From fa4a3f86d4982b603865ccb97dde82f0ae1e3302 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Fri, 7 Apr 2023 12:27:15 -0700
Subject: fortify: Add KUnit tests for runtime overflows

With fortify overflows able to be redirected, we can use KUnit to
exercise the overflow conditions. Add tests for every API covered by
CONFIG_FORTIFY_SOURCE, except for memset() and memcpy(), which are
special-cased for now.

Disable warnings in the Makefile since we're explicitly testing
known-bad string handling code patterns.

Note that this makes the LKDTM FORTIFY_STR* tests obsolete, but those
can be removed separately.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 lib/Makefile | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/Makefile')

diff --git a/lib/Makefile b/lib/Makefile
index bc36a5c167db..eae87c41b22b 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -402,6 +402,8 @@ obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow_kunit.o
 CFLAGS_stackinit_kunit.o += $(call cc-disable-warning, switch-unreachable)
 obj-$(CONFIG_STACKINIT_KUNIT_TEST) += stackinit_kunit.o
 CFLAGS_fortify_kunit.o += $(call cc-disable-warning, unsequenced)
+CFLAGS_fortify_kunit.o += $(call cc-disable-warning, stringop-overread)
+CFLAGS_fortify_kunit.o += $(call cc-disable-warning, stringop-truncation)
 CFLAGS_fortify_kunit.o += $(DISABLE_STRUCTLEAK_PLUGIN)
 obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fortify_kunit.o
 obj-$(CONFIG_STRCAT_KUNIT_TEST) += strcat_kunit.o
-- 
cgit v1.2.3