lkdtm/fortify: Drop unneeded FORTIFY_STR_OBJECT test

The str* family of fortified functions all use member-sized limits
for a while now, so the FORTIFY_STR_OBJECT test is redundant to
FORTIFY_STR_MEMBER. While here, replace the strncpy() use with strscpy(),
as strncpy() is being removed.

Link: https://patch.msgid.link/20260324020726.work.624-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/drivers/misc/lkdtm/fortify.c b/drivers/misc/lkdtm/fortify.c
index 00ed2147113e69c9a267400d366268adaebc436c..7615a02dfc477ae7fb185ce6801ced2c78c1e823 100644 (file)
--- a/drivers/misc/lkdtm/fortify.c
+++ b/drivers/misc/lkdtm/fortify.c
@@ -10,30 +10,6 @@
 
 static volatile int fortify_scratch_space;
 
-static void lkdtm_FORTIFY_STR_OBJECT(void)
-{
-       struct target {
-               char a[10];
-               int foo;
-       } target[3] = {};
-       /*
-        * Using volatile prevents the compiler from determining the value of
-        * 'size' at compile time. Without that, we would get a compile error
-        * rather than a runtime error.
-        */
-       volatile int size = 20;
-
-       pr_info("trying to strcmp() past the end of a struct\n");
-
-       strncpy(target[0].a, target[1].a, size);
-
-       /* Store result to global to prevent the code from being eliminated */
-       fortify_scratch_space = target[0].a[3];
-
-       pr_err("FAIL: fortify did not block a strncpy() object write overflow!\n");
-       pr_expected_config(CONFIG_FORTIFY_SOURCE);
-}
-
 static void lkdtm_FORTIFY_STR_MEMBER(void)
 {
        struct target {
@@ -47,22 +23,23 @@ static void lkdtm_FORTIFY_STR_MEMBER(void)
        if (!src)
                return;
 
+       /* 15 bytes: past end of a[] but not target. */
        strscpy(src, "over ten bytes", size);
        size = strlen(src) + 1;
 
-       pr_info("trying to strncpy() past the end of a struct member...\n");
+       pr_info("trying to strscpy() past the end of a struct member...\n");
 
        /*
-        * strncpy(target.a, src, 20); will hit a compile error because the
-        * compiler knows at build time that target.a < 20 bytes. Use a
+        * strscpy(target.a, src, 15); will hit a compile error because the
+        * compiler knows at build time that target.a < 15 bytes. Use a
         * volatile to force a runtime error.
         */
-       strncpy(target.a, src, size);
+       strscpy(target.a, src, size);
 
        /* Store result to global to prevent the code from being eliminated */
        fortify_scratch_space = target.a[3];
 
-       pr_err("FAIL: fortify did not block a strncpy() struct member write overflow!\n");
+       pr_err("FAIL: fortify did not block a strscpy() struct member write overflow!\n");
        pr_expected_config(CONFIG_FORTIFY_SOURCE);
 
        kfree(src);
@@ -210,7 +187,6 @@ static void lkdtm_FORTIFY_STRSCPY(void)
 }
 
 static struct crashtype crashtypes[] = {
-       CRASHTYPE(FORTIFY_STR_OBJECT),
        CRASHTYPE(FORTIFY_STR_MEMBER),
        CRASHTYPE(FORTIFY_MEM_OBJECT),
        CRASHTYPE(FORTIFY_MEM_MEMBER),

diff --git a/tools/testing/selftests/lkdtm/tests.txt b/tools/testing/selftests/lkdtm/tests.txt
index e62b85b591be58e8b2b3a86d009ac49b04d989e2..3245032db34d32434e01fdaaf922d6c34d775130 100644 (file)
--- a/tools/testing/selftests/lkdtm/tests.txt
+++ b/tools/testing/selftests/lkdtm/tests.txt
@@ -82,7 +82,6 @@ STACKLEAK_ERASING OK: the rest of the thread stack is properly erased
 CFI_FORWARD_PROTO
 CFI_BACKWARD call trace:|ok: control flow unchanged
 FORTIFY_STRSCPY detected buffer overflow
-FORTIFY_STR_OBJECT detected buffer overflow
 FORTIFY_STR_MEMBER detected buffer overflow
 FORTIFY_MEM_OBJECT detected buffer overflow
 FORTIFY_MEM_MEMBER detected field-spanning write