Blaster4385/linux-IllusionX
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

linux_kselftest-kunit-fixes-6.11-rc7

Browse source 
This kunit update for Linux 6.11-rc7 consist of one single fix to
 a use-after-free bug resulting from kunit_driver_create() failing
 to copy the driver name leaving it on the stack or freeing it.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAmbY0WMACgkQCwJExA0N
 QxzCgBAA7Cb6tyvGcXsQTXC50S90CR+3bGmHzTL8jl/ElHvTz521UzPTn01QB51t
 JcGNhKz3RByvRBuukhg7abpCnCYWZoa9pmxojVD5D1TO2AXvypWEv0ao/UwSAYyi
 2b7BTkcc7ciRske51/yFfipjwI/NLLIlu4HVcZ0OisOt+tvHzoz50KiyYV+Qan8r
 e8NkqVI587KLfDAZRC+cLXyJCIRwlCK+jNMrjoiOanv1Ybe65eAGNQmAIyuGX1Fo
 Ku8ZgoCgpc+Vjc1bMWgwgHWCdFOvINdd7ibfCp59JBBAkqYFpHYS5Lk9kHWH6lYF
 X9THLaCSh5cq+u0qksW8p4ml1fYnWZbm92qkdPj0wG36v9la769HSXijtVhL2lxD
 b1ca/NpfNfbbr5mxoVRq4ulO1JvyC6jmRKSJWt1p1SFfHf+Oaowh2Sr2ZjFfOozj
 +/Joh3n2dxlnH/in8BvXGwQIo7xbyTatm/4IVCccJAolR+hPv7izBeWfYn3xgtu5
 5WZVcxPMxNwgNHWnxm2nbxTtBTvTsOSC8/nbxm8g3jM9cHCP7Mz3/zSV6p2vcRxm
 HPx/Qj2LmNcPKGXs4jh7WLErgkunxlvsqCJChwGjZoYR0fgRmzCgrwbkDE6/26UW
 Teo51bWwD/CxTy7OtXi8D2pPzVqt8u5cFPaNgHaRzxLDuVTouhU=
 =JRC5
 -----END PGP SIGNATURE-----

Merge tag 'linux_kselftest-kunit-fixes-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest

Pull kunit fix fromShuah Khan:
 "One single fix to a use-after-free bug resulting from
  kunit_driver_create() failing to copy the driver name leaving it on
  the stack or freeing it"

* tag 'linux_kselftest-kunit-fixes-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
  kunit: Device wrappers should also manage driver name
This commit is contained in:
Linus Torvalds 2024-09-05 09:43:38 -07:00
commit 120434e5b3
3 changed files with 72 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
include/kunit/test.h
View file

@ -28,6 +28,7 @@
#include <linux/types.h> #include <linux/types.h>
#include <asm/rwonce.h> #include <asm/rwonce.h>
#include <asm/sections.h>
/* Static key: true if any KUnit tests are currently running */ /* Static key: true if any KUnit tests are currently running */
DECLARE_STATIC_KEY_FALSE(kunit_running); DECLARE_STATIC_KEY_FALSE(kunit_running);
@ -480,6 +481,53 @@ static inline void *kunit_kcalloc(struct kunit *test, size_t n, size_t size, gfp
return kunit_kmalloc_array(test, n, size, gfp | __GFP_ZERO); return kunit_kmalloc_array(test, n, size, gfp | __GFP_ZERO);
} }
/**
* kunit_kfree_const() - conditionally free test managed memory
* @x: pointer to the memory
*
* Calls kunit_kfree() only if @x is not in .rodata section.
* See kunit_kstrdup_const() for more information.
*/
void kunit_kfree_const(struct kunit *test, const void *x);
/**
* kunit_kstrdup() - Duplicates a string into a test managed allocation.
*
* @test: The test context object.
* @str: The NULL-terminated string to duplicate.
* @gfp: flags passed to underlying kmalloc().
*
* See kstrdup() and kunit_kmalloc_array() for more information.
*/
static inline char *kunit_kstrdup(struct kunit *test, const char *str, gfp_t gfp)
{
size_t len;
char *buf;
if (!str)
return NULL;
len = strlen(str) + 1;
buf = kunit_kmalloc(test, len, gfp);
if (buf)
memcpy(buf, str, len);
return buf;
}
/**
* kunit_kstrdup_const() - Conditionally duplicates a string into a test managed allocation.
*
* @test: The test context object.
* @str: The NULL-terminated string to duplicate.
* @gfp: flags passed to underlying kmalloc().
*
* Calls kunit_kstrdup() only if @str is not in the rodata section. Must be freed with
* kunit_kfree_const() -- not kunit_kfree().
* See kstrdup_const() and kunit_kmalloc_array() for more information.
*/
const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp);
/** /**
* kunit_vm_mmap() - Allocate KUnit-tracked vm_mmap() area * kunit_vm_mmap() - Allocate KUnit-tracked vm_mmap() area
* @test: The test context object. * @test: The test context object.

7
lib/kunit/device.c
View file

@ -89,7 +89,7 @@ struct device_driver *kunit_driver_create(struct kunit *test, const char *name)
if (!driver) if (!driver)
return ERR_PTR(err); return ERR_PTR(err);
driver->name = name; driver->name = kunit_kstrdup_const(test, name, GFP_KERNEL);
driver->bus = &kunit_bus_type; driver->bus = &kunit_bus_type;
driver->owner = THIS_MODULE; driver->owner = THIS_MODULE;
@ -192,8 +192,11 @@ void kunit_device_unregister(struct kunit *test, struct device *dev)
const struct device_driver *driver = to_kunit_device(dev)->driver; const struct device_driver *driver = to_kunit_device(dev)->driver;
kunit_release_action(test, device_unregister_wrapper, dev); kunit_release_action(test, device_unregister_wrapper, dev);
if (driver) if (driver) {
const char *driver_name = driver->name;
kunit_release_action(test, driver_unregister_wrapper, (void *)driver); kunit_release_action(test, driver_unregister_wrapper, (void *)driver);
kunit_kfree_const(test, driver_name);
}
} }
EXPORT_SYMBOL_GPL(kunit_device_unregister); EXPORT_SYMBOL_GPL(kunit_device_unregister);

19
lib/kunit/test.c
View file

@ -874,6 +874,25 @@ void kunit_kfree(struct kunit *test, const void *ptr)
} }
EXPORT_SYMBOL_GPL(kunit_kfree); EXPORT_SYMBOL_GPL(kunit_kfree);
void kunit_kfree_const(struct kunit *test, const void *x)
{
#if !IS_MODULE(CONFIG_KUNIT)
if (!is_kernel_rodata((unsigned long)x))
#endif
kunit_kfree(test, x);
}
EXPORT_SYMBOL_GPL(kunit_kfree_const);
const char *kunit_kstrdup_const(struct kunit *test, const char *str, gfp_t gfp)
{
#if !IS_MODULE(CONFIG_KUNIT)
if (is_kernel_rodata((unsigned long)str))
return str;
#endif
return kunit_kstrdup(test, str, gfp);
}
EXPORT_SYMBOL_GPL(kunit_kstrdup_const);
void kunit_cleanup(struct kunit *test) void kunit_cleanup(struct kunit *test)
{ {
struct kunit_resource *res; struct kunit_resource *res;