linux.git/scripts/test_fortify.sh, branch v6.6.132 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git fortify: Update compile-time tests for Clang 14 2022-02-14T00:50:06+00:00 Kees Cook keescook@chromium.org 2022-01-30T17:59:29+00:00 818ab43fc56ad978cbb7c0ffdc9a332fd2f23a23 Clang 14 introduces support for compiletime_assert(). Update the compile-time warning regex to catch Clang's variant of the warning text in preparation for Clang supporting CONFIG_FORTIFY_SOURCE. Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: linux-hardening@vger.kernel.org Cc: llvm@lists.linux.dev Reviewed-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/lkml/YfbtQKtpyAM1hHiC@dev-arch.archlinux-ax161 Signed-off-by: Kees Cook <keescook@chromium.org> 
Clang 14 introduces support for compiletime_assert(). Update the
compile-time warning regex to catch Clang's variant of the warning text
in preparation for Clang supporting CONFIG_FORTIFY_SOURCE.

Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: linux-hardening@vger.kernel.org
Cc: llvm@lists.linux.dev
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/lkml/YfbtQKtpyAM1hHiC@dev-arch.archlinux-ax161
Signed-off-by: Kees Cook <keescook@chromium.org>
fortify: Add compile-time FORTIFY_SOURCE tests 2021-10-18T19:28:52+00:00 Kees Cook keescook@chromium.org 2021-04-21T06:22:52+00:00 be58f7103700a68d5c7ca60a2bc0b309907599ab While the run-time testing of FORTIFY_SOURCE is already present in LKDTM, there is no testing of the expected compile-time detections. In preparation for correctly supporting FORTIFY_SOURCE under Clang, adding additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE doesn't silently regress with GCC, introduce a build-time test suite that checks each expected compile-time failure condition. As this is relatively backwards from standard build rules in the sense that a successful test is actually a compile _failure_, create a wrapper script to check for the correct errors, and wire it up as a dummy dependency to lib/string.o, collecting the results into a log file artifact. Signed-off-by: Kees Cook <keescook@chromium.org> 
While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.

As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.

Signed-off-by: Kees Cook <keescook@chromium.org>