]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 722beaa) | patch
fortify: Add compile-time FORTIFY_SOURCE tests
authorKees Cook <keescook@chromium.org>
Wed, 21 Apr 2021 06:22:52 +0000 (23:22 -0700)
committerKees Cook <keescook@chromium.org>
Thu, 26 Aug 2021 02:53:56 +0000 (19:53 -0700)
commitd8a5a0cf6d910a49dab6c884e06ff7236175e8d4
treef6ed97ae91009a2d917cc236599970b7aef14337tree
parent722beaa2426326d0673c89992524deb0f7971a8ecommit | diff
fortify: Add compile-time FORTIFY_SOURCE tests

While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.

As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.

Signed-off-by: Kees Cook <keescook@chromium.org>
22 files changed:
MAINTAINERS diff | blob | history
lib/.gitignore diff | blob | history
lib/Makefile diff | blob | history
lib/test_fortify/read_overflow-memchr.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow-memchr_inv.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow-memcmp.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow-memscan.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow2-memcmp.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow2-memcpy.c [new file with mode: 0644] blob
lib/test_fortify/read_overflow2-memmove.c [new file with mode: 0644] blob
lib/test_fortify/test_fortify.h [new file with mode: 0644] blob
lib/test_fortify/write_overflow-memcpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-memmove.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-memset.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strcpy-lit.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strcpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strlcpy-src.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strlcpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strncpy-src.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strncpy.c [new file with mode: 0644] blob
lib/test_fortify/write_overflow-strscpy.c [new file with mode: 0644] blob
scripts/test_fortify.sh [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.