From patchwork Sat Dec 19 06:33:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1418630 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=libc-alpha-bounces@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=sourceware.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=wUZPeD/r; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CybYJ009Vz9sTg for ; Sat, 19 Dec 2020 17:34:11 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6BF98393D033; Sat, 19 Dec 2020 06:34:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6BF98393D033 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1608359648; bh=W5BGBT8t+cTz4GGrCY7Z1IKKcSI6N4P2a0mKrdBWBH4=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=wUZPeD/rrUYq3Tc+d2879xCKHS89yqniuzrAqhy4KaFCsiJdVcgdzLCNZT7i4ccss YmcH+2Qi6LIJjE/UlqJc6iARnfZO6nCZQ2Iv1t6PkcaQ0gi4oG2GIwydmtvo69Qhgs sytxRY7NIXgmZFGxtiUyAajg1Wlm78LwkW7wjHsk= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from quail.birch.relay.mailchannels.net (quail.birch.relay.mailchannels.net [23.83.209.151]) by sourceware.org (Postfix) with ESMTPS id 0AF0F385801A for ; Sat, 19 Dec 2020 06:34:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0AF0F385801A X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DBD08542313; Sat, 19 Dec 2020 06:34:02 +0000 (UTC) Received: from pdx1-sub0-mail-a78.g.dreamhost.com (100-98-64-116.trex.outbound.svc.cluster.local [100.98.64.116]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id E2E565422BD; Sat, 19 Dec 2020 06:34:01 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a78.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.11); Sat, 19 Dec 2020 06:34:02 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Cure-Fearful: 76d2f02465919b86_1608359642199_3135976961 X-MC-Loop-Signature: 1608359642199:921127651 X-MC-Ingress-Time: 1608359642199 Received: from pdx1-sub0-mail-a78.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a78.g.dreamhost.com (Postfix) with ESMTP id 982077E449; Fri, 18 Dec 2020 22:34:01 -0800 (PST) Received: from rhbox.intra.reserved-bit.com (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a78.g.dreamhost.com (Postfix) with ESMTPSA id 3CF287E48E; Fri, 18 Dec 2020 22:33:57 -0800 (PST) X-DH-BACKEND: pdx1-sub0-mail-a78 To: libc-alpha@sourceware.org Subject: [PATCH v6 0/2] _FORTIFY_SOURCE=3 Date: Sat, 19 Dec 2020 12:03:12 +0530 Message-Id: <20201219063314.1409576-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-Spam-Status: No, score=1.9 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Cc: fweimer@redhat.com, jakub@redhat.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This patchset implements a new fortification level, _FORTIFY_SOURCE=3. This level allows size information to be dynamic, which may potentially have a noticeable performance impact. It uses the __builtin_dynamic_object_size builtin available in clang to expand coverage of fortifications at the expense of some performance. Patch 1/2 implements the base support and support for functions that have builtins of string functions. Additionally, the patch also describes the use case and tradeoffs. Patch 2/2 adds support for non-string functions that are fortification-ready for levels 1 and 2. Testing: The glibc testsuite doesn't directly support clang at the moment, so having tests in the glibc source tree is pointless as long as gcc does not have support for __builtin_dynamic_object_size. There is a separate project on GitHub called fortify-test-suite[1] that houses fortification tests and is capable of testing multiple levels of fortification with multiple compilers. I have proposed a PR[2] to add support for _FORTIFY_SOURCE=3 and have verified my changes with those tests. Those tests run clean for clang when run with these changes and PR[2] and they fail at level 3 for gcc, as expected. [1] https://github.com/serge-sans-paille/fortify-test-suite [2] https://github.com/serge-sans-paille/fortify-test-suite/pull/9 Changes from previous series: - Adopted Paul Eggert's macro soup because it has better texture while retaining the flavour. Siddhesh Poyarekar (2): string: _FORTIFY_SOURCE=3 using __builtin_dynamic_object_size nonstring: _FORTIFY_SOURCE=3 using __builtin_dynamic_object_size NEWS | 6 ++ include/features.h | 8 ++ include/string.h | 5 +- io/bits/poll2.h | 16 ++-- libio/bits/stdio.h | 2 +- libio/bits/stdio2.h | 53 ++++++------- manual/creature.texi | 3 +- misc/sys/cdefs.h | 9 +++ posix/bits/unistd.h | 112 ++++++++++++++------------- socket/bits/socket2.h | 18 ++--- stdlib/bits/stdlib.h | 37 ++++----- string/bits/string_fortified.h | 22 +++--- string/bits/strings_fortified.h | 4 +- wcsmbs/bits/wchar2.h | 131 ++++++++++++++++---------------- 14 files changed, 230 insertions(+), 196 deletions(-)