tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

fortify: refactor test_fortify Makefile to fix some build problems

There are some issues in the test_fortify Makefile code.

Problem 1: cc-disable-warning invokes compiler dozens of times

To see how many times the cc-disable-warning is evaluated, change
this code:

$(call cc-disable-warning,fortify-source)

to:

$(call cc-disable-warning,$(shell touch /tmp/fortify-$$$$)fortify-source)

Then, build the kernel with CONFIG_FORTIFY_SOURCE=y. You will see a
large number of '/tmp/fortify-<PID>' files created:

$ ls -1 /tmp/fortify-* | wc
80 80 1600

This means the compiler was invoked 80 times just for checking the
-Wno-fortify-source flag support.

$(call cc-disable-warning,fortify-source) should be added to a simple
variable instead of a recursive variable.

Problem 2: do not recompile string.o when the test code is updated

The test cases are independent of the kernel. However, when the test
code is updated, $(obj)/string.o is rebuilt and vmlinux is relinked
due to this dependency:

$(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG)

always-y is suitable for building the log files.

Problem 3: redundant code

clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS))

... is unneeded because the top Makefile globally cleans *.o files.

This commit fixes these issues and makes the code readable.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20240727150302.1823750-2-masahiroy@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>

authored by

Masahiro Yamada and committed by
Kees Cook 4e9903b0 de9c2c66

+33 -39
-2
lib/.gitignore
··· 5 5 /gen_crc32table 6 6 /gen_crc64table 7 7 /oid_registry_data.c 8 - /test_fortify.log 9 - /test_fortify/*.log
+1 -37
lib/Makefile
··· 393 393 394 394 obj-$(CONFIG_FIRMWARE_TABLE) += fw_table.o 395 395 396 - # FORTIFY_SOURCE compile-time behavior tests 397 - TEST_FORTIFY_SRCS = $(wildcard $(src)/test_fortify/*-*.c) 398 - TEST_FORTIFY_LOGS = $(patsubst $(src)/%.c, %.log, $(TEST_FORTIFY_SRCS)) 399 - TEST_FORTIFY_LOG = test_fortify.log 400 - 401 - quiet_cmd_test_fortify = TEST $@ 402 - cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ 403 - $< $@ "$(NM)" $(CC) $(c_flags) \ 404 - $(call cc-disable-warning,fortify-source) \ 405 - -DKBUILD_EXTRA_WARN1 406 - 407 - targets += $(TEST_FORTIFY_LOGS) 408 - clean-files += $(TEST_FORTIFY_LOGS) 409 - clean-files += $(addsuffix .o, $(TEST_FORTIFY_LOGS)) 410 - $(obj)/test_fortify/%.log: $(src)/test_fortify/%.c \ 411 - $(src)/test_fortify/test_fortify.h \ 412 - $(srctree)/include/linux/fortify-string.h \ 413 - $(srctree)/scripts/test_fortify.sh \ 414 - FORCE 415 - $(call if_changed,test_fortify) 416 - 417 - quiet_cmd_gen_fortify_log = GEN $@ 418 - cmd_gen_fortify_log = cat </dev/null $(filter-out FORCE,$^) 2>/dev/null > $@ || true 419 - 420 - targets += $(TEST_FORTIFY_LOG) 421 - clean-files += $(TEST_FORTIFY_LOG) 422 - $(obj)/$(TEST_FORTIFY_LOG): $(addprefix $(obj)/, $(TEST_FORTIFY_LOGS)) FORCE 423 - $(call if_changed,gen_fortify_log) 424 - 425 - # Fake dependency to trigger the fortify tests. 426 - ifeq ($(CONFIG_FORTIFY_SOURCE),y) 427 - $(obj)/string.o: $(obj)/$(TEST_FORTIFY_LOG) 428 - endif 429 - 430 - # Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. 431 - # Pass CFLAGS_KASAN to avoid warnings. 432 - $(foreach x, $(patsubst %.log,%.o,$(TEST_FORTIFY_LOGS)), $(eval KASAN_SANITIZE_$(x) := y)) 396 + subdir-$(CONFIG_FORTIFY_SOURCE) += test_fortify
+2
lib/test_fortify/.gitignore
··· 1 + # SPDX-License-Identifier: GPL-2.0-only 2 + /*.log
+28
lib/test_fortify/Makefile
··· 1 + # SPDX-License-Identifier: GPL-2.0 2 + 3 + ccflags-y := $(call cc-disable-warning,fortify-source) 4 + 5 + quiet_cmd_test_fortify = TEST $@ 6 + cmd_test_fortify = $(CONFIG_SHELL) $(srctree)/scripts/test_fortify.sh \ 7 + $< $@ "$(NM)" $(CC) $(c_flags) -DKBUILD_EXTRA_WARN1 8 + 9 + $(obj)/%.log: $(src)/%.c $(srctree)/scripts/test_fortify.sh \ 10 + $(src)/test_fortify.h \ 11 + $(srctree)/include/linux/fortify-string.h \ 12 + FORCE 13 + $(call if_changed,test_fortify) 14 + 15 + logs = $(patsubst $(src)/%.c, %.log, $(wildcard $(src)/*-*.c)) 16 + targets += $(logs) 17 + 18 + quiet_cmd_gen_fortify_log = CAT $@ 19 + cmd_gen_fortify_log = cat $(or $(real-prereqs),/dev/null) > $@ 20 + 21 + $(obj)/test_fortify.log: $(addprefix $(obj)/, $(logs)) FORCE 22 + $(call if_changed,gen_fortify_log) 23 + 24 + always-y += test_fortify.log 25 + 26 + # Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. 27 + # Pass CFLAGS_KASAN to avoid warnings. 28 + KASAN_SANITIZE := y
+2
scripts/remove-stale-files
··· 21 21 # then will be really dead and removed from the code base entirely. 22 22 23 23 rm -f *.spec 24 + 25 + rm -f lib/test_fortify.log