kunit/fortify: Do not spam logs with fortify WARNs

When running KUnit fortify tests, we're already doing precise tracking
of which warnings are getting hit. Don't fill the logs with WARNs unless
we've been explicitly built with DEBUG enabled.

Link: https://lore.kernel.org/r/20240429194342.2421639-2-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c
index 5d706529c464f74534943ae0699355c74bf4b9c0..601fa327c5b7f20493ae6b103887e10f5a91e2b8 100644 (file)
--- a/lib/fortify_kunit.c
+++ b/lib/fortify_kunit.c
@@ -15,10 +15,17 @@
  */
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+/* We don't need to fill dmesg with the fortify WARNs during testing. */
+#ifdef DEBUG
+# define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x)
+#else
+# define FORTIFY_REPORT_KUNIT(x...) do { } while (0)
+#endif
+
 /* Redefine fortify_panic() to track failures. */
 void fortify_add_kunit_error(int write);
 #define fortify_panic(func, write, avail, size, retfail) do {          \
-       __fortify_report(FORTIFY_REASON(func, write), avail, size);     \
+       FORTIFY_REPORT_KUNIT(FORTIFY_REASON(func, write), avail, size); \
        fortify_add_kunit_error(write);                                 \
        return (retfail);                                               \
 } while (0)