[0/9] fortify: Add KUnit tests for runtime overflows

Message ID	20230405235832.never.487-kees@kernel.org (mailing list archive)
Headers	show Return-Path: <linux-hardening-owner@vger.kernel.org> From: Kees Cook <keescook@chromium.org> To: linux-hardening@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, Andy Shevchenko <andy@kernel.org>, Cezary Rojewski <cezary.rojewski@intel.com>, Puyou Lu <puyou.lu@gmail.com>, Mark Brown <broonie@kernel.org>, Josh Poimboeuf <jpoimboe@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Brendan Higgins <brendan.higgins@linux.dev>, David Gow <davidgow@google.com>, Andrew Morton <akpm@linux-foundation.org>, Nathan Chancellor <nathan@kernel.org>, Alexander Potapenko <glider@google.com>, Zhaoyang Huang <zhaoyang.huang@unisoc.com>, Randy Dunlap <rdunlap@infradead.org>, Geert Uytterhoeven <geert+renesas@glider.be>, Miguel Ojeda <ojeda@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Liam Howlett <liam.howlett@oracle.com>, Vlastimil Babka <vbabka@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, Yury Norov <yury.norov@gmail.com>, "Jason A. Donenfeld" <Jason@zx2c4.com>, Sander Vanheule <sander@svanheule.net>, Eric Biggers <ebiggers@google.com>, "Masami Hiramatsu (Google)" <mhiramat@kernel.org>, Andrey Konovalov <andreyknvl@gmail.com>, Linus Walleij <linus.walleij@linaro.org>, Daniel Latypov <dlatypov@google.com>, =?utf-8?b?Sm9zw6kgRXhww7NzaXRv?= <jose.exposito89@gmail.com>, linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com Subject: [PATCH 0/9] fortify: Add KUnit tests for runtime overflows Date: Wed, 5 Apr 2023 17:01:59 -0700 Message-Id: <20230405235832.never.487-kees@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	fortify: Add KUnit tests for runtime overflows \| expand [0/9] fortify: Add KUnit tests for runtime overflows [1/9] kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML [2/9] fortify: Allow KUnit test to build without FORTIFY [3/9] string: Add Kunit tests for strcat() family [4/9] fortify: Add protection for strlcat() [5/9] fortify: strcat: Move definition to use fortified strlcat() [6/9] fortify: Split reporting and avoid passing string pointer [7/9] fortify: Provide KUnit counters for failure testing [8/9] fortify: Add KUnit tests for runtime overflows [9/9] fortify: Improve buffer overflow reporting

Message ID

20230405235832.never.487-kees@kernel.org (mailing list archive)

Headers

From: Kees Cook <keescook@chromium.org>
To: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>, Andy Shevchenko <andy@kernel.org>,
 Cezary Rojewski <cezary.rojewski@intel.com>, Puyou Lu <puyou.lu@gmail.com>,
 Mark Brown <broonie@kernel.org>, Josh Poimboeuf <jpoimboe@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>,
 Brendan Higgins <brendan.higgins@linux.dev>, David Gow <davidgow@google.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Nathan Chancellor <nathan@kernel.org>,
 Alexander Potapenko <glider@google.com>,
 Zhaoyang Huang <zhaoyang.huang@unisoc.com>,
 Randy Dunlap <rdunlap@infradead.org>,
 Geert Uytterhoeven <geert+renesas@glider.be>,
 Miguel Ojeda <ojeda@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>,
 Liam Howlett <liam.howlett@oracle.com>, Vlastimil Babka <vbabka@suse.cz>,
 Dan Williams <dan.j.williams@intel.com>,
 Rasmus Villemoes <linux@rasmusvillemoes.dk>,
 Yury Norov <yury.norov@gmail.com>, "Jason A. Donenfeld" <Jason@zx2c4.com>,
 Sander Vanheule <sander@svanheule.net>, Eric Biggers <ebiggers@google.com>,
 "Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
 Andrey Konovalov <andreyknvl@gmail.com>,
 Linus Walleij <linus.walleij@linaro.org>,
 Daniel Latypov <dlatypov@google.com>,
 =?utf-8?b?Sm9zw6kgRXhww7NzaXRv?= <jose.exposito89@gmail.com>,
 linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com
Subject: [PATCH 0/9] fortify: Add KUnit tests for runtime overflows
Date: Wed,  5 Apr 2023 17:01:59 -0700
Message-Id: <20230405235832.never.487-kees@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

fortify: Add KUnit tests for runtime overflows | expand

Message

Kees Cook April 6, 2023, 12:01 a.m. UTC

Hi,

This series adds KUnit tests for the CONFIG_FORTIFY_SOURCE behavior of the
standard C string functions, and for the strcat() family of functions,
as those were updated during refactoring. Finally, fortification error
messages are improved to give more context for the failure condition.

-Kees

Kees Cook (9):
  kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML
  fortify: Allow KUnit test to build without FORTIFY
  string: Add Kunit tests for strcat() family
  fortify: Add protection for strlcat()
  fortify: strcat: Move definition to use fortified strlcat()
  fortify: Split reporting and avoid passing string pointer
  fortify: Provide KUnit counters for failure testing
  fortify: Add KUnit tests for runtime overflows
  fortify: Improve buffer overflow reporting

 MAINTAINERS                                  |   1 +
 include/linux/fortify-string.h               | 204 +++--
 lib/Kconfig.debug                            |   7 +-
 lib/Makefile                                 |   1 +
 lib/fortify_kunit.c                          | 795 +++++++++++++++++++
 lib/strcat_kunit.c                           | 100 +++
 lib/string_helpers.c                         |  74 +-
 tools/objtool/check.c                        |   2 +-
 tools/testing/kunit/configs/all_tests.config |   2 +
 tools/testing/kunit/configs/arch_uml.config  |   3 +
 10 files changed, 1133 insertions(+), 56 deletions(-)
 create mode 100644 lib/strcat_kunit.c