[PATCH 2/3] kunit/fortify: Do not spam logs with fortify WARNs
From: Kees Cook
Date: Mon Apr 29 2024 - 15:43:50 EST
When running KUnit fortify tests, we're already doing precise tracking
of which warnings are getting hit. Don't fill the logs with WARNs unless
we've been explicitly built with DEBUG enabled.
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
Cc: linux-hardening@xxxxxxxxxxxxxxx
---
lib/fortify_kunit.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c
index 6f9a86c94538..bbbfc2238aa9 100644
--- a/lib/fortify_kunit.c
+++ b/lib/fortify_kunit.c
@@ -15,10 +15,17 @@
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+/* We don't need to fill dmesg with the fortify WARNs during testing. */
+#ifdef DEBUG
+# define FORTIFY_REPORT_KUNIT(x...) __fortify_report(x)
+#else
+# define FORTIFY_REPORT_KUNIT(x...) do { } while (0)
+#endif
+
/* Redefine fortify_panic() to track failures. */
void fortify_add_kunit_error(int write);
#define fortify_panic(func, write, avail, size, retfail) do { \
- __fortify_report(FORTIFY_REASON(func, write), avail, size); \
+ FORTIFY_REPORT_KUNIT(FORTIFY_REASON(func, write), avail, size); \
fortify_add_kunit_error(write); \
return (retfail); \
} while (0)
--
2.34.1