diff options
| author | Kees Cook <keescook@chromium.org> | 2021-04-21 09:22:52 +0300 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2021-10-18 22:28:52 +0300 |
| commit | be58f7103700a68d5c7ca60a2bc0b309907599ab (patch) | |
| tree | d9caaca50a2c98c6458372fac636bee254b1da9e /MAINTAINERS | |
| parent | 3009f891bb9f328945ebd5b71e12df7e2467f3dd (diff) | |
| download | linux-be58f7103700a68d5c7ca60a2bc0b309907599ab.tar.xz | |
fortify: Add compile-time FORTIFY_SOURCE tests
While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.
As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'MAINTAINERS')
| -rw-r--r-- | MAINTAINERS | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index ca6d6fde85cf..6f4b97dff7ad 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -7323,6 +7323,15 @@ L: netdev@vger.kernel.org S: Maintained F: drivers/net/ethernet/nvidia/* +FORTIFY_SOURCE +M: Kees Cook <keescook@chromium.org> +L: linux-hardening@vger.kernel.org +S: Supported +F: include/linux/fortify-string.h +F: lib/test_fortify/* +F: scripts/test_fortify.sh +K: \b__NO_FORTIFY\b + FPGA DFL DRIVERS M: Wu Hao <hao.wu@intel.com> R: Tom Rix <trix@redhat.com> |