Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2139493
commit 818ab43fc56ad978cbb7c0ffdc9a332fd2f23a23
Author: Kees Cook <keescook@chromium.org>
Date: Sun Jan 30 09:59:29 2022 -0800
fortify: Update compile-time tests for Clang 14
Clang 14 introduces support for compiletime_assert(). Update the
compile-time warning regex to catch Clang's variant of the warning text
in preparation for Clang supporting CONFIG_FORTIFY_SOURCE.
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: linux-hardening@vger.kernel.org
Cc: llvm@lists.linux.dev
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/lkml/YfbtQKtpyAM1hHiC@dev-arch.archlinux-ax161
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Josef Oskera <joskera@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2139493
Conflicts: Context conflict because bb95ebbe89a7 has been already backported
commit be58f7103700a68d5c7ca60a2bc0b309907599ab
Author: Kees Cook <keescook@chromium.org>
Date: Tue Apr 20 23:22:52 2021 -0700
fortify: Add compile-time FORTIFY_SOURCE tests
While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.
As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Josef Oskera <joskera@redhat.com>
Josef Oskera