From: Kees Cook <keescook@chromium.org>
To: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Alexander Lobakin <aleksander.lobakin@intel.com>,
Andy Shevchenko <andy@kernel.org>,
Cezary Rojewski <cezary.rojewski@intel.com>,
Puyou Lu <puyou.lu@gmail.com>, Mark Brown <broonie@kernel.org>,
Brendan Higgins <brendan.higgins@linux.dev>,
David Gow <davidgow@google.com>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com
Subject: [PATCH v3 0/5] fortify: Add KUnit tests for runtime overflows
Date: Fri, 16 Feb 2024 20:48:23 -0800 [thread overview]
Message-ID: <20240217043535.make.664-kees@kernel.org> (raw)
Hi,
This series is the rest of the v2 series that was half landed last year,
and finally introduces KUnit runtime testing of the CONFIG_FORTIFY_SOURCE
APIs. Additionally FORTIFY failure messages are improved to give more
context about read/write and sizes.
-Kees
v3
- rebase (goodbye strlcpy)
- avoid extra macros for replacing fortify_panic() (nick)
- generally clean up macro usage
- avoid build warnings when testing known overflow conditions
v2 https://lore.kernel.org/all/20230407192717.636137-10-keescook@chromium.org/
v1 https://lore.kernel.org/lkml/20230405235832.never.487-kees@kernel.org/
Kees Cook (5):
fortify: Split reporting and avoid passing string pointer
fortify: Allow KUnit test to build without FORTIFY
fortify: Provide KUnit counters for failure testing
fortify: Add KUnit tests for runtime overflows
fortify: Improve buffer overflow reporting
arch/arm/boot/compressed/misc.c | 2 +-
arch/x86/boot/compressed/misc.c | 2 +-
include/linux/fortify-string.h | 100 +++--
lib/Kconfig.debug | 2 +-
lib/Makefile | 1 +
lib/fortify_kunit.c | 662 +++++++++++++++++++++++++++++++-
lib/string_helpers.c | 26 +-
tools/objtool/noreturns.h | 2 +-
8 files changed, 761 insertions(+), 36 deletions(-)
--
2.34.1
next reply other threads:[~2024-02-17 4:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-17 4:48 Kees Cook [this message]
2024-02-17 4:48 ` [PATCH v3 1/5] fortify: Split reporting and avoid passing string pointer Kees Cook
2024-02-17 4:48 ` [PATCH v3 2/5] fortify: Allow KUnit test to build without FORTIFY Kees Cook
2024-02-17 4:48 ` [PATCH v3 3/5] fortify: Provide KUnit counters for failure testing Kees Cook
2024-02-17 4:48 ` [PATCH v3 4/5] fortify: Add KUnit tests for runtime overflows Kees Cook
2024-02-17 4:48 ` [PATCH v3 5/5] fortify: Improve buffer overflow reporting Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240217043535.make.664-kees@kernel.org \
--to=keescook@chromium.org \
--cc=aleksander.lobakin@intel.com \
--cc=andy@kernel.org \
--cc=brendan.higgins@linux.dev \
--cc=broonie@kernel.org \
--cc=cezary.rojewski@intel.com \
--cc=davidgow@google.com \
--cc=kunit-dev@googlegroups.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ndesaulniers@google.com \
--cc=puyou.lu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).