[v2,00/10] fortify: Add KUnit tests for runtime overflows

Message ID	20230407191904.gonna.522-kees@kernel.org (mailing list archive)
Headers	show Return-Path: <linux-hardening-owner@vger.kernel.org> From: Kees Cook <keescook@chromium.org> To: linux-hardening@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>, "Andy Shevchenko" <andy@kernel.org>, "Cezary Rojewski" <cezary.rojewski@intel.com>, "Puyou Lu" <puyou.lu@gmail.com>, "Mark Brown" <broonie@kernel.org>, "Josh Poimboeuf" <jpoimboe@kernel.org>, "Peter Zijlstra" <peterz@infradead.org>, "Brendan Higgins" <brendan.higgins@linux.dev>, "David Gow" <davidgow@google.com>, Andrew Morton <akpm@linux-foundation.org>, "Nathan Chancellor" <nathan@kernel.org>, "Alexander Potapenko" <glider@google.com>, "Zhaoyang Huang" <zhaoyang.huang@unisoc.com>, "Randy Dunlap" <rdunlap@infradead.org>, "Geert Uytterhoeven" <geert+renesas@glider.be>, "Miguel Ojeda" <ojeda@kernel.org>, Alexander Lobakin <aleksander.lobakin@intel.com>, "Nick Desaulniers" <ndesaulniers@google.com>, "Liam Howlett" <liam.howlett@oracle.com>, "Vlastimil Babka" <vbabka@suse.cz>, "Dan Williams" <dan.j.williams@intel.com>, "Rasmus Villemoes" <linux@rasmusvillemoes.dk>, "Yury Norov" <yury.norov@gmail.com>, "Jason A. Donenfeld" <Jason@zx2c4.com>, "Sander Vanheule" <sander@svanheule.net>, "Eric Biggers" <ebiggers@google.com>, "Masami Hiramatsu (Google)" <mhiramat@kernel.org>, "Andrey Konovalov" <andreyknvl@gmail.com>, "Linus Walleij" <linus.walleij@linaro.org>, "Daniel Latypov" <dlatypov@google.com>, =?utf-8?b?Sm9zw6kgRXhww7NzaXRv?= <jose.exposito89@gmail.com>, linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com Subject: [PATCH v2 00/10] fortify: Add KUnit tests for runtime overflows Date: Fri, 7 Apr 2023 12:27:06 -0700 Message-Id: <20230407191904.gonna.522-kees@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	fortify: Add KUnit tests for runtime overflows \| expand [v2,00/10] fortify: Add KUnit tests for runtime overflows [v2,01/10] kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML [v2,02/10] fortify: Allow KUnit test to build without FORTIFY [v2,03/10] string: Add Kunit tests for strcat() family [v2,04/10] fortify: Use const variables for __member_size tracking [v2,05/10] fortify: Add protection for strlcat() [v2,06/10] fortify: strcat: Move definition to use fortified strlcat() [v2,07/10] fortify: Split reporting and avoid passing string pointer [v2,08/10] fortify: Provide KUnit counters for failure testing [v2,09/10] fortify: Add KUnit tests for runtime overflows [v2,10/10] fortify: Improve buffer overflow reporting

Message ID

20230407191904.gonna.522-kees@kernel.org (mailing list archive)

Headers

From: Kees Cook <keescook@chromium.org>
To: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>, "Andy Shevchenko" <andy@kernel.org>,
 "Cezary Rojewski" <cezary.rojewski@intel.com>,
 "Puyou Lu" <puyou.lu@gmail.com>, "Mark Brown" <broonie@kernel.org>,
 "Josh Poimboeuf" <jpoimboe@kernel.org>,
 "Peter Zijlstra" <peterz@infradead.org>,
 "Brendan Higgins" <brendan.higgins@linux.dev>,
 "David Gow" <davidgow@google.com>, Andrew Morton <akpm@linux-foundation.org>,
 "Nathan Chancellor" <nathan@kernel.org>,
 "Alexander Potapenko" <glider@google.com>,
 "Zhaoyang Huang" <zhaoyang.huang@unisoc.com>,
 "Randy Dunlap" <rdunlap@infradead.org>,
 "Geert Uytterhoeven" <geert+renesas@glider.be>,
 "Miguel Ojeda" <ojeda@kernel.org>,
 Alexander Lobakin <aleksander.lobakin@intel.com>,
 "Nick Desaulniers" <ndesaulniers@google.com>,
 "Liam Howlett" <liam.howlett@oracle.com>, "Vlastimil Babka" <vbabka@suse.cz>,
 "Dan Williams" <dan.j.williams@intel.com>,
 "Rasmus Villemoes" <linux@rasmusvillemoes.dk>,
 "Yury Norov" <yury.norov@gmail.com>, "Jason A. Donenfeld" <Jason@zx2c4.com>,
 "Sander Vanheule" <sander@svanheule.net>,
 "Eric Biggers" <ebiggers@google.com>,
 "Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
 "Andrey Konovalov" <andreyknvl@gmail.com>,
 "Linus Walleij" <linus.walleij@linaro.org>,
 "Daniel Latypov" <dlatypov@google.com>,
 =?utf-8?b?Sm9zw6kgRXhww7NzaXRv?= <jose.exposito89@gmail.com>,
 linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com
Subject: [PATCH v2 00/10] fortify: Add KUnit tests for runtime overflows
Date: Fri,  7 Apr 2023 12:27:06 -0700
Message-Id: <20230407191904.gonna.522-kees@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

fortify: Add KUnit tests for runtime overflows | expand

Message

Kees Cook April 7, 2023, 7:27 p.m. UTC

Hi,

This series adds KUnit tests for the CONFIG_FORTIFY_SOURCE behavior of the
standard C string functions, and for the strcat() family of functions,
as those were updated during refactoring. Finally, fortification error
messages are improved to give more context for the failure condition.

-Kees

v2:
- fix From/SoB
- strcat: force non-const length arguments (lkp)
- fix x86 and arm fortify_panic prototypes (lkp)
- move test-skip to init function (dlatypov)
- constify p_size, q_size everywhere (miguel)
- enum-ify, string-ify, bit-ify function name passing (aleksander & andy)
v1: https://lore.kernel.org/lkml/20230405235832.never.487-kees@kernel.org/

Kees Cook (10):
  kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML
  fortify: Allow KUnit test to build without FORTIFY
  string: Add Kunit tests for strcat() family
  fortify: Use const variables for __member_size tracking
  fortify: Add protection for strlcat()
  fortify: strcat: Move definition to use fortified strlcat()
  fortify: Split reporting and avoid passing string pointer
  fortify: Provide KUnit counters for failure testing
  fortify: Add KUnit tests for runtime overflows
  fortify: Improve buffer overflow reporting

 MAINTAINERS                                  |   1 +
 arch/arm/boot/compressed/misc.c              |   2 +-
 arch/x86/boot/compressed/misc.c              |   2 +-
 include/linux/fortify-string.h               | 257 +++++--
 lib/Kconfig.debug                            |   7 +-
 lib/Makefile                                 |   1 +
 lib/fortify_kunit.c                          | 731 +++++++++++++++++++
 lib/strcat_kunit.c                           | 104 +++
 lib/string_helpers.c                         |  26 +-
 tools/objtool/check.c                        |   2 +-
 tools/testing/kunit/configs/all_tests.config |   2 +
 tools/testing/kunit/configs/arch_uml.config  |   3 +
 12 files changed, 1059 insertions(+), 79 deletions(-)
 create mode 100644 lib/strcat_kunit.c