string: Convert strscpy() self-test to KUnit
Commit Message
Convert the strscpy() self-test to a KUnit test.
Cc: David Gow <davidgow@google.com>
Cc: Tobin C. Harding <tobin@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
MAINTAINERS | 1 +
lib/Kconfig.debug | 8 ++-
lib/Makefile | 2 +-
lib/strscpy_kunit.c | 129 +++++++++++++++++++++++++++++++++++++
lib/test_strscpy.c | 150 --------------------------------------------
5 files changed, 136 insertions(+), 154 deletions(-)
create mode 100644 lib/strscpy_kunit.c
delete mode 100644 lib/test_strscpy.c
Comments
On Tue, Oct 18, 2022 at 01:28:59AM -0700, Kees Cook wrote:
> Convert the strscpy() self-test to a KUnit test.
>
> Cc: David Gow <davidgow@google.com>
> Cc: Tobin C. Harding <tobin@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>
I ran the following commands and they all passed:
$ tools/testing/kunit/kunit.py run --arch arm64 --cross_compile aarch64-linux-gnu- strscpy
$ tools/testing/kunit/kunit.py run --arch arm64 --make_options LLVM=1 strscpy
$ tools/testing/kunit/kunit.py run --arch x86_64 strscpy
$ tools/testing/kunit/kunit.py run --arch x86_64 --make_options LLVM=1 strscpy
Tested-by: Nathan Chancellor <nathan@kernel.org>
> ---
> MAINTAINERS | 1 +
> lib/Kconfig.debug | 8 ++-
> lib/Makefile | 2 +-
> lib/strscpy_kunit.c | 129 +++++++++++++++++++++++++++++++++++++
> lib/test_strscpy.c | 150 --------------------------------------------
> 5 files changed, 136 insertions(+), 154 deletions(-)
> create mode 100644 lib/strscpy_kunit.c
> delete mode 100644 lib/test_strscpy.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 9dd8d74c4df0..232d78340d79 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -8045,6 +8045,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/har
> F: include/linux/fortify-string.h
> F: lib/fortify_kunit.c
> F: lib/memcpy_kunit.c
> +F: lib/strscpy_kunit.c
> F: lib/test_fortify/*
> F: scripts/test_fortify.sh
> K: \b__NO_FORTIFY\b
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 3fc7abffc7aa..e0a4d52e434c 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -2215,9 +2215,6 @@ config STRING_SELFTEST
> config TEST_STRING_HELPERS
> tristate "Test functions located in the string_helpers module at runtime"
>
> -config TEST_STRSCPY
> - tristate "Test strscpy*() family of functions at runtime"
> -
> config TEST_KSTRTOX
> tristate "Test kstrto*() family of functions at runtime"
>
> @@ -2583,6 +2580,11 @@ config HW_BREAKPOINT_KUNIT_TEST
>
> If unsure, say N.
>
> +config STRSCPY_KUNIT_TEST
> + tristate "Test strscpy*() family of functions at runtime" if !KUNIT_ALL_TESTS
> + depends on KUNIT
> + default KUNIT_ALL_TESTS
> +
> config TEST_UDELAY
> tristate "udelay test driver"
> help
> diff --git a/lib/Makefile b/lib/Makefile
> index 161d6a724ff7..1905e5c26849 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -82,7 +82,6 @@ obj-$(CONFIG_TEST_DYNAMIC_DEBUG) += test_dynamic_debug.o
> obj-$(CONFIG_TEST_PRINTF) += test_printf.o
> obj-$(CONFIG_TEST_SCANF) += test_scanf.o
> obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o
> -obj-$(CONFIG_TEST_STRSCPY) += test_strscpy.o
> obj-$(CONFIG_TEST_UUID) += test_uuid.o
> obj-$(CONFIG_TEST_XARRAY) += test_xarray.o
> obj-$(CONFIG_TEST_PARMAN) += test_parman.o
> @@ -380,6 +379,7 @@ obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow_kunit.o
> CFLAGS_stackinit_kunit.o += $(call cc-disable-warning, switch-unreachable)
> obj-$(CONFIG_STACKINIT_KUNIT_TEST) += stackinit_kunit.o
> obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fortify_kunit.o
> +obj-$(CONFIG_STRSCPY_KUNIT_TEST) += strscpy_kunit.o
>
> obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o
>
> diff --git a/lib/strscpy_kunit.c b/lib/strscpy_kunit.c
> new file mode 100644
> index 000000000000..98523f828d3a
> --- /dev/null
> +++ b/lib/strscpy_kunit.c
> @@ -0,0 +1,129 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Kernel module for testing 'strscpy' family of functions.
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <kunit/test.h>
> +#include <linux/string.h>
> +
> +/*
> + * tc() - Run a specific test case.
> + * @src: Source string, argument to strscpy_pad()
> + * @count: Size of destination buffer, argument to strscpy_pad()
> + * @expected: Expected return value from call to strscpy_pad()
> + * @terminator: 1 if there should be a terminating null byte 0 otherwise.
> + * @chars: Number of characters from the src string expected to be
> + * written to the dst buffer.
> + * @pad: Number of pad characters expected (in the tail of dst buffer).
> + * (@pad does not include the null terminator byte.)
> + *
> + * Calls strscpy_pad() and verifies the return value and state of the
> + * destination buffer after the call returns.
> + */
> +static void tc(struct kunit *test, char *src, int count, int expected,
> + int chars, int terminator, int pad)
> +{
> + int nr_bytes_poison;
> + int max_expected;
> + int max_count;
> + int written;
> + char buf[6];
> + int index, i;
> + const char POISON = 'z';
> +
> + KUNIT_ASSERT_TRUE_MSG(test, src != NULL,
> + "null source string not supported");
> +
> + memset(buf, POISON, sizeof(buf));
> + /* Future proofing test suite, validate args */
> + max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
> + max_expected = count - 1; /* Space for the null */
> +
> + KUNIT_ASSERT_LE_MSG(test, count, max_count,
> + "count (%d) is too big (%d) ... aborting", count, max_count);
> + KUNIT_EXPECT_LE_MSG(test, expected, max_expected,
> + "expected (%d) is bigger than can possibly be returned (%d)",
> + expected, max_expected);
> +
> + written = strscpy_pad(buf, src, count);
> + KUNIT_ASSERT_EQ(test, written, expected);
> +
> + if (count && written == -E2BIG) {
> + KUNIT_ASSERT_EQ_MSG(test, 0, strncmp(buf, src, count - 1),
> + "buffer state invalid for -E2BIG");
> + KUNIT_ASSERT_EQ_MSG(test, buf[count - 1], '\0',
> + "too big string is not null terminated correctly");
> + }
> +
> + for (i = 0; i < chars; i++)
> + KUNIT_ASSERT_EQ_MSG(test, buf[i], src[i],
> + "buf[i]==%c != src[i]==%c", buf[i], src[i]);
> +
> + if (terminator)
> + KUNIT_ASSERT_EQ_MSG(test, buf[count - 1], '\0',
> + "string is not null terminated correctly");
> +
> + for (i = 0; i < pad; i++) {
> + index = chars + terminator + i;
> + KUNIT_ASSERT_EQ_MSG(test, buf[index], '\0',
> + "padding missing at index: %d", i);
> + }
> +
> + nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
> + for (i = 0; i < nr_bytes_poison; i++) {
> + index = sizeof(buf) - 1 - i; /* Check from the end back */
> + KUNIT_ASSERT_EQ_MSG(test, buf[index], POISON,
> + "poison value missing at index: %d", i);
> + }
> +}
> +
> +static void strscpy_test(struct kunit *test)
> +{
> + /*
> + * tc() uses a destination buffer of size 6 and needs at
> + * least 2 characters spare (one for null and one to check for
> + * overflow). This means we should only call tc() with
> + * strings up to a maximum of 4 characters long and 'count'
> + * should not exceed 4. To test with longer strings increase
> + * the buffer size in tc().
> + */
> +
> + /* tc(test, src, count, expected, chars, terminator, pad) */
> + tc(test, "a", 0, -E2BIG, 0, 0, 0);
> + tc(test, "", 0, -E2BIG, 0, 0, 0);
> +
> + tc(test, "a", 1, -E2BIG, 0, 1, 0);
> + tc(test, "", 1, 0, 0, 1, 0);
> +
> + tc(test, "ab", 2, -E2BIG, 1, 1, 0);
> + tc(test, "a", 2, 1, 1, 1, 0);
> + tc(test, "", 2, 0, 0, 1, 1);
> +
> + tc(test, "abc", 3, -E2BIG, 2, 1, 0);
> + tc(test, "ab", 3, 2, 2, 1, 0);
> + tc(test, "a", 3, 1, 1, 1, 1);
> + tc(test, "", 3, 0, 0, 1, 2);
> +
> + tc(test, "abcd", 4, -E2BIG, 3, 1, 0);
> + tc(test, "abc", 4, 3, 3, 1, 0);
> + tc(test, "ab", 4, 2, 2, 1, 1);
> + tc(test, "a", 4, 1, 1, 1, 2);
> + tc(test, "", 4, 0, 0, 1, 3);
> +}
> +
> +static struct kunit_case strscpy_test_cases[] = {
> + KUNIT_CASE(strscpy_test),
> + {}
> +};
> +
> +static struct kunit_suite strscpy_test_suite = {
> + .name = "strscpy",
> + .test_cases = strscpy_test_cases,
> +};
> +
> +kunit_test_suite(strscpy_test_suite);
> +
> +MODULE_AUTHOR("Tobin C. Harding <tobin@kernel.org>");
> +MODULE_LICENSE("GPL");
> diff --git a/lib/test_strscpy.c b/lib/test_strscpy.c
> deleted file mode 100644
> index a827f94601f5..000000000000
> --- a/lib/test_strscpy.c
> +++ /dev/null
> @@ -1,150 +0,0 @@
> -// SPDX-License-Identifier: GPL-2.0+
> -
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
> -#include <linux/string.h>
> -
> -#include "../tools/testing/selftests/kselftest_module.h"
> -
> -/*
> - * Kernel module for testing 'strscpy' family of functions.
> - */
> -
> -KSTM_MODULE_GLOBALS();
> -
> -/*
> - * tc() - Run a specific test case.
> - * @src: Source string, argument to strscpy_pad()
> - * @count: Size of destination buffer, argument to strscpy_pad()
> - * @expected: Expected return value from call to strscpy_pad()
> - * @terminator: 1 if there should be a terminating null byte 0 otherwise.
> - * @chars: Number of characters from the src string expected to be
> - * written to the dst buffer.
> - * @pad: Number of pad characters expected (in the tail of dst buffer).
> - * (@pad does not include the null terminator byte.)
> - *
> - * Calls strscpy_pad() and verifies the return value and state of the
> - * destination buffer after the call returns.
> - */
> -static int __init tc(char *src, int count, int expected,
> - int chars, int terminator, int pad)
> -{
> - int nr_bytes_poison;
> - int max_expected;
> - int max_count;
> - int written;
> - char buf[6];
> - int index, i;
> - const char POISON = 'z';
> -
> - total_tests++;
> -
> - if (!src) {
> - pr_err("null source string not supported\n");
> - return -1;
> - }
> -
> - memset(buf, POISON, sizeof(buf));
> - /* Future proofing test suite, validate args */
> - max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
> - max_expected = count - 1; /* Space for the null */
> - if (count > max_count) {
> - pr_err("count (%d) is too big (%d) ... aborting", count, max_count);
> - return -1;
> - }
> - if (expected > max_expected) {
> - pr_warn("expected (%d) is bigger than can possibly be returned (%d)",
> - expected, max_expected);
> - }
> -
> - written = strscpy_pad(buf, src, count);
> - if ((written) != (expected)) {
> - pr_err("%d != %d (written, expected)\n", written, expected);
> - goto fail;
> - }
> -
> - if (count && written == -E2BIG) {
> - if (strncmp(buf, src, count - 1) != 0) {
> - pr_err("buffer state invalid for -E2BIG\n");
> - goto fail;
> - }
> - if (buf[count - 1] != '\0') {
> - pr_err("too big string is not null terminated correctly\n");
> - goto fail;
> - }
> - }
> -
> - for (i = 0; i < chars; i++) {
> - if (buf[i] != src[i]) {
> - pr_err("buf[i]==%c != src[i]==%c\n", buf[i], src[i]);
> - goto fail;
> - }
> - }
> -
> - if (terminator) {
> - if (buf[count - 1] != '\0') {
> - pr_err("string is not null terminated correctly\n");
> - goto fail;
> - }
> - }
> -
> - for (i = 0; i < pad; i++) {
> - index = chars + terminator + i;
> - if (buf[index] != '\0') {
> - pr_err("padding missing at index: %d\n", i);
> - goto fail;
> - }
> - }
> -
> - nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
> - for (i = 0; i < nr_bytes_poison; i++) {
> - index = sizeof(buf) - 1 - i; /* Check from the end back */
> - if (buf[index] != POISON) {
> - pr_err("poison value missing at index: %d\n", i);
> - goto fail;
> - }
> - }
> -
> - return 0;
> -fail:
> - failed_tests++;
> - return -1;
> -}
> -
> -static void __init selftest(void)
> -{
> - /*
> - * tc() uses a destination buffer of size 6 and needs at
> - * least 2 characters spare (one for null and one to check for
> - * overflow). This means we should only call tc() with
> - * strings up to a maximum of 4 characters long and 'count'
> - * should not exceed 4. To test with longer strings increase
> - * the buffer size in tc().
> - */
> -
> - /* tc(src, count, expected, chars, terminator, pad) */
> - KSTM_CHECK_ZERO(tc("a", 0, -E2BIG, 0, 0, 0));
> - KSTM_CHECK_ZERO(tc("", 0, -E2BIG, 0, 0, 0));
> -
> - KSTM_CHECK_ZERO(tc("a", 1, -E2BIG, 0, 1, 0));
> - KSTM_CHECK_ZERO(tc("", 1, 0, 0, 1, 0));
> -
> - KSTM_CHECK_ZERO(tc("ab", 2, -E2BIG, 1, 1, 0));
> - KSTM_CHECK_ZERO(tc("a", 2, 1, 1, 1, 0));
> - KSTM_CHECK_ZERO(tc("", 2, 0, 0, 1, 1));
> -
> - KSTM_CHECK_ZERO(tc("abc", 3, -E2BIG, 2, 1, 0));
> - KSTM_CHECK_ZERO(tc("ab", 3, 2, 2, 1, 0));
> - KSTM_CHECK_ZERO(tc("a", 3, 1, 1, 1, 1));
> - KSTM_CHECK_ZERO(tc("", 3, 0, 0, 1, 2));
> -
> - KSTM_CHECK_ZERO(tc("abcd", 4, -E2BIG, 3, 1, 0));
> - KSTM_CHECK_ZERO(tc("abc", 4, 3, 3, 1, 0));
> - KSTM_CHECK_ZERO(tc("ab", 4, 2, 2, 1, 1));
> - KSTM_CHECK_ZERO(tc("a", 4, 1, 1, 1, 2));
> - KSTM_CHECK_ZERO(tc("", 4, 0, 0, 1, 3));
> -}
> -
> -KSTM_MODULE_LOADERS(test_strscpy);
> -MODULE_AUTHOR("Tobin C. Harding <tobin@kernel.org>");
> -MODULE_LICENSE("GPL");
> --
> 2.34.1
>
On Tue, Oct 18, 2022 at 11:54:28AM -0700, Nathan Chancellor wrote:
> On Tue, Oct 18, 2022 at 01:28:59AM -0700, Kees Cook wrote:
> > Convert the strscpy() self-test to a KUnit test.
> >
> > Cc: David Gow <davidgow@google.com>
> > Cc: Tobin C. Harding <tobin@kernel.org>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
>
> I ran the following commands and they all passed:
>
> $ tools/testing/kunit/kunit.py run --arch arm64 --cross_compile aarch64-linux-gnu- strscpy
>
> $ tools/testing/kunit/kunit.py run --arch arm64 --make_options LLVM=1 strscpy
>
> $ tools/testing/kunit/kunit.py run --arch x86_64 strscpy
>
> $ tools/testing/kunit/kunit.py run --arch x86_64 --make_options LLVM=1 strscpy
>
> Tested-by: Nathan Chancellor <nathan@kernel.org>
Thank you!
I should probably note somewhere that I test it both with and without
CONFIG_FORTIFY_SOURCE:
$ tools/testing/kunit/kunit.py run --arch x86_64 --kconfig_add CONFIG_FORTIFY_SOURCE=y strscpy
etc...
On Tue, Oct 18, 2022 at 4:29 PM Kees Cook <keescook@chromium.org> wrote:
>
> Convert the strscpy() self-test to a KUnit test.
>
> Cc: David Gow <davidgow@google.com>
> Cc: Tobin C. Harding <tobin@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
This looks fine, and works here, but I wonder if this is not better
suited to a parameterised test? That'd make it a bit easier to
interpret the results if only one or two of the "subtests" failed.
Basically, you give KUnit a test function alongside an array of data
(typically a struct), as well as a helper function to "describe" the
test, and KUnit will treat all executions of that function as
"subtests", and print out results.
The fat timestamp tests here are a good example:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/fat/fat_test.c#n23
Now, I suspect that this isn't an _ideal_ case for parameterised tests
(the individual cases are a little awkward to describe), so I'm okay
with it either way, but I think taking advantage of the parameterised
test infrastructure would be a little "cleaner" than the repeated
calls to the "tc" function.
Thoughts?
Regardless, this is:
Tested-by: David Gow <davidgow@google.com>
-- David
> MAINTAINERS | 1 +
> lib/Kconfig.debug | 8 ++-
> lib/Makefile | 2 +-
> lib/strscpy_kunit.c | 129 +++++++++++++++++++++++++++++++++++++
> lib/test_strscpy.c | 150 --------------------------------------------
> 5 files changed, 136 insertions(+), 154 deletions(-)
> create mode 100644 lib/strscpy_kunit.c
> delete mode 100644 lib/test_strscpy.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 9dd8d74c4df0..232d78340d79 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -8045,6 +8045,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/har
> F: include/linux/fortify-string.h
> F: lib/fortify_kunit.c
> F: lib/memcpy_kunit.c
> +F: lib/strscpy_kunit.c
> F: lib/test_fortify/*
> F: scripts/test_fortify.sh
> K: \b__NO_FORTIFY\b
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 3fc7abffc7aa..e0a4d52e434c 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -2215,9 +2215,6 @@ config STRING_SELFTEST
> config TEST_STRING_HELPERS
> tristate "Test functions located in the string_helpers module at runtime"
>
> -config TEST_STRSCPY
> - tristate "Test strscpy*() family of functions at runtime"
> -
> config TEST_KSTRTOX
> tristate "Test kstrto*() family of functions at runtime"
>
> @@ -2583,6 +2580,11 @@ config HW_BREAKPOINT_KUNIT_TEST
>
> If unsure, say N.
>
> +config STRSCPY_KUNIT_TEST
> + tristate "Test strscpy*() family of functions at runtime" if !KUNIT_ALL_TESTS
> + depends on KUNIT
> + default KUNIT_ALL_TESTS
> +
> config TEST_UDELAY
> tristate "udelay test driver"
> help
> diff --git a/lib/Makefile b/lib/Makefile
> index 161d6a724ff7..1905e5c26849 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -82,7 +82,6 @@ obj-$(CONFIG_TEST_DYNAMIC_DEBUG) += test_dynamic_debug.o
> obj-$(CONFIG_TEST_PRINTF) += test_printf.o
> obj-$(CONFIG_TEST_SCANF) += test_scanf.o
> obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o
> -obj-$(CONFIG_TEST_STRSCPY) += test_strscpy.o
> obj-$(CONFIG_TEST_UUID) += test_uuid.o
> obj-$(CONFIG_TEST_XARRAY) += test_xarray.o
> obj-$(CONFIG_TEST_PARMAN) += test_parman.o
> @@ -380,6 +379,7 @@ obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow_kunit.o
> CFLAGS_stackinit_kunit.o += $(call cc-disable-warning, switch-unreachable)
> obj-$(CONFIG_STACKINIT_KUNIT_TEST) += stackinit_kunit.o
> obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fortify_kunit.o
> +obj-$(CONFIG_STRSCPY_KUNIT_TEST) += strscpy_kunit.o
>
> obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o
>
> diff --git a/lib/strscpy_kunit.c b/lib/strscpy_kunit.c
> new file mode 100644
> index 000000000000..98523f828d3a
> --- /dev/null
> +++ b/lib/strscpy_kunit.c
> @@ -0,0 +1,129 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Kernel module for testing 'strscpy' family of functions.
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <kunit/test.h>
> +#include <linux/string.h>
> +
> +/*
> + * tc() - Run a specific test case.
> + * @src: Source string, argument to strscpy_pad()
> + * @count: Size of destination buffer, argument to strscpy_pad()
> + * @expected: Expected return value from call to strscpy_pad()
> + * @terminator: 1 if there should be a terminating null byte 0 otherwise.
> + * @chars: Number of characters from the src string expected to be
> + * written to the dst buffer.
> + * @pad: Number of pad characters expected (in the tail of dst buffer).
> + * (@pad does not include the null terminator byte.)
> + *
> + * Calls strscpy_pad() and verifies the return value and state of the
> + * destination buffer after the call returns.
> + */
> +static void tc(struct kunit *test, char *src, int count, int expected,
> + int chars, int terminator, int pad)
> +{
> + int nr_bytes_poison;
> + int max_expected;
> + int max_count;
> + int written;
> + char buf[6];
> + int index, i;
> + const char POISON = 'z';
> +
> + KUNIT_ASSERT_TRUE_MSG(test, src != NULL,
> + "null source string not supported");
> +
> + memset(buf, POISON, sizeof(buf));
> + /* Future proofing test suite, validate args */
> + max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
> + max_expected = count - 1; /* Space for the null */
> +
> + KUNIT_ASSERT_LE_MSG(test, count, max_count,
> + "count (%d) is too big (%d) ... aborting", count, max_count);
> + KUNIT_EXPECT_LE_MSG(test, expected, max_expected,
> + "expected (%d) is bigger than can possibly be returned (%d)",
> + expected, max_expected);
> +
> + written = strscpy_pad(buf, src, count);
> + KUNIT_ASSERT_EQ(test, written, expected);
> +
> + if (count && written == -E2BIG) {
> + KUNIT_ASSERT_EQ_MSG(test, 0, strncmp(buf, src, count - 1),
> + "buffer state invalid for -E2BIG");
> + KUNIT_ASSERT_EQ_MSG(test, buf[count - 1], '\0',
> + "too big string is not null terminated correctly");
> + }
> +
> + for (i = 0; i < chars; i++)
> + KUNIT_ASSERT_EQ_MSG(test, buf[i], src[i],
> + "buf[i]==%c != src[i]==%c", buf[i], src[i]);
> +
> + if (terminator)
> + KUNIT_ASSERT_EQ_MSG(test, buf[count - 1], '\0',
> + "string is not null terminated correctly");
> +
> + for (i = 0; i < pad; i++) {
> + index = chars + terminator + i;
> + KUNIT_ASSERT_EQ_MSG(test, buf[index], '\0',
> + "padding missing at index: %d", i);
> + }
> +
> + nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
> + for (i = 0; i < nr_bytes_poison; i++) {
> + index = sizeof(buf) - 1 - i; /* Check from the end back */
> + KUNIT_ASSERT_EQ_MSG(test, buf[index], POISON,
> + "poison value missing at index: %d", i);
> + }
> +}
> +
> +static void strscpy_test(struct kunit *test)
> +{
> + /*
> + * tc() uses a destination buffer of size 6 and needs at
> + * least 2 characters spare (one for null and one to check for
> + * overflow). This means we should only call tc() with
> + * strings up to a maximum of 4 characters long and 'count'
> + * should not exceed 4. To test with longer strings increase
> + * the buffer size in tc().
> + */
> +
> + /* tc(test, src, count, expected, chars, terminator, pad) */
> + tc(test, "a", 0, -E2BIG, 0, 0, 0);
> + tc(test, "", 0, -E2BIG, 0, 0, 0);
> +
> + tc(test, "a", 1, -E2BIG, 0, 1, 0);
> + tc(test, "", 1, 0, 0, 1, 0);
> +
> + tc(test, "ab", 2, -E2BIG, 1, 1, 0);
> + tc(test, "a", 2, 1, 1, 1, 0);
> + tc(test, "", 2, 0, 0, 1, 1);
> +
> + tc(test, "abc", 3, -E2BIG, 2, 1, 0);
> + tc(test, "ab", 3, 2, 2, 1, 0);
> + tc(test, "a", 3, 1, 1, 1, 1);
> + tc(test, "", 3, 0, 0, 1, 2);
> +
> + tc(test, "abcd", 4, -E2BIG, 3, 1, 0);
> + tc(test, "abc", 4, 3, 3, 1, 0);
> + tc(test, "ab", 4, 2, 2, 1, 1);
> + tc(test, "a", 4, 1, 1, 1, 2);
> + tc(test, "", 4, 0, 0, 1, 3);
> +}
> +
> +static struct kunit_case strscpy_test_cases[] = {
> + KUNIT_CASE(strscpy_test),
> + {}
> +};
> +
> +static struct kunit_suite strscpy_test_suite = {
> + .name = "strscpy",
> + .test_cases = strscpy_test_cases,
> +};
> +
> +kunit_test_suite(strscpy_test_suite);
> +
> +MODULE_AUTHOR("Tobin C. Harding <tobin@kernel.org>");
> +MODULE_LICENSE("GPL");
> diff --git a/lib/test_strscpy.c b/lib/test_strscpy.c
> deleted file mode 100644
> index a827f94601f5..000000000000
> --- a/lib/test_strscpy.c
> +++ /dev/null
> @@ -1,150 +0,0 @@
> -// SPDX-License-Identifier: GPL-2.0+
> -
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
> -#include <linux/string.h>
> -
> -#include "../tools/testing/selftests/kselftest_module.h"
> -
> -/*
> - * Kernel module for testing 'strscpy' family of functions.
> - */
> -
> -KSTM_MODULE_GLOBALS();
> -
> -/*
> - * tc() - Run a specific test case.
> - * @src: Source string, argument to strscpy_pad()
> - * @count: Size of destination buffer, argument to strscpy_pad()
> - * @expected: Expected return value from call to strscpy_pad()
> - * @terminator: 1 if there should be a terminating null byte 0 otherwise.
> - * @chars: Number of characters from the src string expected to be
> - * written to the dst buffer.
> - * @pad: Number of pad characters expected (in the tail of dst buffer).
> - * (@pad does not include the null terminator byte.)
> - *
> - * Calls strscpy_pad() and verifies the return value and state of the
> - * destination buffer after the call returns.
> - */
> -static int __init tc(char *src, int count, int expected,
> - int chars, int terminator, int pad)
> -{
> - int nr_bytes_poison;
> - int max_expected;
> - int max_count;
> - int written;
> - char buf[6];
> - int index, i;
> - const char POISON = 'z';
> -
> - total_tests++;
> -
> - if (!src) {
> - pr_err("null source string not supported\n");
> - return -1;
> - }
> -
> - memset(buf, POISON, sizeof(buf));
> - /* Future proofing test suite, validate args */
> - max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
> - max_expected = count - 1; /* Space for the null */
> - if (count > max_count) {
> - pr_err("count (%d) is too big (%d) ... aborting", count, max_count);
> - return -1;
> - }
> - if (expected > max_expected) {
> - pr_warn("expected (%d) is bigger than can possibly be returned (%d)",
> - expected, max_expected);
> - }
> -
> - written = strscpy_pad(buf, src, count);
> - if ((written) != (expected)) {
> - pr_err("%d != %d (written, expected)\n", written, expected);
> - goto fail;
> - }
> -
> - if (count && written == -E2BIG) {
> - if (strncmp(buf, src, count - 1) != 0) {
> - pr_err("buffer state invalid for -E2BIG\n");
> - goto fail;
> - }
> - if (buf[count - 1] != '\0') {
> - pr_err("too big string is not null terminated correctly\n");
> - goto fail;
> - }
> - }
> -
> - for (i = 0; i < chars; i++) {
> - if (buf[i] != src[i]) {
> - pr_err("buf[i]==%c != src[i]==%c\n", buf[i], src[i]);
> - goto fail;
> - }
> - }
> -
> - if (terminator) {
> - if (buf[count - 1] != '\0') {
> - pr_err("string is not null terminated correctly\n");
> - goto fail;
> - }
> - }
> -
> - for (i = 0; i < pad; i++) {
> - index = chars + terminator + i;
> - if (buf[index] != '\0') {
> - pr_err("padding missing at index: %d\n", i);
> - goto fail;
> - }
> - }
> -
> - nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
> - for (i = 0; i < nr_bytes_poison; i++) {
> - index = sizeof(buf) - 1 - i; /* Check from the end back */
> - if (buf[index] != POISON) {
> - pr_err("poison value missing at index: %d\n", i);
> - goto fail;
> - }
> - }
> -
> - return 0;
> -fail:
> - failed_tests++;
> - return -1;
> -}
> -
> -static void __init selftest(void)
> -{
> - /*
> - * tc() uses a destination buffer of size 6 and needs at
> - * least 2 characters spare (one for null and one to check for
> - * overflow). This means we should only call tc() with
> - * strings up to a maximum of 4 characters long and 'count'
> - * should not exceed 4. To test with longer strings increase
> - * the buffer size in tc().
> - */
> -
> - /* tc(src, count, expected, chars, terminator, pad) */
> - KSTM_CHECK_ZERO(tc("a", 0, -E2BIG, 0, 0, 0));
> - KSTM_CHECK_ZERO(tc("", 0, -E2BIG, 0, 0, 0));
> -
> - KSTM_CHECK_ZERO(tc("a", 1, -E2BIG, 0, 1, 0));
> - KSTM_CHECK_ZERO(tc("", 1, 0, 0, 1, 0));
> -
> - KSTM_CHECK_ZERO(tc("ab", 2, -E2BIG, 1, 1, 0));
> - KSTM_CHECK_ZERO(tc("a", 2, 1, 1, 1, 0));
> - KSTM_CHECK_ZERO(tc("", 2, 0, 0, 1, 1));
> -
> - KSTM_CHECK_ZERO(tc("abc", 3, -E2BIG, 2, 1, 0));
> - KSTM_CHECK_ZERO(tc("ab", 3, 2, 2, 1, 0));
> - KSTM_CHECK_ZERO(tc("a", 3, 1, 1, 1, 1));
> - KSTM_CHECK_ZERO(tc("", 3, 0, 0, 1, 2));
> -
> - KSTM_CHECK_ZERO(tc("abcd", 4, -E2BIG, 3, 1, 0));
> - KSTM_CHECK_ZERO(tc("abc", 4, 3, 3, 1, 0));
> - KSTM_CHECK_ZERO(tc("ab", 4, 2, 2, 1, 1));
> - KSTM_CHECK_ZERO(tc("a", 4, 1, 1, 1, 2));
> - KSTM_CHECK_ZERO(tc("", 4, 0, 0, 1, 3));
> -}
> -
> -KSTM_MODULE_LOADERS(test_strscpy);
> -MODULE_AUTHOR("Tobin C. Harding <tobin@kernel.org>");
> -MODULE_LICENSE("GPL");
> --
> 2.34.1
>
@@ -8045,6 +8045,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/har
F: include/linux/fortify-string.h
F: lib/fortify_kunit.c
F: lib/memcpy_kunit.c
+F: lib/strscpy_kunit.c
F: lib/test_fortify/*
F: scripts/test_fortify.sh
K: \b__NO_FORTIFY\b
@@ -2215,9 +2215,6 @@ config STRING_SELFTEST
config TEST_STRING_HELPERS
tristate "Test functions located in the string_helpers module at runtime"
-config TEST_STRSCPY
- tristate "Test strscpy*() family of functions at runtime"
-
config TEST_KSTRTOX
tristate "Test kstrto*() family of functions at runtime"
@@ -2583,6 +2580,11 @@ config HW_BREAKPOINT_KUNIT_TEST
If unsure, say N.
+config STRSCPY_KUNIT_TEST
+ tristate "Test strscpy*() family of functions at runtime" if !KUNIT_ALL_TESTS
+ depends on KUNIT
+ default KUNIT_ALL_TESTS
+
config TEST_UDELAY
tristate "udelay test driver"
help
@@ -82,7 +82,6 @@ obj-$(CONFIG_TEST_DYNAMIC_DEBUG) += test_dynamic_debug.o
obj-$(CONFIG_TEST_PRINTF) += test_printf.o
obj-$(CONFIG_TEST_SCANF) += test_scanf.o
obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o
-obj-$(CONFIG_TEST_STRSCPY) += test_strscpy.o
obj-$(CONFIG_TEST_UUID) += test_uuid.o
obj-$(CONFIG_TEST_XARRAY) += test_xarray.o
obj-$(CONFIG_TEST_PARMAN) += test_parman.o
@@ -380,6 +379,7 @@ obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow_kunit.o
CFLAGS_stackinit_kunit.o += $(call cc-disable-warning, switch-unreachable)
obj-$(CONFIG_STACKINIT_KUNIT_TEST) += stackinit_kunit.o
obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fortify_kunit.o
+obj-$(CONFIG_STRSCPY_KUNIT_TEST) += strscpy_kunit.o
obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o
new file mode 100644
@@ -0,0 +1,129 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Kernel module for testing 'strscpy' family of functions.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <kunit/test.h>
+#include <linux/string.h>
+
+/*
+ * tc() - Run a specific test case.
+ * @src: Source string, argument to strscpy_pad()
+ * @count: Size of destination buffer, argument to strscpy_pad()
+ * @expected: Expected return value from call to strscpy_pad()
+ * @terminator: 1 if there should be a terminating null byte 0 otherwise.
+ * @chars: Number of characters from the src string expected to be
+ * written to the dst buffer.
+ * @pad: Number of pad characters expected (in the tail of dst buffer).
+ * (@pad does not include the null terminator byte.)
+ *
+ * Calls strscpy_pad() and verifies the return value and state of the
+ * destination buffer after the call returns.
+ */
+static void tc(struct kunit *test, char *src, int count, int expected,
+ int chars, int terminator, int pad)
+{
+ int nr_bytes_poison;
+ int max_expected;
+ int max_count;
+ int written;
+ char buf[6];
+ int index, i;
+ const char POISON = 'z';
+
+ KUNIT_ASSERT_TRUE_MSG(test, src != NULL,
+ "null source string not supported");
+
+ memset(buf, POISON, sizeof(buf));
+ /* Future proofing test suite, validate args */
+ max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
+ max_expected = count - 1; /* Space for the null */
+
+ KUNIT_ASSERT_LE_MSG(test, count, max_count,
+ "count (%d) is too big (%d) ... aborting", count, max_count);
+ KUNIT_EXPECT_LE_MSG(test, expected, max_expected,
+ "expected (%d) is bigger than can possibly be returned (%d)",
+ expected, max_expected);
+
+ written = strscpy_pad(buf, src, count);
+ KUNIT_ASSERT_EQ(test, written, expected);
+
+ if (count && written == -E2BIG) {
+ KUNIT_ASSERT_EQ_MSG(test, 0, strncmp(buf, src, count - 1),
+ "buffer state invalid for -E2BIG");
+ KUNIT_ASSERT_EQ_MSG(test, buf[count - 1], '\0',
+ "too big string is not null terminated correctly");
+ }
+
+ for (i = 0; i < chars; i++)
+ KUNIT_ASSERT_EQ_MSG(test, buf[i], src[i],
+ "buf[i]==%c != src[i]==%c", buf[i], src[i]);
+
+ if (terminator)
+ KUNIT_ASSERT_EQ_MSG(test, buf[count - 1], '\0',
+ "string is not null terminated correctly");
+
+ for (i = 0; i < pad; i++) {
+ index = chars + terminator + i;
+ KUNIT_ASSERT_EQ_MSG(test, buf[index], '\0',
+ "padding missing at index: %d", i);
+ }
+
+ nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
+ for (i = 0; i < nr_bytes_poison; i++) {
+ index = sizeof(buf) - 1 - i; /* Check from the end back */
+ KUNIT_ASSERT_EQ_MSG(test, buf[index], POISON,
+ "poison value missing at index: %d", i);
+ }
+}
+
+static void strscpy_test(struct kunit *test)
+{
+ /*
+ * tc() uses a destination buffer of size 6 and needs at
+ * least 2 characters spare (one for null and one to check for
+ * overflow). This means we should only call tc() with
+ * strings up to a maximum of 4 characters long and 'count'
+ * should not exceed 4. To test with longer strings increase
+ * the buffer size in tc().
+ */
+
+ /* tc(test, src, count, expected, chars, terminator, pad) */
+ tc(test, "a", 0, -E2BIG, 0, 0, 0);
+ tc(test, "", 0, -E2BIG, 0, 0, 0);
+
+ tc(test, "a", 1, -E2BIG, 0, 1, 0);
+ tc(test, "", 1, 0, 0, 1, 0);
+
+ tc(test, "ab", 2, -E2BIG, 1, 1, 0);
+ tc(test, "a", 2, 1, 1, 1, 0);
+ tc(test, "", 2, 0, 0, 1, 1);
+
+ tc(test, "abc", 3, -E2BIG, 2, 1, 0);
+ tc(test, "ab", 3, 2, 2, 1, 0);
+ tc(test, "a", 3, 1, 1, 1, 1);
+ tc(test, "", 3, 0, 0, 1, 2);
+
+ tc(test, "abcd", 4, -E2BIG, 3, 1, 0);
+ tc(test, "abc", 4, 3, 3, 1, 0);
+ tc(test, "ab", 4, 2, 2, 1, 1);
+ tc(test, "a", 4, 1, 1, 1, 2);
+ tc(test, "", 4, 0, 0, 1, 3);
+}
+
+static struct kunit_case strscpy_test_cases[] = {
+ KUNIT_CASE(strscpy_test),
+ {}
+};
+
+static struct kunit_suite strscpy_test_suite = {
+ .name = "strscpy",
+ .test_cases = strscpy_test_cases,
+};
+
+kunit_test_suite(strscpy_test_suite);
+
+MODULE_AUTHOR("Tobin C. Harding <tobin@kernel.org>");
+MODULE_LICENSE("GPL");
deleted file mode 100644
@@ -1,150 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0+
-
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-
-#include <linux/string.h>
-
-#include "../tools/testing/selftests/kselftest_module.h"
-
-/*
- * Kernel module for testing 'strscpy' family of functions.
- */
-
-KSTM_MODULE_GLOBALS();
-
-/*
- * tc() - Run a specific test case.
- * @src: Source string, argument to strscpy_pad()
- * @count: Size of destination buffer, argument to strscpy_pad()
- * @expected: Expected return value from call to strscpy_pad()
- * @terminator: 1 if there should be a terminating null byte 0 otherwise.
- * @chars: Number of characters from the src string expected to be
- * written to the dst buffer.
- * @pad: Number of pad characters expected (in the tail of dst buffer).
- * (@pad does not include the null terminator byte.)
- *
- * Calls strscpy_pad() and verifies the return value and state of the
- * destination buffer after the call returns.
- */
-static int __init tc(char *src, int count, int expected,
- int chars, int terminator, int pad)
-{
- int nr_bytes_poison;
- int max_expected;
- int max_count;
- int written;
- char buf[6];
- int index, i;
- const char POISON = 'z';
-
- total_tests++;
-
- if (!src) {
- pr_err("null source string not supported\n");
- return -1;
- }
-
- memset(buf, POISON, sizeof(buf));
- /* Future proofing test suite, validate args */
- max_count = sizeof(buf) - 2; /* Space for null and to verify overflow */
- max_expected = count - 1; /* Space for the null */
- if (count > max_count) {
- pr_err("count (%d) is too big (%d) ... aborting", count, max_count);
- return -1;
- }
- if (expected > max_expected) {
- pr_warn("expected (%d) is bigger than can possibly be returned (%d)",
- expected, max_expected);
- }
-
- written = strscpy_pad(buf, src, count);
- if ((written) != (expected)) {
- pr_err("%d != %d (written, expected)\n", written, expected);
- goto fail;
- }
-
- if (count && written == -E2BIG) {
- if (strncmp(buf, src, count - 1) != 0) {
- pr_err("buffer state invalid for -E2BIG\n");
- goto fail;
- }
- if (buf[count - 1] != '\0') {
- pr_err("too big string is not null terminated correctly\n");
- goto fail;
- }
- }
-
- for (i = 0; i < chars; i++) {
- if (buf[i] != src[i]) {
- pr_err("buf[i]==%c != src[i]==%c\n", buf[i], src[i]);
- goto fail;
- }
- }
-
- if (terminator) {
- if (buf[count - 1] != '\0') {
- pr_err("string is not null terminated correctly\n");
- goto fail;
- }
- }
-
- for (i = 0; i < pad; i++) {
- index = chars + terminator + i;
- if (buf[index] != '\0') {
- pr_err("padding missing at index: %d\n", i);
- goto fail;
- }
- }
-
- nr_bytes_poison = sizeof(buf) - chars - terminator - pad;
- for (i = 0; i < nr_bytes_poison; i++) {
- index = sizeof(buf) - 1 - i; /* Check from the end back */
- if (buf[index] != POISON) {
- pr_err("poison value missing at index: %d\n", i);
- goto fail;
- }
- }
-
- return 0;
-fail:
- failed_tests++;
- return -1;
-}
-
-static void __init selftest(void)
-{
- /*
- * tc() uses a destination buffer of size 6 and needs at
- * least 2 characters spare (one for null and one to check for
- * overflow). This means we should only call tc() with
- * strings up to a maximum of 4 characters long and 'count'
- * should not exceed 4. To test with longer strings increase
- * the buffer size in tc().
- */
-
- /* tc(src, count, expected, chars, terminator, pad) */
- KSTM_CHECK_ZERO(tc("a", 0, -E2BIG, 0, 0, 0));
- KSTM_CHECK_ZERO(tc("", 0, -E2BIG, 0, 0, 0));
-
- KSTM_CHECK_ZERO(tc("a", 1, -E2BIG, 0, 1, 0));
- KSTM_CHECK_ZERO(tc("", 1, 0, 0, 1, 0));
-
- KSTM_CHECK_ZERO(tc("ab", 2, -E2BIG, 1, 1, 0));
- KSTM_CHECK_ZERO(tc("a", 2, 1, 1, 1, 0));
- KSTM_CHECK_ZERO(tc("", 2, 0, 0, 1, 1));
-
- KSTM_CHECK_ZERO(tc("abc", 3, -E2BIG, 2, 1, 0));
- KSTM_CHECK_ZERO(tc("ab", 3, 2, 2, 1, 0));
- KSTM_CHECK_ZERO(tc("a", 3, 1, 1, 1, 1));
- KSTM_CHECK_ZERO(tc("", 3, 0, 0, 1, 2));
-
- KSTM_CHECK_ZERO(tc("abcd", 4, -E2BIG, 3, 1, 0));
- KSTM_CHECK_ZERO(tc("abc", 4, 3, 3, 1, 0));
- KSTM_CHECK_ZERO(tc("ab", 4, 2, 2, 1, 1));
- KSTM_CHECK_ZERO(tc("a", 4, 1, 1, 1, 2));
- KSTM_CHECK_ZERO(tc("", 4, 0, 0, 1, 3));
-}
-
-KSTM_MODULE_LOADERS(test_strscpy);
-MODULE_AUTHOR("Tobin C. Harding <tobin@kernel.org>");
-MODULE_LICENSE("GPL");