@@ -411,8 +411,6 @@ struct fortify_padding {
411
411
char buf [32 ];
412
412
unsigned long bytes_after ;
413
413
};
414
- /* Force compiler into not being able to resolve size at compile-time. */
415
- static volatile int unconst ;
416
414
417
415
static void fortify_test_strlen (struct kunit * test )
418
416
{
@@ -537,57 +535,56 @@ static void fortify_test_strncpy(struct kunit *test)
537
535
{
538
536
struct fortify_padding pad = { };
539
537
char src [] = "Copy me fully into a small buffer and I will overflow!" ;
538
+ size_t sizeof_buf = sizeof (pad .buf );
539
+
540
+ OPTIMIZER_HIDE_VAR (sizeof_buf );
540
541
541
542
/* Destination is %NUL-filled to start with. */
542
543
KUNIT_EXPECT_EQ (test , pad .bytes_before , 0 );
543
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
544
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
545
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 3 ], '\0' );
544
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
545
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 2 ], '\0' );
546
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 3 ], '\0' );
546
547
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
547
548
548
549
/* Legitimate strncpy() 1 less than of max size. */
549
- KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src ,
550
- sizeof (pad .buf ) + unconst - 1 )
550
+ KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src , sizeof_buf - 1 )
551
551
== pad .buf );
552
552
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 0 );
553
553
/* Only last byte should be %NUL */
554
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
555
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
556
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 3 ], '\0' );
554
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
555
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
556
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 3 ], '\0' );
557
557
558
558
/* Legitimate (though unterminated) max-size strncpy. */
559
- KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src ,
560
- sizeof (pad .buf ) + unconst )
559
+ KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src , sizeof_buf )
561
560
== pad .buf );
562
561
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 0 );
563
562
/* No trailing %NUL -- thanks strncpy API. */
564
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
565
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
566
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
563
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 1 ], '\0' );
564
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
565
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
567
566
/* But we will not have gone beyond. */
568
567
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
569
568
570
569
/* Now verify that FORTIFY is working... */
571
- KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src ,
572
- sizeof (pad .buf ) + unconst + 1 )
570
+ KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src , sizeof_buf + 1 )
573
571
== pad .buf );
574
572
/* Should catch the overflow. */
575
573
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 1 );
576
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
577
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
578
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
574
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 1 ], '\0' );
575
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
576
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
579
577
/* And we will not have gone beyond. */
580
578
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
581
579
582
580
/* And further... */
583
- KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src ,
584
- sizeof (pad .buf ) + unconst + 2 )
581
+ KUNIT_ASSERT_TRUE (test , strncpy (pad .buf , src , sizeof_buf + 2 )
585
582
== pad .buf );
586
583
/* Should catch the overflow. */
587
584
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 2 );
588
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
589
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
590
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
585
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 1 ], '\0' );
586
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
587
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
591
588
/* And we will not have gone beyond. */
592
589
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
593
590
}
@@ -596,55 +593,56 @@ static void fortify_test_strscpy(struct kunit *test)
596
593
{
597
594
struct fortify_padding pad = { };
598
595
char src [] = "Copy me fully into a small buffer and I will overflow!" ;
596
+ size_t sizeof_buf = sizeof (pad .buf );
597
+ size_t sizeof_src = sizeof (src );
598
+
599
+ OPTIMIZER_HIDE_VAR (sizeof_buf );
600
+ OPTIMIZER_HIDE_VAR (sizeof_src );
599
601
600
602
/* Destination is %NUL-filled to start with. */
601
603
KUNIT_EXPECT_EQ (test , pad .bytes_before , 0 );
602
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
603
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
604
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 3 ], '\0' );
604
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
605
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 2 ], '\0' );
606
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 3 ], '\0' );
605
607
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
606
608
607
609
/* Legitimate strscpy() 1 less than of max size. */
608
- KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src ,
609
- sizeof (pad .buf ) + unconst - 1 ),
610
+ KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src , sizeof_buf - 1 ),
610
611
- E2BIG );
611
612
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 0 );
612
613
/* Keeping space for %NUL, last two bytes should be %NUL */
613
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
614
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
615
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 3 ], '\0' );
614
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
615
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 2 ], '\0' );
616
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 3 ], '\0' );
616
617
617
618
/* Legitimate max-size strscpy. */
618
- KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src ,
619
- sizeof (pad .buf ) + unconst ),
619
+ KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src , sizeof_buf ),
620
620
- E2BIG );
621
621
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 0 );
622
622
/* A trailing %NUL will exist. */
623
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
624
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
625
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
623
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
624
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
625
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
626
626
627
627
/* Now verify that FORTIFY is working... */
628
- KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src ,
629
- sizeof (pad .buf ) + unconst + 1 ),
628
+ KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src , sizeof_buf + 1 ),
630
629
- E2BIG );
631
630
/* Should catch the overflow. */
632
631
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 1 );
633
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
634
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
635
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
632
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
633
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
634
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
636
635
/* And we will not have gone beyond. */
637
636
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
638
637
639
638
/* And much further... */
640
- KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src ,
641
- sizeof (src ) * 2 + unconst ),
639
+ KUNIT_ASSERT_EQ (test , strscpy (pad .buf , src , sizeof_src * 2 ),
642
640
- E2BIG );
643
641
/* Should catch the overflow. */
644
642
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 2 );
645
- KUNIT_EXPECT_EQ (test , pad .buf [sizeof ( pad . buf ) - 1 ], '\0' );
646
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
647
- KUNIT_EXPECT_NE (test , pad .buf [sizeof ( pad . buf ) - 2 ], '\0' );
643
+ KUNIT_EXPECT_EQ (test , pad .buf [sizeof_buf - 1 ], '\0' );
644
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
645
+ KUNIT_EXPECT_NE (test , pad .buf [sizeof_buf - 2 ], '\0' );
648
646
/* And we will not have gone beyond. */
649
647
KUNIT_EXPECT_EQ (test , pad .bytes_after , 0 );
650
648
}
@@ -784,7 +782,9 @@ static void fortify_test_strlcat(struct kunit *test)
784
782
struct fortify_padding pad = { };
785
783
char src [sizeof (pad .buf )] = { };
786
784
int i , partial ;
787
- int len = sizeof (pad .buf ) + unconst ;
785
+ int len = sizeof (pad .buf );
786
+
787
+ OPTIMIZER_HIDE_VAR (len );
788
788
789
789
/* Fill 15 bytes with valid characters. */
790
790
partial = sizeof (src ) / 2 - 1 ;
@@ -874,28 +874,32 @@ struct fortify_zero_sized {
874
874
#define __fortify_test (memfunc ) \
875
875
static void fortify_test_##memfunc(struct kunit *test) \
876
876
{ \
877
- struct fortify_zero_sized zero = { }; \
877
+ struct fortify_zero_sized empty = { }; \
878
878
struct fortify_padding pad = { }; \
879
879
char srcA[sizeof(pad.buf) + 2]; \
880
880
char srcB[sizeof(pad.buf) + 2]; \
881
- size_t len = sizeof(pad.buf) + unconst; \
881
+ size_t len = sizeof(pad.buf); \
882
+ size_t zero = 0; \
883
+ \
884
+ OPTIMIZER_HIDE_VAR(len); \
885
+ OPTIMIZER_HIDE_VAR(zero); \
882
886
\
883
887
memset(srcA, 'A', sizeof(srcA)); \
884
888
KUNIT_ASSERT_EQ(test, srcA[0], 'A'); \
885
889
memset(srcB, 'B', sizeof(srcB)); \
886
890
KUNIT_ASSERT_EQ(test, srcB[0], 'B'); \
887
891
\
888
- memfunc(pad.buf, srcA, 0 + unconst); \
892
+ memfunc(pad.buf, srcA, zero); \
889
893
KUNIT_EXPECT_EQ(test, pad.buf[0], '\0'); \
890
894
KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \
891
895
KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \
892
- memfunc(pad.buf + 1, srcB, 1 + unconst); \
896
+ memfunc(pad.buf + 1, srcB, zero + 1); \
893
897
KUNIT_EXPECT_EQ(test, pad.buf[0], '\0'); \
894
898
KUNIT_EXPECT_EQ(test, pad.buf[1], 'B'); \
895
899
KUNIT_EXPECT_EQ(test, pad.buf[2], '\0'); \
896
900
KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \
897
901
KUNIT_EXPECT_EQ(test, fortify_write_overflows, 0); \
898
- memfunc(pad.buf, srcA, 1 + unconst ); \
902
+ memfunc(pad.buf, srcA, zero + 1 ); \
899
903
KUNIT_EXPECT_EQ(test, pad.buf[0], 'A'); \
900
904
KUNIT_EXPECT_EQ(test, pad.buf[1], 'B'); \
901
905
KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0); \
@@ -921,10 +925,10 @@ static void fortify_test_##memfunc(struct kunit *test) \
921
925
/* Reset error counter. */ \
922
926
fortify_write_overflows = 0 ; \
923
927
/* Copy nothing into nothing: no errors. */ \
924
- memfunc (zero .buf , srcB , 0 + unconst ); \
928
+ memfunc (empty .buf , srcB , zero ); \
925
929
KUNIT_EXPECT_EQ (test , fortify_read_overflows , 0 ); \
926
930
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 0 ); \
927
- memfunc (zero .buf , srcB , 1 + unconst ); \
931
+ memfunc (empty .buf , srcB , zero + 1 ); \
928
932
KUNIT_EXPECT_EQ (test , fortify_read_overflows , 0 ); \
929
933
KUNIT_EXPECT_EQ (test , fortify_write_overflows , 1 ); \
930
934
}
@@ -936,7 +940,9 @@ static void fortify_test_memscan(struct kunit *test)
936
940
char haystack [] = "Where oh where is my memory range?" ;
937
941
char * mem = haystack + strlen ("Where oh where is " );
938
942
char needle = 'm' ;
939
- size_t len = sizeof (haystack ) + unconst ;
943
+ size_t len = sizeof (haystack );
944
+
945
+ OPTIMIZER_HIDE_VAR (len );
940
946
941
947
KUNIT_ASSERT_PTR_EQ (test , memscan (haystack , needle , len ),
942
948
mem );
@@ -955,7 +961,9 @@ static void fortify_test_memchr(struct kunit *test)
955
961
char haystack [] = "Where oh where is my memory range?" ;
956
962
char * mem = haystack + strlen ("Where oh where is " );
957
963
char needle = 'm' ;
958
- size_t len = sizeof (haystack ) + unconst ;
964
+ size_t len = sizeof (haystack );
965
+
966
+ OPTIMIZER_HIDE_VAR (len );
959
967
960
968
KUNIT_ASSERT_PTR_EQ (test , memchr (haystack , needle , len ),
961
969
mem );
@@ -974,7 +982,9 @@ static void fortify_test_memchr_inv(struct kunit *test)
974
982
char haystack [] = "Where oh where is my memory range?" ;
975
983
char * mem = haystack + 1 ;
976
984
char needle = 'W' ;
977
- size_t len = sizeof (haystack ) + unconst ;
985
+ size_t len = sizeof (haystack );
986
+
987
+ OPTIMIZER_HIDE_VAR (len );
978
988
979
989
/* Normal search is okay. */
980
990
KUNIT_ASSERT_PTR_EQ (test , memchr_inv (haystack , needle , len ),
@@ -993,8 +1003,11 @@ static void fortify_test_memcmp(struct kunit *test)
993
1003
{
994
1004
char one [] = "My mind is going ..." ;
995
1005
char two [] = "My mind is going ... I can feel it." ;
996
- size_t one_len = sizeof (one ) + unconst - 1 ;
997
- size_t two_len = sizeof (two ) + unconst - 1 ;
1006
+ size_t one_len = sizeof (one ) - 1 ;
1007
+ size_t two_len = sizeof (two ) - 1 ;
1008
+
1009
+ OPTIMIZER_HIDE_VAR (one_len );
1010
+ OPTIMIZER_HIDE_VAR (two_len );
998
1011
999
1012
/* We match the first string (ignoring the %NUL). */
1000
1013
KUNIT_ASSERT_EQ (test , memcmp (one , two , one_len ), 0 );
@@ -1015,7 +1028,9 @@ static void fortify_test_kmemdup(struct kunit *test)
1015
1028
{
1016
1029
char src [] = "I got Doom running on it!" ;
1017
1030
char * copy ;
1018
- size_t len = sizeof (src ) + unconst ;
1031
+ size_t len = sizeof (src );
1032
+
1033
+ OPTIMIZER_HIDE_VAR (len );
1019
1034
1020
1035
/* Copy is within bounds. */
1021
1036
copy = kmemdup (src , len , GFP_KERNEL );
0 commit comments