From cf6219ee889fb304cf8192c707ad280d93baafc7 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Wed, 12 Jun 2024 12:59:19 -0700 Subject: usercopy: Convert test_user_copy to KUnit test Convert the runtime tests of hardened usercopy to standard KUnit tests. Additionally disable usercopy_test_invalid() for systems with separate address spaces (or no MMU) since it's not sensible to test for address confusion there (e.g. m68k). Co-developed-by: Vitor Massaru Iha Signed-off-by: Vitor Massaru Iha Link: https://lore.kernel.org/r/20200721174654.72132-1-vitor@massaru.org Tested-by: Ivan Orlov Reviewed-by: David Gow Signed-off-by: Kees Cook Signed-off-by: Shuah Khan --- lib/Kconfig.debug | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'lib/Kconfig.debug') diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 59b6765d86b8..561e346f5cb0 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2505,18 +2505,6 @@ config TEST_VMALLOC If unsure, say N. -config TEST_USER_COPY - tristate "Test user/kernel boundary protections" - depends on m - help - This builds the "test_user_copy" module that runs sanity checks - on the copy_to/from_user infrastructure, making sure basic - user/kernel boundary testing is working. If it fails to load, - a regression has been detected in the user/kernel memory boundary - protections. - - If unsure, say N. - config TEST_BPF tristate "Test BPF filter functionality" depends on m && NET @@ -2814,6 +2802,15 @@ config SIPHASH_KUNIT_TEST This is intended to help people writing architecture-specific optimized versions. If unsure, say N. +config USERCOPY_KUNIT_TEST + tristate "KUnit Test for user/kernel boundary protections" + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds the "usercopy_kunit" module that runs sanity checks + on the copy_to/from_user infrastructure, making sure basic + user/kernel boundary testing is working. + config TEST_UDELAY tristate "udelay test driver" help -- cgit v1.2.3 From d0bff054053f7a46a3819aba55ad803aa639ed7e Mon Sep 17 00:00:00 2001 From: Brian Masney Date: Fri, 7 Jun 2024 11:24:43 -0400 Subject: lib/Kconfig.debug: document panic= command line option and procfs entry for PANIC_TIMEOUT PANIC_TIMEOUT can also be controlled with the panic= kernel command line option and the file /proc/sys/kernel/panic. Let's document both of these in the Kconfig help text. Link: https://lkml.kernel.org/r/20240607152443.925168-1-bmasney@redhat.com Signed-off-by: Brian Masney Reviewed-by: Javier Martinez Canillas Signed-off-by: Andrew Morton --- lib/Kconfig.debug | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/Kconfig.debug') diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 59b6765d86b8..86c24d9ed376 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1043,7 +1043,9 @@ config PANIC_TIMEOUT Set the timeout value (in seconds) until a reboot occurs when the kernel panics. If n = 0, then we wait forever. A timeout value n > 0 will wait n seconds before rebooting, while a timeout - value n < 0 will reboot immediately. + value n < 0 will reboot immediately. This setting can be overridden + with the kernel command line option panic=, and from userspace via + /proc/sys/kernel/panic. config LOCKUP_DETECTOR bool -- cgit v1.2.3