lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 7 Apr 2023 16:42:27 -0700
From:   Nick Desaulniers <ndesaulniers@...gle.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     linux-hardening@...r.kernel.org, Andy Shevchenko <andy@...nel.org>,
        Cezary Rojewski <cezary.rojewski@...el.com>,
        Puyou Lu <puyou.lu@...il.com>, Mark Brown <broonie@...nel.org>,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Brendan Higgins <brendan.higgins@...ux.dev>,
        David Gow <davidgow@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Alexander Potapenko <glider@...gle.com>,
        Zhaoyang Huang <zhaoyang.huang@...soc.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Miguel Ojeda <ojeda@...nel.org>,
        Alexander Lobakin <aleksander.lobakin@...el.com>,
        Liam Howlett <liam.howlett@...cle.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Yury Norov <yury.norov@...il.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Sander Vanheule <sander@...nheule.net>,
        Eric Biggers <ebiggers@...gle.com>,
        "Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
        Andrey Konovalov <andreyknvl@...il.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        Daniel Latypov <dlatypov@...gle.com>,
        José Expósito <jose.exposito89@...il.com>,
        linux-kernel@...r.kernel.org, kunit-dev@...glegroups.com
Subject: Re: [PATCH v2 01/10] kunit: tool: Enable CONFIG_FORTIFY_SOURCE under UML

On Fri, Apr 7, 2023 at 4:33 PM Nick Desaulniers <ndesaulniers@...gle.com> wrote:
>
> On Fri, Apr 7, 2023 at 12:27 PM Kees Cook <keescook@...omium.org> wrote:
> >
> > Since commit ba38961a069b ("um: Enable FORTIFY_SOURCE"), it's possible
> > to run the FORTIFY tests under UML. Enable CONFIG_FORTIFY_SOURCE when
> > running with --altests to gain additional coverage, and by default under
>
> two L's in alltest?

Also, while testing this series:
```
$ LLVM=1 ./tools/testing/kunit/kunit.py run
...
[16:40:09] ================== fortify (24 subtests) ===================
[16:40:09] [PASSED] known_sizes_test
[16:40:09] [PASSED] control_flow_split_test
[16:40:09] [PASSED] alloc_size_kmalloc_const_test
[16:40:09]     # alloc_size_kmalloc_dynamic_test: EXPECTATION FAILED
at lib/fortify_kunit.c:249
[16:40:09]     Expected __builtin_dynamic_object_size(p, 1) == expected, but
[16:40:09]         __builtin_dynamic_object_size(p, 1) == -1
(0xffffffffffffffff)
[16:40:09]         expected == 11 (0xb)
[16:40:09] __alloc_size() not working with __bdos on kmemdup("hello
there", len, gfp)
[16:40:09] [FAILED] alloc_size_kmalloc_dynamic_test
[16:40:09] [PASSED] alloc_size_vmalloc_const_test
[16:40:09] [PASSED] alloc_size_vmalloc_dynamic_test
[16:40:09] [PASSED] alloc_size_kvmalloc_const_test
[16:40:09] [PASSED] alloc_size_kvmalloc_dynamic_test
[16:40:09] [PASSED] alloc_size_devm_kmalloc_const_test
[16:40:09] [PASSED] alloc_size_devm_kmalloc_dynamic_test
[16:40:09] [PASSED] strlen_test
[16:40:09] [PASSED] strnlen_test
[16:40:09] [PASSED] strcpy_test
[16:40:09] [PASSED] strncpy_test
[16:40:09] [PASSED] strlcpy_test
[16:40:09] [PASSED] strscpy_test
[16:40:09] [PASSED] strcat_test
[16:40:09] [PASSED] strncat_test
[16:40:09] [PASSED] strlcat_test
[16:40:09] [PASSED] memscan_test
[16:40:09] [PASSED] memchr_test
[16:40:09] [PASSED] memchr_inv_test
[16:40:09] [PASSED] memcmp_test
[16:40:09] [PASSED] kmemdup_test
[16:40:09] # fortify: pass:23 fail:1 skip:0 total:24
[16:40:09] # Totals: pass:23 fail:1 skip:0 total:24
[16:40:09] ===================== [FAILED] fortify =====================
```
It would be cool to understand that failure in BDOS BEFORE turning on
these tests by default.

>
> > UML.
> >
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> > ---
> >  tools/testing/kunit/configs/all_tests.config | 2 ++
> >  tools/testing/kunit/configs/arch_uml.config  | 3 +++
> >  2 files changed, 5 insertions(+)
> >
> > diff --git a/tools/testing/kunit/configs/all_tests.config b/tools/testing/kunit/configs/all_tests.config
> > index f990cbb73250..0393940c706a 100644
> > --- a/tools/testing/kunit/configs/all_tests.config
> > +++ b/tools/testing/kunit/configs/all_tests.config
> > @@ -9,6 +9,8 @@ CONFIG_KUNIT=y
> >  CONFIG_KUNIT_EXAMPLE_TEST=y
> >  CONFIG_KUNIT_ALL_TESTS=y
> >
> > +CONFIG_FORTIFY_SOURCE=y
> > +
> >  CONFIG_IIO=y
> >
> >  CONFIG_EXT4_FS=y
> > diff --git a/tools/testing/kunit/configs/arch_uml.config b/tools/testing/kunit/configs/arch_uml.config
> > index e824ce43b05a..54ad8972681a 100644
> > --- a/tools/testing/kunit/configs/arch_uml.config
> > +++ b/tools/testing/kunit/configs/arch_uml.config
> > @@ -3,3 +3,6 @@
> >  # Enable virtio/pci, as a lot of tests require it.
> >  CONFIG_VIRTIO_UML=y
> >  CONFIG_UML_PCI_OVER_VIRTIO=y
> > +
> > +# Enable FORTIFY_SOURCE for wider checking.
> > +CONFIG_FORTIFY_SOURCE=y
> > --
> > 2.34.1
> >
>
>
> --
> Thanks,
> ~Nick Desaulniers



-- 
Thanks,
~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ