From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D80D8385828C for ; Tue, 21 Nov 2023 08:22:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D80D8385828C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D80D8385828C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700554962; cv=none; b=pfawiIVqEVrf5hOZjzW/4x/44AiTr/NgfXjtrMbaQ064I3AG5wTBSkyj4IFf3DGyq6TF08pMTJwHWuMy3WXDrjDRqaPXyF1KoUWO+qVN8mzSD74o26lwR39SUD4oXY9qRjeOXGanQuVpD+lWqzvEQKBIfl7XqlG1ylNEHD76fX4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700554962; c=relaxed/simple; bh=MY7OBokmL9U+OlJWkJcZsJlTq4NQvATspvUSriq31/A=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=ae+5rfSGmWO9tYyvUe6saLK+K0fvxB8m9ZwRw5IGnl0FA3zuNNa253kIEpndAv3JsDfh2YAo4KWst1XZgaWfZLPBzzxsLY0NXrYrImVHx+lSXub0+RXmnSuuKtv6uOABRnar9zTyv7fxvc/KB++5AlA3X7+D/I6Obuiiq/pICcQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700554960; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-to:resent-from:resent-message-id: in-reply-to:in-reply-to:references:references; bh=8rj/5xBonrOsd1lQU1MGWKTAmWJLmmv7cZoTO7q4zWM=; b=g0H2E/mGjA16vg5nKsUf41HKEez4PeVMsTRqDZ7N9pnfWURjAFoo4gqAhGPzPI4M7P3nA0 QKellFrQbpm8HT2ptWxKmEJvCrhaOmH+f5sMRw64SsWEm+b0DePVtBgDoD3JjwiNQ13yak qf4JlMtKtZs8HAq8Flcr5dFkG87uhGA= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-13-fcZAEKPpN_iorTNj5sugeA-1; Tue, 21 Nov 2023 03:22:35 -0500 X-MC-Unique: fcZAEKPpN_iorTNj5sugeA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B7DBB8477A4; Tue, 21 Nov 2023 08:22:34 +0000 (UTC) Received: from tucnak.zalov.cz (unknown [10.39.194.53]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7B90340C6EBA; Tue, 21 Nov 2023 08:22:34 +0000 (UTC) Received: from tucnak.zalov.cz (localhost [127.0.0.1]) by tucnak.zalov.cz (8.17.1/8.17.1) with ESMTPS id 3AL8MVP34109016 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 21 Nov 2023 09:22:32 +0100 Received: (from jakub@localhost) by tucnak.zalov.cz (8.17.1/8.17.1/Submit) id 3AL8MVNq4109015; Tue, 21 Nov 2023 09:22:31 +0100 Resent-From: Jakub Jelinek Resent-Date: Tue, 21 Nov 2023 09:22:30 +0100 Resent-Message-ID: Resent-To: Richard Biener , iain@sandoe.co.uk, GCC Patches Date: Mon, 20 Nov 2023 17:32:47 +0100 From: Jakub Jelinek To: Marek Polacek Cc: Richard Biener , iain@sandoe.co.uk, GCC Patches Subject: Re: [PATCH v5] gcc: Introduce -fhardened Message-ID: Reply-To: Jakub Jelinek References: <8A3E5AA3-0785-4C2E-B75B-9388B703FFEA@gmail.com> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, Nov 16, 2023 at 03:51:22PM -0500, Marek Polacek wrote: > Thanks, that's a good point. In this version I've added a target hook. > > On my system, -D_FORTIFY_SOURCE=3 will be used, and if I remove > linux_fortify_source_default_level it's =2 as expected. > > The only problem was that it doesn't seem to be possible to use > targetm. in opts.cc -- I get an undefined reference. But since > the opts.cc use is for --help only, it's not a big deal either way. > > Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk? > > -- >8 -- > In > I proposed -fhardened, a new umbrella option that enables a reasonable set > of hardening flags. The read of the room seems to be that the option > would be useful. So here's a patch implementing that option. > > Currently, -fhardened enables: > > -D_FORTIFY_SOURCE=3 (or =2 for older glibcs) > -D_GLIBCXX_ASSERTIONS > -ftrivial-auto-var-init=zero > -fPIE -pie -Wl,-z,relro,-z,now > -fstack-protector-strong > -fstack-clash-protection > -fcf-protection=full (x86 GNU/Linux only) > > -fhardened will not override options that were specified on the command line > (before or after -fhardened). For example, > > -D_FORTIFY_SOURCE=1 -fhardened > > means that _FORTIFY_SOURCE=1 will be used. Similarly, > > -fhardened -fstack-protector > > will not enable -fstack-protector-strong. > > Currently, -fhardened is only supported on GNU/Linux. > > In DW_AT_producer it is reflected only as -fhardened; it doesn't expand > to anything. This patch provides -Whardened, enabled by default, which > warns when -fhardened couldn't enable a particular option. I think most > often it will say that _FORTIFY_SOURCE wasn't enabled because optimization > were not enabled. > > gcc/c-family/ChangeLog: > > * c-opts.cc: Include "target.h". > (c_finish_options): Maybe cpp_define _FORTIFY_SOURCE > and _GLIBCXX_ASSERTIONS. > > gcc/ChangeLog: > > * common.opt (Whardened, fhardened): New options. > * config.in: Regenerate. > * config/bpf/bpf.cc: Include "opts.h". > (bpf_option_override): If flag_stack_protector_set_by_fhardened_p, do > not inform that -fstack-protector does not work. > * config/i386/i386-options.cc (ix86_option_override_internal): When > -fhardened, maybe enable -fcf-protection=full. > * config/linux-protos.h (linux_fortify_source_default_level): Declare. > * config/linux.cc (linux_fortify_source_default_level): New. > * config/linux.h (TARGET_FORTIFY_SOURCE_DEFAULT_LEVEL): Redefine. > * configure: Regenerate. > * configure.ac: Check if the linker supports '-z now' and '-z relro'. > Check if -fhardened is supported on $target_os. > * doc/invoke.texi: Document -fhardened and -Whardened. > * doc/tm.texi: Regenerate. > * doc/tm.texi.in (TARGET_FORTIFY_SOURCE_DEFAULT_LEVEL): Add. > * gcc.cc (driver_handle_option): Remember if any link options or -static > were specified on the command line. > (process_command): When -fhardened, maybe enable -pie and > -Wl,-z,relro,-z,now. > * opts.cc (flag_stack_protector_set_by_fhardened_p): New global. > (finish_options): When -fhardened, enable > -ftrivial-auto-var-init=zero and -fstack-protector-strong. > (print_help_hardened): New. > (print_help): Call it. > * target.def (fortify_source_default_level): New target hook. > * targhooks.cc (default_fortify_source_default_level): New. > * targhooks.h (default_fortify_source_default_level): Declare. > * toplev.cc (process_options): When -fhardened, enable > -fstack-clash-protection. If flag_stack_protector_set_by_fhardened_p, > do not warn that -fstack-protector not supported for this target. > Don't enable -fhardened when !HAVE_FHARDENED_SUPPORT. > > gcc/testsuite/ChangeLog: > > * gcc.misc-tests/help.exp: Test -fhardened. > * c-c++-common/fhardened-1.S: New test. > * c-c++-common/fhardened-1.c: New test. > * c-c++-common/fhardened-10.c: New test. > * c-c++-common/fhardened-11.c: New test. > * c-c++-common/fhardened-12.c: New test. > * c-c++-common/fhardened-13.c: New test. > * c-c++-common/fhardened-14.c: New test. > * c-c++-common/fhardened-15.c: New test. > * c-c++-common/fhardened-2.c: New test. > * c-c++-common/fhardened-3.c: New test. > * c-c++-common/fhardened-4.c: New test. > * c-c++-common/fhardened-5.c: New test. > * c-c++-common/fhardened-6.c: New test. > * c-c++-common/fhardened-7.c: New test. > * c-c++-common/fhardened-8.c: New test. > * c-c++-common/fhardened-9.c: New test. > * gcc.target/i386/cf_check-6.c: New test. LGTM. Jakub