* [PATCH 0/3] fortify: fix various issues in test_fortify Makefile
@ 2024-07-15 14:45 Masahiro Yamada
2024-07-15 14:45 ` [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files Masahiro Yamada
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Masahiro Yamada @ 2024-07-15 14:45 UTC (permalink / raw)
To: Kees Cook, linux-hardening; +Cc: linux-kbuild, linux-kernel, Masahiro Yamada
Applicable to v6.10 tag.
Masahiro Yamada (3):
fortify: use if_changed_dep to record header dependency in *.cmd files
fortify: refactor test_fortify Makefile to fix some build problems
fortify: move test_fortify.sh to lib/test_fortify/
MAINTAINERS | 1 -
lib/.gitignore | 2 -
lib/Makefile | 38 +------------------
lib/test_fortify/.gitignore | 2 +
lib/test_fortify/Makefile | 25 ++++++++++++
{scripts => lib/test_fortify}/test_fortify.sh | 0
6 files changed, 28 insertions(+), 40 deletions(-)
create mode 100644 lib/test_fortify/.gitignore
create mode 100644 lib/test_fortify/Makefile
rename {scripts => lib/test_fortify}/test_fortify.sh (100%)
--
2.43.0
^ permalink raw reply [flat|nested] 10+ messages in thread* [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files 2024-07-15 14:45 [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Masahiro Yamada @ 2024-07-15 14:45 ` Masahiro Yamada 2024-07-16 17:50 ` kernel test robot 2024-07-15 14:45 ` [PATCH 2/3] fortify: refactor test_fortify Makefile to fix some build problems Masahiro Yamada ` (2 subsequent siblings) 3 siblings, 1 reply; 10+ messages in thread From: Masahiro Yamada @ 2024-07-15 14:45 UTC (permalink / raw) To: Kees Cook, linux-hardening; +Cc: linux-kbuild, linux-kernel, Masahiro Yamada After building with CONFIG_FORTIFY_SOURCE=y, many .*.d files are left in lib/test_fortify/ because the compiler outputs header dependencies into *.d without fixdep being invoked. When compiling C files, if_changed_dep should be used so that the auto-generated header dependencies are recorded in .*.cmd files. Currently, if_changed is incorrectly used, and only two headers are hard-coded in lib/Makefile. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> --- lib/Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 30337431d10e..429b259b5b64 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -408,11 +408,9 @@ targets += $(TEST_FORTIFY_LOGS) clean-files += $(TEST_FORTIFY_LOGS) clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) $(obj)/test_fortify/%.log: $(src)/test_fortify/%.c \ - $(src)/test_fortify/test_fortify.h \ - $(srctree)/include/linux/fortify-string.h \ $(srctree)/scripts/test_fortify.sh \ FORCE - $(call if_changed,test_fortify) + $(call if_changed_dep,test_fortify) quiet_cmd_gen_fortify_log = GEN $@ cmd_gen_fortify_log = cat </dev/null $(filter-out FORCE,$^) 2>/dev/null > $@ || true -- 2.43.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files 2024-07-15 14:45 ` [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files Masahiro Yamada @ 2024-07-16 17:50 ` kernel test robot 2024-07-17 4:46 ` Masahiro Yamada 0 siblings, 1 reply; 10+ messages in thread From: kernel test robot @ 2024-07-16 17:50 UTC (permalink / raw) To: Masahiro Yamada, Kees Cook, linux-hardening Cc: oe-kbuild-all, linux-kbuild, linux-kernel, Masahiro Yamada Hi Masahiro, kernel test robot noticed the following build errors: [auto build test ERROR on linus/master] [also build test ERROR on v6.10 next-20240716] [cannot apply to akpm-mm/mm-nonmm-unstable kees/for-next/hardening kees/for-next/pstore kees/for-next/kspp] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Masahiro-Yamada/fortify-use-if_changed_dep-to-record-header-dependency-in-cmd-files/20240715-224820 base: linus/master patch link: https://lore.kernel.org/r/20240715144529.101634-2-masahiroy%40kernel.org patch subject: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files config: i386-randconfig-004-20240716 (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/config) compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202407170104.dCe5MKsA-lkp@intel.com/ All errors (new ones prefixed by >>): >> fixdep: error opening file: lib/test_fortify/.write_overflow-memcpy.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memcmp.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.read_overflow-memchr.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy-lit.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memmove.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.write_overflow-strncpy-src.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.read_overflow-memcmp.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.read_overflow-memscan.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.write_overflow-memmove.log.d: No such file or directory -- >> fixdep: error opening file: lib/test_fortify/.write_overflow-memset.log.d: No such file or directory .. -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files 2024-07-16 17:50 ` kernel test robot @ 2024-07-17 4:46 ` Masahiro Yamada 2024-07-17 22:19 ` Kees Cook 0 siblings, 1 reply; 10+ messages in thread From: Masahiro Yamada @ 2024-07-17 4:46 UTC (permalink / raw) To: kernel test robot Cc: Kees Cook, linux-hardening, oe-kbuild-all, linux-kbuild, linux-kernel On Wed, Jul 17, 2024 at 2:51 AM kernel test robot <lkp@intel.com> wrote: > > Hi Masahiro, > > kernel test robot noticed the following build errors: > > [auto build test ERROR on linus/master] > [also build test ERROR on v6.10 next-20240716] > [cannot apply to akpm-mm/mm-nonmm-unstable kees/for-next/hardening kees/for-next/pstore kees/for-next/kspp] > [If your patch is applied to the wrong git tree, kindly drop us a note. > And when submitting patch, we suggest to use '--base' as documented in > https://git-scm.com/docs/git-format-patch#_base_tree_information] > > url: https://github.com/intel-lab-lkp/linux/commits/Masahiro-Yamada/fortify-use-if_changed_dep-to-record-header-dependency-in-cmd-files/20240715-224820 > base: linus/master > patch link: https://lore.kernel.org/r/20240715144529.101634-2-masahiroy%40kernel.org > patch subject: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files > config: i386-randconfig-004-20240716 (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/config) > compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0 > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/reproduce) > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <lkp@intel.com> > | Closes: https://lore.kernel.org/oe-kbuild-all/202407170104.dCe5MKsA-lkp@intel.com/ > > All errors (new ones prefixed by >>): > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memcpy.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memcmp.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memchr.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy-lit.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memmove.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strncpy-src.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memcmp.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memscan.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memmove.log.d: No such file or directory > -- > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memset.log.d: No such file or directory > .. This issue seems to occur with GCC <=7 $ echo 'void b(void) __attribute__((__error__(""))); void a(void) { b(); }' | gcc -Wp,-MMD,test.d -c -o /dev/null -x c - did not create *.d with GCC <= 7. I do not see the issue with GCC >= 8 or Clang. One quick solution is to skip the test for GCC <= 7. > > -- > 0-DAY CI Kernel Test Service > https://github.com/intel/lkp-tests/wiki > -- Best Regards Masahiro Yamada ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files 2024-07-17 4:46 ` Masahiro Yamada @ 2024-07-17 22:19 ` Kees Cook 2024-07-18 4:22 ` Masahiro Yamada 0 siblings, 1 reply; 10+ messages in thread From: Kees Cook @ 2024-07-17 22:19 UTC (permalink / raw) To: Masahiro Yamada Cc: kernel test robot, linux-hardening, oe-kbuild-all, linux-kbuild, linux-kernel On Wed, Jul 17, 2024 at 01:46:32PM +0900, Masahiro Yamada wrote: > On Wed, Jul 17, 2024 at 2:51 AM kernel test robot <lkp@intel.com> wrote: > > > > Hi Masahiro, > > > > kernel test robot noticed the following build errors: > > > > [auto build test ERROR on linus/master] > > [also build test ERROR on v6.10 next-20240716] > > [cannot apply to akpm-mm/mm-nonmm-unstable kees/for-next/hardening kees/for-next/pstore kees/for-next/kspp] > > [If your patch is applied to the wrong git tree, kindly drop us a note. > > And when submitting patch, we suggest to use '--base' as documented in > > https://git-scm.com/docs/git-format-patch#_base_tree_information] > > > > url: https://github.com/intel-lab-lkp/linux/commits/Masahiro-Yamada/fortify-use-if_changed_dep-to-record-header-dependency-in-cmd-files/20240715-224820 > > base: linus/master > > patch link: https://lore.kernel.org/r/20240715144529.101634-2-masahiroy%40kernel.org > > patch subject: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files > > config: i386-randconfig-004-20240716 (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/config) > > compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0 > > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/reproduce) > > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > > the same patch/commit), kindly add following tags > > | Reported-by: kernel test robot <lkp@intel.com> > > | Closes: https://lore.kernel.org/oe-kbuild-all/202407170104.dCe5MKsA-lkp@intel.com/ > > > > All errors (new ones prefixed by >>): > > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memcpy.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memcmp.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memchr.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy-lit.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memmove.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strncpy-src.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memcmp.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memscan.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memmove.log.d: No such file or directory > > -- > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memset.log.d: No such file or directory > > .. > > > > This issue seems to occur with GCC <=7 > > > $ echo 'void b(void) __attribute__((__error__(""))); void a(void) { > b(); }' | gcc -Wp,-MMD,test.d -c -o /dev/null -x c - > > > did not create *.d with GCC <= 7. > > I do not see the issue with GCC >= 8 or Clang. Any idea why this happens here and not for other sources in the tree? > One quick solution is to skip the test for GCC <= 7. I'd be fine with that -- it is designed to catch regressions/misbehaviours in newly release compilers so I don't mind dropping checks against older versions. -- Kees Cook ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files 2024-07-17 22:19 ` Kees Cook @ 2024-07-18 4:22 ` Masahiro Yamada 0 siblings, 0 replies; 10+ messages in thread From: Masahiro Yamada @ 2024-07-18 4:22 UTC (permalink / raw) To: Kees Cook Cc: kernel test robot, linux-hardening, oe-kbuild-all, linux-kbuild, linux-kernel On Thu, Jul 18, 2024 at 7:19 AM Kees Cook <kees@kernel.org> wrote: > > On Wed, Jul 17, 2024 at 01:46:32PM +0900, Masahiro Yamada wrote: > > On Wed, Jul 17, 2024 at 2:51 AM kernel test robot <lkp@intel.com> wrote: > > > > > > Hi Masahiro, > > > > > > kernel test robot noticed the following build errors: > > > > > > [auto build test ERROR on linus/master] > > > [also build test ERROR on v6.10 next-20240716] > > > [cannot apply to akpm-mm/mm-nonmm-unstable kees/for-next/hardening kees/for-next/pstore kees/for-next/kspp] > > > [If your patch is applied to the wrong git tree, kindly drop us a note. > > > And when submitting patch, we suggest to use '--base' as documented in > > > https://git-scm.com/docs/git-format-patch#_base_tree_information] > > > > > > url: https://github.com/intel-lab-lkp/linux/commits/Masahiro-Yamada/fortify-use-if_changed_dep-to-record-header-dependency-in-cmd-files/20240715-224820 > > > base: linus/master > > > patch link: https://lore.kernel.org/r/20240715144529.101634-2-masahiroy%40kernel.org > > > patch subject: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files > > > config: i386-randconfig-004-20240716 (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/config) > > > compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0 > > > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240717/202407170104.dCe5MKsA-lkp@intel.com/reproduce) > > > > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > > > the same patch/commit), kindly add following tags > > > | Reported-by: kernel test robot <lkp@intel.com> > > > | Closes: https://lore.kernel.org/oe-kbuild-all/202407170104.dCe5MKsA-lkp@intel.com/ > > > > > > All errors (new ones prefixed by >>): > > > > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memcpy.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memcmp.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memchr.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy-lit.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.read_overflow2-memmove.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strncpy-src.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memcmp.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.read_overflow-memscan.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-strcpy.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memmove.log.d: No such file or directory > > > -- > > > >> fixdep: error opening file: lib/test_fortify/.write_overflow-memset.log.d: No such file or directory > > > .. > > > > > > > > This issue seems to occur with GCC <=7 > > > > > > $ echo 'void b(void) __attribute__((__error__(""))); void a(void) { > > b(); }' | gcc -Wp,-MMD,test.d -c -o /dev/null -x c - > > > > > > did not create *.d with GCC <= 7. > > > > I do not see the issue with GCC >= 8 or Clang. > > Any idea why this happens here and not for other sources in the tree? Because the logic is opposite. For other locations, you need to write the correct code. When it is compiled successfully, *.d is generated as well. Under lib/test_fortify/, you intentionally incorrect code. GCC emits a compile error, and test_fortify.sh checks the error message. I believe *.d should be still generated unless a pre-processor error occurs. > > One quick solution is to skip the test for GCC <= 7. > > I'd be fine with that -- it is designed to catch regressions/misbehaviours > in newly release compilers so I don't mind dropping checks against older > versions. > > -- > Kees Cook -- Best Regards Masahiro Yamada ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/3] fortify: refactor test_fortify Makefile to fix some build problems 2024-07-15 14:45 [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Masahiro Yamada 2024-07-15 14:45 ` [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files Masahiro Yamada @ 2024-07-15 14:45 ` Masahiro Yamada 2024-07-15 14:45 ` [PATCH 3/3] fortify: move test_fortify.sh to lib/test_fortify/ Masahiro Yamada 2024-07-15 16:07 ` [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Kees Cook 3 siblings, 0 replies; 10+ messages in thread From: Masahiro Yamada @ 2024-07-15 14:45 UTC (permalink / raw) To: Kees Cook, linux-hardening; +Cc: linux-kbuild, linux-kernel, Masahiro Yamada There are some issues in the test_fortify Makefile code. Problem 1: cc-disable-warning invokes compiler dozens of times To see how many times the cc-disable-warning is evaluated, change this code: $(call cc-disable-warning,fortify-source) to: $(call cc-disable-warning,$(shell touch /tmp/fortify-$$$$)fortify-source) Then, build the kernel with CONFIG_FORTIFY_SOURCE=y. You will see a large number of '/tmp/fortify-<PID>' files created: $ ls -1 /tmp/fortify-* | wc 80 80 1600 This means the compiler was invoked 80 times just for checking the -Wno-fortify-source flag support. $(call cc-disable-warning,fortify-source) should be added to a simple variable instead of a recursive variable. Problem 2: do not recompile string.o when the test code is updated The test cases are independent of the kernel. However, when the test code is updated, $(obj)/string.o is rebuilt and vmlinux is relinked due to this dependency: $(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG) always-y is suitable for building the log files. Problem 3: redundant code clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) ... is unneeded because the top Makefile globally cleans *.o files. This commit fixes these issues and makes the code readable. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> --- lib/.gitignore | 2 -- lib/Makefile | 36 +----------------------------------- lib/test_fortify/.gitignore | 2 ++ lib/test_fortify/Makefile | 25 +++++++++++++++++++++++++ 4 files changed, 28 insertions(+), 37 deletions(-) create mode 100644 lib/test_fortify/.gitignore create mode 100644 lib/test_fortify/Makefile diff --git a/lib/.gitignore b/lib/.gitignore index 54596b634ecb..101a4aa92fb5 100644 --- a/lib/.gitignore +++ b/lib/.gitignore @@ -5,5 +5,3 @@ /gen_crc32table /gen_crc64table /oid_registry_data.c -/test_fortify.log -/test_fortify/*.log diff --git a/lib/Makefile b/lib/Makefile index 429b259b5b64..689adbeb6c4c 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -393,38 +393,4 @@ obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o obj-$(CONFIG_FIRMWARE_TABLE) += fw_table.o -# FORTIFY_SOURCE compile-time behavior tests -TEST_FORTIFY_SRCS = $(wildcard $(src)/test_fortify/*-*.c) -TEST_FORTIFY_LOGS = $(patsubst $(src)/%.c, %.log, $(TEST_FORTIFY_SRCS)) -TEST_FORTIFY_LOG = test_fortify.log - -quiet_cmd_test_fortify = TEST $@ - cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ - $< $@ "$(NM)" $(CC) $(c_flags) \ - $(call cc-disable-warning,fortify-source) \ - -DKBUILD_EXTRA_WARN1 - -targets += $(TEST_FORTIFY_LOGS) -clean-files += $(TEST_FORTIFY_LOGS) -clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) -$(obj)/test_fortify/%.log: $(src)/test_fortify/%.c \ - $(srctree)/scripts/test_fortify.sh \ - FORCE - $(call if_changed_dep,test_fortify) - -quiet_cmd_gen_fortify_log = GEN $@ - cmd_gen_fortify_log = cat </dev/null $(filter-out FORCE,$^) 2>/dev/null > $@ || true - -targets += $(TEST_FORTIFY_LOG) -clean-files += $(TEST_FORTIFY_LOG) -$(obj)/$(TEST_FORTIFY_LOG): $(addprefix $(obj)/, $(TEST_FORTIFY_LOGS)) FORCE - $(call if_changed,gen_fortify_log) - -# Fake dependency to trigger the fortify tests. -ifeq ($(CONFIG_FORTIFY_SOURCE),y) -$(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG) -endif - -# Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. -# Pass CFLAGS_KASAN to avoid warnings. -$(foreach x, $(patsubst %.log,%.o,$(TEST_FORTIFY_LOGS)), $(eval KASAN_SANITIZE_$(x) := y)) +subdir-$(CONFIG_FORTIFY_SOURCE) += test_fortify diff --git a/lib/test_fortify/.gitignore b/lib/test_fortify/.gitignore new file mode 100644 index 000000000000..c1ba37d14b50 --- /dev/null +++ b/lib/test_fortify/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +/*.log diff --git a/lib/test_fortify/Makefile b/lib/test_fortify/Makefile new file mode 100644 index 000000000000..8c5bee33ee36 --- /dev/null +++ b/lib/test_fortify/Makefile @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: GPL-2.0 + +ccflags-y := $(call cc-disable-warning,fortify-source) + +quiet_cmd_test_fortify = TEST $@ + cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ + $< $@ "$(NM)" $(CC) $(c_flags) -DKBUILD_EXTRA_WARN1 + +$(obj)/%.log: $(src)/%.c $(srctree)/scripts/test_fortify.sh FORCE + $(call if_changed_dep,test_fortify) + +logs = $(patsubst $(src)/%.c, %.log, $(wildcard $(src)/*-*.c)) +targets += $(logs) + +quiet_cmd_gen_fortify_log = CAT $@ + cmd_gen_fortify_log = cat $(or $(real-prereqs),/dev/null) > $@ + +$(obj)/test_fortify.log: $(addprefix $(obj)/, $(logs)) FORCE + $(call if_changed,gen_fortify_log) + +always-y += test_fortify.log + +# Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. +# Pass CFLAGS_KASAN to avoid warnings. +KASAN_SANITIZE := y -- 2.43.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/3] fortify: move test_fortify.sh to lib/test_fortify/ 2024-07-15 14:45 [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Masahiro Yamada 2024-07-15 14:45 ` [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files Masahiro Yamada 2024-07-15 14:45 ` [PATCH 2/3] fortify: refactor test_fortify Makefile to fix some build problems Masahiro Yamada @ 2024-07-15 14:45 ` Masahiro Yamada 2024-07-15 16:07 ` [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Kees Cook 3 siblings, 0 replies; 10+ messages in thread From: Masahiro Yamada @ 2024-07-15 14:45 UTC (permalink / raw) To: Kees Cook, linux-hardening; +Cc: linux-kbuild, linux-kernel, Masahiro Yamada This script is only used in lib/test_fortify/. There is no reason to keep it in scripts/. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> --- MAINTAINERS | 1 - lib/test_fortify/Makefile | 4 ++-- {scripts => lib/test_fortify}/test_fortify.sh | 0 3 files changed, 2 insertions(+), 3 deletions(-) rename {scripts => lib/test_fortify}/test_fortify.sh (100%) diff --git a/MAINTAINERS b/MAINTAINERS index 958e935449e5..b68386515067 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8598,7 +8598,6 @@ F: include/linux/fortify-string.h F: lib/fortify_kunit.c F: lib/memcpy_kunit.c F: lib/test_fortify/* -F: scripts/test_fortify.sh K: \b__NO_FORTIFY\b FPGA DFL DRIVERS diff --git a/lib/test_fortify/Makefile b/lib/test_fortify/Makefile index 8c5bee33ee36..399cae880e1d 100644 --- a/lib/test_fortify/Makefile +++ b/lib/test_fortify/Makefile @@ -3,10 +3,10 @@ ccflags-y := $(call cc-disable-warning,fortify-source) quiet_cmd_test_fortify = TEST $@ - cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ + cmd_test_fortify = $(CONFIG_SHELL) $(src)/test_fortify.sh \ $< $@ "$(NM)" $(CC) $(c_flags) -DKBUILD_EXTRA_WARN1 -$(obj)/%.log: $(src)/%.c $(srctree)/scripts/test_fortify.sh FORCE +$(obj)/%.log: $(src)/%.c $(src)/test_fortify.sh FORCE $(call if_changed_dep,test_fortify) logs = $(patsubst $(src)/%.c, %.log, $(wildcard $(src)/*-*.c)) diff --git a/scripts/test_fortify.sh b/lib/test_fortify/test_fortify.sh similarity index 100% rename from scripts/test_fortify.sh rename to lib/test_fortify/test_fortify.sh -- 2.43.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 0/3] fortify: fix various issues in test_fortify Makefile 2024-07-15 14:45 [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Masahiro Yamada ` (2 preceding siblings ...) 2024-07-15 14:45 ` [PATCH 3/3] fortify: move test_fortify.sh to lib/test_fortify/ Masahiro Yamada @ 2024-07-15 16:07 ` Kees Cook 2024-07-15 16:38 ` Masahiro Yamada 3 siblings, 1 reply; 10+ messages in thread From: Kees Cook @ 2024-07-15 16:07 UTC (permalink / raw) To: Masahiro Yamada; +Cc: linux-hardening, linux-kbuild, linux-kernel On Mon, Jul 15, 2024 at 11:45:22PM +0900, Masahiro Yamada wrote: > Applicable to v6.10 tag. > > > > Masahiro Yamada (3): > fortify: use if_changed_dep to record header dependency in *.cmd files > fortify: refactor test_fortify Makefile to fix some build problems > fortify: move test_fortify.sh to lib/test_fortify/ Thanks for this improvement! I will take this into the hardening tree after -rc2, unless you would prefer to send this during the merge window based on your tree? (The fix you sent for the v6.10 release means my trees based on -rc2 can't apply this series...) -Kees -- Kees Cook ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/3] fortify: fix various issues in test_fortify Makefile 2024-07-15 16:07 ` [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Kees Cook @ 2024-07-15 16:38 ` Masahiro Yamada 0 siblings, 0 replies; 10+ messages in thread From: Masahiro Yamada @ 2024-07-15 16:38 UTC (permalink / raw) To: Kees Cook; +Cc: linux-hardening, linux-kbuild, linux-kernel On Tue, Jul 16, 2024 at 1:07 AM Kees Cook <kees@kernel.org> wrote: > > On Mon, Jul 15, 2024 at 11:45:22PM +0900, Masahiro Yamada wrote: > > Applicable to v6.10 tag. > > > > > > > > Masahiro Yamada (3): > > fortify: use if_changed_dep to record header dependency in *.cmd files > > fortify: refactor test_fortify Makefile to fix some build problems > > fortify: move test_fortify.sh to lib/test_fortify/ > > Thanks for this improvement! I will take this into the hardening tree > after -rc2, unless you would prefer to send this during the merge window > based on your tree? (The fix you sent for the v6.10 release means my > trees based on -rc2 can't apply this series...) No problem. This patch set is not urgent. > > -Kees > > -- > Kees Cook -- Best Regards Masahiro Yamada ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2024-07-18 4:23 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-07-15 14:45 [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Masahiro Yamada 2024-07-15 14:45 ` [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files Masahiro Yamada 2024-07-16 17:50 ` kernel test robot 2024-07-17 4:46 ` Masahiro Yamada 2024-07-17 22:19 ` Kees Cook 2024-07-18 4:22 ` Masahiro Yamada 2024-07-15 14:45 ` [PATCH 2/3] fortify: refactor test_fortify Makefile to fix some build problems Masahiro Yamada 2024-07-15 14:45 ` [PATCH 3/3] fortify: move test_fortify.sh to lib/test_fortify/ Masahiro Yamada 2024-07-15 16:07 ` [PATCH 0/3] fortify: fix various issues in test_fortify Makefile Kees Cook 2024-07-15 16:38 ` Masahiro Yamada
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox