diff options
author | Kees Cook <keescook@chromium.org> | 2021-04-20 23:22:52 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2021-10-18 12:28:52 -0700 |
commit | be58f7103700a68d5c7ca60a2bc0b309907599ab (patch) | |
tree | d9caaca50a2c98c6458372fac636bee254b1da9e /lib/test_fortify/test_fortify.h | |
parent | fortify: Allow strlen() and strnlen() to pass compile-time known lengths (diff) | |
download | linux-be58f7103700a68d5c7ca60a2bc0b309907599ab.tar.gz linux-be58f7103700a68d5c7ca60a2bc0b309907599ab.tar.bz2 linux-be58f7103700a68d5c7ca60a2bc0b309907599ab.zip |
fortify: Add compile-time FORTIFY_SOURCE tests
While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.
As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'lib/test_fortify/test_fortify.h')
-rw-r--r-- | lib/test_fortify/test_fortify.h | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/lib/test_fortify/test_fortify.h b/lib/test_fortify/test_fortify.h new file mode 100644 index 000000000000..d22664fff197 --- /dev/null +++ b/lib/test_fortify/test_fortify.h @@ -0,0 +1,35 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#include <linux/kernel.h> +#include <linux/printk.h> +#include <linux/slab.h> +#include <linux/string.h> + +void do_fortify_tests(void); + +#define __BUF_SMALL 16 +#define __BUF_LARGE 32 +struct fortify_object { + int a; + char buf[__BUF_SMALL]; + int c; +}; + +#define LITERAL_SMALL "AAAAAAAAAAAAAAA" +#define LITERAL_LARGE "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +const char small_src[__BUF_SMALL] = LITERAL_SMALL; +const char large_src[__BUF_LARGE] = LITERAL_LARGE; + +char small[__BUF_SMALL]; +char large[__BUF_LARGE]; +struct fortify_object instance; +size_t size; + +void do_fortify_tests(void) +{ + /* Normal initializations. */ + memset(&instance, 0x32, sizeof(instance)); + memset(small, 0xA5, sizeof(small)); + memset(large, 0x5A, sizeof(large)); + + TEST; +} |