From nobody Fri Dec 19 01:09:15 2025 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC51E13B299 for ; Mon, 29 Apr 2024 19:43:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714419827; cv=none; b=oVxAzalv19mqpgTHo/UQFEGO/8odG+JoeTF3LHpenDoiQgdWMEYpFYBNHb7Fa262Ih7zSU95LTh3mj4Hz1WYkyqalf8KpS1Y3kFs0/LOro2AHxHfugVQOmWKztoRlp0FJ/hppO7nXB/bxvg0kWllgRFU2qsKXniE6GegHpBgNpM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714419827; c=relaxed/simple; bh=JUpgKGKNZbsX+goUd06248PhOZ+lxWWD96tmeNIMNOQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nRhl3uant3I4EBOmgWS/K9RdKCLmHt5yW8XIYxFNEyXOVXiIH58nHHswgvLNhpE3YbLBEzneuxoBBR9hc8iG8Qbjj5Ti8Aejr/3m00oXthr1yvyKhPwCqKwBa1bfr0o3KlELSsd92vV9uJs8l9xl36eGIuIBv0L23y7v7Xwt0tg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=C0G1ja+E; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="C0G1ja+E" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1e3e84a302eso36876665ad.0 for ; Mon, 29 Apr 2024 12:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1714419825; x=1715024625; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zRYBya/NOm9RXOTNWuX4vwtPazKcBlRxHRUkoGXSiKM=; b=C0G1ja+E7piSwauJ5UZWpViKCRtkNRQ8UgPbvJW8sU3du7qPcDTigUlrn1coQw1ULU Ai/seyhuX1zMFRSBXE3ura4eZr2esSTbaMbKl9gZ+OShjv5uHHLZBXQa3j0RBULVN4p9 +MCUIRZMP1DZUPWF/bQVGJ5esGefh9FfKACfg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714419825; x=1715024625; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zRYBya/NOm9RXOTNWuX4vwtPazKcBlRxHRUkoGXSiKM=; b=s7dJsXdyk6OEUXCKqVC3S8hLiNDLKOVKz2l8BjPP/SA6/NMWzNfBKTnv+zdlcI4IOw SAbskOxbIjELXX0bitqAH9Vdqu5HNgJJzGV7tT+LqtxT65z5em9+U0GwgbxCQkH1ktT8 qkH+3PTdeFzZm0dwUSD2xihwijRxU7uDT38U83keD/3cvN6Yz/zPAEovpK1mhcy60vck J0wkvVv8WEYXrE62/nPY+EBW+uvlaNtNDpuM5H75h2tAVXg2awMUDueg3PAK9u/uTAgn qMITIJzgoKpW1DqN6AOtv84axqQe7zermsx9TZdd0c9Cx4mS0+2JuCyQn9LCngJ7yW6C 8+zQ== X-Forwarded-Encrypted: i=1; AJvYcCWxMaPbcVRVBpSOHMu/jF1J0Rued3rDF1oa6VJFbZ+JZ3+jESU2IDVdHGma3dRpEs9UzPEMv55pwOWyKBJtC0WDGKKJCTJHoRpOeMYX X-Gm-Message-State: AOJu0YwJNL0b7ya1XubpW2u2SkV72dmm6NE5fPbVnildPyBf2VtqZhfM qcsDXNY8EEwzLTXYp742SPn35ElpUWFvNufG8/Kb2z6CaM6sOx3C83JnPy+oiA== X-Google-Smtp-Source: AGHT+IEyC7ogmQtpfq2jo163UzMRiI3EiBb8cTzX64dp7MosCyMenO8FJJ+ZXzfk/yzWptwVIRo+Ig== X-Received: by 2002:a17:903:2283:b0:1eb:152a:5a6e with SMTP id b3-20020a170903228300b001eb152a5a6emr12905147plh.3.1714419824877; Mon, 29 Apr 2024 12:43:44 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id kk4-20020a170903070400b001e245d90d6fsm20746055plb.59.2024.04.29.12.43.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 12:43:43 -0700 (PDT) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , "Gustavo A. R. Silva" , linux-kernel@vger.kernel.org Subject: [PATCH 1/3] kunit/fortify: Rename tests to use recommended conventions Date: Mon, 29 Apr 2024 12:43:39 -0700 Message-Id: <20240429194342.2421639-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240429194019.work.664-kees@kernel.org> References: <20240429194019.work.664-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7993; i=keescook@chromium.org; h=from:subject; bh=JUpgKGKNZbsX+goUd06248PhOZ+lxWWD96tmeNIMNOQ=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmL/ht3kH8jQ6I7GxOBKaT2BHrhS0HCqY8ttL3e N5+zsXoDrOJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZi/4bQAKCRCJcvTf3G3A Jjb6D/4xa6k2pRKjbWYWw+EZDTEriLKigrM+f7KCMCkw9VXD3I8Xor/2q0DK8VvwjfUloRRpMNO nzPUHrgUCFPi8t65MWNmGrWnKEtFVfBAABh0gs6o3yQDVPE/ITCwqJ7uQP2V4xxwqxadJ9vPiho 24+nE4GW1DDd16YnWhDSG0owW9chrw/m3uO6QhsOvVrRBOOrPN2Jry8E2fK0nEJnWcWylerHO14 nyVs8wIppyuyJipDGCbBkmFqQdW66F2A8DLmpXC39GY2dMM5OdZtbehGDPxxE9Dyhax2I3TaMnb WWR+lNexeyPxdSOpMFGVVLdynmIqDT6pgheulUUFq7nRHBFZHMwcLk1qOHNZddih2SaH8vEjvVg 8JcqyxJb9N/B+V/cv44g2Sj9Tg0gSRmIPgKGfWkVC/tj6T6mFjhMbZB0K31euPuVZAQHFK6pOe7 g2OKqZiMOMDGGEXJyKcEzAIO6iO4Vwu48UEQ56nX0DGpZjMR817QU28v927nYDMepndlied5+Fo 8/a5tO5PoPolqjqQSAFQCyTvhHW0fcknSs0iUlxs++9t4SJIUvFa+WosoLwaz6AB572Sg7vfvzr h3P013V3beqvyXumqSBYAeW8ge+Mbt9AYxtXvGj9odD81yx3ollWb0HtVi8+ptTf5+LFeiKb6AL oxlIE6tfGq0dlVg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The recommended conventions for KUnit tests is ${module}_test_${what}. Adjust the fortify tests to match. Signed-off-by: Kees Cook --- Cc: linux-hardening@vger.kernel.org --- lib/fortify_kunit.c | 80 ++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c index 493ec02dd5b3..6f9a86c94538 100644 --- a/lib/fortify_kunit.c +++ b/lib/fortify_kunit.c @@ -64,7 +64,7 @@ void fortify_add_kunit_error(int write) kunit_put_resource(resource); } =20 -static void known_sizes_test(struct kunit *test) +static void fortify_test_known_sizes(struct kunit *test) { KUNIT_EXPECT_EQ(test, __compiletime_strlen("88888888"), 8); KUNIT_EXPECT_EQ(test, __compiletime_strlen(array_of_10), 10); @@ -97,7 +97,7 @@ static noinline size_t want_minus_one(int pick) return __compiletime_strlen(str); } =20 -static void control_flow_split_test(struct kunit *test) +static void fortify_test_control_flow_split(struct kunit *test) { KUNIT_EXPECT_EQ(test, want_minus_one(pick), SIZE_MAX); } @@ -173,11 +173,11 @@ static volatile size_t unknown_size =3D 50; #endif =20 #define DEFINE_ALLOC_SIZE_TEST_PAIR(allocator) \ -static void alloc_size_##allocator##_const_test(struct kunit *test) \ +static void fortify_test_alloc_size_##allocator##_const(struct kunit *test= ) \ { \ CONST_TEST_BODY(TEST_##allocator); \ } \ -static void alloc_size_##allocator##_dynamic_test(struct kunit *test) \ +static void fortify_test_alloc_size_##allocator##_dynamic(struct kunit *te= st) \ { \ DYNAMIC_TEST_BODY(TEST_##allocator); \ } @@ -361,7 +361,7 @@ struct fortify_padding { /* Force compiler into not being able to resolve size at compile-time. */ static volatile int unconst; =20 -static void strlen_test(struct kunit *test) +static void fortify_test_strlen(struct kunit *test) { struct fortify_padding pad =3D { }; int i, end =3D sizeof(pad.buf) - 1; @@ -384,7 +384,7 @@ static void strlen_test(struct kunit *test) KUNIT_EXPECT_EQ(test, fortify_read_overflows, 1); } =20 -static void strnlen_test(struct kunit *test) +static void fortify_test_strnlen(struct kunit *test) { struct fortify_padding pad =3D { }; int i, end =3D sizeof(pad.buf) - 1; @@ -422,7 +422,7 @@ static void strnlen_test(struct kunit *test) KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2); } =20 -static void strcpy_test(struct kunit *test) +static void fortify_test_strcpy(struct kunit *test) { struct fortify_padding pad =3D { }; char src[sizeof(pad.buf) + 1] =3D { }; @@ -480,7 +480,7 @@ static void strcpy_test(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 -static void strncpy_test(struct kunit *test) +static void fortify_test_strncpy(struct kunit *test) { struct fortify_padding pad =3D { }; char src[] =3D "Copy me fully into a small buffer and I will overflow!"; @@ -539,7 +539,7 @@ static void strncpy_test(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 -static void strscpy_test(struct kunit *test) +static void fortify_test_strscpy(struct kunit *test) { struct fortify_padding pad =3D { }; char src[] =3D "Copy me fully into a small buffer and I will overflow!"; @@ -596,7 +596,7 @@ static void strscpy_test(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 -static void strcat_test(struct kunit *test) +static void fortify_test_strcat(struct kunit *test) { struct fortify_padding pad =3D { }; char src[sizeof(pad.buf) / 2] =3D { }; @@ -653,7 +653,7 @@ static void strcat_test(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 -static void strncat_test(struct kunit *test) +static void fortify_test_strncat(struct kunit *test) { struct fortify_padding pad =3D { }; char src[sizeof(pad.buf)] =3D { }; @@ -726,7 +726,7 @@ static void strncat_test(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 -static void strlcat_test(struct kunit *test) +static void fortify_test_strlcat(struct kunit *test) { struct fortify_padding pad =3D { }; char src[sizeof(pad.buf)] =3D { }; @@ -811,7 +811,7 @@ static void strlcat_test(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 -static void memscan_test(struct kunit *test) +static void fortify_test_memscan(struct kunit *test) { char haystack[] =3D "Where oh where is my memory range?"; char *mem =3D haystack + strlen("Where oh where is "); @@ -830,7 +830,7 @@ static void memscan_test(struct kunit *test) KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2); } =20 -static void memchr_test(struct kunit *test) +static void fortify_test_memchr(struct kunit *test) { char haystack[] =3D "Where oh where is my memory range?"; char *mem =3D haystack + strlen("Where oh where is "); @@ -849,7 +849,7 @@ static void memchr_test(struct kunit *test) KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2); } =20 -static void memchr_inv_test(struct kunit *test) +static void fortify_test_memchr_inv(struct kunit *test) { char haystack[] =3D "Where oh where is my memory range?"; char *mem =3D haystack + 1; @@ -869,7 +869,7 @@ static void memchr_inv_test(struct kunit *test) KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2); } =20 -static void memcmp_test(struct kunit *test) +static void fortify_test_memcmp(struct kunit *test) { char one[] =3D "My mind is going ..."; char two[] =3D "My mind is going ... I can feel it."; @@ -891,7 +891,7 @@ static void memcmp_test(struct kunit *test) KUNIT_EXPECT_EQ(test, fortify_read_overflows, 2); } =20 -static void kmemdup_test(struct kunit *test) +static void fortify_test_kmemdup(struct kunit *test) { char src[] =3D "I got Doom running on it!"; char *copy; @@ -951,31 +951,31 @@ static int fortify_test_init(struct kunit *test) } =20 static struct kunit_case fortify_test_cases[] =3D { - KUNIT_CASE(known_sizes_test), - KUNIT_CASE(control_flow_split_test), - KUNIT_CASE(alloc_size_kmalloc_const_test), - KUNIT_CASE(alloc_size_kmalloc_dynamic_test), - KUNIT_CASE(alloc_size_vmalloc_const_test), - KUNIT_CASE(alloc_size_vmalloc_dynamic_test), - KUNIT_CASE(alloc_size_kvmalloc_const_test), - KUNIT_CASE(alloc_size_kvmalloc_dynamic_test), - KUNIT_CASE(alloc_size_devm_kmalloc_const_test), - KUNIT_CASE(alloc_size_devm_kmalloc_dynamic_test), - KUNIT_CASE(strlen_test), - KUNIT_CASE(strnlen_test), - KUNIT_CASE(strcpy_test), - KUNIT_CASE(strncpy_test), - KUNIT_CASE(strscpy_test), - KUNIT_CASE(strcat_test), - KUNIT_CASE(strncat_test), - KUNIT_CASE(strlcat_test), + KUNIT_CASE(fortify_test_known_sizes), + KUNIT_CASE(fortify_test_control_flow_split), + KUNIT_CASE(fortify_test_alloc_size_kmalloc_const), + KUNIT_CASE(fortify_test_alloc_size_kmalloc_dynamic), + KUNIT_CASE(fortify_test_alloc_size_vmalloc_const), + KUNIT_CASE(fortify_test_alloc_size_vmalloc_dynamic), + KUNIT_CASE(fortify_test_alloc_size_kvmalloc_const), + KUNIT_CASE(fortify_test_alloc_size_kvmalloc_dynamic), + KUNIT_CASE(fortify_test_alloc_size_devm_kmalloc_const), + KUNIT_CASE(fortify_test_alloc_size_devm_kmalloc_dynamic), + KUNIT_CASE(fortify_test_strlen), + KUNIT_CASE(fortify_test_strnlen), + KUNIT_CASE(fortify_test_strcpy), + KUNIT_CASE(fortify_test_strncpy), + KUNIT_CASE(fortify_test_strscpy), + KUNIT_CASE(fortify_test_strcat), + KUNIT_CASE(fortify_test_strncat), + KUNIT_CASE(fortify_test_strlcat), /* skip memset: performs bounds checking on whole structs */ /* skip memcpy: still using warn-and-overwrite instead of hard-fail */ - KUNIT_CASE(memscan_test), - KUNIT_CASE(memchr_test), - KUNIT_CASE(memchr_inv_test), - KUNIT_CASE(memcmp_test), - KUNIT_CASE(kmemdup_test), + KUNIT_CASE(fortify_test_memscan), + KUNIT_CASE(fortify_test_memchr), + KUNIT_CASE(fortify_test_memchr_inv), + KUNIT_CASE(fortify_test_memcmp), + KUNIT_CASE(fortify_test_kmemdup), {} }; =20 --=20 2.34.1 From nobody Fri Dec 19 01:09:15 2025 Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40C7617597 for ; Mon, 29 Apr 2024 19:43:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714419826; cv=none; b=Lw7BZL3MJHRIijCe6MyhebEF4OLcCycjE5a1edyikGJG3CpJGCARaeEGAzzW+uENvC/e7OuGwb1GWSxhSE1cO3Ic4GginKF0eVyjVFwJwHbDNdJ3DDBjWgHxH4CF5ZWc3hbbQJTxqXavivTN8Ni9/zlXSabArpEw22IC33eWv2M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714419826; c=relaxed/simple; bh=GzYQquZtF8F0UCCwehYpS7+bOLrS47ikty216klT3dg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=X8D/TN2luUnf3S5c2QjtnK6WjMjopCXsDpWau1+IXz782jqJdTxxhuNDX0SyzKvcQ78JLTrIhfomxkAtEbqVgAOLI+srABymy3MYLfG/ttBrPz7L+WO2nkflqNHJr6dmxMBzLt/E+YLjiYbAiYyfoSqmEUHR1ADna8hynsoPGEE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=TiUMKNt8; arc=none smtp.client-ip=209.85.216.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="TiUMKNt8" Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-2b27c660f91so16734a91.0 for ; Mon, 29 Apr 2024 12:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1714419824; x=1715024624; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=otPR4dXeRXWcAXnWruvS43ZNV3eS/x5LH+123jbXlqc=; b=TiUMKNt8dFJ4Xv4UvBCCGcGu+YglpkPZX748+BQ0r7bO5Z8Vs/cwTYQ4ivQTIWlw6E kPPPs2+QoPqZ87yPVNRhf2XrVej6xss1ZSwTFiYuneDoqQkV8Gs6mOVJwheLjMSyRuWx DzkOb7VV9bLttTkTA8+RcN7U1YFmkbt750TqM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714419824; x=1715024624; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=otPR4dXeRXWcAXnWruvS43ZNV3eS/x5LH+123jbXlqc=; b=OqoJJOo6/K1nyvnFsP30Yx0iuiJysFe1zZ6I0pCvmsThbbWK//SfohDZRJI9OoGdks I3wsn+VCYstBH7TEhwvqLJCfycOv0c2vrUlhMMYXLE+Wrk+Z1KmPLBHQOb2Hv6nRAfK6 NOeGp7kCB6vEWORegG2mmD+5AVPTT/bFi6sF7bOlPzVmTU5tV3mKXr3bTAHbMGRta5vQ gxbzKuhZf9ZuqAPIHZqVvy/lGIKU+8Tf/I4HaTeYbpToPXr46DTQ/1jZxdIOT5IFgAgO HSzEISr6VqmEmUA3L2DtAXqrSXfogVFCR+0Py6+ydQTVPgtwfojAcBUuB5JwkCMzhLfM b09Q== X-Forwarded-Encrypted: i=1; AJvYcCV6wAhWeWgv1rSHtAUk63gAzwfv+YDKdCSpwjpJ37iVIPTN56JA6op7wm9YMdw0D2OKFZ93SyZLUkRNQj2rLWDuNE17A2vBF5lO9pYj X-Gm-Message-State: AOJu0YyC4WSanXV2hGk7pPg42WK2qUQil7yS9cMovC6UrBhjF+XiUzUN W0TJ7WKlyNFPt8S3Q0aqaxR8/03eAcykq8GIx1YeHYtK8Dj5u2qvTLYgxPwfjw== X-Google-Smtp-Source: AGHT+IHAKpP40EtJrVx6f8RKp3tg35tYjrloyE4mT5cO5VfP5jL4BJiIUxyQB6ipUGsXnskqYUja8w== X-Received: by 2002:a17:90a:eb02:b0:2a2:9b37:367a with SMTP id j2-20020a17090aeb0200b002a29b37367amr10075252pjz.39.1714419824483; Mon, 29 Apr 2024 12:43:44 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id em6-20020a17090b014600b002b16d9ab430sm3008510pjb.3.2024.04.29.12.43.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 12:43:43 -0700 (PDT) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , "Gustavo A. R. Silva" , linux-kernel@vger.kernel.org Subject: [PATCH 2/3] kunit/fortify: Do not spam logs with fortify WARNs Date: Mon, 29 Apr 2024 12:43:40 -0700 Message-Id: <20240429194342.2421639-2-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240429194019.work.664-kees@kernel.org> References: <20240429194019.work.664-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1223; i=keescook@chromium.org; h=from:subject; bh=GzYQquZtF8F0UCCwehYpS7+bOLrS47ikty216klT3dg=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmL/ht/xDIv4y4i+JPHwtNCbLZWfqsyLg6nbhjx IJsn9pE/y+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZi/4bQAKCRCJcvTf3G3A JoFoD/9172DQtDzDQxs4bjGGOYab+1EegLgpEK2YmJvABHtD2I8nNIVuRlrIdDfQGOWCqoICExJ zVVTUQqTc9wveXXJtHFuF9AiCt0PoNm8xefFoz/Xlh1UGHjTAJqJIyncN0NR4Xs7lpt5bgDP5d5 Y30loWV+NGZ3X41eq9hSDpF1Q11S+FGd1HzhT74oPpSJa8W6+RxgUrosZI2JDxbKTe2ZBbkVtUb BvFDzEb4N1Ru+eWvHMt0aEa+07hRVy6om0J+bstBwJ+ov3lVYv99DMGFYw9qbEUfuLTZK5I6sTd sL+RxJhFNShnqf+Si6WumZVN/Jgvf7fSb9LRD2LE+4V4oZCR6+pVZTrw2WPpwKk2AEfmT3xavWA ypJJ/07cOJOz/9t8pPb0Cy/o0/rJLzU1F3au4uXWhAZruoF1LsZD81fy1G3e/XkbAy1H3H2PA99 mglmy4of+9BT3ChwVrSXKx9ucEuww0Tw2ZaqktzHQycE2apxJVAgjWdGmeACJt5/1KLg7vIzk1b cNPtrKP+srnKaxWS55g8Q7o3YqYPtS2fgZYOaButrY8yiSQBpoEJyNSxuyWye46d0zTZrcc+X5u SRQet0ZZxCp8BZRmtQPXAhaAkiHVJ2kuKJC6EnwFnDci8OV9DalVWyJcegkApv6QWocFpWyPQnO 7vWupGNdSmBn8qQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When running KUnit fortify tests, we're already doing precise tracking of which warnings are getting hit. Don't fill the logs with WARNs unless we've been explicitly built with DEBUG enabled. Signed-off-by: Kees Cook --- Cc: linux-hardening@vger.kernel.org --- lib/fortify_kunit.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c index 6f9a86c94538..bbbfc2238aa9 100644 --- a/lib/fortify_kunit.c +++ b/lib/fortify_kunit.c @@ -15,10 +15,17 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt =20 +/* We don't need to fill dmesg with the fortify WARNs during testing. */ +#ifdef DEBUG +# define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x) +#else +# define FORTIFY_REPORT_KUNIT(x...) do { } while (0) +#endif + /* Redefine fortify_panic() to track failures. */ void fortify_add_kunit_error(int write); #define fortify_panic(func, write, avail, size, retfail) do { \ - __fortify_report(FORTIFY_REASON(func, write), avail, size); \ + FORTIFY_REPORT_KUNIT(FORTIFY_REASON(func, write), avail, size); \ fortify_add_kunit_error(write); \ return (retfail); \ } while (0) --=20 2.34.1 From nobody Fri Dec 19 01:09:15 2025 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AA5F13AA48 for ; Mon, 29 Apr 2024 19:43:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714419827; cv=none; b=g8AF+s5/pyJ71OlpXasb1LwjV8/3gBj87t4387E4f3lRN80f95jbevDShRjclFClZODsPSxZZ7rp8Gdek0p57EokV9B5Ey/Pegs91BQF1wqWQmtkXlJuYrQvKgrR1yJqXFP7hDtlzWzTv5zVCINJSJ8KD9LHt7zIK8p9rb1lclw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714419827; c=relaxed/simple; bh=kSRrwFAd7C9JQFKV2ouSVZifzUjd6M3hXT4sWuG0DIo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gZ0hbDTMzd4nVeKtbFfBALZPFp+YfKAQdUy4nreWTVDb9bfUetVOnkY6N70sRcFv5EBGfhq3YUskbuXFd6mef2ZqNOqv0dWJoDcT7gZQxuz90wa1F9GrycCniktQ8ohorOBHAzcAGJ0FCn9v0hdPdhbb/xg5a5O30yf907UEZWQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=JReQKlvC; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="JReQKlvC" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1e4c4fb6af3so33302835ad.0 for ; Mon, 29 Apr 2024 12:43:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1714419825; x=1715024625; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gA3odFjA56eyxJJ+Tkfmb0e2e9r2EQ/K83DUbh1Jiwo=; b=JReQKlvC25ygeC5SOoM//jW80mGuJM99m8YEx1YkEnO57TPCn0VTcgEC5GNh1aj+gK G6wehgmXv3RV8Pcn5uEd07wbgSnppum8MqWtwC7KsdqA5GPFjD1jOLaUntTwhRcQ/PHP aHcKeTtfGDZwQOD4uqvCxy4n/qUunO8wgh3ZM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714419825; x=1715024625; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gA3odFjA56eyxJJ+Tkfmb0e2e9r2EQ/K83DUbh1Jiwo=; b=kssSQZXIjiWRTWFyG4qvm39oaXCNJJxJeeM4sWTsj7NgoPia/22NZp7kqLlPMzwmwt z8lAL7E/hquFp9hVEPz4aRfa7/JGmSl+klstdSrQ726PIvfbhchLadH+tL6rNyCoqemE L7eYO1TOoVWUvCynOgm/PFbqnar7I2ocKjyOdF5RgbVIpIHwgbqnL3GXeb0uBQ3oQs7v RvdfIqRRljCy/5+D65g5mbHKTaEF+I9maWYL3aGMmid4BNuoPRm31VmevGjB7Sw5omeV OzZWOLA0MlIDizMbVjlJI369cJk8GwDTF8t1NnTbCMAZpzafnXRoadL9lahVHUp3sDgB ABhw== X-Forwarded-Encrypted: i=1; AJvYcCUVZn2e0qkRGC9AMiNzNv5AsiLPdKzDIPX68GYPrQoQhEYNu5PbrQG0wlswuBVyV6uVTUoNcwnZJYhxLqMw84d0zbL9H7yXc+Pkxvbk X-Gm-Message-State: AOJu0YwaDHeBHjKWsLTf+DQ8PDSEcxA8qK66cvPrDZ1McSGatVOZPhFE WOIJcoEthtTL2p0WWZxj8o6xsWPyvIVilOc2LxB6QZMOhMqFaMrKhaXAowMCMnX5f/2kRBX+4Q0 = X-Google-Smtp-Source: AGHT+IEkmPKWaTr8pczDUXHETCniPvsmQ+rzfKOTPy/2xp3y56kfC3BugREtIfP6PpUUHrB3SGkBJA== X-Received: by 2002:a17:903:2301:b0:1dd:dcd3:662c with SMTP id d1-20020a170903230100b001dddcd3662cmr1077006plh.4.1714419825311; Mon, 29 Apr 2024 12:43:45 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id ky14-20020a170902f98e00b001e8d1a6d2acsm18694097plb.267.2024.04.29.12.43.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 12:43:43 -0700 (PDT) From: Kees Cook To: linux-hardening@vger.kernel.org Cc: Kees Cook , "Gustavo A. R. Silva" , linux-kernel@vger.kernel.org Subject: [PATCH 3/3] kunit/fortify: Add memcpy() tests Date: Mon, 29 Apr 2024 12:43:41 -0700 Message-Id: <20240429194342.2421639-3-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240429194019.work.664-kees@kernel.org> References: <20240429194019.work.664-kees@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6800; i=keescook@chromium.org; h=from:subject; bh=kSRrwFAd7C9JQFKV2ouSVZifzUjd6M3hXT4sWuG0DIo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBmL/hteTsDQfmMjRiGhqWOD9a5Z3jVx1AhFFPRh ciLfMRfszGJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZi/4bQAKCRCJcvTf3G3A JpVAD/9dx/Q9X1ff3gFKMqjfFvIx9gdcBGuZCiPylGs2UlwMwXRjNhnGcHXZr0Sw0nqa/kjV0lh 6UfLuHh8ajHNLxiNAbkOQZc/znlLvz/Eh8ZnkLNyPw+MVHoAWbhUrLMLinSBSUJE1ezf33yfCV+ k7JL7phc8Zg8LEbfjG4y7L/5VPc7RYw64EzqZ3cVm9nPTMNiCscMZmqr6ZVI9pHLKFTyOYG3VPx yyiLJT7FsZoB6s9Pi0Vu7J4A4grAuI2JAh2u/GLegZ9Waw4CupXqa0+WZxkZ+2cDPj4acej1Ijm SRkzLKiJ5hZqXmDTYDLfk84DZw596qM6mbdb7ZM7LFxtye8cuiWKIDczZy5UohEfK7e5Bytze/e 49dtjYL0DCw9mABBKN9TrB+bJ04/kMchRU72VqFK8gzrHIs8Q9KzkBft/N8fK5FCtSpUj5I9rEO v1S1CCs0EyW0YlqOfhos60r5ZtGvy2VqYsqZQ329LeLg1vRzze7zWhaaP5ti+9hXY73Oth6+/4L kRcpWCtCr1Gb9bKeU6MjN0luTCBvrFd62FxnRjSlOJHdReKdj2joQ6Fc4pf47tGV6wlgGMFAssD e8QYGDcIKcjc39NLTomqp6Ebwl6COn4R03BfkUZ7J5dJsxofSZCrbE/VCD9iO5VkbuMo2Hryf0B Q5wvi14asl7MSXw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add fortify tests for memcpy() and memmove(). This can use a similar method to the fortify_panic() replacement, only we can do it for what was the WARN_ONCE(), which can be redefined. Since this is primarily testing the fortify behaviors of the memcpy() and memmove() defenses, the tests for memcpy() and memmove() are identical. Signed-off-by: Kees Cook --- Cc: linux-hardening@vger.kernel.org --- include/linux/fortify-string.h | 6 ++- lib/fortify_kunit.c | 85 ++++++++++++++++++++++++++++++++-- 2 files changed, 87 insertions(+), 4 deletions(-) diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h index 6aeebe0a6777..a0bb13825109 100644 --- a/include/linux/fortify-string.h +++ b/include/linux/fortify-string.h @@ -15,10 +15,14 @@ #define FORTIFY_REASON(func, write) (FIELD_PREP(BIT(0), write) | \ FIELD_PREP(GENMASK(7, 1), func)) =20 +/* Overridden by KUnit tests. */ #ifndef fortify_panic # define fortify_panic(func, write, avail, size, retfail) \ __fortify_panic(FORTIFY_REASON(func, write), avail, size) #endif +#ifndef fortify_warn_once +# define fortify_warn_once(x...) WARN_ONCE(x) +#endif =20 #define FORTIFY_READ 0 #define FORTIFY_WRITE 1 @@ -609,7 +613,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_= t size, const size_t __q_size =3D (q_size); \ const size_t __p_size_field =3D (p_size_field); \ const size_t __q_size_field =3D (q_size_field); \ - WARN_ONCE(fortify_memcpy_chk(__fortify_size, __p_size, \ + fortify_warn_once(fortify_memcpy_chk(__fortify_size, __p_size, \ __q_size, __p_size_field, \ __q_size_field, FORTIFY_FUNC_ ##op), \ #op ": detected field-spanning write (size %zu) of single %s (size %zu= )\n", \ diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c index bbbfc2238aa9..ad7fc85f34ac 100644 --- a/lib/fortify_kunit.c +++ b/lib/fortify_kunit.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* - * Runtime test cases for CONFIG_FORTIFY_SOURCE. For testing memcpy(), - * see FORTIFY_MEM_* tests in LKDTM (drivers/misc/lkdtm/fortify.c). + * Runtime test cases for CONFIG_FORTIFY_SOURCE. For additional memcpy() + * testing see FORTIFY_MEM_* tests in LKDTM (drivers/misc/lkdtm/fortify.c). * * For corner cases with UBSAN, try testing with: * @@ -18,8 +18,10 @@ /* We don't need to fill dmesg with the fortify WARNs during testing. */ #ifdef DEBUG # define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x) +# define FORTIFY_WARN_KUNIT(x...) WARN_ONCE(x) #else # define FORTIFY_REPORT_KUNIT(x...) do { } while (0) +# define FORTIFY_WARN_KUNIT(x...) do { } while (0) #endif =20 /* Redefine fortify_panic() to track failures. */ @@ -30,6 +32,14 @@ void fortify_add_kunit_error(int write); return (retfail); \ } while (0) =20 +/* Redefine fortify_warn_once() to track memcpy() failures. */ +#define fortify_warn_once(chk_func, x...) do { \ + bool __result =3D chk_func; \ + FORTIFY_WARN_KUNIT(__result, x); \ + if (__result) \ + fortify_add_kunit_error(1); \ +} while (0) + #include #include #include @@ -818,6 +828,74 @@ static void fortify_test_strlcat(struct kunit *test) KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); } =20 +/* Check for 0-sized arrays... */ +struct fortify_zero_sized { + unsigned long bytes_before; + char buf[0]; + unsigned long bytes_after; +}; + +#define __fortify_test(memfunc) \ +static void fortify_test_##memfunc(struct kunit *test) \ +{ \ + struct fortify_zero_sized zero =3D { }; \ + struct fortify_padding pad =3D { }; \ + char srcA[sizeof(pad.buf) + 2]; \ + char srcB[sizeof(pad.buf) + 2]; \ + size_t len =3D sizeof(pad.buf) + unconst; \ + \ + memset(srcA, 'A', sizeof(srcA)); \ + KUNIT_ASSERT_EQ(test, srcA[0], 'A'); \ + memset(srcB, 'B', sizeof(srcB)); \ + KUNIT_ASSERT_EQ(test, srcB[0], 'B'); \ + \ + memfunc(pad.buf, srcA, 0 + unconst); \ + KUNIT_EXPECT_EQ(test, pad.buf[0], '\0'); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ + memfunc(pad.buf + 1, srcB, 1 + unconst); \ + KUNIT_EXPECT_EQ(test, pad.buf[0], '\0'); \ + KUNIT_EXPECT_EQ(test, pad.buf[1], 'B'); \ + KUNIT_EXPECT_EQ(test, pad.buf[2], '\0'); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ + memfunc(pad.buf, srcA, 1 + unconst); \ + KUNIT_EXPECT_EQ(test, pad.buf[0], 'A'); \ + KUNIT_EXPECT_EQ(test, pad.buf[1], 'B'); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ + memfunc(pad.buf, srcA, len - 1); \ + KUNIT_EXPECT_EQ(test, pad.buf[1], 'A'); \ + KUNIT_EXPECT_EQ(test, pad.buf[len - 1], '\0'); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ + memfunc(pad.buf, srcA, len); \ + KUNIT_EXPECT_EQ(test, pad.buf[1], 'A'); \ + KUNIT_EXPECT_EQ(test, pad.buf[len - 1], 'A'); \ + KUNIT_EXPECT_EQ(test, pad.bytes_after, 0); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ + memfunc(pad.buf, srcA, len + 1); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 1); \ + memfunc(pad.buf + 1, srcB, len); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 2); \ + \ + /* Reset error counter. */ \ + fortify_write_overflows =3D 0; \ + /* Copy nothing into nothing: no errors. */ \ + memfunc(zero.buf, srcB, 0 + unconst); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ + /* We currently explicitly ignore zero-sized dests. */ \ + memfunc(zero.buf, srcB, 1 + unconst); \ + KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \ + KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \ +} +__fortify_test(memcpy) +__fortify_test(memmove) + static void fortify_test_memscan(struct kunit *test) { char haystack[] =3D "Where oh where is my memory range?"; @@ -977,7 +1055,8 @@ static struct kunit_case fortify_test_cases[] =3D { KUNIT_CASE(fortify_test_strncat), KUNIT_CASE(fortify_test_strlcat), /* skip memset: performs bounds checking on whole structs */ - /* skip memcpy: still using warn-and-overwrite instead of hard-fail */ + KUNIT_CASE(fortify_test_memcpy), + KUNIT_CASE(fortify_test_memmove), KUNIT_CASE(fortify_test_memscan), KUNIT_CASE(fortify_test_memchr), KUNIT_CASE(fortify_test_memchr_inv), --=20 2.34.1