f2c6dbd220
kunit_driver_create() accepts a name for the driver, but does not copy
it, so if that name is either on the stack, or otherwise freed, we end
up with a use-after-free when the driver is cleaned up.
Instead, strdup() the name, and manage it as another KUnit allocation.
As there was no existing kunit_kstrdup(), we add one. Further, add a
kunit_ variant of strdup_const() and kfree_const(), so we don't need to
allocate and manage the string in the majority of cases where it's a
constant.
However, these are inline functions, and is_kernel_rodata() only works
for built-in code. This causes problems in two cases:
- If kunit is built as a module, __{start,end}_rodata is not defined.
- If a kunit test using these functions is built as a module, it will
suffer the same fate.
This fixes a KASAN splat with overflow.overflow_allocation_test, when
built as a module.
Restrict the is_kernel_rodata() case to when KUnit is built as a module,
which fixes the first case, at the cost of losing the optimisation.
Also, make kunit_{kstrdup,kfree}_const non-inline, so that other modules
using them will not accidentally depend on is_kernel_rodata(). If KUnit
is built-in, they'll benefit from the optimisation, if KUnit is not,
they won't, but the string will be properly duplicated.
Fixes:
|
||
---|---|---|
.. | ||
.kunitconfig | ||
assert_test.c | ||
assert.c | ||
attributes.c | ||
debugfs.c | ||
debugfs.h | ||
device-impl.h | ||
device.c | ||
executor_test.c | ||
executor.c | ||
hooks-impl.h | ||
hooks.c | ||
Kconfig | ||
kunit-example-test.c | ||
kunit-test.c | ||
Makefile | ||
resource.c | ||
static_stub.c | ||
string-stream-test.c | ||
string-stream.c | ||
string-stream.h | ||
test.c | ||
try-catch-impl.h | ||
try-catch.c | ||
user_alloc.c |