[PATCH v2 03/14] kasan: clean up comments in tests

Marco Elver elver at google.com
Wed Jan 13 11:24:03 EST 2021


On Wed, 13 Jan 2021 at 17:21, Andrey Konovalov <andreyknvl at google.com> wrote:
>
> Clarify and update comments in KASAN tests.
>
> Link: https://linux-review.googlesource.com/id/I6c816c51fa1e0eb7aa3dead6bda1f339d2af46c8
> Signed-off-by: Andrey Konovalov <andreyknvl at google.com>

Reviewed-by: Marco Elver <elver at google.com>


> ---
>  lib/test_kasan.c        | 59 +++++++++++++++++++++++++----------------
>  lib/test_kasan_module.c |  5 ++--
>  2 files changed, 39 insertions(+), 25 deletions(-)
>
> diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> index 2947274cc2d3..6f46e27c2af7 100644
> --- a/lib/test_kasan.c
> +++ b/lib/test_kasan.c
> @@ -28,10 +28,9 @@
>  #define OOB_TAG_OFF (IS_ENABLED(CONFIG_KASAN_GENERIC) ? 0 : KASAN_GRANULE_SIZE)
>
>  /*
> - * We assign some test results to these globals to make sure the tests
> - * are not eliminated as dead code.
> + * Some tests use these global variables to store return values from function
> + * calls that could otherwise be eliminated by the compiler as dead code.
>   */
> -
>  void *kasan_ptr_result;
>  int kasan_int_result;
>
> @@ -39,14 +38,13 @@ static struct kunit_resource resource;
>  static struct kunit_kasan_expectation fail_data;
>  static bool multishot;
>
> +/*
> + * Temporarily enable multi-shot mode. Otherwise, KASAN would only report the
> + * first detected bug and panic the kernel if panic_on_warn is enabled.
> + */
>  static int kasan_test_init(struct kunit *test)
>  {
> -       /*
> -        * Temporarily enable multi-shot mode and set panic_on_warn=0.
> -        * Otherwise, we'd only get a report for the first case.
> -        */
>         multishot = kasan_save_enable_multi_shot();
> -
>         return 0;
>  }
>
> @@ -56,12 +54,12 @@ static void kasan_test_exit(struct kunit *test)
>  }
>
>  /**
> - * KUNIT_EXPECT_KASAN_FAIL() - Causes a test failure when the expression does
> - * not cause a KASAN error. This uses a KUnit resource named "kasan_data." Do
> - * Do not use this name for a KUnit resource outside here.
> - *
> + * KUNIT_EXPECT_KASAN_FAIL() - check that the executed expression produces a
> + * KASAN report; causes a test failure otherwise. This relies on a KUnit
> + * resource named "kasan_data". Do not use this name for KUnit resources
> + * outside of KASAN tests.
>   */
> -#define KUNIT_EXPECT_KASAN_FAIL(test, condition) do { \
> +#define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \
>         fail_data.report_expected = true; \
>         fail_data.report_found = false; \
>         kunit_add_named_resource(test, \
> @@ -69,7 +67,7 @@ static void kasan_test_exit(struct kunit *test)
>                                 NULL, \
>                                 &resource, \
>                                 "kasan_data", &fail_data); \
> -       condition; \
> +       expression; \
>         KUNIT_EXPECT_EQ(test, \
>                         fail_data.report_expected, \
>                         fail_data.report_found); \
> @@ -121,7 +119,8 @@ static void kmalloc_pagealloc_oob_right(struct kunit *test)
>                 return;
>         }
>
> -       /* Allocate a chunk that does not fit into a SLUB cache to trigger
> +       /*
> +        * Allocate a chunk that does not fit into a SLUB cache to trigger
>          * the page allocator fallback.
>          */
>         ptr = kmalloc(size, GFP_KERNEL);
> @@ -168,7 +167,9 @@ static void kmalloc_large_oob_right(struct kunit *test)
>  {
>         char *ptr;
>         size_t size = KMALLOC_MAX_CACHE_SIZE - 256;
> -       /* Allocate a chunk that is large enough, but still fits into a slab
> +
> +       /*
> +        * Allocate a chunk that is large enough, but still fits into a slab
>          * and does not trigger the page allocator fallback in SLUB.
>          */
>         ptr = kmalloc(size, GFP_KERNEL);
> @@ -469,10 +470,13 @@ static void ksize_unpoisons_memory(struct kunit *test)
>         ptr = kmalloc(size, GFP_KERNEL);
>         KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
>         real_size = ksize(ptr);
> -       /* This access doesn't trigger an error. */
> +
> +       /* This access shouldn't trigger a KASAN report. */
>         ptr[size] = 'x';
> -       /* This one does. */
> +
> +       /* This one must. */
>         KUNIT_EXPECT_KASAN_FAIL(test, ptr[real_size] = 'y');
> +
>         kfree(ptr);
>  }
>
> @@ -568,7 +572,7 @@ static void kmem_cache_invalid_free(struct kunit *test)
>                 return;
>         }
>
> -       /* Trigger invalid free, the object doesn't get freed */
> +       /* Trigger invalid free, the object doesn't get freed. */
>         KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1));
>
>         /*
> @@ -585,7 +589,10 @@ static void kasan_memchr(struct kunit *test)
>         char *ptr;
>         size_t size = 24;
>
> -       /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */
> +       /*
> +        * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT.
> +        * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details.
> +        */
>         if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
>                 kunit_info(test,
>                         "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT");
> @@ -610,7 +617,10 @@ static void kasan_memcmp(struct kunit *test)
>         size_t size = 24;
>         int arr[9];
>
> -       /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */
> +       /*
> +        * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT.
> +        * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details.
> +        */
>         if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
>                 kunit_info(test,
>                         "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT");
> @@ -634,7 +644,10 @@ static void kasan_strings(struct kunit *test)
>         char *ptr;
>         size_t size = 24;
>
> -       /* See https://bugzilla.kernel.org/show_bug.cgi?id=206337 */
> +       /*
> +        * str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT.
> +        * See https://bugzilla.kernel.org/show_bug.cgi?id=206337 for details.
> +        */
>         if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
>                 kunit_info(test,
>                         "str* functions are not instrumented with CONFIG_AMD_MEM_ENCRYPT");
> @@ -706,7 +719,7 @@ static void kasan_bitops_generic(struct kunit *test)
>         }
>
>         /*
> -        * Allocate 1 more byte, which causes kzalloc to round up to 16-bytes;
> +        * Allocate 1 more byte, which causes kzalloc to round up to 16 bytes;
>          * this way we do not actually corrupt other memory.
>          */
>         bits = kzalloc(sizeof(*bits) + 1, GFP_KERNEL);
> diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c
> index 3b4cc77992d2..eee017ff8980 100644
> --- a/lib/test_kasan_module.c
> +++ b/lib/test_kasan_module.c
> @@ -123,8 +123,9 @@ static noinline void __init kasan_workqueue_uaf(void)
>  static int __init test_kasan_module_init(void)
>  {
>         /*
> -        * Temporarily enable multi-shot mode. Otherwise, we'd only get a
> -        * report for the first case.
> +        * Temporarily enable multi-shot mode. Otherwise, KASAN would only
> +        * report the first detected bug and panic the kernel if panic_on_warn
> +        * is enabled.
>          */
>         bool multishot = kasan_save_enable_multi_shot();
>
> --
> 2.30.0.284.gd98b1dd5eaa7-goog
>



More information about the linux-arm-kernel mailing list