projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3009f89) | patch
fortify: Add compile-time FORTIFY_SOURCE tests
authorKees Cook <keescook@chromium.org>
Wed, 21 Apr 2021 06:22:52 +0000 (23:22 -0700)
committerKees Cook <keescook@chromium.org>
Mon, 18 Oct 2021 19:28:52 +0000 (12:28 -0700)
commitbe58f7103700a68d5c7ca60a2bc0b309907599ab
treed9caaca50a2c98c6458372fac636bee254b1da9etree | snapshot
parent3009f891bb9f328945ebd5b71e12df7e2467f3ddcommit | diff
fortify: Add compile-time FORTIFY_SOURCE tests

While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.

As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.

Signed-off-by: Kees Cook <keescook@chromium.org>
22 files changed:
MAINTAINERS diff | blob | blame | history
lib/.gitignore diff | blob | blame | history
lib/Makefile diff | blob | blame | history
lib/test_fortify/read_overflow-memchr.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow-memchr_inv.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow-memcmp.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow-memscan.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow2-memcmp.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow2-memcpy.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow2-memmove.c [new file with mode: 0644] blob
lib/test_fortify/test_fortify.h [new file with mode: 0644] blob
lib/test_fortify/write_overflow-memcpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-memmove.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-memset.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strcpy-lit.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strcpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strlcpy-src.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strlcpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strncpy-src.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strncpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strscpy.c [new file with mode: 0644] blob
scripts/test_fortify.sh [new file with mode: 0644] blob
Linux 6.x block layer and io_uring tree(s)