This is a note to let you know that I've just added the patch titled kunit/fortify: Do not spam logs with fortify WARNs to the 6.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: kunit-fortify-do-not-spam-logs-with-fortify-warns.patch and it can be found in the queue-6.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit d14901a956833589de7f5b08669451ad105944c1 Author: Kees Cook <kees@xxxxxxxxxx> Date: Mon Apr 29 12:43:40 2024 -0700 kunit/fortify: Do not spam logs with fortify WARNs [ Upstream commit 091f79e8de44736a1e677701d67334bba5b749e3 ] When running KUnit fortify tests, we're already doing precise tracking of which warnings are getting hit. Don't fill the logs with WARNs unless we've been explicitly built with DEBUG enabled. Link: https://lore.kernel.org/r/20240429194342.2421639-2-keescook@xxxxxxxxxxxx Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c index fdba0eaf19a59..ad29721b956bc 100644 --- a/lib/fortify_kunit.c +++ b/lib/fortify_kunit.c @@ -15,10 +15,17 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +/* We don't need to fill dmesg with the fortify WARNs during testing. */ +#ifdef DEBUG +# define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x) +#else +# define FORTIFY_REPORT_KUNIT(x...) do { } while (0) +#endif + /* Redefine fortify_panic() to track failures. */ void fortify_add_kunit_error(int write); #define fortify_panic(func, write, avail, size, retfail) do { \ - __fortify_report(FORTIFY_REASON(func, write), avail, size); \ + FORTIFY_REPORT_KUNIT(FORTIFY_REASON(func, write), avail, size); \ fortify_add_kunit_error(write); \ return (retfail); \ } while (0)