From: David Gow davidgow@google.com
Currently, KUnit's string streams are themselves "KUnit resources". This is redundant since the stream itself is already allocated with kunit_kzalloc() and will thus be freed automatically at the end of the test.
string-stream is only used internally within KUnit, and isn't using the extra features that resources provide like reference counting, being able to locate them dynamically as "test-local variables", etc.
Indeed, the resource's refcount is never incremented when the pointer is returned. The fact that it's always manually destroyed is more evidence that the reference counting is unused.
Signed-off-by: David Gow davidgow@google.com Signed-off-by: Daniel Latypov dlatypov@google.com --- lib/kunit/string-stream.c | 90 +++++++-------------------------------- lib/kunit/string-stream.h | 2 +- lib/kunit/test.c | 2 +- 3 files changed, 18 insertions(+), 76 deletions(-)
diff --git a/lib/kunit/string-stream.c b/lib/kunit/string-stream.c index 141789ca8949..a2496abef152 100644 --- a/lib/kunit/string-stream.c +++ b/lib/kunit/string-stream.c @@ -12,64 +12,31 @@
#include "string-stream.h"
-struct string_stream_fragment_alloc_context { - struct kunit *test; - int len; - gfp_t gfp; -};
-static int string_stream_fragment_init(struct kunit_resource *res, - void *context) +static struct string_stream_fragment *alloc_string_stream_fragment( + struct kunit *test, int len, gfp_t gfp) { - struct string_stream_fragment_alloc_context *ctx = context; struct string_stream_fragment *frag;
- frag = kunit_kzalloc(ctx->test, sizeof(*frag), ctx->gfp); + frag = kunit_kzalloc(test, sizeof(*frag), gfp); if (!frag) - return -ENOMEM; + return ERR_PTR(-ENOMEM);
- frag->test = ctx->test; - frag->fragment = kunit_kmalloc(ctx->test, ctx->len, ctx->gfp); + frag->test = test; + frag->fragment = kunit_kmalloc(test, len, gfp); if (!frag->fragment) - return -ENOMEM; + return ERR_PTR(-ENOMEM);
- res->data = frag; - - return 0; + return frag; }
-static void string_stream_fragment_free(struct kunit_resource *res) +static void string_stream_fragment_destroy(struct string_stream_fragment *frag) { - struct string_stream_fragment *frag = res->data; - list_del(&frag->node); kunit_kfree(frag->test, frag->fragment); kunit_kfree(frag->test, frag); }
-static struct string_stream_fragment *alloc_string_stream_fragment( - struct kunit *test, int len, gfp_t gfp) -{ - struct string_stream_fragment_alloc_context context = { - .test = test, - .len = len, - .gfp = gfp - }; - - return kunit_alloc_resource(test, - string_stream_fragment_init, - string_stream_fragment_free, - gfp, - &context); -} - -static int string_stream_fragment_destroy(struct string_stream_fragment *frag) -{ - return kunit_destroy_resource(frag->test, - kunit_resource_instance_match, - frag); -} - int string_stream_vadd(struct string_stream *stream, const char *fmt, va_list args) @@ -169,48 +136,23 @@ struct string_stream_alloc_context { gfp_t gfp; };
-static int string_stream_init(struct kunit_resource *res, void *context) +struct string_stream *alloc_string_stream(struct kunit *test, gfp_t gfp) { struct string_stream *stream; - struct string_stream_alloc_context *ctx = context;
- stream = kunit_kzalloc(ctx->test, sizeof(*stream), ctx->gfp); + stream = kunit_kzalloc(test, sizeof(*stream), gfp); if (!stream) - return -ENOMEM; + return ERR_PTR(-ENOMEM);
- res->data = stream; - stream->gfp = ctx->gfp; - stream->test = ctx->test; + stream->gfp = gfp; + stream->test = test; INIT_LIST_HEAD(&stream->fragments); spin_lock_init(&stream->lock);
- return 0; + return stream; }
-static void string_stream_free(struct kunit_resource *res) +void string_stream_destroy(struct string_stream *stream) { - struct string_stream *stream = res->data; - string_stream_clear(stream); } - -struct string_stream *alloc_string_stream(struct kunit *test, gfp_t gfp) -{ - struct string_stream_alloc_context context = { - .test = test, - .gfp = gfp - }; - - return kunit_alloc_resource(test, - string_stream_init, - string_stream_free, - gfp, - &context); -} - -int string_stream_destroy(struct string_stream *stream) -{ - return kunit_destroy_resource(stream->test, - kunit_resource_instance_match, - stream); -} diff --git a/lib/kunit/string-stream.h b/lib/kunit/string-stream.h index 43f9508a55b4..494dee0f24bd 100644 --- a/lib/kunit/string-stream.h +++ b/lib/kunit/string-stream.h @@ -46,6 +46,6 @@ int string_stream_append(struct string_stream *stream,
bool string_stream_is_empty(struct string_stream *stream);
-int string_stream_destroy(struct string_stream *stream); +void string_stream_destroy(struct string_stream *stream);
#endif /* _KUNIT_STRING_STREAM_H */ diff --git a/lib/kunit/test.c b/lib/kunit/test.c index b73d5bb5c473..0fb2771ca03e 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -267,7 +267,7 @@ static void kunit_fail(struct kunit *test, const struct kunit_loc *loc,
kunit_print_string_stream(test, stream);
- WARN_ON(string_stream_destroy(stream)); + string_stream_destroy(stream); }
static void __noreturn kunit_abort(struct kunit *test)
base-commit: 94681e289bf5d10c9db9db143d1a22d8717205c5
We already store the `struct kunit *test` in the string_stream object itself, so we need don't need to store a copy of this pointer in every fragment in the stream.
Drop it, getting string_stream_fragment down the bare minimum: a list_head and the `char *` with the actual fragment.
Signed-off-by: Daniel Latypov dlatypov@google.com --- lib/kunit/string-stream.c | 10 +++++----- lib/kunit/string-stream.h | 1 - 2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/lib/kunit/string-stream.c b/lib/kunit/string-stream.c index a2496abef152..f5ae79c37400 100644 --- a/lib/kunit/string-stream.c +++ b/lib/kunit/string-stream.c @@ -22,7 +22,6 @@ static struct string_stream_fragment *alloc_string_stream_fragment( if (!frag) return ERR_PTR(-ENOMEM);
- frag->test = test; frag->fragment = kunit_kmalloc(test, len, gfp); if (!frag->fragment) return ERR_PTR(-ENOMEM); @@ -30,11 +29,12 @@ static struct string_stream_fragment *alloc_string_stream_fragment( return frag; }
-static void string_stream_fragment_destroy(struct string_stream_fragment *frag) +static void string_stream_fragment_destroy(struct kunit *test, + struct string_stream_fragment *frag) { list_del(&frag->node); - kunit_kfree(frag->test, frag->fragment); - kunit_kfree(frag->test, frag); + kunit_kfree(test, frag->fragment); + kunit_kfree(test, frag); }
int string_stream_vadd(struct string_stream *stream, @@ -89,7 +89,7 @@ static void string_stream_clear(struct string_stream *stream) frag_container_safe, &stream->fragments, node) { - string_stream_fragment_destroy(frag_container); + string_stream_fragment_destroy(stream->test, frag_container); } stream->length = 0; spin_unlock(&stream->lock); diff --git a/lib/kunit/string-stream.h b/lib/kunit/string-stream.h index 494dee0f24bd..b669f9a75a94 100644 --- a/lib/kunit/string-stream.h +++ b/lib/kunit/string-stream.h @@ -14,7 +14,6 @@ #include <linux/stdarg.h>
struct string_stream_fragment { - struct kunit *test; struct list_head node; char *fragment; };
On Fri, Jul 22, 2022 at 2:02 AM 'Daniel Latypov' via KUnit Development kunit-dev@googlegroups.com wrote:
We already store the `struct kunit *test` in the string_stream object itself, so we need don't need to store a copy of this pointer in every fragment in the stream.
Drop it, getting string_stream_fragment down the bare minimum: a list_head and the `char *` with the actual fragment.
Signed-off-by: Daniel Latypov dlatypov@google.com
Yup, this is definitely redundant now. Thanks!
Reviewed-by: David Gow davidgow@google.com
Cheers, -- David
lib/kunit/string-stream.c | 10 +++++----- lib/kunit/string-stream.h | 1 - 2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/lib/kunit/string-stream.c b/lib/kunit/string-stream.c index a2496abef152..f5ae79c37400 100644 --- a/lib/kunit/string-stream.c +++ b/lib/kunit/string-stream.c @@ -22,7 +22,6 @@ static struct string_stream_fragment *alloc_string_stream_fragment( if (!frag) return ERR_PTR(-ENOMEM);
frag->test = test; frag->fragment = kunit_kmalloc(test, len, gfp); if (!frag->fragment) return ERR_PTR(-ENOMEM);
@@ -30,11 +29,12 @@ static struct string_stream_fragment *alloc_string_stream_fragment( return frag; }
-static void string_stream_fragment_destroy(struct string_stream_fragment *frag) +static void string_stream_fragment_destroy(struct kunit *test,
struct string_stream_fragment *frag)
{ list_del(&frag->node);
kunit_kfree(frag->test, frag->fragment);
kunit_kfree(frag->test, frag);
kunit_kfree(test, frag->fragment);
kunit_kfree(test, frag);
}
int string_stream_vadd(struct string_stream *stream, @@ -89,7 +89,7 @@ static void string_stream_clear(struct string_stream *stream) frag_container_safe, &stream->fragments, node) {
string_stream_fragment_destroy(frag_container);
string_stream_fragment_destroy(stream->test, frag_container); } stream->length = 0; spin_unlock(&stream->lock);
diff --git a/lib/kunit/string-stream.h b/lib/kunit/string-stream.h index 494dee0f24bd..b669f9a75a94 100644 --- a/lib/kunit/string-stream.h +++ b/lib/kunit/string-stream.h @@ -14,7 +14,6 @@ #include <linux/stdarg.h>
struct string_stream_fragment {
struct kunit *test; struct list_head node; char *fragment;
};
2.37.1.359.gd136c6c3e2-goog
-- You received this message because you are subscribed to the Google Groups "KUnit Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to kunit-dev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/kunit-dev/20220721180214.3223778-2-dlatypo....
kunit_kfree() exists to clean up allocations from kunit_kmalloc() and friends early instead of waiting for this to happen automatically at the end of the test.
But it can be used on *anything* registered with the kunit resource API.
E.g. the last 2 statements are equivalent: struct kunit_resource *res = something(); kfree(res->data); kunit_put_resource(res);
The problem is that there could be multiple resources that point to the same `data`.
E.g. you can have a named resource acting as a pseudo-global variable in a test. If you point it to data allocated with kunit_kmalloc(), then calling `kunit_kfree(ptr)` has the chance to delete either the named resource or to kfree `ptr`. Which one it does depends on the order the resources are registered as kunit_kfree() will delete resources in LIFO order.
So this patch restricts kunit_kfree() to only working on resources created by kunit_kmalloc(). Calling it is therefore guaranteed to free the memory, not do anything else.
Note: kunit_resource_instance_match() wasn't used outside of KUnit, so it should be safe to remove from the public interface. It's also generally dangerous, as shown above, and shouldn't be used.
Signed-off-by: Daniel Latypov dlatypov@google.com --- include/kunit/resource.h | 16 ---------------- lib/kunit/kunit-test.c | 7 +++++++ lib/kunit/test.c | 10 ++++++++-- 3 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/include/kunit/resource.h b/include/kunit/resource.h index 09c2b34d1c61..cf6fb8f2ac1b 100644 --- a/include/kunit/resource.h +++ b/include/kunit/resource.h @@ -300,22 +300,6 @@ typedef bool (*kunit_resource_match_t)(struct kunit *test, struct kunit_resource *res, void *match_data);
-/** - * kunit_resource_instance_match() - Match a resource with the same instance. - * @test: Test case to which the resource belongs. - * @res: The resource. - * @match_data: The resource pointer to match against. - * - * An instance of kunit_resource_match_t that matches a resource whose - * allocation matches @match_data. - */ -static inline bool kunit_resource_instance_match(struct kunit *test, - struct kunit_resource *res, - void *match_data) -{ - return res->data == match_data; -} - /** * kunit_resource_name_match() - Match a resource with the same name. * @test: Test case to which the resource belongs. diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c index 13d0bd8b07a9..4df0335d0d06 100644 --- a/lib/kunit/kunit-test.c +++ b/lib/kunit/kunit-test.c @@ -161,6 +161,13 @@ static void kunit_resource_test_alloc_resource(struct kunit *test) kunit_put_resource(res); }
+static inline bool kunit_resource_instance_match(struct kunit *test, + struct kunit_resource *res, + void *match_data) +{ + return res->data == match_data; +} + /* * Note: tests below use kunit_alloc_and_get_resource(), so as a consequence * they have a reference to the associated resource that they must release diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 0fb2771ca03e..82019a78462e 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -689,12 +689,18 @@ void *kunit_kmalloc_array(struct kunit *test, size_t n, size_t size, gfp_t gfp) } EXPORT_SYMBOL_GPL(kunit_kmalloc_array);
+static inline bool kunit_kfree_match(struct kunit *test, + struct kunit_resource *res, void *match_data) +{ + /* Only match resources allocated with kunit_kmalloc() and friends. */ + return res->free == kunit_kmalloc_array_free && res->data == match_data; +} + void kunit_kfree(struct kunit *test, const void *ptr) { struct kunit_resource *res;
- res = kunit_find_resource(test, kunit_resource_instance_match, - (void *)ptr); + res = kunit_find_resource(test, kunit_kfree_match, (void *)ptr);
/* * Removing the resource from the list of resources drops the
On Fri, Jul 22, 2022 at 2:02 AM 'Daniel Latypov' via KUnit Development kunit-dev@googlegroups.com wrote:
kunit_kfree() exists to clean up allocations from kunit_kmalloc() and friends early instead of waiting for this to happen automatically at the end of the test.
But it can be used on *anything* registered with the kunit resource API.
E.g. the last 2 statements are equivalent: struct kunit_resource *res = something(); kfree(res->data); kunit_put_resource(res);
The problem is that there could be multiple resources that point to the same `data`.
E.g. you can have a named resource acting as a pseudo-global variable in a test. If you point it to data allocated with kunit_kmalloc(), then calling `kunit_kfree(ptr)` has the chance to delete either the named resource or to kfree `ptr`. Which one it does depends on the order the resources are registered as kunit_kfree() will delete resources in LIFO order.
So this patch restricts kunit_kfree() to only working on resources created by kunit_kmalloc(). Calling it is therefore guaranteed to free the memory, not do anything else.
Note: kunit_resource_instance_match() wasn't used outside of KUnit, so it should be safe to remove from the public interface. It's also generally dangerous, as shown above, and shouldn't be used.
Signed-off-by: Daniel Latypov dlatypov@google.com
This is basically part of a sneaky, but sensible trend to make resources more obviously "typed". Given how many issues that can cause, this is definitely a worthwhile change.
I have some plans to further refactor some of the resources stuff down the line (and to improve the documentation somewhat), so something not dissimilar to this was going to happen eventually.
In any case, Reviewed-by: David Gow davidgow@google.com
Cheers, -- David
include/kunit/resource.h | 16 ---------------- lib/kunit/kunit-test.c | 7 +++++++ lib/kunit/test.c | 10 ++++++++-- 3 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/include/kunit/resource.h b/include/kunit/resource.h index 09c2b34d1c61..cf6fb8f2ac1b 100644 --- a/include/kunit/resource.h +++ b/include/kunit/resource.h @@ -300,22 +300,6 @@ typedef bool (*kunit_resource_match_t)(struct kunit *test, struct kunit_resource *res, void *match_data);
-/**
- kunit_resource_instance_match() - Match a resource with the same instance.
- @test: Test case to which the resource belongs.
- @res: The resource.
- @match_data: The resource pointer to match against.
- An instance of kunit_resource_match_t that matches a resource whose
- allocation matches @match_data.
- */
-static inline bool kunit_resource_instance_match(struct kunit *test,
struct kunit_resource *res,
void *match_data)
-{
return res->data == match_data;
-}
/**
- kunit_resource_name_match() - Match a resource with the same name.
- @test: Test case to which the resource belongs.
diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c index 13d0bd8b07a9..4df0335d0d06 100644 --- a/lib/kunit/kunit-test.c +++ b/lib/kunit/kunit-test.c @@ -161,6 +161,13 @@ static void kunit_resource_test_alloc_resource(struct kunit *test) kunit_put_resource(res); }
+static inline bool kunit_resource_instance_match(struct kunit *test,
struct kunit_resource *res,
void *match_data)
+{
return res->data == match_data;
+}
/*
- Note: tests below use kunit_alloc_and_get_resource(), so as a consequence
- they have a reference to the associated resource that they must release
diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 0fb2771ca03e..82019a78462e 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -689,12 +689,18 @@ void *kunit_kmalloc_array(struct kunit *test, size_t n, size_t size, gfp_t gfp) } EXPORT_SYMBOL_GPL(kunit_kmalloc_array);
+static inline bool kunit_kfree_match(struct kunit *test,
struct kunit_resource *res, void *match_data)
+{
/* Only match resources allocated with kunit_kmalloc() and friends. */
return res->free == kunit_kmalloc_array_free && res->data == match_data;
+}
void kunit_kfree(struct kunit *test, const void *ptr) { struct kunit_resource *res;
res = kunit_find_resource(test, kunit_resource_instance_match,
(void *)ptr);
res = kunit_find_resource(test, kunit_kfree_match, (void *)ptr); /* * Removing the resource from the list of resources drops the
-- 2.37.1.359.gd136c6c3e2-goog
-- You received this message because you are subscribed to the Google Groups "KUnit Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to kunit-dev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/kunit-dev/20220721180214.3223778-3-dlatypo....
kunit_kfree() can only work on data ("resources") allocated by KUnit.
Currently for code like this,
void *ptr = kmalloc(4, GFP_KERNEL); kunit_kfree(test, ptr);
kunit_kfree() will segfault.
It'll try and look up the kunit_resource associated with `ptr` and get a NULL back, but it won't check for this. This means we also segfault if you double-free.
Change kunit_kfree() so it'll notice these invalid pointers and respond by failing the test.
Implementation: kunit_destroy_resource() does what kunit_kfree() does, but is more generic and returns -ENOENT when it can't find the resource. Sadly, unlike just letting it crash, this means we don't get a stack trace. But kunit_kfree() is so infrequently used it shouldn't be hard to track down the bad callsite anyways.
After this change, the above code gives:
# example_simple_test: EXPECTATION FAILED at lib/kunit/test.c:702 kunit_kfree: 00000000626ec200 already freed or not allocated by kunit
Signed-off-by: Daniel Latypov dlatypov@google.com --- lib/kunit/test.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 82019a78462e..c7ca87484968 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -698,18 +698,8 @@ static inline bool kunit_kfree_match(struct kunit *test,
void kunit_kfree(struct kunit *test, const void *ptr) { - struct kunit_resource *res; - - res = kunit_find_resource(test, kunit_kfree_match, (void *)ptr); - - /* - * Removing the resource from the list of resources drops the - * reference count to 1; the final put will trigger the free. - */ - kunit_remove_resource(test, res); - - kunit_put_resource(res); - + if (kunit_destroy_resource(test, kunit_kfree_match, (void *)ptr)) + KUNIT_FAIL(test, "kunit_kfree: %px already freed or not allocated by kunit", ptr); } EXPORT_SYMBOL_GPL(kunit_kfree);
(Nit: typo in the subject line "knuit_free" --> "kunit_free" On Fri, Jul 22, 2022 at 2:02 AM Daniel Latypov dlatypov@google.com wrote:
kunit_kfree() can only work on data ("resources") allocated by KUnit.
Currently for code like this,
void *ptr = kmalloc(4, GFP_KERNEL); kunit_kfree(test, ptr);
kunit_kfree() will segfault.
It'll try and look up the kunit_resource associated with `ptr` and get a NULL back, but it won't check for this. This means we also segfault if you double-free.
Personally, I don't think the case of people calling kunit_kfree() on pointers allocated with kmalloc() is too worrying, but I do think we should error more gracefully in cases like double-frees (and maybe handle kfree(NULL) situations).
Change kunit_kfree() so it'll notice these invalid pointers and respond by failing the test.
Implementation: kunit_destroy_resource() does what kunit_kfree() does, but is more generic and returns -ENOENT when it can't find the resource. Sadly, unlike just letting it crash, this means we don't get a stack trace. But kunit_kfree() is so infrequently used it shouldn't be hard to track down the bad callsite anyways.
One day we should look into printing stacktraces on failed expectations... It could be spammy in some cases, but it'd be nice to have the option for things like this.
After this change, the above code gives:
# example_simple_test: EXPECTATION FAILED at lib/kunit/test.c:702 kunit_kfree: 00000000626ec200 already freed or not allocated by kunit
Signed-off-by: Daniel Latypov dlatypov@google.com
Looks good to me: this is both more correct and so much simpler as a function. I can live without the nitpicks fixed.
Reviewed-by: David Gow davidgow@google.com
Thanks! -- David
lib/kunit/test.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 82019a78462e..c7ca87484968 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -698,18 +698,8 @@ static inline bool kunit_kfree_match(struct kunit *test,
void kunit_kfree(struct kunit *test, const void *ptr) {
struct kunit_resource *res;
res = kunit_find_resource(test, kunit_kfree_match, (void *)ptr);
/*
* Removing the resource from the list of resources drops the
* reference count to 1; the final put will trigger the free.
*/
kunit_remove_resource(test, res);
kunit_put_resource(res);
if (kunit_destroy_resource(test, kunit_kfree_match, (void *)ptr))
KUNIT_FAIL(test, "kunit_kfree: %px already freed or not allocated by kunit", ptr);
_Maybe_ we should no-op if ptr is NULL. I think it's legal for free()/kfree(), and while I don't see much use of it for kunit tests, maybe it'll save someone confusion down the road.
But I could live with it either way...
} EXPORT_SYMBOL_GPL(kunit_kfree);
-- 2.37.1.359.gd136c6c3e2-goog
On Fri, Jul 22, 2022 at 12:35 AM David Gow davidgow@google.com wrote:
_Maybe_ we should no-op if ptr is NULL. I think it's legal for free()/kfree(), and while I don't see much use of it for kunit tests, maybe it'll save someone confusion down the road.
But I could live with it either way...
That's a good point. kfree(NULL) is indeed a no-op.
I can see someone writing a parameterized test w/ some code like char *buffer = NULL; if (param->use_buffer) buffer = kunit_kzalloc(test, 10, GFP_KERNEL); ... kunit_kfree(test, buffer); and they'd have every reason to think this should just work.
I think I'll tack this on as an extra patch and send a v2 w/ the commit subject for this one fixed.
linux-kselftest-mirror@lists.linaro.org