From patchwork Wed Jul 5 14:10:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Frederic Berat X-Patchwork-Id: 1803714 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=nd9YCvDs; dkim-atps=neutral Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qx1mf181Gz20ZQ for ; Thu, 6 Jul 2023 00:11:29 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 284E23856951 for ; Wed, 5 Jul 2023 14:11:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 284E23856951 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1688566287; bh=q7Z9k/nYKCH3VFohFvCzwvWiXHqq/IeqIwpfYRvZodo=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=nd9YCvDsC+gSGReVH4jfT6TjzGu++hvNcoMD1hmkagIo+m1jfXzjU348zgTAawUhy jUvjFllSv8joSci6KlSaLfODZJOo1HS93twRoFhpatweblVTgQKuWR14zWRugSJ2+k +Xjx3lQXnunGvye3qX/dJ867u3bTRbaPYi0eLP8k= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 9FFDE3858C5E for ; Wed, 5 Jul 2023 14:11:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9FFDE3858C5E Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-659-CqES4hxIPp2PUD0XNuFZ5g-1; Wed, 05 Jul 2023 10:11:08 -0400 X-MC-Unique: CqES4hxIPp2PUD0XNuFZ5g-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A18F780C4F8; Wed, 5 Jul 2023 14:11:07 +0000 (UTC) Received: from Nymeria-redhat.redhat.com (unknown [10.42.28.234]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E9433F5CF0; Wed, 5 Jul 2023 14:11:06 +0000 (UTC) To: libc-alpha@sourceware.org Cc: siddhesh@gotplt.org, fberat@redhat.com Subject: [PATCH v5 00/14] Allow glibc to be built with _FORTIFY_SOURCE Date: Wed, 5 Jul 2023 16:10:35 +0200 Message-ID: <20230705141055.274575-1-fberat@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-6.2 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: =?utf-8?q?Fr=C3=A9d=C3=A9ric_B=C3=A9rat_via_Libc-alpha?= From: Frederic Berat Reply-To: =?utf-8?b?RnLDqWTDqXJpYyBCw6lyYXQ=?= Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" Hello, This patch series introduces a new "--enable-fortify-source" option to glibc build. This option may either be set to a value between 1 and 3, or left empty to let configure select the highest value available for the build system. The first patch adds the new configure option, the second excludes the routines that can't be built with the option enabled. The next patches are fixing test and compilation errors that arose with fortification enabled. I couldn't test the patch series in all configuration possible on all arches possible but I ran the following: - build-many-glibcs was executed on x86_64, for all arches/variants. This was mainly done to ensure that installed headers were not broken (as some patches are modifying system headers) - The new "enable-fortify-source" variant for BMG got executed on x86_64 - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64, s390x, with and without fortification enabled. Fred. Changes since v1: - The patch that introduced the new config option has been split in 2. There is now one patch that allows glibc to be built with fortification and one that adds a new configure option to enable it. The patch adding the configure option has been moved to the end of the series. - A new variant has been added to x86_64 bmg to test enable-fortify-source. - NEWS and INSTALL have been updated. - Patch series has been re-based - Error message has been fixed in newly introduced headers - Include directive has been fixed in newly introduced include/* headers Changes since v2: - Test for bug269 modifies the stack in a way that may trigger an abort on longjump when fortification is enabled. Thus, disable fortification for this test. - Added 2 patches to perform the same changes on stdio.h that was done for unistd.h and wchar.h. Declarations that were in stdio2.h are moved into existing stdio-decl.h, and __REDIRECT is rplaced by __REDIRECT_FORTIFY for fgets_unlocked_alias. - Title for some patches were modified without content change. Changes since v3: - Patch 02 (Exclude routines from fortification): Add $(no-fortify-source) to CFLAGS-tst-sprintf-ub.c - Patch 06 (asprintf_chk: Ensure compatibility for both s390x and ppc64le) is squashed in patch 05 (stdio: Ensure *_chk routines have their hidden builtin definition available). Hence, reviewed-by on patch 05 is dropped. - Patch 05 now details why s390x couldn't build if ldbl_* macros are used with __asprintf_chk - Patch 08 (wchar: Avoid PLT entries with _FORTIFY_SOURCE): unexpected left over is removed. - Patch 10 (unistd: Avoid PLT entries with _FORTIFY_SOURCE): libc_hidden_builtin_{def,proto} replaced with libc_hidden_{def,proto} - Patch 11 (misc/bits/select2.h: Clearly separate declaration from definitions): libc_hidden_builtin_{def,proto} replaced with libc_hidden_{def,proto} - Patch 16 (Add --enable-fortify-source option): if "--enable-fortify-source" is NOT set (i.e. assume "--disable-fortify-source"), forcibly undefine _FORTIFY_SOURCE (instead of letting it pass-through). This is the default and matches old behavior. Changes since v4: - Patch 15 (Add --enable-fortify-source option): squashed back in patch 01 (Allow glibc to be built with _FORTIFY_SOURCE) - Patch 01: Rephrasing Makeconfig, NEWS, INSTALL and configure help. --- Frédéric Bérat (14): Allow glibc to be built with _FORTIFY_SOURCE Exclude routines from fortification sysdeps: Ensure ieee128*_chk routines to be properly named string: Ensure *_chk routines have their hidden builtin definition available stdio: Ensure *_chk routines have their hidden builtin definition available misc/sys/cdefs.h: Create FORTIFY redirects for internal calls wchar: Avoid PLT entries with _FORTIFY_SOURCE posix/bits/unistd.h: Clearly separate declaration from definitions unistd: Avoid PLT entries with _FORTIFY_SOURCE misc/bits/select2.h: Clearly separate declaration from definitions misc/bits/syslog.h: Clearly separate declaration from definition libio/bits/stdio2.h: Clearly separate declaration from definitions libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result INSTALL | 8 + Makeconfig | 35 +++- NEWS | 6 + config.make.in | 3 +- configure | 83 ++++++-- configure.ac | 60 ++++-- debug/Makefile | 12 +- debug/asprintf_chk.c | 18 +- debug/fdelt_chk.c | 1 + debug/fgets_u_chk.c | 1 + debug/fprintf_chk.c | 1 + debug/getdomainname_chk.c | 1 + debug/memcpy_chk.c | 1 + debug/memmove_chk.c | 1 + debug/mempcpy_chk.c | 1 + debug/memset_chk.c | 1 + debug/read_chk.c | 1 + debug/sprintf_chk.c | 1 + debug/stpcpy_chk.c | 1 + debug/wcrtomb_chk.c | 1 + debug/wmemset_chk.c | 1 + elf/rtld-Rules | 2 +- include/bits/select-decl.h | 1 + include/bits/syslog-decl.h | 1 + include/bits/unistd-decl.h | 1 + include/stdio.h | 13 +- include/string.h | 7 + include/sys/cdefs.h | 14 ++ include/sys/select.h | 4 + include/sys/syslog.h | 4 + include/unistd.h | 5 + include/wchar.h | 15 ++ io/Makefile | 16 ++ libio/Makefile | 23 +- libio/bits/stdio2-decl.h | 49 +++++ libio/bits/stdio2.h | 48 ----- login/Makefile | 6 + login/getlogin_r_chk.c | 1 + manual/install.texi | 8 + misc/Makefile | 9 + misc/bits/select-decl.h | 31 +++ misc/bits/select2.h | 6 +- misc/bits/syslog-decl.h | 35 ++++ misc/bits/syslog.h | 10 +- misc/sys/cdefs.h | 8 + misc/syslog.c | 4 +- posix/Makefile | 12 ++ posix/bits/unistd-decl.h | 198 ++++++++++++++++++ posix/bits/unistd.h | 154 +------------- rt/Makefile | 5 + scripts/build-many-glibcs.py | 4 +- setjmp/Makefile | 9 + socket/Makefile | 6 + stdio-common/Makefile | 15 +- stdlib/Makefile | 7 + string/Makefile | 17 ++ sysdeps/i386/i586/memcpy.S | 1 + sysdeps/i386/i586/memset.S | 1 + sysdeps/i386/i686/memcpy.S | 1 + sysdeps/i386/i686/memmove.S | 1 + sysdeps/i386/i686/mempcpy.S | 1 + sysdeps/i386/i686/memset.S | 1 + sysdeps/i386/i686/multiarch/memcpy_chk.c | 4 + sysdeps/i386/i686/multiarch/memmove_chk.c | 4 + sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 + sysdeps/i386/i686/multiarch/memset_chk.c | 5 +- sysdeps/i386/memcpy_chk.S | 1 + sysdeps/i386/memmove_chk.S | 1 + sysdeps/i386/mempcpy_chk.S | 1 + sysdeps/i386/memset_chk.S | 1 + sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++-- .../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-dprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-printf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 5 +- .../ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-syslog.c | 9 +- .../ieee128-vasprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 +- .../ieee128-vfwprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vprintf_chk.c | 4 +- .../ieee128-vsnprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 5 +- .../ieee128-vswprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 +- .../ldbl-128ibm-compat/ieee128-wprintf_chk.c | 4 +- .../test-printf-ldbl-compat.c | 10 +- .../test-scanf-ldbl-compat-template.c | 21 +- sysdeps/ieee754/ldbl-opt/Makefile | 29 +++ sysdeps/pthread/Makefile | 4 + sysdeps/unix/sysv/linux/Makefile | 3 + sysdeps/x86_64/memcpy_chk.S | 1 + sysdeps/x86_64/memmove_chk.S | 1 + sysdeps/x86_64/mempcpy_chk.S | 1 + sysdeps/x86_64/memset_chk.S | 1 + sysdeps/x86_64/multiarch/memcpy_chk.c | 4 + sysdeps/x86_64/multiarch/memmove_chk.c | 4 + sysdeps/x86_64/multiarch/mempcpy_chk.c | 4 + sysdeps/x86_64/multiarch/memset_chk.c | 4 + sysdeps/x86_64/multiarch/wmemset_chk.c | 4 + wcsmbs/Makefile | 23 +- wcsmbs/bits/wchar2-decl.h | 4 +- 106 files changed, 955 insertions(+), 342 deletions(-) create mode 100644 include/bits/select-decl.h create mode 100644 include/bits/syslog-decl.h create mode 100644 include/bits/unistd-decl.h create mode 100644 misc/bits/select-decl.h create mode 100644 misc/bits/syslog-decl.h create mode 100644 posix/bits/unistd-decl.h