corner case: for unsigned types, we fail when we've shifted ··· 440 473 * signed bit). So, for now, we will test this condition but 441 474 * mark it as not expected to overflow. 442 475 */ 443 - err |= TEST_ONE_SHIFT(0, 7, s8, 0, false); 444 - err |= TEST_ONE_SHIFT(0, 15, s16, 0, false); 445 - err |= TEST_ONE_SHIFT(0, 31, int, 0, false); 446 - err |= TEST_ONE_SHIFT(0, 31, s32, 0, false); 447 - err |= TEST_ONE_SHIFT(0, 63, s64, 0, false); 476 + TEST_ONE_SHIFT(0, 7, s8, 0, false); 477 + TEST_ONE_SHIFT(0, 15, s16, 0, false); 478 + TEST_ONE_SHIFT(0, 31, int, 0, false); 479 + TEST_ONE_SHIFT(0, 31, s32, 0, false); 480 + TEST_ONE_SHIFT(0, 63, s64, 0, false); 448 481 449 - return err; 482 + kunit_info(test, "%d shift tests finished\n", count); 483 + #undef TEST_ONE_SHIFT 450 484 } 451 485 452 486 /* ··· 467 499 #define TEST_SIZE (5 * 4096) 468 500 469 501 #define DEFINE_TEST_ALLOC(func, free_func, want_arg, want_gfp, want_node)\ 470 - static int __init test_ ## func (void *arg) \ 502 + static void test_ ## func (struct kunit *test, void *arg) \ 471 503 { \ 472 504 volatile size_t a = TEST_SIZE; \ 473 505 volatile size_t b = (SIZE_MAX / TEST_SIZE) + 1; \ ··· 475 507 \ 476 508 /* Tiny allocation test. */ \ 477 509 ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, 1);\ 478 - if (!ptr) { \ 479 - pr_warn(#func " failed regular allocation?!\n"); \ 480 - return 1; \ 481 - } \ 510 + KUNIT_ASSERT_NOT_ERR_OR_NULL_MSG(test, ptr, \ 511 + #func " failed regular allocation?!\n"); \ 482 512 free ## want_arg (free_func, arg, ptr); \ 483 513 \ 484 514 /* Wrapped allocation test. */ \ 485 515 ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, \ 486 516 a * b); \ 487 - if (!ptr) { \ 488 - pr_warn(#func " unexpectedly failed bad wrapping?!\n"); \ 489 - return 1; \ 490 - } \ 517 + KUNIT_ASSERT_NOT_ERR_OR_NULL_MSG(test, ptr, \ 518 + #func " unexpectedly failed bad wrapping?!\n"); \ 491 519 free ## want_arg (free_func, arg, ptr); \ 492 520 \ 493 521 /* Saturated allocation test. */ \ 494 522 ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, \ 495 523 array_size(a, b)); \ 496 524 if (ptr) { \ 497 - pr_warn(#func " missed saturation!\n"); \ 525 + KUNIT_FAIL(test, #func " missed saturation!\n"); \ 498 526 free ## want_arg (free_func, arg, ptr); \ 499 - return 1; \ 500 527 } \ 501 - pr_info(#func " detected saturation\n"); \ 502 - return 0; \ 503 528 } 504 529 505 530 /* ··· 505 544 DEFINE_TEST_ALLOC(kmalloc_node, kfree, 0, 1, 1); 506 545 DEFINE_TEST_ALLOC(kzalloc, kfree, 0, 1, 0); 507 546 DEFINE_TEST_ALLOC(kzalloc_node, kfree, 0, 1, 1); 508 - DEFINE_TEST_ALLOC(vmalloc, vfree, 0, 0, 0); 509 - DEFINE_TEST_ALLOC(vmalloc_node, vfree, 0, 0, 1); 510 - DEFINE_TEST_ALLOC(vzalloc, vfree, 0, 0, 0); 511 - DEFINE_TEST_ALLOC(vzalloc_node, vfree, 0, 0, 1); 547 + DEFINE_TEST_ALLOC(__vmalloc, vfree, 0, 1, 0); 512 548 DEFINE_TEST_ALLOC(kvmalloc, kvfree, 0, 1, 0); 513 549 DEFINE_TEST_ALLOC(kvmalloc_node, kvfree, 0, 1, 1); 514 550 DEFINE_TEST_ALLOC(kvzalloc, kvfree, 0, 1, 0); ··· 513 555 DEFINE_TEST_ALLOC(devm_kmalloc, devm_kfree, 1, 1, 0); 514 556 DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0); 515 557 516 - static int __init test_overflow_allocation(void) 558 + static void overflow_allocation_test(struct kunit *test) 517 559 { 518 560 const char device_name[] = "overflow-test"; 519 561 struct device *dev; 520 - int err = 0; 562 + int count = 0; 563 + 564 + #define check_allocation_overflow(alloc) do { \ 565 + count++; \ 566 + test_ ## alloc(test, dev); \ 567 + } while (0) 521 568 522 569 /* Create dummy device for devm_kmalloc()-family tests. */ 523 570 dev = root_device_register(device_name); 524 - if (IS_ERR(dev)) { 525 - pr_warn("Cannot register test device\n"); 526 - return 1; 527 - } 571 + KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev), 572 + "Cannot register test device\n"); 528 573 529 - err |= test_kmalloc(NULL); 530 - err |= test_kmalloc_node(NULL); 531 - err |= test_kzalloc(NULL); 532 - err |= test_kzalloc_node(NULL); 533 - err |= test_kvmalloc(NULL); 534 - err |= test_kvmalloc_node(NULL); 535 - err |= test_kvzalloc(NULL); 536 - err |= test_kvzalloc_node(NULL); 537 - err |= test_vmalloc(NULL); 538 - err |= test_vmalloc_node(NULL); 539 - err |= test_vzalloc(NULL); 540 - err |= test_vzalloc_node(NULL); 541 - err |= test_devm_kmalloc(dev); 542 - err |= test_devm_kzalloc(dev); 574 + check_allocation_overflow(kmalloc); 575 + check_allocation_overflow(kmalloc_node); 576 + check_allocation_overflow(kzalloc); 577 + check_allocation_overflow(kzalloc_node); 578 + check_allocation_overflow(__vmalloc); 579 + check_allocation_overflow(kvmalloc); 580 + check_allocation_overflow(kvmalloc_node); 581 + check_allocation_overflow(kvzalloc); 582 + check_allocation_overflow(kvzalloc_node); 583 + check_allocation_overflow(devm_kmalloc); 584 + check_allocation_overflow(devm_kzalloc); 543 585 544 586 device_unregister(dev); 545 587 546 - return err; 588 + kunit_info(test, "%d allocation overflow tests finished\n", count); 589 + #undef check_allocation_overflow 547 590 } 548 591 549 - static int __init test_module_init(void) 592 + struct __test_flex_array { 593 + unsigned long flags; 594 + size_t count; 595 + unsigned long data[]; 596 + }; 597 + 598 + static void overflow_size_helpers_test(struct kunit *test) 550 599 { 551 - int err = 0; 600 + /* Make sure struct_size() can be used in a constant expression. */ 601 + u8 ce_array[struct_size((struct __test_flex_array *)0, data, 55)]; 602 + struct __test_flex_array *obj; 603 + int count = 0; 604 + int var; 605 + volatile int unconst = 0; 552 606 553 - err |= test_overflow_calculation(); 554 - err |= test_overflow_shift(); 555 - err |= test_overflow_allocation(); 607 + /* Verify constant expression against runtime version. */ 608 + var = 55; 609 + OPTIMIZER_HIDE_VAR(var); 610 + KUNIT_EXPECT_EQ(test, sizeof(ce_array), struct_size(obj, data, var)); 556 611 557 - if (err) { 558 - pr_warn("FAIL!\n"); 559 - err = -EINVAL; 560 - } else { 561 - pr_info("all tests passed\n"); 562 - } 612 + #define check_one_size_helper(expected, func, args...) do { \ 613 + size_t _r = func(args); \ 614 + KUNIT_EXPECT_EQ_MSG(test, _r, expected, \ 615 + "expected " #func "(" #args ") to return %zu but got %zu instead\n", \ 616 + (size_t)(expected), _r); \ 617 + count++; \ 618 + } while (0) 563 619 564 - return err; 620 + var = 4; 621 + check_one_size_helper(20, size_mul, var++, 5); 622 + check_one_size_helper(20, size_mul, 4, var++); 623 + check_one_size_helper(0, size_mul, 0, 3); 624 + check_one_size_helper(0, size_mul, 3, 0); 625 + check_one_size_helper(6, size_mul, 2, 3); 626 + check_one_size_helper(SIZE_MAX, size_mul, SIZE_MAX, 1); 627 + check_one_size_helper(SIZE_MAX, size_mul, SIZE_MAX, 3); 628 + check_one_size_helper(SIZE_MAX, size_mul, SIZE_MAX, -3); 629 + 630 + var = 4; 631 + check_one_size_helper(9, size_add, var++, 5); 632 + check_one_size_helper(9, size_add, 4, var++); 633 + check_one_size_helper(9, size_add, 9, 0); 634 + check_one_size_helper(9, size_add, 0, 9); 635 + check_one_size_helper(5, size_add, 2, 3); 636 + check_one_size_helper(SIZE_MAX, size_add, SIZE_MAX, 1); 637 + check_one_size_helper(SIZE_MAX, size_add, SIZE_MAX, 3); 638 + check_one_size_helper(SIZE_MAX, size_add, SIZE_MAX, -3); 639 + 640 + var = 4; 641 + check_one_size_helper(1, size_sub, var--, 3); 642 + check_one_size_helper(1, size_sub, 4, var--); 643 + check_one_size_helper(1, size_sub, 3, 2); 644 + check_one_size_helper(9, size_sub, 9, 0); 645 + check_one_size_helper(SIZE_MAX, size_sub, 9, -3); 646 + check_one_size_helper(SIZE_MAX, size_sub, 0, 9); 647 + check_one_size_helper(SIZE_MAX, size_sub, 2, 3); 648 + check_one_size_helper(SIZE_MAX, size_sub, SIZE_MAX, 0); 649 + check_one_size_helper(SIZE_MAX, size_sub, SIZE_MAX, 10); 650 + check_one_size_helper(SIZE_MAX, size_sub, 0, SIZE_MAX); 651 + check_one_size_helper(SIZE_MAX, size_sub, 14, SIZE_MAX); 652 + check_one_size_helper(SIZE_MAX - 2, size_sub, SIZE_MAX - 1, 1); 653 + check_one_size_helper(SIZE_MAX - 4, size_sub, SIZE_MAX - 1, 3); 654 + check_one_size_helper(1, size_sub, SIZE_MAX - 1, -3); 655 + 656 + var = 4; 657 + check_one_size_helper(4 * sizeof(*obj->data), 658 + flex_array_size, obj, data, var++); 659 + check_one_size_helper(5 * sizeof(*obj->data), 660 + flex_array_size, obj, data, var++); 661 + check_one_size_helper(0, flex_array_size, obj, data, 0 + unconst); 662 + check_one_size_helper(sizeof(*obj->data), 663 + flex_array_size, obj, data, 1 + unconst); 664 + check_one_size_helper(7 * sizeof(*obj->data), 665 + flex_array_size, obj, data, 7 + unconst); 666 + check_one_size_helper(SIZE_MAX, 667 + flex_array_size, obj, data, -1 + unconst); 668 + check_one_size_helper(SIZE_MAX, 669 + flex_array_size, obj, data, SIZE_MAX - 4 + unconst); 670 + 671 + var = 4; 672 + check_one_size_helper(sizeof(*obj) + (4 * sizeof(*obj->data)), 673 + struct_size, obj, data, var++); 674 + check_one_size_helper(sizeof(*obj) + (5 * sizeof(*obj->data)), 675 + struct_size, obj, data, var++); 676 + check_one_size_helper(sizeof(*obj), struct_size, obj, data, 0 + unconst); 677 + check_one_size_helper(sizeof(*obj) + sizeof(*obj->data), 678 + struct_size, obj, data, 1 + unconst); 679 + check_one_size_helper(SIZE_MAX, 680 + struct_size, obj, data, -3 + unconst); 681 + check_one_size_helper(SIZE_MAX, 682 + struct_size, obj, data, SIZE_MAX - 3 + unconst); 683 + 684 + kunit_info(test, "%d overflow size helper tests finished\n", count); 685 + #undef check_one_size_helper 565 686 } 566 687 567 - static void __exit test_module_exit(void) 568 - { } 688 + static struct kunit_case overflow_test_cases[] = { 689 + KUNIT_CASE(u8_overflow_test), 690 + KUNIT_CASE(s8_overflow_test), 691 + KUNIT_CASE(u16_overflow_test), 692 + KUNIT_CASE(s16_overflow_test), 693 + KUNIT_CASE(u32_overflow_test), 694 + KUNIT_CASE(s32_overflow_test), 695 + #if BITS_PER_LONG == 64 696 + KUNIT_CASE(u64_overflow_test), 697 + KUNIT_CASE(s64_overflow_test), 698 + #endif 699 + KUNIT_CASE(overflow_shift_test), 700 + KUNIT_CASE(overflow_allocation_test), 701 + KUNIT_CASE(overflow_size_helpers_test), 702 + {} 703 + }; 569 704 570 - module_init(test_module_init); 571 - module_exit(test_module_exit); 705 + static struct kunit_suite overflow_test_suite = { 706 + .name = "overflow", 707 + .test_cases = overflow_test_cases, 708 + }; 709 + 710 + kunit_test_suite(overflow_test_suite); 711 + 572 712 MODULE_LICENSE("Dual MIT/GPL");
+105 -158
lib/test_stackinit.c lib/stackinit_kunit.c
··· 2 2 /* 3 3 * Test cases for compiler-based stack variable zeroing via 4 4 * -ftrivial-auto-var-init={zero,pattern} or CONFIG_GCC_PLUGIN_STRUCTLEAK*. 5 + * For example, see: 6 + * https://www.kernel.org/doc/html/latest/dev-tools/kunit/kunit-tool.html#configuring-building-and-running-tests 7 + * ./tools/testing/kunit/kunit.py run stackinit [--raw_output] \ 8 + * --make_option LLVM=1 \ 9 + * --kconfig_add CONFIG_INIT_STACK_ALL_ZERO=y 5 10 * 6 - * External build example: 7 - * clang -O2 -Wall -ftrivial-auto-var-init=pattern \ 8 - * -o test_stackinit test_stackinit.c 9 11 */ 10 - #ifdef __KERNEL__ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 14 + #include <kunit/test.h> 13 15 #include <linux/init.h> 14 16 #include <linux/kernel.h> 15 17 #include <linux/module.h> 16 18 #include <linux/string.h> 17 - 18 - #else 19 - 20 - /* Userspace headers. */ 21 - #include <stdio.h> 22 - #include <stdint.h> 23 - #include <string.h> 24 - #include <stdbool.h> 25 - #include <errno.h> 26 - #include <sys/types.h> 27 - 28 - /* Linux kernel-ism stubs for stand-alone userspace build. */ 29 - #define KBUILD_MODNAME "stackinit" 30 - #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 31 - #define pr_err(fmt, ...) fprintf(stderr, pr_fmt(fmt), ##__VA_ARGS__) 32 - #define pr_warn(fmt, ...) fprintf(stderr, pr_fmt(fmt), ##__VA_ARGS__) 33 - #define pr_info(fmt, ...) fprintf(stdout, pr_fmt(fmt), ##__VA_ARGS__) 34 - #define __init /**/ 35 - #define __exit /**/ 36 - #define __user /**/ 37 - #define noinline __attribute__((__noinline__)) 38 - #define __aligned(x) __attribute__((__aligned__(x))) 39 - #ifdef __clang__ 40 - # define __compiletime_error(message) /**/ 41 - #else 42 - # define __compiletime_error(message) __attribute__((__error__(message))) 43 - #endif 44 - #define __compiletime_assert(condition, msg, prefix, suffix) \ 45 - do { \ 46 - extern void prefix ## suffix(void) __compiletime_error(msg); \ 47 - if (!(condition)) \ 48 - prefix ## suffix(); \ 49 - } while (0) 50 - #define _compiletime_assert(condition, msg, prefix, suffix) \ 51 - __compiletime_assert(condition, msg, prefix, suffix) 52 - #define compiletime_assert(condition, msg) \ 53 - _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) 54 - #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) 55 - #define BUILD_BUG_ON(condition) \ 56 - BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition) 57 - typedef uint8_t u8; 58 - typedef uint16_t u16; 59 - typedef uint32_t u32; 60 - typedef uint64_t u64; 61 - 62 - #define module_init(func) static int (*do_init)(void) = func 63 - #define module_exit(func) static void (*do_exit)(void) = func 64 - #define MODULE_LICENSE(str) int main(void) { \ 65 - int rc; \ 66 - /* License: str */ \ 67 - rc = do_init(); \ 68 - if (rc == 0) \ 69 - do_exit(); \ 70 - return rc; \ 71 - } 72 - 73 - #endif /* __KERNEL__ */ 74 19 75 20 /* Exfiltration buffer. */ 76 21 #define MAX_VAR_SIZE 128 ··· 146 201 */ 147 202 #define DEFINE_TEST_DRIVER(name, var_type, which, xfail) \ 148 203 /* Returns 0 on success, 1 on failure. */ \ 149 - static noinline __init int test_ ## name (void) \ 204 + static noinline void test_ ## name (struct kunit *test) \ 150 205 { \ 151 206 var_type zero INIT_CLONE_ ## which; \ 152 207 int ignored; \ ··· 165 220 /* Verify all bytes overwritten with 0xFF. */ \ 166 221 for (sum = 0, i = 0; i < target_size; i++) \ 167 222 sum += (check_buf[i] != 0xFF); \ 168 - if (sum) { \ 169 - pr_err(#name ": leaf fill was not 0xFF!?\n"); \ 170 - return 1; \ 171 - } \ 223 + KUNIT_ASSERT_EQ_MSG(test, sum, 0, \ 224 + "leaf fill was not 0xFF!?\n"); \ 172 225 /* Clear entire check buffer for later bit tests. */ \ 173 226 memset(check_buf, 0x00, sizeof(check_buf)); \ 174 227 /* Extract stack-defined variable contents. */ \ ··· 174 231 FETCH_ARG_ ## which(zero)); \ 175 232 \ 176 233 /* Validate that compiler lined up fill and target. */ \ 177 - if (!range_contains(fill_start, fill_size, \ 178 - target_start, target_size)) { \ 179 - pr_err(#name ": stack fill missed target!?\n"); \ 180 - pr_err(#name ": fill %zu wide\n", fill_size); \ 181 - pr_err(#name ": target offset by %d\n", \ 182 - (int)((ssize_t)(uintptr_t)fill_start - \ 183 - (ssize_t)(uintptr_t)target_start)); \ 184 - return 1; \ 185 - } \ 234 + KUNIT_ASSERT_TRUE_MSG(test, \ 235 + range_contains(fill_start, fill_size, \ 236 + target_start, target_size), \ 237 + "stack fill missed target!? " \ 238 + "(fill %zu wide, target offset by %d)\n", \ 239 + fill_size, \ 240 + (int)((ssize_t)(uintptr_t)fill_start - \ 241 + (ssize_t)(uintptr_t)target_start)); \ 186 242 \ 187 243 /* Look for any bytes still 0xFF in check region. */ \ 188 244 for (sum = 0, i = 0; i < target_size; i++) \ 189 245 sum += (check_buf[i] == 0xFF); \ 190 246 \ 191 - if (sum == 0) { \ 192 - pr_info(#name " ok\n"); \ 193 - return 0; \ 194 - } else { \ 195 - pr_warn(#name " %sFAIL (uninit bytes: %d)\n", \ 196 - (xfail) ? "X" : "", sum); \ 197 - return (xfail) ? 0 : 1; \ 198 - } \ 247 + if (sum != 0 && xfail) \ 248 + kunit_skip(test, \ 249 + "XFAIL uninit bytes: %d\n", \ 250 + sum); \ 251 + KUNIT_ASSERT_EQ_MSG(test, sum, 0, \ 252 + "uninit bytes: %d\n", sum); \ 199 253 } 200 254 #define DEFINE_TEST(name, var_type, which, init_level, xfail) \ 201 255 /* no-op to force compiler into ignoring "uninitialized" vars */\ 202 - static noinline __init DO_NOTHING_TYPE_ ## which(var_type) \ 256 + static noinline DO_NOTHING_TYPE_ ## which(var_type) \ 203 257 do_nothing_ ## name(var_type *ptr) \ 204 258 { \ 205 259 /* Will always be true, but compiler doesn't know. */ \ ··· 205 265 else \ 206 266 return DO_NOTHING_RETURN_ ## which(ptr + 1); \ 207 267 } \ 208 - static noinline __init int leaf_ ## name(unsigned long sp, \ 209 - bool fill, \ 210 - var_type *arg) \ 268 + static noinline int leaf_ ## name(unsigned long sp, bool fill, \ 269 + var_type *arg) \ 211 270 { \ 212 271 char buf[VAR_BUFFER]; \ 213 272 var_type var \ ··· 280 341 unsigned long four; 281 342 }; 282 343 344 + #define ALWAYS_PASS WANT_SUCCESS 345 + #define ALWAYS_FAIL XFAIL 346 + 347 + #ifdef CONFIG_INIT_STACK_NONE 348 + # define USER_PASS XFAIL 349 + # define BYREF_PASS XFAIL 350 + # define STRONG_PASS XFAIL 351 + #elif defined(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER) 352 + # define USER_PASS WANT_SUCCESS 353 + # define BYREF_PASS XFAIL 354 + # define STRONG_PASS XFAIL 355 + #elif defined(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF) 356 + # define USER_PASS WANT_SUCCESS 357 + # define BYREF_PASS WANT_SUCCESS 358 + # define STRONG_PASS XFAIL 359 + #else 360 + # define USER_PASS WANT_SUCCESS 361 + # define BYREF_PASS WANT_SUCCESS 362 + # define STRONG_PASS WANT_SUCCESS 363 + #endif 364 + 283 365 #define DEFINE_SCALAR_TEST(name, init, xfail) \ 284 366 DEFINE_TEST(name ## _ ## init, name, SCALAR, \ 285 367 init, xfail) ··· 324 364 DEFINE_STRUCT_TEST(trailing_hole, init, xfail); \ 325 365 DEFINE_STRUCT_TEST(packed, init, xfail) 326 366 327 - #define DEFINE_STRUCT_INITIALIZER_TESTS(base) \ 367 + #define DEFINE_STRUCT_INITIALIZER_TESTS(base, xfail) \ 328 368 DEFINE_STRUCT_TESTS(base ## _ ## partial, \ 329 - WANT_SUCCESS); \ 330 - DEFINE_STRUCT_TESTS(base ## _ ## all, \ 331 - WANT_SUCCESS) 369 + xfail); \ 370 + DEFINE_STRUCT_TESTS(base ## _ ## all, xfail) 332 371 333 372 /* These should be fully initialized all the time! */ 334 - DEFINE_SCALAR_TESTS(zero, WANT_SUCCESS); 335 - DEFINE_STRUCT_TESTS(zero, WANT_SUCCESS); 373 + DEFINE_SCALAR_TESTS(zero, ALWAYS_PASS); 374 + DEFINE_STRUCT_TESTS(zero, ALWAYS_PASS); 336 375 /* Struct initializers: padding may be left uninitialized. */ 337 - DEFINE_STRUCT_INITIALIZER_TESTS(static); 338 - DEFINE_STRUCT_INITIALIZER_TESTS(dynamic); 339 - DEFINE_STRUCT_INITIALIZER_TESTS(runtime); 340 - DEFINE_STRUCT_INITIALIZER_TESTS(assigned_static); 341 - DEFINE_STRUCT_INITIALIZER_TESTS(assigned_dynamic); 342 - DEFINE_STRUCT_TESTS(assigned_copy, XFAIL); 376 + DEFINE_STRUCT_INITIALIZER_TESTS(static, STRONG_PASS); 377 + DEFINE_STRUCT_INITIALIZER_TESTS(dynamic, STRONG_PASS); 378 + DEFINE_STRUCT_INITIALIZER_TESTS(runtime, STRONG_PASS); 379 + DEFINE_STRUCT_INITIALIZER_TESTS(assigned_static, STRONG_PASS); 380 + DEFINE_STRUCT_INITIALIZER_TESTS(assigned_dynamic, STRONG_PASS); 381 + DEFINE_STRUCT_TESTS(assigned_copy, ALWAYS_FAIL); 343 382 /* No initialization without compiler instrumentation. */ 344 - DEFINE_SCALAR_TESTS(none, WANT_SUCCESS); 345 - DEFINE_STRUCT_TESTS(none, WANT_SUCCESS); 383 + DEFINE_SCALAR_TESTS(none, STRONG_PASS); 384 + DEFINE_STRUCT_TESTS(none, BYREF_PASS); 346 385 /* Initialization of members with __user attribute. */ 347 - DEFINE_TEST(user, struct test_user, STRUCT, none, WANT_SUCCESS); 386 + DEFINE_TEST(user, struct test_user, STRUCT, none, USER_PASS); 348 387 349 388 /* 350 389 * Check two uses through a variable declaration outside either path, ··· 357 398 * This is intentionally unreachable. To silence the 358 399 * warning, build with -Wno-switch-unreachable 359 400 */ 360 - uint64_t var; 401 + uint64_t var[10]; 361 402 362 403 case 1: 363 404 target_start = &var; ··· 382 423 memcpy(check_buf, target_start, target_size); 383 424 break; 384 425 default: 385 - var = 5; 386 - return var & forced_mask; 426 + var[1] = 5; 427 + return var[1] & forced_mask; 387 428 } 388 429 return 0; 389 430 } 390 431 391 - static noinline __init int leaf_switch_1_none(unsigned long sp, bool fill, 432 + static noinline int leaf_switch_1_none(unsigned long sp, bool fill, 392 433 uint64_t *arg) 393 434 { 394 435 return __leaf_switch_none(1, fill); 395 436 } 396 437 397 - static noinline __init int leaf_switch_2_none(unsigned long sp, bool fill, 438 + static noinline int leaf_switch_2_none(unsigned long sp, bool fill, 398 439 uint64_t *arg) 399 440 { 400 441 return __leaf_switch_none(2, fill); ··· 406 447 * non-code areas (i.e. in a switch statement before the first "case"). 407 448 * https://bugs.llvm.org/show_bug.cgi?id=44916 408 449 */ 409 - DEFINE_TEST_DRIVER(switch_1_none, uint64_t, SCALAR, XFAIL); 410 - DEFINE_TEST_DRIVER(switch_2_none, uint64_t, SCALAR, XFAIL); 450 + DEFINE_TEST_DRIVER(switch_1_none, uint64_t, SCALAR, ALWAYS_FAIL); 451 + DEFINE_TEST_DRIVER(switch_2_none, uint64_t, SCALAR, ALWAYS_FAIL); 411 452 412 - static int __init test_stackinit_init(void) 413 - { 414 - unsigned int failures = 0; 453 + #define KUNIT_test_scalars(init) \ 454 + KUNIT_CASE(test_u8_ ## init), \ 455 + KUNIT_CASE(test_u16_ ## init), \ 456 + KUNIT_CASE(test_u32_ ## init), \ 457 + KUNIT_CASE(test_u64_ ## init), \ 458 + KUNIT_CASE(test_char_array_ ## init) 415 459 416 - #define test_scalars(init) do { \ 417 - failures += test_u8_ ## init (); \ 418 - failures += test_u16_ ## init (); \ 419 - failures += test_u32_ ## init (); \ 420 - failures += test_u64_ ## init (); \ 421 - failures += test_char_array_ ## init (); \ 422 - } while (0) 460 + #define KUNIT_test_structs(init) \ 461 + KUNIT_CASE(test_small_hole_ ## init), \ 462 + KUNIT_CASE(test_big_hole_ ## init), \ 463 + KUNIT_CASE(test_trailing_hole_ ## init),\ 464 + KUNIT_CASE(test_packed_ ## init) \ 423 465 424 - #define test_structs(init) do { \ 425 - failures += test_small_hole_ ## init (); \ 426 - failures += test_big_hole_ ## init (); \ 427 - failures += test_trailing_hole_ ## init (); \ 428 - failures += test_packed_ ## init (); \ 429 - } while (0) 430 - 466 + static struct kunit_case stackinit_test_cases[] = { 431 467 /* These are explicitly initialized and should always pass. */ 432 - test_scalars(zero); 433 - test_structs(zero); 468 + KUNIT_test_scalars(zero), 469 + KUNIT_test_structs(zero), 434 470 /* Padding here appears to be accidentally always initialized? */ 435 - test_structs(dynamic_partial); 436 - test_structs(assigned_dynamic_partial); 471 + KUNIT_test_structs(dynamic_partial), 472 + KUNIT_test_structs(assigned_dynamic_partial), 437 473 /* Padding initialization depends on compiler behaviors. */ 438 - test_structs(static_partial); 439 - test_structs(static_all); 440 - test_structs(dynamic_all); 441 - test_structs(runtime_partial); 442 - test_structs(runtime_all); 443 - test_structs(assigned_static_partial); 444 - test_structs(assigned_static_all); 445 - test_structs(assigned_dynamic_all); 474 + KUNIT_test_structs(static_partial), 475 + KUNIT_test_structs(static_all), 476 + KUNIT_test_structs(dynamic_all), 477 + KUNIT_test_structs(runtime_partial), 478 + KUNIT_test_structs(runtime_all), 479 + KUNIT_test_structs(assigned_static_partial), 480 + KUNIT_test_structs(assigned_static_all), 481 + KUNIT_test_structs(assigned_dynamic_all), 446 482 /* Everything fails this since it effectively performs a memcpy(). */ 447 - test_structs(assigned_copy); 448 - 483 + KUNIT_test_structs(assigned_copy), 449 484 /* STRUCTLEAK_BYREF_ALL should cover everything from here down. */ 450 - test_scalars(none); 451 - failures += test_switch_1_none(); 452 - failures += test_switch_2_none(); 453 - 485 + KUNIT_test_scalars(none), 486 + KUNIT_CASE(test_switch_1_none), 487 + KUNIT_CASE(test_switch_2_none), 454 488 /* STRUCTLEAK_BYREF should cover from here down. */ 455 - test_structs(none); 456 - 489 + KUNIT_test_structs(none), 457 490 /* STRUCTLEAK will only cover this. */ 458 - failures += test_user(); 491 + KUNIT_CASE(test_user), 492 + {} 493 + }; 459 494 460 - if (failures == 0) 461 - pr_info("all tests passed!\n"); 462 - else 463 - pr_err("failures: %u\n", failures); 495 + static struct kunit_suite stackinit_test_suite = { 496 + .name = "stackinit", 497 + .test_cases = stackinit_test_cases, 498 + }; 464 499 465 - return failures ? -EINVAL : 0; 466 - } 467 - module_init(test_stackinit_init); 468 - 469 - static void __exit test_stackinit_exit(void) 470 - { } 471 - module_exit(test_stackinit_exit); 500 + kunit_test_suites(&stackinit_test_suite); 472 501 473 502 MODULE_LICENSE("GPL");
+1
scripts/Makefile.clang
··· 10 10 CLANG_TARGET_FLAGS_riscv := riscv64-linux-gnu 11 11 CLANG_TARGET_FLAGS_s390 := s390x-linux-gnu 12 12 CLANG_TARGET_FLAGS_x86 := x86_64-linux-gnu 13 + CLANG_TARGET_FLAGS_um := $(CLANG_TARGET_FLAGS_$(SUBARCH)) 13 14 CLANG_TARGET_FLAGS := $(CLANG_TARGET_FLAGS_$(SRCARCH)) 14 15 15 16 ifeq ($(CROSS_COMPILE),)