This is a note to let you know that I've just added the patch titled
kunit/fortify: Do not spam logs with fortify WARNs
to the 6.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kunit-fortify-do-not-spam-logs-with-fortify-warns.patch
and it can be found in the queue-6.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit d14901a956833589de7f5b08669451ad105944c1
Author: Kees Cook <kees@xxxxxxxxxx>
Date: Mon Apr 29 12:43:40 2024 -0700
kunit/fortify: Do not spam logs with fortify WARNs
[ Upstream commit 091f79e8de44736a1e677701d67334bba5b749e3 ]
When running KUnit fortify tests, we're already doing precise tracking
of which warnings are getting hit. Don't fill the logs with WARNs unless
we've been explicitly built with DEBUG enabled.
Link: https://lore.kernel.org/r/20240429194342.2421639-2-keescook@xxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c
index fdba0eaf19a59..ad29721b956bc 100644
--- a/lib/fortify_kunit.c
+++ b/lib/fortify_kunit.c
@@ -15,10 +15,17 @@
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+/* We don't need to fill dmesg with the fortify WARNs during testing. */
+#ifdef DEBUG
+# define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x)
+#else
+# define FORTIFY_REPORT_KUNIT(x...) do { } while (0)
+#endif
+
/* Redefine fortify_panic() to track failures. */
void fortify_add_kunit_error(int write);
#define fortify_panic(func, write, avail, size, retfail) do { \
- __fortify_report(FORTIFY_REASON(func, write), avail, size); \
+ FORTIFY_REPORT_KUNIT(FORTIFY_REASON(func, write), avail, size); \
fortify_add_kunit_error(write); \
return (retfail); \
} while (0)
