| Message ID | 20230623094223.3742673-1-fberat@redhat.com |
|---|---|
| Headers | show |
| Series | Allow glibc to be built with _FORTIFY_SOURCE | expand |
On 2023-06-23 05:42, Frédéric Bérat wrote: > Hello, > > This patch series introduces a new "--enable-fortify-source" option to glibc > build. This option may either be set to a value between 1 and 3, or left empty > to let configure select the highest value available for the build system. > > The first patch adds the new configure option, the second excludes the routines > that can't be built with the option enabled. > > The next patches are fixing test and compilation errors that arose with > fortification enabled. > > I couldn't test the patch series in all configuration possible on all arches > possible but I ran the following: > > - build-many-glibcs was executed on x86_64, for all arches/variants. This was > mainly done to ensure that installed headers were not broken (as some > patches are modifying system headers) > - The new "enable-fortify-source" variant for BMG got executed on x86_64 > - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64, > s390x, with and without fortification enabled. > Patchwork CI seems to indicate that check-localplt is failing on arm/aarch64. Could you please take a closer look? https://patchwork.sourceware.org/project/glibc/patch/20230623094223.3742673-15-fberat@redhat.com/ Thanks, Sid
On Mon, Jun 26, 2023 at 3:08 PM Siddhesh Poyarekar <siddhesh@gotplt.org> wrote: > > On 2023-06-23 05:42, Frédéric Bérat wrote: > > Hello, > > > > This patch series introduces a new "--enable-fortify-source" option to glibc > > build. This option may either be set to a value between 1 and 3, or left empty > > to let configure select the highest value available for the build system. > > > > The first patch adds the new configure option, the second excludes the routines > > that can't be built with the option enabled. > > > > The next patches are fixing test and compilation errors that arose with > > fortification enabled. > > > > I couldn't test the patch series in all configuration possible on all arches > > possible but I ran the following: > > > > - build-many-glibcs was executed on x86_64, for all arches/variants. This was > > mainly done to ensure that installed headers were not broken (as some > > patches are modifying system headers) > > - The new "enable-fortify-source" variant for BMG got executed on x86_64 > > - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64, > > s390x, with and without fortification enabled. > > > > Patchwork CI seems to indicate that check-localplt is failing on > arm/aarch64. Could you please take a closer look? > > https://patchwork.sourceware.org/project/glibc/patch/20230623094223.3742673-15-fberat@redhat.com/ > Hmm, I'm failing to reproduce these failures ... Any way I could get the elf/check-localplt.out output out of Jenkins ? > Thanks, > Sid >
On Mon, Jun 26, 2023 at 5:28 PM Frederic Berat <fberat@redhat.com> wrote: > On Mon, Jun 26, 2023 at 3:08 PM Siddhesh Poyarekar <siddhesh@gotplt.org> > wrote: > > > > On 2023-06-23 05:42, Frédéric Bérat wrote: > > > Hello, > > > > > > This patch series introduces a new "--enable-fortify-source" option to > glibc > > > build. This option may either be set to a value between 1 and 3, or > left empty > > > to let configure select the highest value available for the build > system. > > > > > > The first patch adds the new configure option, the second excludes the > routines > > > that can't be built with the option enabled. > > > > > > The next patches are fixing test and compilation errors that arose with > > > fortification enabled. > > > > > > I couldn't test the patch series in all configuration possible on all > arches > > > possible but I ran the following: > > > > > > - build-many-glibcs was executed on x86_64, for all arches/variants. > This was > > > mainly done to ensure that installed headers were not broken (as > some > > > patches are modifying system headers) > > > - The new "enable-fortify-source" variant for BMG got executed on > x86_64 > > > - make check and benchtests were executed on x86_64, i686, ppc64le, > aarch64, > > > s390x, with and without fortification enabled. > > > > > > > Patchwork CI seems to indicate that check-localplt is failing on > > arm/aarch64. Could you please take a closer look? > > > > > https://patchwork.sourceware.org/project/glibc/patch/20230623094223.3742673-15-fberat@redhat.com/ > > > > Hmm, I'm failing to reproduce these failures ... Any way I could get > the elf/check-localplt.out output out of Jenkins ? > > Thanks to Maxim Kuvyrkov I could reproduce the problem. I'll send the fixes in v3. > > Thanks, > > Sid > > >
Hello, This patch series introduces a new "--enable-fortify-source" option to glibc build. This option may either be set to a value between 1 and 3, or left empty to let configure select the highest value available for the build system. The first patch adds the new configure option, the second excludes the routines that can't be built with the option enabled. The next patches are fixing test and compilation errors that arose with fortification enabled. I couldn't test the patch series in all configuration possible on all arches possible but I ran the following: - build-many-glibcs was executed on x86_64, for all arches/variants. This was mainly done to ensure that installed headers were not broken (as some patches are modifying system headers) - The new "enable-fortify-source" variant for BMG got executed on x86_64 - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64, s390x, with and without fortification enabled. Fred. Changes since v1: - The patch that introduced the new config option has been split in 2. There is now one patch that allows glibc to be built with fortification and one that adds a new configure option to enable it. The patch adding the configure option has been moved to the end of the series. - A new variant has been added to x86_64 bmg to test enable-fortify-source. - NEWS and INSTALL have been updated. - Patch series has been re-based - Error message has been fixed in newly introduced headers - Include directive has been fixed in newly introduced include/* headers --- Frédéric Bérat (14): Allow glibc to be built with _FORTIFY_SOURCE Exclude routines from fortification sysdeps: Ensure ieee128*_chk routines to be properly named string: Ensure *_chk routines have their hidden builtin definition available stdio: Ensure *_chk routines have their hidden builtin definition available asprintf_chk: Ensure compatibility for both s390x and ppc64le misc/sys/cdefs.h: Create FORTIFY redirects for internal calls wcsmbs/bits/wchar2{,-decl}.h: Avoid PLT entries with _FORTIFY_SOURCE posix/bits/unistd.h: Clearly separate declaration from definitions posix/bits/unistd{,-decl}.h: Avoid PLT entries with _FORTIFY_SOURCE misc/bits/select2.h: Clearly separate declaration from definitions misc/bits/syslog.h: Clearly separate declaration from definition sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Add --enable-fortify-source option INSTALL | 6 + Makeconfig | 35 +++- NEWS | 4 + config.make.in | 3 +- configure | 83 ++++++-- configure.ac | 60 ++++-- debug/Makefile | 12 +- debug/asprintf_chk.c | 16 +- debug/fdelt_chk.c | 2 + debug/fgets_u_chk.c | 1 + debug/fprintf_chk.c | 1 + debug/getdomainname_chk.c | 1 + debug/memcpy_chk.c | 1 + debug/memmove_chk.c | 1 + debug/mempcpy_chk.c | 1 + debug/memset_chk.c | 1 + debug/read_chk.c | 1 + debug/sprintf_chk.c | 1 + debug/stpcpy_chk.c | 1 + debug/wcrtomb_chk.c | 1 + debug/wmemset_chk.c | 1 + elf/rtld-Rules | 2 +- include/bits/select-decl.h | 1 + include/bits/syslog-decl.h | 1 + include/bits/unistd-decl.h | 1 + include/stdio.h | 13 +- include/string.h | 7 + include/sys/cdefs.h | 14 ++ include/sys/select.h | 4 + include/sys/syslog.h | 4 + include/unistd.h | 5 + include/wchar.h | 15 ++ io/Makefile | 16 ++ libio/Makefile | 21 +- login/Makefile | 6 + login/getlogin_r_chk.c | 1 + manual/install.texi | 6 + misc/Makefile | 9 + misc/bits/select-decl.h | 31 +++ misc/bits/select2.h | 6 +- misc/bits/syslog-decl.h | 35 ++++ misc/bits/syslog.h | 10 +- misc/sys/cdefs.h | 8 + misc/syslog.c | 4 +- posix/Makefile | 12 ++ posix/bits/unistd-decl.h | 198 ++++++++++++++++++ posix/bits/unistd.h | 154 +------------- rt/Makefile | 5 + scripts/build-many-glibcs.py | 4 +- setjmp/Makefile | 5 + socket/Makefile | 6 + stdio-common/Makefile | 15 +- stdlib/Makefile | 7 + string/Makefile | 17 ++ sysdeps/i386/i586/memcpy.S | 1 + sysdeps/i386/i586/memset.S | 1 + sysdeps/i386/i686/memcpy.S | 1 + sysdeps/i386/i686/memmove.S | 1 + sysdeps/i386/i686/mempcpy.S | 1 + sysdeps/i386/i686/memset.S | 1 + sysdeps/i386/i686/multiarch/memcpy_chk.c | 4 + sysdeps/i386/i686/multiarch/memmove_chk.c | 4 + sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 + sysdeps/i386/i686/multiarch/memset_chk.c | 5 +- sysdeps/i386/memcpy_chk.S | 1 + sysdeps/i386/memmove_chk.S | 1 + sysdeps/i386/mempcpy_chk.S | 1 + sysdeps/i386/memset_chk.S | 1 + sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++-- .../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-dprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-printf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-syslog.c | 9 +- .../ieee128-vasprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 +- .../ieee128-vfwprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vprintf_chk.c | 4 +- .../ieee128-vsnprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 5 +- .../ieee128-vswprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-wprintf_chk.c | 4 +- .../test-printf-ldbl-compat.c | 10 +- .../test-scanf-ldbl-compat-template.c | 21 +- sysdeps/ieee754/ldbl-opt/Makefile | 29 +++ sysdeps/pthread/Makefile | 4 + sysdeps/unix/sysv/linux/Makefile | 3 + sysdeps/x86_64/memcpy_chk.S | 1 + sysdeps/x86_64/memmove_chk.S | 1 + sysdeps/x86_64/mempcpy_chk.S | 1 + sysdeps/x86_64/memset_chk.S | 1 + sysdeps/x86_64/multiarch/memcpy_chk.c | 4 + sysdeps/x86_64/multiarch/memmove_chk.c | 4 + sysdeps/x86_64/multiarch/mempcpy_chk.c | 4 + sysdeps/x86_64/multiarch/memset_chk.c | 4 + sysdeps/x86_64/multiarch/wmemset_chk.c | 4 + wcsmbs/Makefile | 23 +- wcsmbs/bits/wchar2-decl.h | 4 +- 104 files changed, 895 insertions(+), 293 deletions(-) create mode 100644 include/bits/select-decl.h create mode 100644 include/bits/syslog-decl.h create mode 100644 include/bits/unistd-decl.h create mode 100644 misc/bits/select-decl.h create mode 100644 misc/bits/syslog-decl.h create mode 100644 posix/bits/unistd-decl.h