From: Kees Cook <keescook@chromium.org>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-hardening@vger.kernel.org,
"Andy Shevchenko" <andy@kernel.org>,
"Cezary Rojewski" <cezary.rojewski@intel.com>,
"Puyou Lu" <puyou.lu@gmail.com>,
"Mark Brown" <broonie@kernel.org>,
"Josh Poimboeuf" <jpoimboe@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Brendan Higgins" <brendan.higgins@linux.dev>,
"David Gow" <davidgow@google.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Nathan Chancellor" <nathan@kernel.org>,
"Alexander Potapenko" <glider@google.com>,
"Zhaoyang Huang" <zhaoyang.huang@unisoc.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Geert Uytterhoeven" <geert+renesas@glider.be>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alexander Lobakin" <aleksander.lobakin@intel.com>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Liam Howlett" <liam.howlett@oracle.com>,
"Vlastimil Babka" <vbabka@suse.cz>,
"Dan Williams" <dan.j.williams@intel.com>,
"Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
"Yury Norov" <yury.norov@gmail.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"Sander Vanheule" <sander@svanheule.net>,
"Eric Biggers" <ebiggers@google.com>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
"Andrey Konovalov" <andreyknvl@gmail.com>,
"Linus Walleij" <linus.walleij@linaro.org>,
"Daniel Latypov" <dlatypov@google.com>,
"José Expósito" <jose.exposito89@gmail.com>,
linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com
Subject: Re: [PATCH v2 02/10] fortify: Allow KUnit test to build without FORTIFY
Date: Mon, 3 Jul 2023 12:47:07 -0700 [thread overview]
Message-ID: <202307031245.D3DDB0E@keescook> (raw)
In-Reply-To: <CAMuHMdUrxOEroHVUt7-mAnKSBjY=a-D3jr+XiAifuwv06Ob9Pw@mail.gmail.com>
On Sun, Jul 02, 2023 at 05:07:05PM +0200, Geert Uytterhoeven wrote:
> Hi Kees,
>
> On Fri, Apr 7, 2023 at 9:27 PM Kees Cook <keescook@chromium.org> wrote:
> > In order for CI systems to notice all the skipped tests related to
> > CONFIG_FORTIFY_SOURCE, allow the FORTIFY_SOURCE KUnit tests to build
> > with or without CONFIG_FORTIFY_SOURCE.
> >
> > Signed-off-by: Kees Cook <keescook@chromium.org>
>
> Thanks for your patch, which is now commit a9dc8d0442294b42
> ("fortify: Allow KUnit test to build without FORTIFY") upstream.
>
> > --- a/lib/Kconfig.debug
> > +++ b/lib/Kconfig.debug
> > @@ -2614,7 +2614,7 @@ config STACKINIT_KUNIT_TEST
> >
> > config FORTIFY_KUNIT_TEST
> > tristate "Test fortified str*() and mem*() function internals at runtime" if !KUNIT_ALL_TESTS
> > - depends on KUNIT && FORTIFY_SOURCE
> > + depends on KUNIT
>
> All other tests depend on the functionality they test.
> Which makes sense, as you only want to test the functionality that is
> available in the kernel you want to run.
Yeah, that is true for KUnit.
>
> > default KUNIT_ALL_TESTS
> > help
> > Builds unit tests for checking internals of FORTIFY_SOURCE as used
> > diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c
> > index c8c33cbaae9e..524132f33cf0 100644
> > --- a/lib/fortify_kunit.c
> > +++ b/lib/fortify_kunit.c
>
> > @@ -307,6 +312,14 @@ DEFINE_ALLOC_SIZE_TEST_PAIR(kvmalloc)
> > } while (0)
> > DEFINE_ALLOC_SIZE_TEST_PAIR(devm_kmalloc)
> >
> > +static int fortify_test_init(struct kunit *test)
> > +{
> > + if (!IS_ENABLED(CONFIG_FORTIFY_SOURCE))
> > + kunit_skip(test, "Not built with CONFIG_FORTIFY_SOURCE=y");
>
> I was greeted by this message, which wasn't that helpful, as
> CONFIG_FORTIFY_SOURCE depends on CONFIG_ARCH_HAS_FORTIFY_SOURCE,
> which is not available yet on all architectures.
>
> So I think the proper thing to do is to revert this patch.
> Thanks!
I created this patch so that I could add CONFIG_FORTIFY_SOURCE support
to UML, but you have a good point about other archs. I'll prepare a
revert.
--
Kees Cook
next prev parent reply other threads:[~2023-07-03 19:47 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-07 19:27 [PATCH v2 00/10] fortify: Add KUnit tests for runtime overflows Kees Cook
2023-04-07 19:27 ` [PATCH v2 01/10] kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML Kees Cook
2023-04-07 23:33 ` Nick Desaulniers
2023-04-07 23:42 ` Nick Desaulniers
2023-05-10 19:24 ` Kees Cook
2023-05-22 19:43 ` Nick Desaulniers
2023-05-22 20:14 ` Kees Cook
2023-05-07 15:20 ` Kees Cook
2023-04-07 19:27 ` [PATCH v2 02/10] fortify: Allow KUnit test to build without FORTIFY Kees Cook
2023-07-02 15:07 ` Geert Uytterhoeven
2023-07-03 19:47 ` Kees Cook [this message]
2023-04-07 19:27 ` [PATCH v2 03/10] string: Add Kunit tests for strcat() family Kees Cook
2023-04-07 19:27 ` [PATCH v2 04/10] fortify: Use const variables for __member_size tracking Kees Cook
2023-04-18 17:58 ` Nick Desaulniers
2023-04-07 19:27 ` [PATCH v2 05/10] fortify: Add protection for strlcat() Kees Cook
2023-04-07 19:27 ` [PATCH v2 06/10] fortify: strcat: Move definition to use fortified strlcat() Kees Cook
2023-04-18 18:09 ` Nick Desaulniers
2023-05-16 21:15 ` Kees Cook
2023-04-07 19:27 ` [PATCH v2 07/10] fortify: Split reporting and avoid passing string pointer Kees Cook
2023-04-08 2:26 ` kernel test robot
2023-04-20 15:52 ` Alexander Lobakin
2023-04-07 19:27 ` [PATCH v2 08/10] fortify: Provide KUnit counters for failure testing Kees Cook
2023-04-18 18:20 ` Nick Desaulniers
2023-04-07 19:27 ` [PATCH v2 09/10] fortify: Add KUnit tests for runtime overflows Kees Cook
2023-04-08 0:33 ` kernel test robot
2023-04-18 18:27 ` Nick Desaulniers
2023-04-07 19:27 ` [PATCH v2 10/10] fortify: Improve buffer overflow reporting Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202307031245.D3DDB0E@keescook \
--to=keescook@chromium.org \
--cc=Jason@zx2c4.com \
--cc=akpm@linux-foundation.org \
--cc=aleksander.lobakin@intel.com \
--cc=andreyknvl@gmail.com \
--cc=andy@kernel.org \
--cc=brendan.higgins@linux.dev \
--cc=broonie@kernel.org \
--cc=cezary.rojewski@intel.com \
--cc=dan.j.williams@intel.com \
--cc=davidgow@google.com \
--cc=dlatypov@google.com \
--cc=ebiggers@google.com \
--cc=geert+renesas@glider.be \
--cc=geert@linux-m68k.org \
--cc=glider@google.com \
--cc=jose.exposito89@gmail.com \
--cc=jpoimboe@kernel.org \
--cc=kunit-dev@googlegroups.com \
--cc=liam.howlett@oracle.com \
--cc=linus.walleij@linaro.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mhiramat@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=puyou.lu@gmail.com \
--cc=rdunlap@infradead.org \
--cc=sander@svanheule.net \
--cc=vbabka@suse.cz \
--cc=yury.norov@gmail.com \
--cc=zhaoyang.huang@unisoc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.