* [PATCH] um: Enable FORTIFY_SOURCE
@ 2022-02-10 0:32 Kees Cook
2022-02-10 1:37 ` David Gow
0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2022-02-10 0:32 UTC (permalink / raw)
To: Jeff Dike
Cc: Kees Cook, Richard Weinberger, Anton Ivanov, David Gow,
linux-kernel, linux-kselftest, kunit-dev, linux-um,
linux-hardening
Enable FORTIFY_SOURCE so running Kunit tests can test fortified
functions.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/um/Kconfig | 1 +
arch/um/os-Linux/user_syms.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index 4d398b80aea8..746e661395d7 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -9,6 +9,7 @@ config UML
select ARCH_HAS_KCOV
select ARCH_HAS_STRNCPY_FROM_USER
select ARCH_HAS_STRNLEN_USER
+ select ARCH_HAS_FORTIFY_SOURCE
select ARCH_NO_PREEMPT
select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_SECCOMP_FILTER
diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c
index 715594fe5719..d9845b5219ce 100644
--- a/arch/um/os-Linux/user_syms.c
+++ b/arch/um/os-Linux/user_syms.c
@@ -1,4 +1,5 @@
// SPDX-License-Identifier: GPL-2.0
+#define __NO_FORTIFY
#include <linux/types.h>
#include <linux/module.h>
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] um: Enable FORTIFY_SOURCE
2022-02-10 0:32 [PATCH] um: Enable FORTIFY_SOURCE Kees Cook
@ 2022-02-10 1:37 ` David Gow
0 siblings, 0 replies; 3+ messages in thread
From: David Gow @ 2022-02-10 1:37 UTC (permalink / raw)
To: Kees Cook
Cc: Jeff Dike, Richard Weinberger, Anton Ivanov,
Linux Kernel Mailing List, open list:KERNEL SELFTEST FRAMEWORK,
KUnit Development, linux-um, linux-hardening
[-- Attachment #1: Type: text/plain, Size: 1508 bytes --]
On Thu, Feb 10, 2022 at 8:32 AM Kees Cook <keescook@chromium.org> wrote:
>
> Enable FORTIFY_SOURCE so running Kunit tests can test fortified
> functions.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
Thanks -- I was successfully able to run KUnit tests with
FORTIFY_SOURCE with this, and added some errors which it caught.
It might be worth noting that FORTIFY_SOURCE isn't enabled by default
under KUnit with this patch, though it's possible to use it with
./tools/testing/kunit/kunit.py run --kconfig_add CONFIG_FORTIFY_SOURCE=y
Tested-by: David Gow <davidgow@google.com>
Cheers,
-- David
> arch/um/Kconfig | 1 +
> arch/um/os-Linux/user_syms.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/arch/um/Kconfig b/arch/um/Kconfig
> index 4d398b80aea8..746e661395d7 100644
> --- a/arch/um/Kconfig
> +++ b/arch/um/Kconfig
> @@ -9,6 +9,7 @@ config UML
> select ARCH_HAS_KCOV
> select ARCH_HAS_STRNCPY_FROM_USER
> select ARCH_HAS_STRNLEN_USER
> + select ARCH_HAS_FORTIFY_SOURCE
> select ARCH_NO_PREEMPT
> select HAVE_ARCH_AUDITSYSCALL
> select HAVE_ARCH_SECCOMP_FILTER
> diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c
> index 715594fe5719..d9845b5219ce 100644
> --- a/arch/um/os-Linux/user_syms.c
> +++ b/arch/um/os-Linux/user_syms.c
> @@ -1,4 +1,5 @@
> // SPDX-License-Identifier: GPL-2.0
> +#define __NO_FORTIFY
> #include <linux/types.h>
> #include <linux/module.h>
>
> --
> 2.30.2
>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4003 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] um: Enable FORTIFY_SOURCE
@ 2022-02-10 1:37 ` David Gow
0 siblings, 0 replies; 3+ messages in thread
From: David Gow @ 2022-02-10 1:37 UTC (permalink / raw)
To: Kees Cook
Cc: Jeff Dike, Richard Weinberger, Anton Ivanov,
Linux Kernel Mailing List, open list:KERNEL SELFTEST FRAMEWORK,
KUnit Development, linux-um, linux-hardening
[-- Attachment #1.1: Type: text/plain, Size: 1508 bytes --]
On Thu, Feb 10, 2022 at 8:32 AM Kees Cook <keescook@chromium.org> wrote:
>
> Enable FORTIFY_SOURCE so running Kunit tests can test fortified
> functions.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
Thanks -- I was successfully able to run KUnit tests with
FORTIFY_SOURCE with this, and added some errors which it caught.
It might be worth noting that FORTIFY_SOURCE isn't enabled by default
under KUnit with this patch, though it's possible to use it with
./tools/testing/kunit/kunit.py run --kconfig_add CONFIG_FORTIFY_SOURCE=y
Tested-by: David Gow <davidgow@google.com>
Cheers,
-- David
> arch/um/Kconfig | 1 +
> arch/um/os-Linux/user_syms.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/arch/um/Kconfig b/arch/um/Kconfig
> index 4d398b80aea8..746e661395d7 100644
> --- a/arch/um/Kconfig
> +++ b/arch/um/Kconfig
> @@ -9,6 +9,7 @@ config UML
> select ARCH_HAS_KCOV
> select ARCH_HAS_STRNCPY_FROM_USER
> select ARCH_HAS_STRNLEN_USER
> + select ARCH_HAS_FORTIFY_SOURCE
> select ARCH_NO_PREEMPT
> select HAVE_ARCH_AUDITSYSCALL
> select HAVE_ARCH_SECCOMP_FILTER
> diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c
> index 715594fe5719..d9845b5219ce 100644
> --- a/arch/um/os-Linux/user_syms.c
> +++ b/arch/um/os-Linux/user_syms.c
> @@ -1,4 +1,5 @@
> // SPDX-License-Identifier: GPL-2.0
> +#define __NO_FORTIFY
> #include <linux/types.h>
> #include <linux/module.h>
>
> --
> 2.30.2
>
[-- Attachment #1.2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4003 bytes --]
[-- Attachment #2: Type: text/plain, Size: 152 bytes --]
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-10 2:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-10 0:32 [PATCH] um: Enable FORTIFY_SOURCE Kees Cook
2022-02-10 1:37 ` David Gow
2022-02-10 1:37 ` David Gow
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.