• David Gow's avatar
    kunit: Device wrappers should also manage driver name · f2c6dbd2
    David Gow authored
    kunit_driver_create() accepts a name for the driver, but does not copy
    it, so if that name is either on the stack, or otherwise freed, we end
    up with a use-after-free when the driver is cleaned up.
    
    Instead, strdup() the name, and manage it as another KUnit allocation.
    As there was no existing kunit_kstrdup(), we add one. Further, add a
    kunit_ variant of strdup_const() and kfree_const(), so we don't need to
    allocate and manage the string in the majority of cases where it's a
    constant.
    
    However, these are inline functions, and is_kernel_rodata() only works
    for built-in code. This causes problems in two cases:
    - If kunit is built as a module, __{start,end}_rodata is not defined.
    - If a kunit test using these functions is built as a module, it will
      suffer the same fate.
    
    This fixes a KASAN splat with overflow.overflow_allocation_test, when
    built as a module.
    
    Restrict the is_kernel_rodata() case to when KUnit is built as a module,
    which fixes the first case, at the cost of losing the optimisation.
    
    Also, make kunit_{kstrdup,kfree}_const non-inline, so that other modules
    using them will not accidentally depend on is_kernel_rodata(). If KUnit
    is built-in, they'll benefit from the optimisation, if KUnit is not,
    they won't, but the string will be properly duplicated.
    
    Fixes: d03c720e ("kunit: Add APIs for managing devices")
    Reported-by: default avatarNico Pache <npache@redhat.com>
    Closes: https://groups.google.com/g/kunit-dev/c/81V9b9QYON0Reviewed-by: default avatarKees Cook <kees@kernel.org>
    Reviewed-by: default avatarMaxime Ripard <mripard@kernel.org>
    Reviewed-by: default avatarRae Moar <rmoar@google.com>
    Signed-off-by: default avatarDavid Gow <davidgow@google.com>
    Tested-by: default avatarRae Moar <rmoar@google.com>
    Signed-off-by: default avatarShuah Khan <skhan@linuxfoundation.org>
    f2c6dbd2
test.h 59.6 KB