[PATCH v2 00/10] fortify: Add KUnit tests for runtime overflows

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: linux-hardening@vger.kernel.org
Cc: "Kees Cook" <keescook@chromium.org>,
	"Andy Shevchenko" <andy@kernel.org>,
	"Cezary Rojewski" <cezary.rojewski@intel.com>,
	"Puyou Lu" <puyou.lu@gmail.com>,
	"Mark Brown" <broonie@kernel.org>,
	"Josh Poimboeuf" <jpoimboe@kernel.org>,
	"Peter Zijlstra" <peterz@infradead.org>,
	"Brendan Higgins" <brendan.higgins@linux.dev>,
	"David Gow" <davidgow@google.com>,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Nathan Chancellor" <nathan@kernel.org>,
	"Alexander Potapenko" <glider@google.com>,
	"Zhaoyang Huang" <zhaoyang.huang@unisoc.com>,
	"Randy Dunlap" <rdunlap@infradead.org>,
	"Geert Uytterhoeven" <geert+renesas@glider.be>,
	"Miguel Ojeda" <ojeda@kernel.org>,
	"Alexander Lobakin" <aleksander.lobakin@intel.com>,
	"Nick Desaulniers" <ndesaulniers@google.com>,
	"Liam Howlett" <liam.howlett@oracle.com>,
	"Vlastimil Babka" <vbabka@suse.cz>,
	"Dan Williams" <dan.j.williams@intel.com>,
	"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
	"Yury Norov" <yury.norov@gmail.com>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>,
	"Sander Vanheule" <sander@svanheule.net>,
	"Eric Biggers" <ebiggers@google.com>,
	"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
	"Andrey Konovalov" <andreyknvl@gmail.com>,
	"Linus Walleij" <linus.walleij@linaro.org>,
	"Daniel Latypov" <dlatypov@google.com>,
	"José Expósito" <jose.exposito89@gmail.com>,
	linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com
Subject: [PATCH v2 00/10] fortify: Add KUnit tests for runtime overflows
Date: Fri,  7 Apr 2023 12:27:06 -0700	[thread overview]
Message-ID: <20230407191904.gonna.522-kees@kernel.org> (raw)

Hi,

This series adds KUnit tests for the CONFIG_FORTIFY_SOURCE behavior of the
standard C string functions, and for the strcat() family of functions,
as those were updated during refactoring. Finally, fortification error
messages are improved to give more context for the failure condition.

-Kees

v2:
- fix From/SoB
- strcat: force non-const length arguments (lkp)
- fix x86 and arm fortify_panic prototypes (lkp)
- move test-skip to init function (dlatypov)
- constify p_size, q_size everywhere (miguel)
- enum-ify, string-ify, bit-ify function name passing (aleksander & andy)
v1: https://lore.kernel.org/lkml/20230405235832.never.487-kees@kernel.org/

Kees Cook (10):
  kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML
  fortify: Allow KUnit test to build without FORTIFY
  string: Add Kunit tests for strcat() family
  fortify: Use const variables for __member_size tracking
  fortify: Add protection for strlcat()
  fortify: strcat: Move definition to use fortified strlcat()
  fortify: Split reporting and avoid passing string pointer
  fortify: Provide KUnit counters for failure testing
  fortify: Add KUnit tests for runtime overflows
  fortify: Improve buffer overflow reporting

 MAINTAINERS                                  |   1 +
 arch/arm/boot/compressed/misc.c              |   2 +-
 arch/x86/boot/compressed/misc.c              |   2 +-
 include/linux/fortify-string.h               | 257 +++++--
 lib/Kconfig.debug                            |   7 +-
 lib/Makefile                                 |   1 +
 lib/fortify_kunit.c                          | 731 +++++++++++++++++++
 lib/strcat_kunit.c                           | 104 +++
 lib/string_helpers.c                         |  26 +-
 tools/objtool/check.c                        |   2 +-
 tools/testing/kunit/configs/all_tests.config |   2 +
 tools/testing/kunit/configs/arch_uml.config  |   3 +
 12 files changed, 1059 insertions(+), 79 deletions(-)
 create mode 100644 lib/strcat_kunit.c

-- 
2.34.1

next             reply	other threads:[~2023-04-07 19:27 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-07 19:27 Kees Cook [this message]
2023-04-07 19:27 ` [PATCH v2 01/10] kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML Kees Cook
2023-04-07 23:33   ` Nick Desaulniers
2023-04-07 23:42     ` Nick Desaulniers
2023-05-10 19:24       ` Kees Cook
2023-05-22 19:43         ` Nick Desaulniers
2023-05-22 20:14           ` Kees Cook
2023-05-07 15:20     ` Kees Cook
2023-04-07 19:27 ` [PATCH v2 02/10] fortify: Allow KUnit test to build without FORTIFY Kees Cook
2023-07-02 15:07   ` Geert Uytterhoeven
2023-07-03 19:47     ` Kees Cook
2023-04-07 19:27 ` [PATCH v2 03/10] string: Add Kunit tests for strcat() family Kees Cook
2023-04-07 19:27 ` [PATCH v2 04/10] fortify: Use const variables for __member_size tracking Kees Cook
2023-04-18 17:58   ` Nick Desaulniers
2023-04-07 19:27 ` [PATCH v2 05/10] fortify: Add protection for strlcat() Kees Cook
2023-04-07 19:27 ` [PATCH v2 06/10] fortify: strcat: Move definition to use fortified strlcat() Kees Cook
2023-04-18 18:09   ` Nick Desaulniers
2023-05-16 21:15     ` Kees Cook
2023-04-07 19:27 ` [PATCH v2 07/10] fortify: Split reporting and avoid passing string pointer Kees Cook
2023-04-08  2:26   ` kernel test robot
2023-04-20 15:52   ` Alexander Lobakin
2023-04-07 19:27 ` [PATCH v2 08/10] fortify: Provide KUnit counters for failure testing Kees Cook
2023-04-18 18:20   ` Nick Desaulniers
2023-04-07 19:27 ` [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows Kees Cook
2023-04-08  0:33   ` kernel test robot
2023-04-18 18:27     ` Nick Desaulniers
2023-04-07 19:27 ` [PATCH v2 10/10] fortify: Improve buffer overflow reporting Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230407191904.gonna.522-kees@kernel.org \
    --to=keescook@chromium.org \
    --cc=Jason@zx2c4.com \
    --cc=akpm@linux-foundation.org \
    --cc=aleksander.lobakin@intel.com \
    --cc=andreyknvl@gmail.com \
    --cc=andy@kernel.org \
    --cc=brendan.higgins@linux.dev \
    --cc=broonie@kernel.org \
    --cc=cezary.rojewski@intel.com \
    --cc=dan.j.williams@intel.com \
    --cc=davidgow@google.com \
    --cc=dlatypov@google.com \
    --cc=ebiggers@google.com \
    --cc=geert+renesas@glider.be \
    --cc=glider@google.com \
    --cc=jose.exposito89@gmail.com \
    --cc=jpoimboe@kernel.org \
    --cc=kunit-dev@googlegroups.com \
    --cc=liam.howlett@oracle.com \
    --cc=linus.walleij@linaro.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=mhiramat@kernel.org \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=ojeda@kernel.org \
    --cc=peterz@infradead.org \
    --cc=puyou.lu@gmail.com \
    --cc=rdunlap@infradead.org \
    --cc=sander@svanheule.net \
    --cc=vbabka@suse.cz \
    --cc=yury.norov@gmail.com \
    --cc=zhaoyang.huang@unisoc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.