From patchwork Mon Jul 15 14:45:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 13733583 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 339F218EFF4; Mon, 15 Jul 2024 14:45:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721054739; cv=none; b=YkGNPcDM5rWzTeli23+q1Derva6DwevmFBoDjhGpLOEPD4DQaxPtDWkwOBeuzA+e6SrMavOmfw2ycpTHUvT+PZVXQadVnAlMcojek+Elo67S9ywQBOfuUtarjmA2aIO01DhPFgcHMWZdiS80Iw+xXA+AN9l5gAUnDXepmgWg7u8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721054739; c=relaxed/simple; bh=uENVxCzbhu/T3G6xZkCmbtIfX6OdbYhATRVi52swhfw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WUMkI2AzZZfd03Maeb+B89HXVEcQSJrYMa5gm9rSXX/GE7W9ydcw4R2B+wfZYKGQvHGBHBqShD/N8R+XqrC6CEiu+Lm67gSpLUywlf2PRYAEnhaw3N0Xp79fRWn7Ha/m9S0HeJaaCA0sfN9WLVkHwrWouPr3uD9QtO5kU4XLXhM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YiGPMb2l; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YiGPMb2l" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 04CC9C4AF0E; Mon, 15 Jul 2024 14:45:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721054739; bh=uENVxCzbhu/T3G6xZkCmbtIfX6OdbYhATRVi52swhfw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YiGPMb2lk+ivb/0sq8TQnKJcEO3BqgZmuwYirEmG/HRziAZ8xIGRql9jt1yjdOw3V qG7ELJ7Ac4i0zAlCeFWf36wKBybvdXxETcvqemC7WEX7443M8s+UWQCvJJ9f9RI4lo cYNizWmWFZPed8AHylfVHZY+DtbZKkwJBcrutM7WqK0YFAdlPNN/UaQH3ZT9a+Z28x Z2WvliExKd9oBXNTRlu1X46z+eoKjrCEg71cjmyTIxJ3JdN4LpS8zUKbzKZiKraJlW uWFadBIgnrg1Y2Cpc+6Qezh914JX/jDyMiSZfccvnPmbFpt4WoOMbLxLJA+Ifakpwz p/DxyS5cMvS5A== From: Masahiro Yamada To: Kees Cook , linux-hardening@vger.kernel.org Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Masahiro Yamada Subject: [PATCH 1/3] fortify: use if_changed_dep to record header dependency in *.cmd files Date: Mon, 15 Jul 2024 23:45:23 +0900 Message-ID: <20240715144529.101634-2-masahiroy@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240715144529.101634-1-masahiroy@kernel.org> References: <20240715144529.101634-1-masahiroy@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 After building with CONFIG_FORTIFY_SOURCE=y, many .*.d files are left in lib/test_fortify/ because the compiler outputs header dependencies into *.d without fixdep being invoked. When compiling C files, if_changed_dep should be used so that the auto-generated header dependencies are recorded in .*.cmd files. Currently, if_changed is incorrectly used, and only two headers are hard-coded in lib/Makefile. Signed-off-by: Masahiro Yamada --- lib/Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 30337431d10e..429b259b5b64 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -408,11 +408,9 @@ targets += $(TEST_FORTIFY_LOGS) clean-files += $(TEST_FORTIFY_LOGS) clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) $(obj)/test_fortify/%.log: $(src)/test_fortify/%.c \ - $(src)/test_fortify/test_fortify.h \ - $(srctree)/include/linux/fortify-string.h \ $(srctree)/scripts/test_fortify.sh \ FORCE - $(call if_changed,test_fortify) + $(call if_changed_dep,test_fortify) quiet_cmd_gen_fortify_log = GEN $@ cmd_gen_fortify_log = cat /dev/null > $@ || true From patchwork Mon Jul 15 14:45:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 13733584 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03F5218F2EE; Mon, 15 Jul 2024 14:45:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721054741; cv=none; b=HjA3oVhKPpUG/iWS3s1OgERZizrUt+7RJ6dhvQAmxrEUs//XHqnmYHvdBYrtg1D7eUkjRgtT27ol6IG+vfTMoEYZE53xTn4EXIQvgAwQPg8kMIblDVv0oQQWfMmIoAm2mHxRWD60ouzP+fes6MGZfgsuFuQ6vvglvKIgeCq1CiM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721054741; c=relaxed/simple; bh=I1UKVVzTnNKGlxUmplZAsSSIQ8883iIB3GCT7nIEdKM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gsXuVRhAHXvhSJBjAdwx+Nm04T7nRLQIXT/6ngEtqwWiLax6W/SpZsTDiePC5M8t7adNc+7fNnhNBQmJ/q1K+8fnV0kCA89gQN2TVQwzJibGr7rbBe9chfTm0bo8wQwAkvOuuiFCijX9bHPg7lTDOCundZVGaS753BoH/v2S5BM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CDj0UG7M; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CDj0UG7M" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 879F6C4AF0D; Mon, 15 Jul 2024 14:45:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721054740; bh=I1UKVVzTnNKGlxUmplZAsSSIQ8883iIB3GCT7nIEdKM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CDj0UG7MClDGkxtKpABt17Xl/QcJqOPXSh+I5BXR5aFhJblhpO/MWFdHKKUhYkYce T13cRkvY4SqwGLT+OgLJ7pShkkIN37Fp88TiSIWVzsYCpMqe+98efWa1L303Xxh0LA Ti8P1N5Hh0LVpyOez97iBqyFQtjit54mrR75aGbzS2vvX4/VN1Y4TYYQxB+mpDX52M C6S8vBk6w+eTLBqBL1saX8/ehld3mrKAmpO85gjqjZugOsmN5rA6yfrwuFLSsvdjnS GEbUNvNNp85tpOxuoZ0shILsPvpQWNleJdXuasz67odiQ4zbiJHK+3ci7md053GB0z 11TAu/2w4Ne+Q== From: Masahiro Yamada To: Kees Cook , linux-hardening@vger.kernel.org Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Masahiro Yamada Subject: [PATCH 2/3] fortify: refactor test_fortify Makefile to fix some build problems Date: Mon, 15 Jul 2024 23:45:24 +0900 Message-ID: <20240715144529.101634-3-masahiroy@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240715144529.101634-1-masahiroy@kernel.org> References: <20240715144529.101634-1-masahiroy@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 There are some issues in the test_fortify Makefile code. Problem 1: cc-disable-warning invokes compiler dozens of times To see how many times the cc-disable-warning is evaluated, change this code: $(call cc-disable-warning,fortify-source) to: $(call cc-disable-warning,$(shell touch /tmp/fortify-$$$$)fortify-source) Then, build the kernel with CONFIG_FORTIFY_SOURCE=y. You will see a large number of '/tmp/fortify-' files created: $ ls -1 /tmp/fortify-* | wc 80 80 1600 This means the compiler was invoked 80 times just for checking the -Wno-fortify-source flag support. $(call cc-disable-warning,fortify-source) should be added to a simple variable instead of a recursive variable. Problem 2: do not recompile string.o when the test code is updated The test cases are independent of the kernel. However, when the test code is updated, $(obj)/string.o is rebuilt and vmlinux is relinked due to this dependency: $(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG) always-y is suitable for building the log files. Problem 3: redundant code clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) ... is unneeded because the top Makefile globally cleans *.o files. This commit fixes these issues and makes the code readable. Signed-off-by: Masahiro Yamada --- lib/.gitignore | 2 -- lib/Makefile | 36 +----------------------------------- lib/test_fortify/.gitignore | 2 ++ lib/test_fortify/Makefile | 25 +++++++++++++++++++++++++ 4 files changed, 28 insertions(+), 37 deletions(-) create mode 100644 lib/test_fortify/.gitignore create mode 100644 lib/test_fortify/Makefile diff --git a/lib/.gitignore b/lib/.gitignore index 54596b634ecb..101a4aa92fb5 100644 --- a/lib/.gitignore +++ b/lib/.gitignore @@ -5,5 +5,3 @@ /gen_crc32table /gen_crc64table /oid_registry_data.c -/test_fortify.log -/test_fortify/*.log diff --git a/lib/Makefile b/lib/Makefile index 429b259b5b64..689adbeb6c4c 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -393,38 +393,4 @@ obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o obj-$(CONFIG_FIRMWARE_TABLE) += fw_table.o -# FORTIFY_SOURCE compile-time behavior tests -TEST_FORTIFY_SRCS = $(wildcard $(src)/test_fortify/*-*.c) -TEST_FORTIFY_LOGS = $(patsubst $(src)/%.c, %.log, $(TEST_FORTIFY_SRCS)) -TEST_FORTIFY_LOG = test_fortify.log - -quiet_cmd_test_fortify = TEST $@ - cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ - $< $@ "$(NM)" $(CC) $(c_flags) \ - $(call cc-disable-warning,fortify-source) \ - -DKBUILD_EXTRA_WARN1 - -targets += $(TEST_FORTIFY_LOGS) -clean-files += $(TEST_FORTIFY_LOGS) -clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) -$(obj)/test_fortify/%.log: $(src)/test_fortify/%.c \ - $(srctree)/scripts/test_fortify.sh \ - FORCE - $(call if_changed_dep,test_fortify) - -quiet_cmd_gen_fortify_log = GEN $@ - cmd_gen_fortify_log = cat /dev/null > $@ || true - -targets += $(TEST_FORTIFY_LOG) -clean-files += $(TEST_FORTIFY_LOG) -$(obj)/$(TEST_FORTIFY_LOG): $(addprefix $(obj)/, $(TEST_FORTIFY_LOGS)) FORCE - $(call if_changed,gen_fortify_log) - -# Fake dependency to trigger the fortify tests. -ifeq ($(CONFIG_FORTIFY_SOURCE),y) -$(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG) -endif - -# Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. -# Pass CFLAGS_KASAN to avoid warnings. -$(foreach x, $(patsubst %.log,%.o,$(TEST_FORTIFY_LOGS)), $(eval KASAN_SANITIZE_$(x) := y)) +subdir-$(CONFIG_FORTIFY_SOURCE) += test_fortify diff --git a/lib/test_fortify/.gitignore b/lib/test_fortify/.gitignore new file mode 100644 index 000000000000..c1ba37d14b50 --- /dev/null +++ b/lib/test_fortify/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +/*.log diff --git a/lib/test_fortify/Makefile b/lib/test_fortify/Makefile new file mode 100644 index 000000000000..8c5bee33ee36 --- /dev/null +++ b/lib/test_fortify/Makefile @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: GPL-2.0 + +ccflags-y := $(call cc-disable-warning,fortify-source) + +quiet_cmd_test_fortify = TEST $@ + cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ + $< $@ "$(NM)" $(CC) $(c_flags) -DKBUILD_EXTRA_WARN1 + +$(obj)/%.log: $(src)/%.c $(srctree)/scripts/test_fortify.sh FORCE + $(call if_changed_dep,test_fortify) + +logs = $(patsubst $(src)/%.c, %.log, $(wildcard $(src)/*-*.c)) +targets += $(logs) + +quiet_cmd_gen_fortify_log = CAT $@ + cmd_gen_fortify_log = cat $(or $(real-prereqs),/dev/null) > $@ + +$(obj)/test_fortify.log: $(addprefix $(obj)/, $(logs)) FORCE + $(call if_changed,gen_fortify_log) + +always-y += test_fortify.log + +# Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. +# Pass CFLAGS_KASAN to avoid warnings. +KASAN_SANITIZE := y From patchwork Mon Jul 15 14:45:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 13733585 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C765918FC8E; Mon, 15 Jul 2024 14:45:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721054742; cv=none; b=bqbSSt2d7KRFCuJA+1XrUNJ7TA8+Hxba9hBz9JvvY8LjpKr34joZbZBoJhmu8onoTwkadiipirPPIu4O2IglDENnbmu1u8XVatVmwn2wVdMEnUksan89j0b70A3VQETWrplOHTBo+6iMafibh2KokrOQeF5QbWI6TXEcgxY8nb4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721054742; c=relaxed/simple; bh=CY/27VOkhPKonvdN87CUpf65BRX4NvWvGVsHrmGrR7U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IKvb7mCiHBukTci5TF3ednNBcOw6a9/051AXkrnD1jjJWdXYta4CuwM/EQcV/egIk1Nahoc2QQzvpVP6X9XIj4ZkvhN9nfbyGH22cZa1p/Ixikd9uaXk0V/jxDxoNkt8QO19t2OUlJ+qp4xprpIynSplfsZ1OIZS/R5Pg4cKhOg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hL+S6mpJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hL+S6mpJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61273C4AF0A; Mon, 15 Jul 2024 14:45:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721054742; bh=CY/27VOkhPKonvdN87CUpf65BRX4NvWvGVsHrmGrR7U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hL+S6mpJlqpHSlAk8N9n2p+oaka/wLkFCLC1f/8YbfbkzgI/poBj1+zIKB9MT2eYi M5RDvGZ9T7D9uPxOH/7ohJeLj/is6yWbPhKd4bFDLb/QuDHg+ODaWN4sa1ncPXthey SGlbOBW9NJmtslb30QKgoFySd9aAaNtd1Ehb6/EsobFPSEowkBP2OWVXwM0iX+sKtf SdQErmaPCnY1ke+s/Oz6Z4ObuYAmFrgyGxPmCDYEA1FF6GNf/WYNjcDSB/Ql4WpHjF ROK2FPpTK+IqpKYKW3mwmQRZtTXDMsG18KojZS2KDhMxTnnO7W5rJ3EdhBgCJYHd5c fvn5fAXCEXTDw== From: Masahiro Yamada To: Kees Cook , linux-hardening@vger.kernel.org Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Masahiro Yamada Subject: [PATCH 3/3] fortify: move test_fortify.sh to lib/test_fortify/ Date: Mon, 15 Jul 2024 23:45:25 +0900 Message-ID: <20240715144529.101634-4-masahiroy@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240715144529.101634-1-masahiroy@kernel.org> References: <20240715144529.101634-1-masahiroy@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This script is only used in lib/test_fortify/. There is no reason to keep it in scripts/. Signed-off-by: Masahiro Yamada --- MAINTAINERS | 1 - lib/test_fortify/Makefile | 4 ++-- {scripts => lib/test_fortify}/test_fortify.sh | 0 3 files changed, 2 insertions(+), 3 deletions(-) rename {scripts => lib/test_fortify}/test_fortify.sh (100%) diff --git a/MAINTAINERS b/MAINTAINERS index 958e935449e5..b68386515067 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8598,7 +8598,6 @@ F: include/linux/fortify-string.h F: lib/fortify_kunit.c F: lib/memcpy_kunit.c F: lib/test_fortify/* -F: scripts/test_fortify.sh K: \b__NO_FORTIFY\b FPGA DFL DRIVERS diff --git a/lib/test_fortify/Makefile b/lib/test_fortify/Makefile index 8c5bee33ee36..399cae880e1d 100644 --- a/lib/test_fortify/Makefile +++ b/lib/test_fortify/Makefile @@ -3,10 +3,10 @@ ccflags-y := $(call cc-disable-warning,fortify-source) quiet_cmd_test_fortify = TEST $@ - cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ + cmd_test_fortify = $(CONFIG_SHELL) $(src)/test_fortify.sh \ $< $@ "$(NM)" $(CC) $(c_flags) -DKBUILD_EXTRA_WARN1 -$(obj)/%.log: $(src)/%.c $(srctree)/scripts/test_fortify.sh FORCE +$(obj)/%.log: $(src)/%.c $(src)/test_fortify.sh FORCE $(call if_changed_dep,test_fortify) logs = $(patsubst $(src)/%.c, %.log, $(wildcard $(src)/*-*.c)) diff --git a/scripts/test_fortify.sh b/lib/test_fortify/test_fortify.sh similarity index 100% rename from scripts/test_fortify.sh rename to lib/test_fortify/test_fortify.sh