path: root/lib/tests/fortify_kunit.c

// SPDX-License-Identifier: GPL-2.0
/*
 * Runtime test cases for CONFIG_FORTIFY_SOURCE. For additional memcpy()
 * testing see FORTIFY_MEM_* tests in LKDTM (drivers/misc/lkdtm/fortify.c).
 *
 * For corner cases with UBSAN, try testing with:
 *
 * ./tools/testing/kunit/kunit.py run --arch=x86_64 \
 *	--kconfig_add CONFIG_FORTIFY_SOURCE=y \
 *	--kconfig_add CONFIG_UBSAN=y \
 *	--kconfig_add CONFIG_UBSAN_TRAP=y \
 *	--kconfig_add CONFIG_UBSAN_BOUNDS=y \
 *	--kconfig_add CONFIG_UBSAN_LOCAL_BOUNDS=y \
 *	--make_options LLVM=1 fortify
 */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

/* We don't need to fill dmesg with the fortify WARNs during testing. */
#ifdef DEBUG
# define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x)
# define FORTIFY_WARN_KUNIT(x...)   WARN_ONCE(x)
#else
# define FORTIFY_REPORT_KUNIT(x...) do { } while (0)
# define FORTIFY_WARN_KUNIT(x...)   do { } while (0)
#endif

/* Redefine fortify_panic() to track failures. */
void fortify_add_kunit_error(int write);
#define fortify_panic(func, write, avail, size, retfail) do {		\
	FORTIFY_REPORT_KUNIT(FORTIFY_REASON(func, write), avail, size);	\
	fortify_add_kunit_error(write);					\
	return (retfail);						\
} while (0)

/* Redefine fortify_warn_once() to track memcpy() failures. */
#define fortify_warn_once(chk_func, x...) do {				\
	bool __result = chk_func;					\
	FORTIFY_WARN_KUNIT(__result, x);				\
	if (__result)							\
		fortify_add_kunit_error(1);				\
} while (0)

#include <kunit/device.h>
#include <kunit/test.h>
#include <kunit/test-bug.h>
#include <linux/device.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/vmalloc.h>

/* Handle being built without CONFIG_FORTIFY_SOURCE */
#ifndef __compiletime_strlen
# define __compiletime_strlen __builtin_strlen
#endif

static struct kunit_resource read_resource;
static struct kunit_resource write_resource;
static int fortify_read_overflows;
static int fortify_write_overflows;

static const char array_of_10[] = "this is 10";
static const char *ptr_of_11 = "this is 11!";
static const char * const unchanging_12 = "this is 12!!";
static char array_unknown[] = "compiler thinks I might change";

void fortify_add_kunit_error(int write)
{
	struct kunit_resource *resource;
	struct kunit *current_test;

	current_test = kunit_get_current_test();
	if (!current_test)
		return;

	resource = kunit_find_named_resource(current_test,
			write ? "fortify_write_overflows"
			      : "fortify_read_overflows");
	if (!resource)
		return;

	(*(int *)resource->data)++;
	kunit_put_resource(resource);
}

static void fortify_test_known_sizes(struct kunit *test)
{
	char stack[80] = "Test!";

	KUNIT_EXPECT_FALSE(test, __is_constexpr(__builtin_strlen(stack)));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen(stack), 5);

	KUNIT_EXPECT_TRUE(test, __is_constexpr(__builtin_strlen("88888888")));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen("88888888"), 8);

	KUNIT_EXPECT_TRUE(test, __is_constexpr(__builtin_strlen(array_of_10)));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen(array_of_10), 10);

	KUNIT_EXPECT_FALSE(test, __is_constexpr(__builtin_strlen(ptr_of_11)));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen(ptr_of_11), 11);

	KUNIT_EXPECT_TRUE(test, __is_constexpr(__builtin_strlen(unchanging_12)));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen(unchanging_12), 12);

	KUNIT_EXPECT_FALSE(test, __is_constexpr(__builtin_strlen(array_unknown)));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen(array_unknown), SIZE_MAX);

	/* Externally defined and dynamically sized string pointer: */
	KUNIT_EXPECT_FALSE(test, __is_constexpr(__builtin_strlen(test->name)));
	KUNIT_EXPECT_EQ(test, __compiletime_strlen(test->name), SIZE_MAX);
}

/* This is volatile so the optimizer can't perform DCE below. */
static volatile int pick;

/* Not inline to keep optimizer from figuring out which string we want. */
static noinline size_t want_minus_one(int pick)
{
	const char *str;

	switch (pick) {
	case 1:
		str = "4444";
		break;
	case 2:
		str = "333";
		break;
	default:
		str = "1";
		break;
	}
	return __compiletime_strlen(str);
}

static void fortify_test_control_flow_split(struct kunit *test)
{
	KUNIT_EXPECT_EQ(test, want_minus_one(pick), SIZE_MAX);
}

#define KUNIT_EXPECT_BOS(test, p, expected, name)			\
	KUNIT_EXPECT_EQ_MSG(test, __builtin_object_size(p, 1),		\
		expected,						\
		"__all