* [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE
@ 2023-07-04 16:55 Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 01/15] " Frédéric Bérat
` (15 more replies)
0 siblings, 16 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat
Hello,
This patch series introduces a new "--enable-fortify-source" option to glibc
build. This option may either be set to a value between 1 and 3, or left empty
to let configure select the highest value available for the build system.
The first patch adds the new configure option, the second excludes the routines
that can't be built with the option enabled.
The next patches are fixing test and compilation errors that arose with
fortification enabled.
I couldn't test the patch series in all configuration possible on all arches
possible but I ran the following:
- build-many-glibcs was executed on x86_64, for all arches/variants. This was
mainly done to ensure that installed headers were not broken (as some
patches are modifying system headers)
- The new "enable-fortify-source" variant for BMG got executed on x86_64
- make check and benchtests were executed on x86_64, i686, ppc64le, aarch64,
s390x, with and without fortification enabled.
Fred.
Changes since v1:
- The patch that introduced the new config option has been split in 2.
There is now one patch that allows glibc to be built with fortification and
one that adds a new configure option to enable it.
The patch adding the configure option has been moved to the end of the
series.
- A new variant has been added to x86_64 bmg to test enable-fortify-source.
- NEWS and INSTALL have been updated.
- Patch series has been re-based
- Error message has been fixed in newly introduced headers
- Include directive has been fixed in newly introduced include/* headers
Changes since v2:
- Test for bug269 modifies the stack in a way that may trigger an abort on
longjump when fortification is enabled. Thus, disable fortification for this
test.
- Added 2 patches to perform the same changes on stdio.h that was done for
unistd.h and wchar.h. Declarations that were in stdio2.h are moved into
existing stdio-decl.h, and __REDIRECT is rplaced by __REDIRECT_FORTIFY for
fgets_unlocked_alias.
- Title for some patches were modified without content change.
Changes since v3:
- Patch 02 (Exclude routines from fortification): Add $(no-fortify-source) to
CFLAGS-tst-sprintf-ub.c
- Patch 06 (asprintf_chk: Ensure compatibility for both s390x and ppc64le) is
squashed in patch 05 (stdio: Ensure *_chk routines have their hidden builtin
definition available). Hence, reviewed-by on patch 05 is dropped.
- Patch 05 now details why s390x couldn't build if ldbl_* macros are used with
__asprintf_chk
- Patch 08 (wchar: Avoid PLT entries with _FORTIFY_SOURCE): unexpected left
over is removed.
- Patch 10 (unistd: Avoid PLT entries with _FORTIFY_SOURCE):
libc_hidden_builtin_{def,proto} replaced with libc_hidden_{def,proto}
- Patch 11 (misc/bits/select2.h: Clearly separate declaration from
definitions): libc_hidden_builtin_{def,proto} replaced with
libc_hidden_{def,proto}
- Patch 16 (Add --enable-fortify-source option): if "--enable-fortify-source"
is NOT set (i.e. assume "--disable-fortify-source"), forcibly undefine
_FORTIFY_SOURCE (instead of letting it pass-through). This is the default
and matches old behavior.
---
Frédéric Bérat (15):
Allow glibc to be built with _FORTIFY_SOURCE
Exclude routines from fortification
sysdeps: Ensure ieee128*_chk routines to be properly named
string: Ensure *_chk routines have their hidden builtin definition
available
stdio: Ensure *_chk routines have their hidden builtin definition
available
misc/sys/cdefs.h: Create FORTIFY redirects for internal calls
wchar: Avoid PLT entries with _FORTIFY_SOURCE
posix/bits/unistd.h: Clearly separate declaration from definitions
unistd: Avoid PLT entries with _FORTIFY_SOURCE
misc/bits/select2.h: Clearly separate declaration from definitions
misc/bits/syslog.h: Clearly separate declaration from definition
libio/bits/stdio2.h: Clearly separate declaration from definitions
libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE
sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result
Add --enable-fortify-source option
INSTALL | 8 +
Makeconfig | 35 +++-
NEWS | 9 +
config.make.in | 3 +-
configure | 83 ++++++--
configure.ac | 60 ++++--
debug/Makefile | 12 +-
debug/asprintf_chk.c | 18 +-
debug/fdelt_chk.c | 1 +
debug/fgets_u_chk.c | 1 +
debug/fprintf_chk.c | 1 +
debug/getdomainname_chk.c | 1 +
debug/memcpy_chk.c | 1 +
debug/memmove_chk.c | 1 +
debug/mempcpy_chk.c | 1 +
debug/memset_chk.c | 1 +
debug/read_chk.c | 1 +
debug/sprintf_chk.c | 1 +
debug/stpcpy_chk.c | 1 +
debug/wcrtomb_chk.c | 1 +
debug/wmemset_chk.c | 1 +
elf/rtld-Rules | 2 +-
include/bits/select-decl.h | 1 +
include/bits/syslog-decl.h | 1 +
include/bits/unistd-decl.h | 1 +
include/stdio.h | 13 +-
include/string.h | 7 +
include/sys/cdefs.h | 14 ++
include/sys/select.h | 4 +
include/sys/syslog.h | 4 +
include/unistd.h | 5 +
include/wchar.h | 15 ++
io/Makefile | 16 ++
libio/Makefile | 23 +-
libio/bits/stdio2-decl.h | 49 +++++
libio/bits/stdio2.h | 48 -----
login/Makefile | 6 +
login/getlogin_r_chk.c | 1 +
manual/install.texi | 8 +
misc/Makefile | 9 +
misc/bits/select-decl.h | 31 +++
misc/bits/select2.h | 6 +-
misc/bits/syslog-decl.h | 35 ++++
misc/bits/syslog.h | 10 +-
misc/sys/cdefs.h | 8 +
misc/syslog.c | 4 +-
posix/Makefile | 12 ++
posix/bits/unistd-decl.h | 198 ++++++++++++++++++
posix/bits/unistd.h | 154 +-------------
rt/Makefile | 5 +
scripts/build-many-glibcs.py | 4 +-
setjmp/Makefile | 9 +
socket/Makefile | 6 +
stdio-common/Makefile | 15 +-
stdlib/Makefile | 7 +
string/Makefile | 17 ++
sysdeps/i386/i586/memcpy.S | 1 +
sysdeps/i386/i586/memset.S | 1 +
sysdeps/i386/i686/memcpy.S | 1 +
sysdeps/i386/i686/memmove.S | 1 +
sysdeps/i386/i686/mempcpy.S | 1 +
sysdeps/i386/i686/memset.S | 1 +
sysdeps/i386/i686/multiarch/memcpy_chk.c | 4 +
sysdeps/i386/i686/multiarch/memmove_chk.c | 4 +
sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 +
sysdeps/i386/i686/multiarch/memset_chk.c | 5 +-
sysdeps/i386/memcpy_chk.S | 1 +
sysdeps/i386/memmove_chk.S | 1 +
sysdeps/i386/mempcpy_chk.S | 1 +
sysdeps/i386/memset_chk.S | 1 +
sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++--
.../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 5 +-
.../ldbl-128ibm-compat/ieee128-dprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 5 +-
.../ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-printf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 5 +-
.../ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-syslog.c | 9 +-
.../ieee128-vasprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 +-
.../ieee128-vfwprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vprintf_chk.c | 4 +-
.../ieee128-vsnprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 5 +-
.../ieee128-vswprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-wprintf_chk.c | 4 +-
.../test-printf-ldbl-compat.c | 10 +-
.../test-scanf-ldbl-compat-template.c | 21 +-
sysdeps/ieee754/ldbl-opt/Makefile | 29 +++
sysdeps/pthread/Makefile | 4 +
sysdeps/unix/sysv/linux/Makefile | 3 +
sysdeps/x86_64/memcpy_chk.S | 1 +
sysdeps/x86_64/memmove_chk.S | 1 +
sysdeps/x86_64/mempcpy_chk.S | 1 +
sysdeps/x86_64/memset_chk.S | 1 +
sysdeps/x86_64/multiarch/memcpy_chk.c | 4 +
sysdeps/x86_64/multiarch/memmove_chk.c | 4 +
sysdeps/x86_64/multiarch/mempcpy_chk.c | 4 +
sysdeps/x86_64/multiarch/memset_chk.c | 4 +
sysdeps/x86_64/multiarch/wmemset_chk.c | 4 +
wcsmbs/Makefile | 23 +-
wcsmbs/bits/wchar2-decl.h | 4 +-
106 files changed, 958 insertions(+), 342 deletions(-)
create mode 100644 include/bits/select-decl.h
create mode 100644 include/bits/syslog-decl.h
create mode 100644 include/bits/unistd-decl.h
create mode 100644 misc/bits/select-decl.h
create mode 100644 misc/bits/syslog-decl.h
create mode 100644 posix/bits/unistd-decl.h
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 01/15] Allow glibc to be built with _FORTIFY_SOURCE
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 23:45 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 02/15] Exclude routines from fortification Frédéric Bérat
` (14 subsequent siblings)
15 siblings, 1 reply; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Joseph Myers
Glibc can now be built with _FORTIFY_SOURCE.
Since the feature needs some of the routines provided by Glibc, these
can be excluded from the fortification using the newly created
$(no_fortify_source) variable.
A dedicated patch will follow to make use of this variable in Makefiles
when necessary.
Update NEWS.
---
Makeconfig | 28 +++++++++++++++++++++++++---
NEWS | 3 +++
config.make.in | 2 +-
configure | 34 ++--------------------------------
configure.ac | 24 ++++++------------------
elf/rtld-Rules | 2 +-
6 files changed, 38 insertions(+), 55 deletions(-)
diff --git a/Makeconfig b/Makeconfig
index 2514db35f6..f6396b3e0c 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -543,12 +543,13 @@ endif # +link
# ARM, gcc always produces different debugging symbols when invoked with
# a -O greater than 0 than when invoked with -O0, regardless of anything else
# we're using to suppress optimizations. Therefore, we need to explicitly pass
-# -O0 to it through CFLAGS.
+# -O0 to it through CFLAGS. By side effect, any fortification needs to be
+# disabled as it needs -O greater than 0.
# Additionally, the build system will try to -include $(common-objpfx)/config.h
# when compiling the tests, which will throw an error if some special macros
# (such as __OPTIMIZE__ and IS_IN_build) aren't defined. To avoid this, we
# tell gcc to define IS_IN_build.
-CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build
+CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build $(no-fortify-source)
ifeq (yes,$(build-shared))
# These indicate whether to link using the built ld.so or the installed one.
@@ -901,6 +902,11 @@ define elide-stack-protector
$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
endef
+# Some routine can't be fortified like the ones used by fortify
+define elide-fortify-source
+$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
+endef
+
# The program that makes Emacs-style TAGS files.
ETAGS := etags
@@ -961,6 +967,16 @@ endif # $(+cflags) == ""
$(+stack-protector) -fno-common
+gcc-nowarn := -w
+# We must filter out elf because the early bootstrap of the dynamic loader
+# cannot be fortified. Likewise we exclude dlfcn because it is entangled
+# with the loader. We must filter out csu because early startup, like the
+# loader, cannot be fortified. Lastly debug is the fortification routines
+# themselves and they cannot be fortified.
+do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
+ifneq ($(do-fortify),$(subdir))
++cflags += $(no-fortify-source)
+endif
+
# Each sysdeps directory can contain header files that both will be
# used to compile and will be installed. Each can also contain an
# include/ subdirectory, whose header files will be used to compile
@@ -1010,7 +1026,7 @@ module-cppflags = $(if $(filter %.mk.i %.v.i,$(@F)),,$(module-cppflags-real))
# Note that we can't use -std=* in CPPFLAGS, because it overrides
# the implicit -lang-asm and breaks cpp behavior for .S files--notably
# it causes cpp to stop predefining __ASSEMBLER__.
-CPPFLAGS = $(config-extra-cppflags) $(CPPUNDEFS) $(CPPFLAGS-config) \
+CPPFLAGS = $(config-extra-cppflags) $(CPPFLAGS-config) \
$($(subdir)-CPPFLAGS) \
$(+includes) $(defines) $(module-cppflags) \
-include $(..)include/libc-symbols.h $(sysdep-CPPFLAGS) \
@@ -1049,6 +1065,8 @@ object-suffixes :=
CPPFLAGS-.o = $(pic-default)
# libc.a must be compiled with -fPIE/-fpie for static PIE.
CFLAGS-.o = $(filter %frame-pointer,$(+cflags)) $(pie-default)
+CFLAGS-.o += $(call elide-fortify-source,.o,$(routines_no_fortify))
+CFLAGS-.o += $(call elide-fortify-source,_chk.o,$(routines_no_fortify))
libtype.o := lib%.a
object-suffixes += .o
ifeq (yes,$(build-shared))
@@ -1058,6 +1076,8 @@ object-suffixes += .os
pic-cppflags = -DPIC -DSHARED
CPPFLAGS-.os = $(pic-cppflags)
CFLAGS-.os = $(filter %frame-pointer,$(+cflags)) $(pic-ccflag)
+CFLAGS-.os += $(call elide-fortify-source,.os,$(routines_no_fortify))
+CFLAGS-.os += $(call elide-fortify-source,_chk.os,$(routines_no_fortify))
libtype.os := lib%_pic.a
# This can be changed by a sysdep makefile
pic-ccflag = -fPIC
@@ -1077,6 +1097,8 @@ object-suffixes += .op
CPPFLAGS-.op = -DPROF $(pic-default)
# libc_p.a must be compiled with -fPIE/-fpie for static PIE.
CFLAGS-.op = -pg $(pie-default)
+CFLAGS-.op += $(call elide-fortify-source,.op,$(routines_no_fortify))
+CFLAGS-.op += $(call elide-fortify-source,_chk.op,$(routines_no_fortify))
libtype.op = lib%_p.a
endif
diff --git a/NEWS b/NEWS
index 709ee40e50..2ec05cfe0f 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,9 @@ Major new features:
* The strlcpy and strlcat functions have been added. They are derived
from OpenBSD, and are expected to be added to a future POSIX version.
+* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
+ for parts of the library that can't be built with it.
+
Deprecated and removed features, and other changes affecting compatibility:
* In the Linux kernel for the hppa/parisc architecture some of the
diff --git a/config.make.in b/config.make.in
index 4afd37feaf..75ad9765aa 100644
--- a/config.make.in
+++ b/config.make.in
@@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
no-stack-protector = @no_stack_protector@
+no-fortify-source = @no_fortify_source@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
have-libcap = @have_libcap@
@@ -101,7 +102,6 @@ CXX = @CXX@
BUILD_CC = @BUILD_CC@
CFLAGS = @CFLAGS@
CPPFLAGS-config = @CPPFLAGS@
-CPPUNDEFS = @CPPUNDEFS@
extra-nonshared-cflags = @extra_nonshared_cflags@
rtld-early-cflags = @rtld_early_cflags@
ASFLAGS-config = @ASFLAGS_config@
diff --git a/configure b/configure
index f84040644b..7a15f8d3e6 100755
--- a/configure
+++ b/configure
@@ -611,7 +611,7 @@ libc_cv_gcc_unwind_find_fde
libc_extra_cppflags
libc_extra_cflags
libc_cv_cxx_thread_local
-CPPUNDEFS
+no_fortify_source
have_selinux
have_libcap
have_libaudit
@@ -6353,38 +6353,8 @@ $as_echo "#define HAVE_LIBCAP 1" >>confdefs.h
fi
-CPPUNDEFS=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCE predefine" >&5
-$as_echo_n "checking for _FORTIFY_SOURCE predefine... " >&6; }
-if ${libc_cv_predef_fortify_source+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
+no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
-#ifdef _FORTIFY_SOURCE
-# error bogon
-#endif
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- libc_cv_predef_fortify_source=no
-else
- libc_cv_predef_fortify_source=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_predef_fortify_source" >&5
-$as_echo "$libc_cv_predef_fortify_source" >&6; }
-if test $libc_cv_predef_fortify_source = yes; then
- CPPUNDEFS="${CPPUNDEFS:+$CPPUNDEFS }-U_FORTIFY_SOURCE"
-fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
diff --git a/configure.ac b/configure.ac
index 21879c933c..ebc04d49e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1559,24 +1559,12 @@ if test "x$have_selinux" = xyes; then
fi
AC_SUBST(have_selinux)
-CPPUNDEFS=
-dnl Check for silly hacked compilers predefining _FORTIFY_SOURCE.
-dnl Since we are building the implementations of the fortified functions here,
-dnl having the macro defined interacts very badly.
-dnl _FORTIFY_SOURCE requires compiler optimization level 1 (gcc -O1)
-dnl and above (see "man FEATURE_TEST_MACROS").
-dnl So do NOT replace AC_COMPILE_IFELSE with AC_PREPROC_IFELSE.
-AC_CACHE_CHECK([for _FORTIFY_SOURCE predefine], libc_cv_predef_fortify_source,
-[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[
-#ifdef _FORTIFY_SOURCE
-# error bogon
-#endif]])],
- [libc_cv_predef_fortify_source=no],
- [libc_cv_predef_fortify_source=yes])])
-if test $libc_cv_predef_fortify_source = yes; then
- CPPUNDEFS="${CPPUNDEFS:+$CPPUNDEFS }-U_FORTIFY_SOURCE"
-fi
-AC_SUBST(CPPUNDEFS)
+dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
+dnl This will allow users to enable fortification through FLAGS or compiler
+dnl defaults macro definitions.
+no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
+
+AC_SUBST(no_fortify_source)
dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
dnl to one symbol (PR 23840).
diff --git a/elf/rtld-Rules b/elf/rtld-Rules
index 56bc4543de..365a3408f3 100644
--- a/elf/rtld-Rules
+++ b/elf/rtld-Rules
@@ -144,6 +144,6 @@ cpp-srcs-left := $(rtld-modules:%.os=%)
lib := rtld
include $(patsubst %,$(..)libof-iterator.mk,$(cpp-srcs-left))
-rtld-CFLAGS += $(no-stack-protector)
+rtld-CFLAGS += $(no-stack-protector) $(no-fortify-source)
endif
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 02/15] Exclude routines from fortification
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 01/15] " Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 23:48 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 03/15] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
` (13 subsequent siblings)
15 siblings, 1 reply; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat
Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
be excluded from the fortification.
On top of that:
- some tests explicitly verify that some level of fortification works
appropriately, we therefore shouldn't modify the level set for them.
- some objects need to be build with optimization disabled, which
prevents _FORTIFY_SOURCE to be used for them.
Assembler files that implement architecture specific versions of the
fortified routines were not excluded from _FORTIFY_SOURCE as there is no
C header included that would impact their behavior.
---
debug/Makefile | 12 +--
io/Makefile | 16 ++++
libio/Makefile | 23 +++++-
login/Makefile | 6 ++
misc/Makefile | 7 ++
posix/Makefile | 11 +++
rt/Makefile | 5 ++
setjmp/Makefile | 9 +++
socket/Makefile | 6 ++
stdio-common/Makefile | 15 +++-
stdlib/Makefile | 7 ++
string/Makefile | 17 +++++
sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
sysdeps/pthread/Makefile | 4 +
sysdeps/unix/sysv/linux/Makefile | 3 +
wcsmbs/Makefile | 23 +++++-
17 files changed, 248 insertions(+), 26 deletions(-)
diff --git a/debug/Makefile b/debug/Makefile
index 9d658e3002..434e52f780 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
# set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
# <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
-CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
-CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
# _FORTIFY_SOURCE tests.
# Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
@@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
# cannot be disabled via pragmas, so require -Wno-error to be used.
define gen-chk-test
tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
-CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
+CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
-Wno-deprecated-declarations \
-Wno-error
$(eval $(call cflags-$(2),$(1),$(3),$(4)))
diff --git a/io/Makefile b/io/Makefile
index d573064ecc..6ccc0e8691 100644
--- a/io/Makefile
+++ b/io/Makefile
@@ -149,6 +149,22 @@ routines := \
write \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ getcwd \
+ getwd \
+ open \
+ open64 \
+ openat \
+ openat64 \
+ poll \
+ ppoll \
+ read \
+ readlink \
+ readlinkat \
+ ttyname_r \
+ # routines_no_fortify
+
others := \
pwd \
# others
diff --git a/libio/Makefile b/libio/Makefile
index 2877fec484..287ec11338 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -53,6 +53,21 @@ routines := \
gen-as-const-headers += libio-macros.sym
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ fwprintf \
+ iofgets \
+ iofgets_u \
+ iofgetws \
+ iofgetws_u \
+ swprintf \
+ vasprintf \
+ vsnprintf \
+ vswprintf \
+ vwprintf \
+ wprintf \
+ # routines_no_fortify
+
tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf \
@@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
# XXX Do we need filedoalloc and wfiledoalloc? Others?
+# Prevent fortification as these are built with -O0
+CFLAGS-tst-bz24051.c += $(no-fortify-source)
+CFLAGS-tst-bz24153.c += $(no-fortify-source)
+
CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
# These test cases intentionally use overlapping arguments
-CFLAGS-tst-sprintf-ub.c += -Wno-restrict
-CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
+CFLAGS-tst-sprintf-ub.c += -Wno-restrict $(no-fortify-source)
+CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
diff --git a/login/Makefile b/login/Makefile
index 13b155d344..74216cbcb2 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -66,6 +66,12 @@ include ../Rules
CFLAGS-getpt.c += -fexceptions
CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ getlogin_r \
+ ptsname_r \
+ # routines_no_fortify
+
ifeq (yesyes,$(have-fpie)$(build-shared))
pt_chown-cflags += $(pie-ccflag)
endif
diff --git a/misc/Makefile b/misc/Makefile
index 84aa4cb0ad..36ba7a0bad 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -205,6 +205,13 @@ routines := \
writev \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ getdomain \
+ gethostname \
+ syslog \
+ # routines_no_fortify
+
generated += \
tst-allocate_once-mem.out \
tst-allocate_once.mtrace \
diff --git a/posix/Makefile b/posix/Makefile
index ad43cbdec6..5113ee3b74 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -183,6 +183,14 @@ routines := \
wordexp \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ confstr \
+ getgroups \
+ pread \
+ pread64 \
+ # routines_no_fortify
+
aux := \
environ \
init-posix \
@@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
tst-execvp3-ARGS = --test-dir=$(objpfx)
CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
+# Test voluntarily overflows struct dirent
+CFLAGS-bug-glob2.c += $(no-fortify-source)
+
$(objpfx)testcases.h: TESTS TESTS2C.sed
LC_ALL=C sed -f TESTS2C.sed < $< > $@T
mv $@T $@
diff --git a/rt/Makefile b/rt/Makefile
index a97333dc02..3d4a3f0eec 100644
--- a/rt/Makefile
+++ b/rt/Makefile
@@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ mq_open \
+ # routines_no_fortify
+
LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
$(objpfx)librt.so: $(shared-thread-library)
diff --git a/setjmp/Makefile b/setjmp/Makefile
index e5733a8c52..363fb6673c 100644
--- a/setjmp/Makefile
+++ b/setjmp/Makefile
@@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
include ../Rules
+# This test messes the stack on purpose, which triggers longjump fortify
+# failure
+CFLAGS-bug269-setjmp.c += $(no-fortify-source)
+
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ longjmp \
+ # routines_no_fortify
+
$(objpfx)tst-setjmp-fp: $(libm)
diff --git a/socket/Makefile b/socket/Makefile
index d9b0b4af64..08f20118cd 100644
--- a/socket/Makefile
+++ b/socket/Makefile
@@ -60,6 +60,12 @@ routines := \
socketpair \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ recv \
+ recvfrom \
+ # routines_no_fortify
+
tests := \
tst-accept4 \
tst-cmsg_cloexec \
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 8871ec7668..fe304b8373 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -117,6 +117,19 @@ routines := \
wprintf_function_invoke \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ asprintf \
+ dprintf \
+ fprintf \
+ printf \
+ snprintf \
+ sprintf \
+ vfprintf \
+ vfwprintf \
+ vprintf \
+ # routines_no_fortify
+
aux := \
errlist \
errlist-data \
@@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
# BZ #11319 was first fixed for regular vdprintf, then reopened because
# the fortified version had the same bug.
-CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
diff --git a/stdlib/Makefile b/stdlib/Makefile
index 0975f55ee6..25e42a77e7 100644
--- a/stdlib/Makefile
+++ b/stdlib/Makefile
@@ -145,6 +145,13 @@ routines := \
xpg_basename \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ mbstowcs \
+ wcstombs \
+ wctomb \
+ # routines_no_fortify
+
aux = \
grouping \
groupingwc \
diff --git a/string/Makefile b/string/Makefile
index d3106d10a9..8cdfd5b000 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -118,6 +118,23 @@ routines := \
xpg-strerror \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ explicit_bzero \
+ memcpy \
+ memmove \
+ mempcpy \
+ memset \
+ stpcpy \
+ stpncpy \
+ strcat \
+ strcpy \
+ strlcat \
+ strlcpy \
+ strncat \
+ strncpy \
+ # routines_no_fortify
+
tests := \
bug-envz1 \
bug-strcoll1 \
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
index 42cca25a09..34273a5f58 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
@@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-obstack-ieee128 test-obstack-ibm128
-CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
-CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
tests-internal += test-scanf-ieee128 test-scanf-ibm128
CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
@@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
obstack_chk \
vobstack_chk
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
-CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
- -Wno-psabi -Wno-unused-result
+ -Wno-psabi -Wno-unused-result \
+ $(no-fortify-source)
CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
- -Wno-unused-result
+ -Wno-unused-result \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
-CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
- -Wno-psabi -Wno-unused-result
+ -Wno-psabi -Wno-unused-result \
+ $(no-fortify-source)
CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
- -Wno-unused-result
+ -Wno-unused-result \
+ $(no-fortify-source)
endif
ifeq ($(subdir),argp)
@@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
+# The following tests are setting _FORTIFY_SOURCE internally
tests-container += test-syslog-ieee128 test-syslog-ibm128
-CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
-CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
endif
ifeq ($(subdir),stdlib)
@@ -395,6 +419,31 @@ endif
# Add IEEE binary128 files as make targets.
routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
+routines_no_fortify += \
+ ieee128-asprintf \
+ ieee128-dprintf \
+ ieee128-fprintf \
+ ieee128-fwprintf \
+ ieee128-obstack \
+ ieee128-printf \
+ ieee128-snprintf \
+ ieee128-sprintf \
+ ieee128-swprintf \
+ ieee128-syslog \
+ ieee128-vasprintf \
+ ieee128-vdprintf \
+ ieee128-vfprintf \
+ ieee128-vfwprintf \
+ ieee128-vobstack \
+ ieee128-vprintf \
+ ieee128-vsnprintf \
+ ieee128-vsprintf \
+ ieee128-vswprintf \
+ ieee128-vsyslog \
+ ieee128-vwprintf \
+ ieee128-wprintf \
+ # routines_no_fortify
+
# On powerpc64le, the routines responsible for converting between long
# double and string (e.g.: printf, scanf, strtold, strfroml) default to
# IBM long double mode. When support for TS 18661-3 was added, several
diff --git a/sysdeps/ieee754/ldbl-opt/Makefile b/sysdeps/ieee754/ldbl-opt/Makefile
index 22e778ad0e..0ed1cd2cae 100644
--- a/sysdeps/ieee754/ldbl-opt/Makefile
+++ b/sysdeps/ieee754/ldbl-opt/Makefile
@@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
-DOBJPFX=\"$(objpfx)\"
endif
+
+routines_no_fortify += \
+ nldbl-asprintf \
+ nldbl-dprintf \
+ nldbl-fprintf \
+ nldbl-fwprintf \
+ nldbl-obstack_printf \
+ nldbl-obstack_vprintf \
+ nldbl-printf \
+ nldbl-snprintf \
+ nldbl-sprintf \
+ nldbl-swprintf \
+ nldbl-syslog \
+ nldbl-vasprintf \
+ nldbl-vdprintf \
+ nldbl-vfprintf \
+ nldbl-vfwprintf \
+ nldbl-vprintf \
+ nldbl-vsnprintf \
+ nldbl-vsprintf \
+ nldbl-vswprintf \
+ nldbl-vsyslog \
+ nldbl-vwprintf \
+ nldbl-wprintf \
+ # routines_no_fortify
+
+# We can't rely on Makeconfig here for whatever reason
+CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
+CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
index 32cf4eb119..31028406d5 100644
--- a/sysdeps/pthread/Makefile
+++ b/sysdeps/pthread/Makefile
@@ -304,6 +304,10 @@ tests-nolibpthread += \
CFLAGS-tst-cleanup2.c += -fno-builtin
CFLAGS-tst-cleanupx2.c += -fno-builtin
+# Disable fortification due to sprintf(NULL,...)
+CFLAGS-tst-cleanup2.c += $(no-fortify-source)
+CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
+
tests += \
tst-cancelx2 \
tst-cancelx3 \
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
index 23a84cf225..be801e3be4 100644
--- a/sysdeps/unix/sysv/linux/Makefile
+++ b/sysdeps/unix/sysv/linux/Makefile
@@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
+# The test triggers FORTIFY abortion due to purposely wrong parameters
+CFLAGS-test-errno-linux.c += $(no-fortify-source)
+
sysdep_headers += \
bits/a.out.h \
bits/epoll.h \
diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
index 22192985e1..d25a2214f8 100644
--- a/wcsmbs/Makefile
+++ b/wcsmbs/Makefile
@@ -121,6 +121,27 @@ routines := \
wmemset \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ mbsnrtowcs \
+ mbsrtowcs \
+ wcpcpy \
+ wcpncpy \
+ wcrtomb \
+ wcscat \
+ wcscpy \
+ wcslcat \
+ wcslcpy \
+ wcsncat \
+ wcsncpy \
+ wcsnrtombs \
+ wcsrtombs \
+ wmemcpy \
+ wmemmove \
+ wmempcpy \
+ wmemset \
+ # routines_no_fortify
+
tests := \
test-c8rtomb \
test-char-types \
@@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
-CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 03/15] sysdeps: Ensure ieee128*_chk routines to be properly named
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 01/15] " Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 02/15] Exclude routines from fortification Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 04/15] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
` (12 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar, Paul E . Murphy
The *_chk routines naming doesn't match the name that would be generated
using libc_hidden_ldbl_proto. Since the macro is needed for some of
these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to
be fixed.
While at it, all the *_chk function get renamed appropriately for
consistency, even if not strictly necessary.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
---
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c | 8 ++++----
.../ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 ++--
.../ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c | 4 ++--
.../ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 4 ++--
.../ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 ++--
sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c | 4 ++--
19 files changed, 40 insertions(+), 40 deletions(-)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
index a50e334a2c..fbf953a728 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_asprintf_chk (char **string_ptr, int flag, const char *format, ...)
+___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
{
va_list ap;
int done;
@@ -35,4 +35,4 @@ ___ieee128_asprintf_chk (char **string_ptr, int flag, const char *format, ...)
return done;
}
-strong_alias (___ieee128_asprintf_chk, __asprintf_chkieee128)
+strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
index b53b06a513..7121020ed5 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_dprintf_chk (int d, int flag, const char *format, ...)
+___ieee128___dprintf_chk (int d, int flag, const char *format, ...)
{
va_list ap;
int done;
@@ -35,4 +35,4 @@ ___ieee128_dprintf_chk (int d, int flag, const char *format, ...)
return done;
}
-strong_alias (___ieee128_dprintf_chk, __dprintf_chkieee128)
+strong_alias (___ieee128___dprintf_chk, __dprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
index 44eed0de99..bd10e9c3db 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_fprintf_chk (FILE *fp, int flag, const char *format, ...)
+___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
{
va_list ap;
int done;
@@ -35,4 +35,4 @@ ___ieee128_fprintf_chk (FILE *fp, int flag, const char *format, ...)
return done;
}
-strong_alias (___ieee128_fprintf_chk, __fprintf_chkieee128)
+strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
index 83c2f8e8d7..5b6cc3e768 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
+___ieee128___fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
{
va_list ap;
int done;
@@ -35,4 +35,4 @@ ___ieee128_fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
return done;
}
-strong_alias (___ieee128_fwprintf_chk, __fwprintf_chkieee128)
+strong_alias (___ieee128___fwprintf_chk, __fwprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
index ab5fe59c37..333f4e14b1 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_printf_chk (int flag, const char *format, ...)
+___ieee128___printf_chk (int flag, const char *format, ...)
{
va_list ap;
int done;
@@ -35,4 +35,4 @@ ___ieee128_printf_chk (int flag, const char *format, ...)
return done;
}
-strong_alias (___ieee128_printf_chk, __printf_chkieee128)
+strong_alias (___ieee128___printf_chk, __printf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
index 0ff2486642..a65f193dc1 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
+___ieee128___snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
const char *format, ...)
{
va_list ap;
@@ -39,4 +39,4 @@ ___ieee128_snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
return done;
}
-strong_alias (___ieee128_snprintf_chk, __snprintf_chkieee128)
+strong_alias (___ieee128___snprintf_chk, __snprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
index a0e598db42..0039c3b53d 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_sprintf_chk (char *s, int flag, size_t slen,
+___ieee128___sprintf_chk (char *s, int flag, size_t slen,
const char *format, ...)
{
va_list ap;
@@ -43,4 +43,4 @@ ___ieee128_sprintf_chk (char *s, int flag, size_t slen,
return done;
}
-strong_alias (___ieee128_sprintf_chk, __sprintf_chkieee128)
+strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
index 2453c231b8..b81e9ccc05 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_swprintf_chk (wchar_t *string, size_t maxlen, int flag,
+___ieee128___swprintf_chk (wchar_t *string, size_t maxlen, int flag,
size_t slen, const wchar_t *format, ...)
{
va_list ap;
@@ -39,4 +39,4 @@ ___ieee128_swprintf_chk (wchar_t *string, size_t maxlen, int flag,
return done;
}
-strong_alias (___ieee128_swprintf_chk, __swprintf_chkieee128)
+strong_alias (___ieee128___swprintf_chk, __swprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
index 4ed4621b96..18aa7f707f 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
@@ -40,7 +40,7 @@ ___ieee128_vsyslog (int pri, const char *fmt, va_list ap)
strong_alias (___ieee128_vsyslog, __vsyslogieee128)
void
-___ieee128_syslog_chk (int pri, int flag, const char *fmt, ...)
+___ieee128___syslog_chk (int pri, int flag, const char *fmt, ...)
{
va_list ap;
@@ -52,10 +52,10 @@ ___ieee128_syslog_chk (int pri, int flag, const char *fmt, ...)
__vsyslog_internal (pri, fmt, ap, mode);
va_end (ap);
}
-strong_alias (___ieee128_syslog_chk, __syslog_chkieee128)
+strong_alias (___ieee128___syslog_chk, __syslog_chkieee128)
void
-___ieee128_vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
+___ieee128___vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
if (flag > 0)
@@ -63,4 +63,4 @@ ___ieee128_vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
__vsyslog_internal (pri, fmt, ap, mode);
}
-strong_alias (___ieee128_vsyslog_chk, __vsyslog_chkieee128)
+strong_alias (___ieee128___vsyslog_chk, __vsyslog_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
index 5350e777f3..a5a048f2b5 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vasprintf_chk (char **result_ptr, int flag, const char *format,
+___ieee128___vasprintf_chk (char **result_ptr, int flag, const char *format,
va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -28,4 +28,4 @@ ___ieee128_vasprintf_chk (char **result_ptr, int flag, const char *format,
return __vasprintf_internal (result_ptr, format, ap, mode);
}
-strong_alias (___ieee128_vasprintf_chk, __vasprintf_chkieee128)
+strong_alias (___ieee128___vasprintf_chk, __vasprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
index 7e38917cb5..ac7f26ec6d 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vdprintf_chk (int d, int flag, const char *format, va_list ap)
+___ieee128___vdprintf_chk (int d, int flag, const char *format, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vdprintf_chk (int d, int flag, const char *format, va_list ap)
return __vdprintf_internal (d, format, ap, mode);
}
-strong_alias (___ieee128_vdprintf_chk, __vdprintf_chkieee128)
+strong_alias (___ieee128___vdprintf_chk, __vdprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
index bf2ace508f..50c12265bc 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
+___ieee128___vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
return __vfprintf_internal (fp, format, ap, mode);
}
-strong_alias (___ieee128_vfprintf_chk, __vfprintf_chkieee128)
+strong_alias (___ieee128___vfprintf_chk, __vfprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
index b2379176f2..a5005927dc 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
+___ieee128___vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -28,4 +28,4 @@ ___ieee128_vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
return __vfwprintf_internal (fp, format, ap, mode);
}
-strong_alias (___ieee128_vfwprintf_chk, __vfwprintf_chkieee128)
+strong_alias (___ieee128___vfwprintf_chk, __vfwprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
index ca718d06bb..1281e41b6f 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vprintf_chk (int flag, const char *format, va_list ap)
+___ieee128___vprintf_chk (int flag, const char *format, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vprintf_chk (int flag, const char *format, va_list ap)
return __vfprintf_internal (stdout, format, ap, mode);
}
-strong_alias (___ieee128_vprintf_chk, __vprintf_chkieee128)
+strong_alias (___ieee128___vprintf_chk, __vprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
index 79d359b5d4..d91e8fa956 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vsnprintf_chk (char *string, size_t maxlen, int flag,
+___ieee128___vsnprintf_chk (char *string, size_t maxlen, int flag,
size_t slen, const char *format, va_list ap)
{
if (__glibc_unlikely (slen < maxlen))
@@ -31,4 +31,4 @@ ___ieee128_vsnprintf_chk (char *string, size_t maxlen, int flag,
return __vsnprintf_internal (string, maxlen, format, ap, mode);
}
-strong_alias (___ieee128_vsnprintf_chk, __vsnprintf_chkieee128)
+strong_alias (___ieee128___vsnprintf_chk, __vsnprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
index b4b2b2d14f..22137269c0 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vsprintf_chk (char *string, int flag, size_t slen,
+___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
const char *format, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -35,4 +35,4 @@ ___ieee128_vsprintf_chk (char *string, int flag, size_t slen,
return __vsprintf_internal (string, slen, format, ap, mode);
}
-strong_alias (___ieee128_vsprintf_chk, __vsprintf_chkieee128)
+strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
index 9cd56ba5d4..888513d3c6 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
+___ieee128___vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
size_t slen, const wchar_t *format, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -31,4 +31,4 @@ ___ieee128_vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
return __vswprintf_internal (string, maxlen, format, ap, mode);
}
-strong_alias (___ieee128_vswprintf_chk, __vswprintf_chkieee128)
+strong_alias (___ieee128___vswprintf_chk, __vswprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
index 3861edf480..f61f2d6c44 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
@@ -19,7 +19,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_vwprintf_chk (int flag, const wchar_t *format, va_list ap)
+___ieee128___vwprintf_chk (int flag, const wchar_t *format, va_list ap)
{
unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vwprintf_chk (int flag, const wchar_t *format, va_list ap)
return __vfwprintf_internal (stdout, format, ap, mode);
}
-strong_alias (___ieee128_vwprintf_chk, __vwprintf_chkieee128)
+strong_alias (___ieee128___vwprintf_chk, __vwprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
index 440e0691cb..19d9a92dd2 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
@@ -20,7 +20,7 @@
#include <libio/libioP.h>
extern int
-___ieee128_wprintf_chk (int flag, const wchar_t *format, ...)
+___ieee128___wprintf_chk (int flag, const wchar_t *format, ...)
{
va_list ap;
int done;
@@ -35,4 +35,4 @@ ___ieee128_wprintf_chk (int flag, const wchar_t *format, ...)
return done;
}
-strong_alias (___ieee128_wprintf_chk, __wprintf_chkieee128)
+strong_alias (___ieee128___wprintf_chk, __wprintf_chkieee128)
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 04/15] string: Ensure *_chk routines have their hidden builtin definition available
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (2 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 03/15] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 05/15] stdio: " Frédéric Bérat
` (11 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
there are unwanted PLT entries in libc.so.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
debug/memcpy_chk.c | 1 +
debug/memmove_chk.c | 1 +
debug/mempcpy_chk.c | 1 +
debug/memset_chk.c | 1 +
debug/stpcpy_chk.c | 1 +
include/string.h | 7 +++++++
sysdeps/i386/i586/memcpy.S | 1 +
sysdeps/i386/i586/memset.S | 1 +
sysdeps/i386/i686/memcpy.S | 1 +
sysdeps/i386/i686/memmove.S | 1 +
sysdeps/i386/i686/mempcpy.S | 1 +
sysdeps/i386/i686/memset.S | 1 +
sysdeps/i386/i686/multiarch/memcpy_chk.c | 4 ++++
sysdeps/i386/i686/multiarch/memmove_chk.c | 4 ++++
sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 ++++
sysdeps/i386/i686/multiarch/memset_chk.c | 5 ++++-
sysdeps/i386/memcpy_chk.S | 1 +
sysdeps/i386/memmove_chk.S | 1 +
sysdeps/i386/mempcpy_chk.S | 1 +
sysdeps/i386/memset_chk.S | 1 +
sysdeps/x86_64/memcpy_chk.S | 1 +
sysdeps/x86_64/memmove_chk.S | 1 +
sysdeps/x86_64/mempcpy_chk.S | 1 +
sysdeps/x86_64/memset_chk.S | 1 +
sysdeps/x86_64/multiarch/memcpy_chk.c | 4 ++++
sysdeps/x86_64/multiarch/memmove_chk.c | 4 ++++
sysdeps/x86_64/multiarch/mempcpy_chk.c | 4 ++++
sysdeps/x86_64/multiarch/memset_chk.c | 4 ++++
28 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/debug/memcpy_chk.c b/debug/memcpy_chk.c
index c6dd94c83f..1e4a82c063 100644
--- a/debug/memcpy_chk.c
+++ b/debug/memcpy_chk.c
@@ -28,3 +28,4 @@ __memcpy_chk (void *dstpp, const void *srcpp, size_t len, size_t dstlen)
return memcpy (dstpp, srcpp, len);
}
+libc_hidden_builtin_def (__memcpy_chk)
diff --git a/debug/memmove_chk.c b/debug/memmove_chk.c
index 8922a1ba26..b714aa474c 100644
--- a/debug/memmove_chk.c
+++ b/debug/memmove_chk.c
@@ -32,3 +32,4 @@ MEMMOVE_CHK (void *dest, const void *src, size_t len, size_t destlen)
return memmove (dest, src, len);
}
+libc_hidden_builtin_def (MEMMOVE_CHK)
diff --git a/debug/mempcpy_chk.c b/debug/mempcpy_chk.c
index 17a46a3b4d..b47b14ee9a 100644
--- a/debug/mempcpy_chk.c
+++ b/debug/mempcpy_chk.c
@@ -29,3 +29,4 @@ __mempcpy_chk (void *dstpp, const void *srcpp, size_t len, size_t dstlen)
return __mempcpy (dstpp, srcpp, len);
}
+libc_hidden_builtin_def (__mempcpy_chk)
diff --git a/debug/memset_chk.c b/debug/memset_chk.c
index 4fc0b55d82..93901f5f34 100644
--- a/debug/memset_chk.c
+++ b/debug/memset_chk.c
@@ -26,3 +26,4 @@ __memset_chk (void *dstpp, int c, size_t len, size_t dstlen)
return memset (dstpp, c, len);
}
+libc_hidden_builtin_def (__memset_chk)
diff --git a/debug/stpcpy_chk.c b/debug/stpcpy_chk.c
index 230b52bd01..518dd78dca 100644
--- a/debug/stpcpy_chk.c
+++ b/debug/stpcpy_chk.c
@@ -32,3 +32,4 @@ __stpcpy_chk (char *dest, const char *src, size_t destlen)
return memcpy (dest, src, len + 1) + len;
}
+libc_hidden_builtin_def (__stpcpy_chk)
diff --git a/include/string.h b/include/string.h
index 0c78ad2539..659530d1aa 100644
--- a/include/string.h
+++ b/include/string.h
@@ -208,6 +208,13 @@ extern char *__strcat_chk (char *__restrict __dest,
extern char *__strncat_chk (char *__restrict __dest,
const char *__restrict __src,
size_t __len, size_t __destlen) __THROW;
+
+libc_hidden_builtin_proto (__memcpy_chk)
+libc_hidden_builtin_proto (__memmove_chk)
+libc_hidden_builtin_proto (__mempcpy_chk)
+libc_hidden_builtin_proto (__memset_chk)
+libc_hidden_builtin_proto (__stpcpy_chk)
+
#endif
#endif
diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S
index 58061d5adf..e3405e577c 100644
--- a/sysdeps/i386/i586/memcpy.S
+++ b/sysdeps/i386/i586/memcpy.S
@@ -32,6 +32,7 @@ ENTRY (__memcpy_chk)
cmpl %eax, 16(%esp)
jb HIDDEN_JUMPTARGET (__chk_fail)
END (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
#endif
ENTRY (memcpy)
diff --git a/sysdeps/i386/i586/memset.S b/sysdeps/i386/i586/memset.S
index 413e8ec6a9..f1f0e1a99b 100644
--- a/sysdeps/i386/i586/memset.S
+++ b/sysdeps/i386/i586/memset.S
@@ -33,6 +33,7 @@ ENTRY (__memset_chk)
cmpl %eax, 16(%esp)
jb HIDDEN_JUMPTARGET (__chk_fail)
END (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
#endif
ENTRY (memset)
diff --git a/sysdeps/i386/i686/memcpy.S b/sysdeps/i386/i686/memcpy.S
index 604d3088f6..9b48ec0ea1 100644
--- a/sysdeps/i386/i686/memcpy.S
+++ b/sysdeps/i386/i686/memcpy.S
@@ -33,6 +33,7 @@ ENTRY_CHK (__memcpy_chk)
cmpl %eax, 16(%esp)
jb HIDDEN_JUMPTARGET (__chk_fail)
END_CHK (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
#endif
ENTRY (memcpy)
diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S
index cff06c27e5..06fe2a7668 100644
--- a/sysdeps/i386/i686/memmove.S
+++ b/sysdeps/i386/i686/memmove.S
@@ -35,6 +35,7 @@ ENTRY_CHK (__memmove_chk)
cmpl %eax, 16(%esp)
jb HIDDEN_JUMPTARGET (__chk_fail)
END_CHK (__memmove_chk)
+libc_hidden_builtin_def (__memmove_chk)
#endif
ENTRY (memmove)
diff --git a/sysdeps/i386/i686/mempcpy.S b/sysdeps/i386/i686/mempcpy.S
index af3f2cca08..26f8501e7d 100644
--- a/sysdeps/i386/i686/mempcpy.S
+++ b/sysdeps/i386/i686/mempcpy.S
@@ -33,6 +33,7 @@ ENTRY_CHK (__mempcpy_chk)
cmpl %eax, 16(%esp)
jb HIDDEN_JUMPTARGET (__chk_fail)
END_CHK (__mempcpy_chk)
+libc_hidden_builtin_def (__mempcpy_chk)
#endif
ENTRY (__mempcpy)
diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S
index d4891880d7..0b5e671d83 100644
--- a/sysdeps/i386/i686/memset.S
+++ b/sysdeps/i386/i686/memset.S
@@ -33,6 +33,7 @@ ENTRY_CHK (__memset_chk)
cmpl %eax, 16(%esp)
jb HIDDEN_JUMPTARGET (__chk_fail)
END_CHK (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
#endif
ENTRY (memset)
diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.c b/sysdeps/i386/i686/multiarch/memcpy_chk.c
index 5ac5cb1d7a..ec945dc91f 100644
--- a/sysdeps/i386/i686/multiarch/memcpy_chk.c
+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
+# endif
#endif
diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.c b/sysdeps/i386/i686/multiarch/memmove_chk.c
index 28161d3c27..55c7601d5d 100644
--- a/sysdeps/i386/i686/multiarch/memmove_chk.c
+++ b/sysdeps/i386/i686/multiarch/memmove_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
+# endif
#endif
diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.c b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
index 36c81ae61a..83569cf9d9 100644
--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.c
+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
+# endif
#endif
diff --git a/sysdeps/i386/i686/multiarch/memset_chk.c b/sysdeps/i386/i686/multiarch/memset_chk.c
index cf3e811327..1a7503858d 100644
--- a/sysdeps/i386/i686/multiarch/memset_chk.c
+++ b/sysdeps/i386/i686/multiarch/memset_chk.c
@@ -28,5 +28,8 @@
libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
IFUNC_SELECTOR ());
-
+# ifdef SHARED
+__hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
+# endif
#endif
diff --git a/sysdeps/i386/memcpy_chk.S b/sysdeps/i386/memcpy_chk.S
index b5244cc69b..7b12c12aba 100644
--- a/sysdeps/i386/memcpy_chk.S
+++ b/sysdeps/i386/memcpy_chk.S
@@ -31,4 +31,5 @@ ENTRY (__memcpy_chk)
jb __chk_fail
jmp memcpy
END (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
#endif
diff --git a/sysdeps/i386/memmove_chk.S b/sysdeps/i386/memmove_chk.S
index 517d8cb15a..604aea8305 100644
--- a/sysdeps/i386/memmove_chk.S
+++ b/sysdeps/i386/memmove_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memmove_chk)
jb __chk_fail
jmp memmove
END (__memmove_chk)
+libc_hidden_builtin_def (MEMMOVE_CHK)
#endif
diff --git a/sysdeps/i386/mempcpy_chk.S b/sysdeps/i386/mempcpy_chk.S
index 1e9bf71bfb..276eab1e8a 100644
--- a/sysdeps/i386/mempcpy_chk.S
+++ b/sysdeps/i386/mempcpy_chk.S
@@ -30,4 +30,5 @@ ENTRY (__mempcpy_chk)
jb __chk_fail
jmp __mempcpy
END (__mempcpy_chk)
+libc_hidden_builtin_def (__mempcpy_chk)
#endif
diff --git a/sysdeps/i386/memset_chk.S b/sysdeps/i386/memset_chk.S
index 0e6060a0a6..a2e9208e1c 100644
--- a/sysdeps/i386/memset_chk.S
+++ b/sysdeps/i386/memset_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memset_chk)
jb __chk_fail
jmp memset
END (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
#endif
diff --git a/sysdeps/x86_64/memcpy_chk.S b/sysdeps/x86_64/memcpy_chk.S
index 25cbeb37ee..43843a7abb 100644
--- a/sysdeps/x86_64/memcpy_chk.S
+++ b/sysdeps/x86_64/memcpy_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memcpy_chk)
jb __chk_fail
jmp memcpy
END (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
#endif
diff --git a/sysdeps/x86_64/memmove_chk.S b/sysdeps/x86_64/memmove_chk.S
index 165d42cfa8..37e2c30ba8 100644
--- a/sysdeps/x86_64/memmove_chk.S
+++ b/sysdeps/x86_64/memmove_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memmove_chk)
jb __chk_fail
jmp memmove
END (__memmove_chk)
+libc_hidden_builtin_def (MEMMOVE_CHK)
#endif
diff --git a/sysdeps/x86_64/mempcpy_chk.S b/sysdeps/x86_64/mempcpy_chk.S
index b60ee4ff08..facdac50d8 100644
--- a/sysdeps/x86_64/mempcpy_chk.S
+++ b/sysdeps/x86_64/mempcpy_chk.S
@@ -30,4 +30,5 @@ ENTRY (__mempcpy_chk)
jb __chk_fail
jmp __mempcpy
END (__mempcpy_chk)
+libc_hidden_builtin_def (__mempcpy_chk)
#endif
diff --git a/sysdeps/x86_64/memset_chk.S b/sysdeps/x86_64/memset_chk.S
index ed53b8927f..c927884b1a 100644
--- a/sysdeps/x86_64/memset_chk.S
+++ b/sysdeps/x86_64/memset_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memset_chk)
jb __chk_fail
jmp memset
END (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
#endif
diff --git a/sysdeps/x86_64/multiarch/memcpy_chk.c b/sysdeps/x86_64/multiarch/memcpy_chk.c
index 5ac5cb1d7a..ec945dc91f 100644
--- a/sysdeps/x86_64/multiarch/memcpy_chk.c
+++ b/sysdeps/x86_64/multiarch/memcpy_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
+# endif
#endif
diff --git a/sysdeps/x86_64/multiarch/memmove_chk.c b/sysdeps/x86_64/multiarch/memmove_chk.c
index 28161d3c27..55c7601d5d 100644
--- a/sysdeps/x86_64/multiarch/memmove_chk.c
+++ b/sysdeps/x86_64/multiarch/memmove_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
+# endif
#endif
diff --git a/sysdeps/x86_64/multiarch/mempcpy_chk.c b/sysdeps/x86_64/multiarch/mempcpy_chk.c
index 36c81ae61a..83569cf9d9 100644
--- a/sysdeps/x86_64/multiarch/mempcpy_chk.c
+++ b/sysdeps/x86_64/multiarch/mempcpy_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
+# endif
#endif
diff --git a/sysdeps/x86_64/multiarch/memset_chk.c b/sysdeps/x86_64/multiarch/memset_chk.c
index d81147a70c..1a7503858d 100644
--- a/sysdeps/x86_64/multiarch/memset_chk.c
+++ b/sysdeps/x86_64/multiarch/memset_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
+# endif
#endif
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 05/15] stdio: Ensure *_chk routines have their hidden builtin definition available
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (3 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 04/15] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 23:49 ` Siddhesh Poyarekar
2023-07-05 12:12 ` Carlos O'Donell
2023-07-04 16:55 ` [PATCH v4 06/15] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
` (10 subsequent siblings)
15 siblings, 2 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Paul E Murphy
If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
there are unwanted PLT entries in libc.so.
There is a special case with __asprintf_chk:
If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
if it isn't, ppc64le isn't building due to multiple asm redirections.
This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
isn't for s390x. This header creates redirections, which are not
compatible with the ones generated using libc_hidden_def.
Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
create a simple strong alias (e.g. as done on x86_64), but a versioned
alias, leading to ABI breakage.
This results in errors on s390x:
/usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference
to `__asprintf_chk'
Original __asprintf_chk symbols:
00000000001395b0 T __asprintf_chk
0000000000177e90 T __nldbl___asprintf_chk
__asprintf_chk symbols with ldbl_* macros:
000000000012d590 t ___asprintf_chk
000000000012d590 t __asprintf_chk@@GLIBC_2.4
000000000012d590 t __GI___asprintf_chk
000000000012d590 t __GL____asprintf_chk___asprintf_chk
0000000000172240 T __nldbl___asprintf_chk
__asprintf_chk symbols with the patch:
000000000012d590 t ___asprintf_chk
000000000012d590 T __asprintf_chk
000000000012d590 t __GI___asprintf_chk
0000000000172240 T __nldbl___asprintf_chk
---
debug/asprintf_chk.c | 18 +++++++++++++++++-
debug/fgets_u_chk.c | 1 +
debug/fprintf_chk.c | 1 +
debug/sprintf_chk.c | 1 +
include/stdio.h | 13 ++++++++++++-
.../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 1 +
.../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 1 +
.../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 1 +
.../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 1 +
9 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
index 651c2cd76b..e233d5d737 100644
--- a/debug/asprintf_chk.c
+++ b/debug/asprintf_chk.c
@@ -22,7 +22,7 @@
/* Write formatted output from FORMAT to a string which is
allocated with malloc and stored in *STRING_PTR. */
int
-__asprintf_chk (char **result_ptr, int flag, const char *format, ...)
+___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
{
/* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
@@ -36,3 +36,19 @@ __asprintf_chk (char **result_ptr, int flag, const char *format, ...)
return ret;
}
+#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
+/* This is needed since <bits/stdio-lbdl.h> is included in this case, leading to
+ * multiple asm redirection of the same symbol
+ */
+ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
+ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
+#else
+/* On some systems introduction of ldbl_* macros lead to ABI breakage due to the
+ * long_double_symbol aliasing, e.g. on s390x:
+ * /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference to
+ * `__asprintf_chk'
+ * Due to __asprintf_chk@@GLIBC_2.4 alias replacing __asprintf_chk.
+ */
+strong_alias (___asprintf_chk, __asprintf_chk)
+libc_hidden_def (__asprintf_chk)
+#endif
diff --git a/debug/fgets_u_chk.c b/debug/fgets_u_chk.c
index a16ba655e6..74275381f5 100644
--- a/debug/fgets_u_chk.c
+++ b/debug/fgets_u_chk.c
@@ -56,3 +56,4 @@ __fgets_unlocked_chk (char *buf, size_t size, int n, FILE *fp)
fp->_flags |= old_error;
return result;
}
+libc_hidden_builtin_def (__fgets_unlocked_chk)
diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c
index b57d538d03..273051ef91 100644
--- a/debug/fprintf_chk.c
+++ b/debug/fprintf_chk.c
@@ -35,4 +35,5 @@ ___fprintf_chk (FILE *fp, int flag, const char *format, ...)
return ret;
}
+ldbl_hidden_def (___fprintf_chk, __fprintf_chk)
ldbl_strong_alias (___fprintf_chk, __fprintf_chk)
diff --git a/debug/sprintf_chk.c b/debug/sprintf_chk.c
index b27f4afae8..e45f1e7b3b 100644
--- a/debug/sprintf_chk.c
+++ b/debug/sprintf_chk.c
@@ -42,4 +42,5 @@ ___sprintf_chk (char *s, int flag, size_t slen, const char *format, ...)
return ret;
}
+ldbl_hidden_def (___sprintf_chk, __sprintf_chk)
ldbl_strong_alias (___sprintf_chk, __sprintf_chk)
diff --git a/include/stdio.h b/include/stdio.h
index da47d1ce99..6755877911 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -276,7 +276,18 @@ extern FILE *__open_memstream (char **, size_t *) __THROW __wur;
libc_hidden_proto (__open_memstream)
libc_hidden_proto (__libc_fatal)
rtld_hidden_proto (__libc_fatal)
-libc_hidden_proto (__vsprintf_chk)
+
+libc_hidden_proto (__fgets_unlocked_chk)
+
+#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
+libc_hidden_ldbl_proto (__asprintf_chk)
+#else
+libc_hidden_proto (__asprintf_chk)
+#endif
+
+libc_hidden_ldbl_proto (__fprintf_chk)
+libc_hidden_ldbl_proto (__sprintf_chk)
+libc_hidden_ldbl_proto (__vsprintf_chk)
extern FILE * __fmemopen (void *buf, size_t len, const char *mode);
libc_hidden_proto (__fmemopen)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
index fbf953a728..6e93ee81fc 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
@@ -35,4 +35,5 @@ ___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
return done;
}
+hidden_def (___ieee128___asprintf_chk)
strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
index bd10e9c3db..e0865b6663 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
@@ -35,4 +35,5 @@ ___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
return done;
}
+hidden_def (___ieee128___fprintf_chk)
strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
index 0039c3b53d..762757a5c7 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
@@ -43,4 +43,5 @@ ___ieee128___sprintf_chk (char *s, int flag, size_t slen,
return done;
}
+hidden_def (___ieee128___sprintf_chk)
strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
index 22137269c0..c251b60d4e 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
@@ -35,4 +35,5 @@ ___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
return __vsprintf_internal (string, slen, format, ap, mode);
}
+hidden_def (___ieee128___vsprintf_chk)
strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 06/15] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (4 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 05/15] stdio: " Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 07/15] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
` (9 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
The __REDIRECT* macros are creating aliases which may lead to unwanted
PLT entries when fortification is enabled.
To prevent these entries, the REDIRECT alias should be set to point to the
existing __GI_* aliases.
This is done transparently by creating a __REDIRECT_FORTIFY* version of
these macros, that can be overwritten internally when necessary.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
include/sys/cdefs.h | 14 ++++++++++++++
misc/sys/cdefs.h | 8 ++++++++
2 files changed, 22 insertions(+)
diff --git a/include/sys/cdefs.h b/include/sys/cdefs.h
index 56adb231aa..b84ad34a70 100644
--- a/include/sys/cdefs.h
+++ b/include/sys/cdefs.h
@@ -40,6 +40,20 @@ rtld_hidden_proto (__chk_fail)
#endif
+#if defined SHARED
+#if IS_IN (libc) && __USE_FORTIFY_LEVEL > 0 && defined __fortify_function
+
+#undef __REDIRECT_FORTIFY
+#define __REDIRECT_FORTIFY(name, proto, alias) \
+ __REDIRECT(name, proto, __GI_##alias)
+
+#undef __REDIRECT_FORTIFY_NTH
+#define __REDIRECT_FORTIFY_NTH(name, proto, alias) \
+ __REDIRECT_NTH(name, proto, __GI_##alias)
+
+#endif
+#endif /* defined SHARED */
+
#endif /* !defined _ISOMAC */
#endif
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 393d9091d9..90c21e2703 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -268,6 +268,14 @@
# define __ASMNAME(cname) __ASMNAME2 (__USER_LABEL_PREFIX__, cname)
# define __ASMNAME2(prefix, cname) __STRING (prefix) cname
+#ifndef __REDIRECT_FORTIFY
+#define __REDIRECT_FORTIFY __REDIRECT
+#endif
+
+#ifndef __REDIRECT_FORTIFY_NTH
+#define __REDIRECT_FORTIFY_NTH __REDIRECT_NTH
+#endif
+
/*
#elif __SOME_OTHER_COMPILER__
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 07/15] wchar: Avoid PLT entries with _FORTIFY_SOURCE
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (5 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 06/15] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 23:51 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 08/15] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
` (8 subsequent siblings)
15 siblings, 1 reply; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat
The change is meant to avoid unwanted PLT entries for the wmemset and
wcrtomb routines when _FORTIFY_SOURCE is set.
On top of that, ensure that *_chk routines have their hidden builtin
definitions available.
---
debug/wcrtomb_chk.c | 1 +
debug/wmemset_chk.c | 1 +
include/wchar.h | 15 +++++++++++++++
sysdeps/x86_64/multiarch/wmemset_chk.c | 4 ++++
wcsmbs/bits/wchar2-decl.h | 4 ++--
5 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/debug/wcrtomb_chk.c b/debug/wcrtomb_chk.c
index 657be7471d..c156fe09c1 100644
--- a/debug/wcrtomb_chk.c
+++ b/debug/wcrtomb_chk.c
@@ -28,3 +28,4 @@ __wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
{
return __wcrtomb_internal (s, wchar, ps, buflen);
}
+libc_hidden_def (__wcrtomb_chk)
diff --git a/debug/wmemset_chk.c b/debug/wmemset_chk.c
index e11a92815e..1e7fc4fdea 100644
--- a/debug/wmemset_chk.c
+++ b/debug/wmemset_chk.c
@@ -26,3 +26,4 @@ __wmemset_chk (wchar_t *s, wchar_t c, size_t n, size_t dstlen)
return wmemset (s, c, n);
}
+libc_hidden_builtin_def (__wmemset_chk)
diff --git a/include/wchar.h b/include/wchar.h
index 7b763bc24f..484e6b3fef 100644
--- a/include/wchar.h
+++ b/include/wchar.h
@@ -166,6 +166,8 @@ libc_hidden_proto (putwc)
libc_hidden_proto (mbrtowc)
libc_hidden_proto (wcrtomb)
+libc_hidden_proto (__wcrtomb_chk)
+
extern int __wcscmp (const wchar_t *__s1, const wchar_t *__s2)
__THROW __attribute_pure__;
libc_hidden_proto (__wcscmp)
@@ -260,16 +262,25 @@ extern wchar_t *__wcschrnul (const wchar_t *__s, wchar_t __wc)
extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
size_t __ns) __THROW;
+libc_hidden_builtin_proto (__wmemset_chk)
extern int __vfwscanf (__FILE *__restrict __s,
const wchar_t *__restrict __format,
__gnuc_va_list __arg)
attribute_hidden
/* __attribute__ ((__format__ (__wscanf__, 2, 0)) */;
+
+extern int __swprintf_chk (wchar_t *__restrict __s, size_t __n,
+ int __flag, size_t __s_len,
+ const wchar_t *__restrict __format, ...)
+ __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 6))) */;
+
extern int __fwprintf (__FILE *__restrict __s,
const wchar_t *__restrict __format, ...)
attribute_hidden
/* __attribute__ ((__format__ (__wprintf__, 2, 3))) */;
+extern int __wprintf_chk (int __flag, const wchar_t *__restrict __format,
+ ...);
extern int __vfwprintf_chk (FILE *__restrict __s, int __flag,
const wchar_t *__restrict __format,
__gnuc_va_list __arg)
@@ -279,6 +290,10 @@ extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
const wchar_t *__restrict __format,
__gnuc_va_list __arg)
/* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
+extern int __fwprintf_chk (__FILE *__restrict __stream, int __flag,
+ const wchar_t *__restrict __format, ...);
+extern int __vwprintf_chk (int __flag, const wchar_t *__restrict __format,
+ __gnuc_va_list __ap);
extern int __isoc99_fwscanf (__FILE *__restrict __stream,
const wchar_t *__restrict __format, ...);
diff --git a/sysdeps/x86_64/multiarch/wmemset_chk.c b/sysdeps/x86_64/multiarch/wmemset_chk.c
index ac93a1f376..00edf44918 100644
--- a/sysdeps/x86_64/multiarch/wmemset_chk.c
+++ b/sysdeps/x86_64/multiarch/wmemset_chk.c
@@ -28,4 +28,8 @@
libc_ifunc_redirected (__redirect_wmemset_chk, __wmemset_chk,
IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__wmemset_chk, __GI___wmemset_chk, __redirect_wmemset_chk)
+ __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__wmemset_chk);
+# endif
#endif
diff --git a/wcsmbs/bits/wchar2-decl.h b/wcsmbs/bits/wchar2-decl.h
index f3a2fd3c99..08c8ebd0e8 100644
--- a/wcsmbs/bits/wchar2-decl.h
+++ b/wcsmbs/bits/wchar2-decl.h
@@ -71,7 +71,7 @@ extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn,
extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
size_t __ns) __THROW;
-extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
+extern wchar_t *__REDIRECT_FORTIFY_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
size_t __n), wmemset);
extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
(wchar_t *__s, wchar_t __c, size_t __n,
@@ -203,7 +203,7 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
extern size_t __wcrtomb_chk (char *__restrict __s, wchar_t __wchar,
mbstate_t *__restrict __p,
size_t __buflen) __THROW __wur;
-extern size_t __REDIRECT_NTH (__wcrtomb_alias,
+extern size_t __REDIRECT_FORTIFY_NTH (__wcrtomb_alias,
(char *__restrict __s, wchar_t __wchar,
mbstate_t *__restrict __ps), wcrtomb) __wur;
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 08/15] posix/bits/unistd.h: Clearly separate declaration from definitions
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (6 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 07/15] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 09/15] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
` (7 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
This change is similar to what was done for bits/wchar2.h.
Routines declaration are moved into a dedicated bits/unistd-decl.h file
which is then included into the bits/unistd.h file.
This will allow to adapt the files so that PLT entries are not created when
_FORTIFY_SOURCE is enabled.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
include/bits/unistd-decl.h | 1 +
include/unistd.h | 1 +
posix/Makefile | 1 +
posix/bits/unistd-decl.h | 198 +++++++++++++++++++++++++++++++++++++
posix/bits/unistd.h | 154 +----------------------------
5 files changed, 202 insertions(+), 153 deletions(-)
create mode 100644 include/bits/unistd-decl.h
create mode 100644 posix/bits/unistd-decl.h
diff --git a/include/bits/unistd-decl.h b/include/bits/unistd-decl.h
new file mode 100644
index 0000000000..7fcbd272ac
--- /dev/null
+++ b/include/bits/unistd-decl.h
@@ -0,0 +1 @@
+#include <posix/bits/unistd-decl.h>
diff --git a/include/unistd.h b/include/unistd.h
index 4345d08d60..b042a485f9 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -5,6 +5,7 @@
# include <stdbool.h>
# include <kernel-features.h>
+# include <bits/unistd-decl.h>
libc_hidden_proto (_exit, __noreturn__)
# ifndef NO_RTLD_HIDDEN
diff --git a/posix/Makefile b/posix/Makefile
index 5113ee3b74..3d368b91f6 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -42,6 +42,7 @@ headers := \
bits/types/idtype_t.h \
bits/types/struct_sched_param.h \
bits/typesizes.h \
+ bits/unistd-decl.h \
bits/unistd.h \
bits/unistd_ext.h \
bits/utsname.h \
diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
new file mode 100644
index 0000000000..2d0f7a4456
--- /dev/null
+++ b/posix/bits/unistd-decl.h
@@ -0,0 +1,198 @@
+/* Checking routines for unistd functions. Declaration only.
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#ifndef _BITS_UNISTD_DECL_H
+#define _BITS_UNISTD_DECL_H 1
+
+#ifndef _UNISTD_H
+# error "Never include <bits/unistd-decl.h> directly; use <unistd.h> instead."
+#endif
+
+extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
+ size_t __buflen)
+ __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
+ size_t __nbytes), read)
+ __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__read_chk_warn,
+ (int __fd, void *__buf, size_t __nbytes,
+ size_t __buflen), __read_chk)
+ __wur __warnattr ("read called with bigger length than size of "
+ "the destination buffer");
+
+#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
+extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
+ __off_t __offset, size_t __bufsize)
+ __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __pread64_chk (int __fd, void *__buf, size_t __nbytes,
+ __off64_t __offset, size_t __bufsize)
+ __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__pread_alias,
+ (int __fd, void *__buf, size_t __nbytes,
+ __off_t __offset), pread)
+ __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__pread64_alias,
+ (int __fd, void *__buf, size_t __nbytes,
+ __off64_t __offset), pread64)
+ __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__pread_chk_warn,
+ (int __fd, void *__buf, size_t __nbytes,
+ __off_t __offset, size_t __bufsize), __pread_chk)
+ __wur __warnattr ("pread called with bigger length than size of "
+ "the destination buffer");
+extern ssize_t __REDIRECT (__pread64_chk_warn,
+ (int __fd, void *__buf, size_t __nbytes,
+ __off64_t __offset, size_t __bufsize),
+ __pread64_chk)
+ __wur __warnattr ("pread64 called with bigger length than size of "
+ "the destination buffer");
+#endif
+
+#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
+extern ssize_t __readlink_chk (const char *__restrict __path,
+ char *__restrict __buf, size_t __len,
+ size_t __buflen)
+ __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT_NTH (__readlink_alias,
+ (const char *__restrict __path,
+ char *__restrict __buf, size_t __len), readlink)
+ __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
+ (const char *__restrict __path,
+ char *__restrict __buf, size_t __len,
+ size_t __buflen), __readlink_chk)
+ __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
+ "than size of destination buffer");
+#endif
+
+#ifdef __USE_ATFILE
+extern ssize_t __readlinkat_chk (int __fd, const char *__restrict __path,
+ char *__restrict __buf, size_t __len,
+ size_t __buflen)
+ __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
+extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
+ (int __fd, const char *__restrict __path,
+ char *__restrict __buf, size_t __len),
+ readlinkat)
+ __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
+extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
+ (int __fd, const char *__restrict __path,
+ char *__restrict __buf, size_t __len,
+ size_t __buflen), __readlinkat_chk)
+ __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
+ "length than size of destination "
+ "buffer");
+#endif
+
+extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
+ __THROW __wur;
+extern char *__REDIRECT_NTH (__getcwd_alias,
+ (char *__buf, size_t __size), getcwd) __wur;
+extern char *__REDIRECT_NTH (__getcwd_chk_warn,
+ (char *__buf, size_t __size, size_t __buflen),
+ __getcwd_chk)
+ __wur __warnattr ("getcwd caller with bigger length than size of "
+ "destination buffer");
+
+#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
+extern char *__getwd_chk (char *__buf, size_t buflen)
+ __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
+extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
+ __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
+ "doesn't specify buffer size");
+#endif
+
+extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
+ size_t __buflen) __THROW
+ __attr_access ((__write_only__, 2, 3));
+extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
+ size_t __len), confstr)
+ __attr_access ((__write_only__, 2, 3));
+extern size_t __REDIRECT_NTH (__confstr_chk_warn,
+ (int __name, char *__buf, size_t __len,
+ size_t __buflen), __confstr_chk)
+ __warnattr ("confstr called with bigger length than size of destination "
+ "buffer");
+
+
+extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
+ __THROW __wur __attr_access ((__write_only__, 2, 1));
+extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
+ getgroups) __wur __attr_access ((__write_only__, 2, 1));
+extern int __REDIRECT_NTH (__getgroups_chk_warn,
+ (int __size, __gid_t __list[], size_t __listlen),
+ __getgroups_chk)
+ __wur __warnattr ("getgroups called with bigger group count than what "
+ "can fit into destination buffer");
+
+
+extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
+ size_t __nreal) __THROW __nonnull ((2))
+ __attr_access ((__write_only__, 2, 3));
+extern int __REDIRECT_NTH (__ttyname_r_alias, (int __fd, char *__buf,
+ size_t __buflen), ttyname_r)
+ __nonnull ((2));
+extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
+ (int __fd, char *__buf, size_t __buflen,
+ size_t __nreal), __ttyname_r_chk)
+ __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
+ "size of destination buffer");
+
+
+#ifdef __USE_POSIX199506
+extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
+ __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
+ getlogin_r) __nonnull ((1));
+extern int __REDIRECT (__getlogin_r_chk_warn,
+ (char *__buf, size_t __buflen, size_t __nreal),
+ __getlogin_r_chk)
+ __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
+ "size of destination buffer");
+#endif
+
+
+#if defined __USE_MISC || defined __USE_UNIX98
+extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
+ __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
+ gethostname)
+ __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__gethostname_chk_warn,
+ (char *__buf, size_t __buflen, size_t __nreal),
+ __gethostname_chk)
+ __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
+ "size of destination buffer");
+#endif
+
+
+#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
+extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
+ __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
+ size_t __buflen),
+ getdomainname) __nonnull ((1))
+ __wur __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__getdomainname_chk_warn,
+ (char *__buf, size_t __buflen, size_t __nreal),
+ __getdomainname_chk)
+ __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
+ "buflen than size of destination "
+ "buffer");
+#endif
+#endif /* bits/unistd-decl.h. */
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index 2a0782e6c8..6a381116a9 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -20,17 +20,7 @@
# error "Never include <bits/unistd.h> directly; use <unistd.h> instead."
#endif
-extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
- size_t __buflen)
- __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
- size_t __nbytes), read)
- __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__read_chk_warn,
- (int __fd, void *__buf, size_t __nbytes,
- size_t __buflen), __read_chk)
- __wur __warnattr ("read called with bigger length than size of "
- "the destination buffer");
+# include <bits/unistd-decl.h>
__fortify_function __wur ssize_t
read (int __fd, void *__buf, size_t __nbytes)
@@ -41,32 +31,6 @@ read (int __fd, void *__buf, size_t __nbytes)
}
#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
-extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
- __off_t __offset, size_t __bufsize)
- __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __pread64_chk (int __fd, void *__buf, size_t __nbytes,
- __off64_t __offset, size_t __bufsize)
- __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__pread_alias,
- (int __fd, void *__buf, size_t __nbytes,
- __off_t __offset), pread)
- __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__pread64_alias,
- (int __fd, void *__buf, size_t __nbytes,
- __off64_t __offset), pread64)
- __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__pread_chk_warn,
- (int __fd, void *__buf, size_t __nbytes,
- __off_t __offset, size_t __bufsize), __pread_chk)
- __wur __warnattr ("pread called with bigger length than size of "
- "the destination buffer");
-extern ssize_t __REDIRECT (__pread64_chk_warn,
- (int __fd, void *__buf, size_t __nbytes,
- __off64_t __offset, size_t __bufsize),
- __pread64_chk)
- __wur __warnattr ("pread64 called with bigger length than size of "
- "the destination buffer");
-
# ifndef __USE_FILE_OFFSET64
__fortify_function __wur ssize_t
pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
@@ -97,21 +61,6 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
#endif
#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
-extern ssize_t __readlink_chk (const char *__restrict __path,
- char *__restrict __buf, size_t __len,
- size_t __buflen)
- __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT_NTH (__readlink_alias,
- (const char *__restrict __path,
- char *__restrict __buf, size_t __len), readlink)
- __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
- (const char *__restrict __path,
- char *__restrict __buf, size_t __len,
- size_t __buflen), __readlink_chk)
- __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
- "than size of destination buffer");
-
__fortify_function __nonnull ((1, 2)) __wur ssize_t
__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
size_t __len))
@@ -123,23 +72,6 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
#endif
#ifdef __USE_ATFILE
-extern ssize_t __readlinkat_chk (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len,
- size_t __buflen)
- __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
-extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
- (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len),
- readlinkat)
- __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
-extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
- (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len,
- size_t __buflen), __readlinkat_chk)
- __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
- "length than size of destination "
- "buffer");
-
__fortify_function __nonnull ((2, 3)) __wur ssize_t
__NTH (readlinkat (int __fd, const char *__restrict __path,
char *__restrict __buf, size_t __len))
@@ -150,16 +82,6 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
}
#endif
-extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
- __THROW __wur;
-extern char *__REDIRECT_NTH (__getcwd_alias,
- (char *__buf, size_t __size), getcwd) __wur;
-extern char *__REDIRECT_NTH (__getcwd_chk_warn,
- (char *__buf, size_t __size, size_t __buflen),
- __getcwd_chk)
- __wur __warnattr ("getcwd caller with bigger length than size of "
- "destination buffer");
-
__fortify_function __wur char *
__NTH (getcwd (char *__buf, size_t __size))
{
@@ -169,12 +91,6 @@ __NTH (getcwd (char *__buf, size_t __size))
}
#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
-extern char *__getwd_chk (char *__buf, size_t buflen)
- __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
-extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
- __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
- "doesn't specify buffer size");
-
__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
__NTH (getwd (char *__buf))
{
@@ -184,18 +100,6 @@ __NTH (getwd (char *__buf))
}
#endif
-extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
- size_t __buflen) __THROW
- __attr_access ((__write_only__, 2, 3));
-extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
- size_t __len), confstr)
- __attr_access ((__write_only__, 2, 3));
-extern size_t __REDIRECT_NTH (__confstr_chk_warn,
- (int __name, char *__buf, size_t __len,
- size_t __buflen), __confstr_chk)
- __warnattr ("confstr called with bigger length than size of destination "
- "buffer");
-
__fortify_function size_t
__NTH (confstr (int __name, char *__buf, size_t __len))
{
@@ -205,16 +109,6 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
}
-extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
- __THROW __wur __attr_access ((__write_only__, 2, 1));
-extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
- getgroups) __wur __attr_access ((__write_only__, 2, 1));
-extern int __REDIRECT_NTH (__getgroups_chk_warn,
- (int __size, __gid_t __list[], size_t __listlen),
- __getgroups_chk)
- __wur __warnattr ("getgroups called with bigger group count than what "
- "can fit into destination buffer");
-
__fortify_function int
__NTH (getgroups (int __size, __gid_t __list[]))
{
@@ -224,18 +118,6 @@ __NTH (getgroups (int __size, __gid_t __list[]))
}
-extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
- size_t __nreal) __THROW __nonnull ((2))
- __attr_access ((__write_only__, 2, 3));
-extern int __REDIRECT_NTH (__ttyname_r_alias, (int __fd, char *__buf,
- size_t __buflen), ttyname_r)
- __nonnull ((2));
-extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
- (int __fd, char *__buf, size_t __buflen,
- size_t __nreal), __ttyname_r_chk)
- __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
- "size of destination buffer");
-
__fortify_function int
__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
{
@@ -246,16 +128,6 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
#ifdef __USE_POSIX199506
-extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
- __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
- getlogin_r) __nonnull ((1));
-extern int __REDIRECT (__getlogin_r_chk_warn,
- (char *__buf, size_t __buflen, size_t __nreal),
- __getlogin_r_chk)
- __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
- "size of destination buffer");
-
__fortify_function int
getlogin_r (char *__buf, size_t __buflen)
{
@@ -267,17 +139,6 @@ getlogin_r (char *__buf, size_t __buflen)
#if defined __USE_MISC || defined __USE_UNIX98
-extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
- __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
- gethostname)
- __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__gethostname_chk_warn,
- (char *__buf, size_t __buflen, size_t __nreal),
- __gethostname_chk)
- __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
- "size of destination buffer");
-
__fortify_function int
__NTH (gethostname (char *__buf, size_t __buflen))
{
@@ -289,19 +150,6 @@ __NTH (gethostname (char *__buf, size_t __buflen))
#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
-extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
- __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
- size_t __buflen),
- getdomainname) __nonnull ((1))
- __wur __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__getdomainname_chk_warn,
- (char *__buf, size_t __buflen, size_t __nreal),
- __getdomainname_chk)
- __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
- "buflen than size of destination "
- "buffer");
-
__fortify_function int
__NTH (getdomainname (char *__buf, size_t __buflen))
{
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 09/15] unistd: Avoid PLT entries with _FORTIFY_SOURCE
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (7 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 08/15] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 23:52 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 10/15] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
` (6 subsequent siblings)
15 siblings, 1 reply; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat
The change is meant to avoid unwanted PLT entries for the read_chk,
getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set.
---
debug/getdomainname_chk.c | 1 +
debug/read_chk.c | 1 +
include/unistd.h | 4 ++++
login/getlogin_r_chk.c | 1 +
posix/bits/unistd-decl.h | 6 +++---
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/debug/getdomainname_chk.c b/debug/getdomainname_chk.c
index ccea1b2d9e..a7492adf95 100644
--- a/debug/getdomainname_chk.c
+++ b/debug/getdomainname_chk.c
@@ -26,3 +26,4 @@ __getdomainname_chk (char *buf, size_t buflen, size_t nreal)
return getdomainname (buf, buflen);
}
+libc_hidden_def (__getdomainname_chk)
diff --git a/debug/read_chk.c b/debug/read_chk.c
index 17588736a1..75d902a8ba 100644
--- a/debug/read_chk.c
+++ b/debug/read_chk.c
@@ -25,3 +25,4 @@ __read_chk (int fd, void *buf, size_t nbytes, size_t buflen)
return __read (fd, buf, nbytes);
}
+libc_hidden_def (__read_chk)
diff --git a/include/unistd.h b/include/unistd.h
index b042a485f9..e241603b81 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -32,6 +32,10 @@ libc_hidden_proto (readlinkat)
libc_hidden_proto (fsync)
libc_hidden_proto (fdatasync)
+libc_hidden_proto (__read_chk)
+libc_hidden_proto (__getdomainname_chk)
+libc_hidden_proto (__getlogin_r_chk)
+
/* Now define the internal interfaces. */
extern int __access (const char *__name, int __type);
libc_hidden_proto (__access)
diff --git a/login/getlogin_r_chk.c b/login/getlogin_r_chk.c
index 12a0d12bd4..26ec3e6970 100644
--- a/login/getlogin_r_chk.c
+++ b/login/getlogin_r_chk.c
@@ -26,3 +26,4 @@ __getlogin_r_chk (char *buf, size_t buflen, size_t nreal)
return getlogin_r (buf, buflen);
}
+libc_hidden_def (__getlogin_r_chk)
diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
index 2d0f7a4456..2603039767 100644
--- a/posix/bits/unistd-decl.h
+++ b/posix/bits/unistd-decl.h
@@ -26,7 +26,7 @@
extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
size_t __buflen)
__wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
+extern ssize_t __REDIRECT_FORTIFY (__read_alias, (int __fd, void *__buf,
size_t __nbytes), read)
__wur __attr_access ((__write_only__, 2, 3));
extern ssize_t __REDIRECT (__read_chk_warn,
@@ -157,7 +157,7 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
#ifdef __USE_POSIX199506
extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
__nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
+extern int __REDIRECT_FORTIFY (__getlogin_r_alias, (char *__buf, size_t __buflen),
getlogin_r) __nonnull ((1));
extern int __REDIRECT (__getlogin_r_chk_warn,
(char *__buf, size_t __buflen, size_t __nreal),
@@ -184,7 +184,7 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
__THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
+extern int __REDIRECT_FORTIFY_NTH (__getdomainname_alias, (char *__buf,
size_t __buflen),
getdomainname) __nonnull ((1))
__wur __attr_access ((__write_only__, 1, 2));
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 10/15] misc/bits/select2.h: Clearly separate declaration from definitions
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (8 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 09/15] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 23:53 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 11/15] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
` (5 subsequent siblings)
15 siblings, 1 reply; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat
The __fdelt_chk declaration needs to be available so that
libc_hidden_proto can be used while not redefining __FD_ELT.
Thus, misc/bits/select-decl.h is created to hold the corresponding
prototypes.
---
debug/fdelt_chk.c | 1 +
include/bits/select-decl.h | 1 +
include/sys/select.h | 4 ++++
misc/Makefile | 1 +
misc/bits/select-decl.h | 31 +++++++++++++++++++++++++++++++
misc/bits/select2.h | 6 ++----
6 files changed, 40 insertions(+), 4 deletions(-)
create mode 100644 include/bits/select-decl.h
create mode 100644 misc/bits/select-decl.h
diff --git a/debug/fdelt_chk.c b/debug/fdelt_chk.c
index d1d3a19460..bcf8f333f9 100644
--- a/debug/fdelt_chk.c
+++ b/debug/fdelt_chk.c
@@ -28,3 +28,4 @@ __fdelt_chk (long int d)
return d / __NFDBITS;
}
strong_alias (__fdelt_chk, __fdelt_warn)
+libc_hidden_def (__fdelt_chk)
diff --git a/include/bits/select-decl.h b/include/bits/select-decl.h
new file mode 100644
index 0000000000..43db738a61
--- /dev/null
+++ b/include/bits/select-decl.h
@@ -0,0 +1 @@
+#include <misc/bits/select-decl.h>
diff --git a/include/sys/select.h b/include/sys/select.h
index a8961afbed..45376461e9 100644
--- a/include/sys/select.h
+++ b/include/sys/select.h
@@ -3,6 +3,10 @@
#ifndef _ISOMAC
/* Now define the internal interfaces. */
+
+#include <bits/select-decl.h>
+libc_hidden_proto (__fdelt_chk)
+
# if __TIMESIZE == 64
# define __pselect64 __pselect
# define __select64 __select
diff --git a/misc/Makefile b/misc/Makefile
index 36ba7a0bad..3497d30f3b 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -68,6 +68,7 @@ headers := \
bits/syslog-ldbl.h \
bits/syslog-path.h \
bits/error.h \
+ bits/select-decl.h \
bits/select2.h \
bits/hwcap.h \
sys/auxv.h \
diff --git a/misc/bits/select-decl.h b/misc/bits/select-decl.h
new file mode 100644
index 0000000000..95962e1b98
--- /dev/null
+++ b/misc/bits/select-decl.h
@@ -0,0 +1,31 @@
+/* Checking routines for select functions. Declaration only.
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#ifndef _BITS_SELECT_DECL_H
+#define _BITS_SELECT_DECL_H 1
+
+#ifndef _SYS_SELECT_H
+# error "Never include <bits/select-decl.h> directly; use <sys/select.h> instead."
+#endif
+
+/* Helper functions to issue warnings and errors when needed. */
+extern long int __fdelt_chk (long int __d);
+extern long int __fdelt_warn (long int __d)
+ __warnattr ("bit outside of fd_set selected");
+
+#endif
diff --git a/misc/bits/select2.h b/misc/bits/select2.h
index abd84a19d5..91e85c87d1 100644
--- a/misc/bits/select2.h
+++ b/misc/bits/select2.h
@@ -20,10 +20,8 @@
# error "Never include <bits/select2.h> directly; use <sys/select.h> instead."
#endif
-/* Helper functions to issue warnings and errors when needed. */
-extern long int __fdelt_chk (long int __d);
-extern long int __fdelt_warn (long int __d)
- __warnattr ("bit outside of fd_set selected");
+#include <bits/select-decl.h>
+
#undef __FD_ELT
#define __FD_ELT(d) \
__extension__ \
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 11/15] misc/bits/syslog.h: Clearly separate declaration from definition
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (9 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 10/15] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 12/15] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
` (4 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
This allows to include bits/syslog-decl.h in include/sys/syslog.h and
therefore be able to create the libc_hidden_builtin_proto (__syslog_chk)
prototype.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
include/bits/syslog-decl.h | 1 +
include/sys/syslog.h | 4 +++
misc/Makefile | 1 +
misc/bits/syslog-decl.h | 35 +++++++++++++++++++
misc/bits/syslog.h | 10 +-----
misc/syslog.c | 4 ++-
.../ldbl-128ibm-compat/ieee128-syslog.c | 1 +
7 files changed, 46 insertions(+), 10 deletions(-)
create mode 100644 include/bits/syslog-decl.h
create mode 100644 misc/bits/syslog-decl.h
diff --git a/include/bits/syslog-decl.h b/include/bits/syslog-decl.h
new file mode 100644
index 0000000000..491a263777
--- /dev/null
+++ b/include/bits/syslog-decl.h
@@ -0,0 +1 @@
+#include <misc/bits/syslog-decl.h>
diff --git a/include/sys/syslog.h b/include/sys/syslog.h
index 44422eab13..1566228860 100644
--- a/include/sys/syslog.h
+++ b/include/sys/syslog.h
@@ -3,6 +3,8 @@
#include <misc/sys/syslog.h>
#ifndef _ISOMAC
+#include <bits/syslog-decl.h>
+
libc_hidden_ldbl_proto (syslog)
/* __vsyslog_internal uses the same mode_flags bits as
@@ -12,5 +14,7 @@ extern void __vsyslog_internal (int pri, const char *fmt, __gnuc_va_list ap,
attribute_hidden
__attribute__ ((__format__ (__printf__, 2, 0)));
+libc_hidden_ldbl_proto (__syslog_chk)
+
#endif /* _ISOMAC */
#endif /* syslog.h */
diff --git a/misc/Makefile b/misc/Makefile
index 3497d30f3b..fe0d49c1de 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -64,6 +64,7 @@ headers := \
sys/xattr.h \
syslog.h \
sys/syslog.h \
+ bits/syslog-decl.h \
bits/syslog.h \
bits/syslog-ldbl.h \
bits/syslog-path.h \
diff --git a/misc/bits/syslog-decl.h b/misc/bits/syslog-decl.h
new file mode 100644
index 0000000000..a9349feee0
--- /dev/null
+++ b/misc/bits/syslog-decl.h
@@ -0,0 +1,35 @@
+/* Checking routines for syslog functions. Declaration only.
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#ifndef _BITS_SYSLOG_DECL_H
+#define _BITS_SYSLOG_DECL_H 1
+
+#ifndef _SYS_SYSLOG_H
+# error "Never include <bits/syslog-decl.h> directly; use <sys/syslog.h> instead."
+#endif
+
+extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
+ __attribute__ ((__format__ (__printf__, 3, 4)));
+
+#ifdef __USE_MISC
+extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
+ __gnuc_va_list __ap)
+ __attribute__ ((__format__ (__printf__, 3, 0)));
+#endif
+
+#endif
diff --git a/misc/bits/syslog.h b/misc/bits/syslog.h
index 305cac4ba0..d7de90ed14 100644
--- a/misc/bits/syslog.h
+++ b/misc/bits/syslog.h
@@ -20,15 +20,7 @@
# error "Never include <bits/syslog.h> directly; use <sys/syslog.h> instead."
#endif
-
-extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
- __attribute__ ((__format__ (__printf__, 3, 4)));
-
-#ifdef __USE_MISC
-extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
- __gnuc_va_list __ap)
- __attribute__ ((__format__ (__printf__, 3, 0)));
-#endif
+#include <bits/syslog-decl.h>
#include <bits/floatn.h>
#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
diff --git a/misc/syslog.c b/misc/syslog.c
index f67d4b58a4..1b8cb722c5 100644
--- a/misc/syslog.c
+++ b/misc/syslog.c
@@ -101,7 +101,7 @@ __vsyslog (int pri, const char *fmt, va_list ap)
ldbl_weak_alias (__vsyslog, vsyslog)
void
-__syslog_chk (int pri, int flag, const char *fmt, ...)
+___syslog_chk (int pri, int flag, const char *fmt, ...)
{
va_list ap;
@@ -109,6 +109,8 @@ __syslog_chk (int pri, int flag, const char *fmt, ...)
__vsyslog_internal (pri, fmt, ap, (flag > 0) ? PRINTF_FORTIFY : 0);
va_end (ap);
}
+ldbl_hidden_def (___syslog_chk, __syslog_chk)
+ldbl_strong_alias (___syslog_chk, __syslog_chk)
void
__vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
index 18aa7f707f..97810a7bbd 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
@@ -52,6 +52,7 @@ ___ieee128___syslog_chk (int pri, int flag, const char *fmt, ...)
__vsyslog_internal (pri, fmt, ap, mode);
va_end (ap);
}
+hidden_def (___ieee128___syslog_chk)
strong_alias (___ieee128___syslog_chk, __syslog_chkieee128)
void
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 12/15] libio/bits/stdio2.h: Clearly separate declaration from definitions
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (10 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 11/15] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 13/15] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
` (3 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
Move declarations from libio/bits/stdio.h to existing
libio/bits/stdio2-decl.h. This will enable future use of
__REDIRECT_FORTIFY in place of some __REDIRECT.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
libio/bits/stdio2-decl.h | 49 ++++++++++++++++++++++++++++++++++++++++
libio/bits/stdio2.h | 48 ---------------------------------------
2 files changed, 49 insertions(+), 48 deletions(-)
diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
index 9d4668da21..114b06d24b 100644
--- a/libio/bits/stdio2-decl.h
+++ b/libio/bits/stdio2-decl.h
@@ -84,18 +84,55 @@ extern int __obstack_vprintf_chk (struct obstack *__restrict __obstack,
#endif
#if __GLIBC_USE (DEPRECATED_GETS)
+extern char *__REDIRECT (__gets_warn, (char *__str), gets)
+ __wur __warnattr ("please use fgets or getline instead, gets can't "
+ "specify buffer size");
+
extern char *__gets_chk (char *__str, size_t) __wur;
#endif
+extern char *__REDIRECT (__fgets_alias,
+ (char *__restrict __s, int __n,
+ FILE *__restrict __stream), fgets)
+ __wur __attr_access ((__write_only__, 1, 2));
+extern char *__REDIRECT (__fgets_chk_warn,
+ (char *__restrict __s, size_t __size, int __n,
+ FILE *__restrict __stream), __fgets_chk)
+ __wur __warnattr ("fgets called with bigger size than length "
+ "of destination buffer");
+
extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
FILE *__restrict __stream)
__wur __attr_access ((__write_only__, 1, 3));
+extern size_t __REDIRECT (__fread_alias,
+ (void *__restrict __ptr, size_t __size,
+ size_t __n, FILE *__restrict __stream),
+ fread) __wur;
+extern size_t __REDIRECT (__fread_chk_warn,
+ (void *__restrict __ptr, size_t __ptrlen,
+ size_t __size, size_t __n,
+ FILE *__restrict __stream),
+ __fread_chk)
+ __wur __warnattr ("fread called with bigger size * nmemb than length "
+ "of destination buffer");
+
extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
size_t __size, size_t __n,
FILE *__restrict __stream) __wur;
#ifdef __USE_GNU
+extern char *__REDIRECT (__fgets_unlocked_alias,
+ (char *__restrict __s, int __n,
+ FILE *__restrict __stream), fgets_unlocked)
+ __wur __attr_access ((__write_only__, 1, 2));
+extern char *__REDIRECT (__fgets_unlocked_chk_warn,
+ (char *__restrict __s, size_t __size, int __n,
+ FILE *__restrict __stream), __fgets_unlocked_chk)
+ __wur __warnattr ("fgets_unlocked called with bigger size than length "
+ "of destination buffer");
+
+
extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
int __n, FILE *__restrict __stream)
__wur __attr_access ((__write_only__, 1, 3));
@@ -103,6 +140,18 @@ extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
#ifdef __USE_MISC
# undef fread_unlocked
+extern size_t __REDIRECT (__fread_unlocked_alias,
+ (void *__restrict __ptr, size_t __size,
+ size_t __n, FILE *__restrict __stream),
+ fread_unlocked) __wur;
+extern size_t __REDIRECT (__fread_unlocked_chk_warn,
+ (void *__restrict __ptr, size_t __ptrlen,
+ size_t __size, size_t __n,
+ FILE *__restrict __stream),
+ __fread_unlocked_chk)
+ __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
+ "length of destination buffer");
+
extern size_t __fread_unlocked_chk (void *__restrict __ptr, size_t __ptrlen,
size_t __size, size_t __n,
FILE *__restrict __stream) __wur;
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
index ad85f7df8b..71226408ab 100644
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -182,10 +182,6 @@ __NTH (obstack_vprintf (struct obstack *__restrict __obstack,
#endif
#if __GLIBC_USE (DEPRECATED_GETS)
-extern char *__REDIRECT (__gets_warn, (char *__str), gets)
- __wur __warnattr ("please use fgets or getline instead, gets can't "
- "specify buffer size");
-
__fortify_function __wur char *
gets (char *__str)
{
@@ -195,16 +191,6 @@ gets (char *__str)
}
#endif
-extern char *__REDIRECT (__fgets_alias,
- (char *__restrict __s, int __n,
- FILE *__restrict __stream), fgets)
- __wur __attr_access ((__write_only__, 1, 2));
-extern char *__REDIRECT (__fgets_chk_warn,
- (char *__restrict __s, size_t __size, int __n,
- FILE *__restrict __stream), __fgets_chk)
- __wur __warnattr ("fgets called with bigger size than length "
- "of destination buffer");
-
__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
{
@@ -216,18 +202,6 @@ fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
return __fgets_chk (__s, sz, __n, __stream);
}
-extern size_t __REDIRECT (__fread_alias,
- (void *__restrict __ptr, size_t __size,
- size_t __n, FILE *__restrict __stream),
- fread) __wur;
-extern size_t __REDIRECT (__fread_chk_warn,
- (void *__restrict __ptr, size_t __ptrlen,
- size_t __size, size_t __n,
- FILE *__restrict __stream),
- __fread_chk)
- __wur __warnattr ("fread called with bigger size * nmemb than length "
- "of destination buffer");
-
__fortify_function __wur size_t
fread (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
@@ -241,16 +215,6 @@ fread (void *__restrict __ptr, size_t __size, size_t __n,
}
#ifdef __USE_GNU
-extern char *__REDIRECT (__fgets_unlocked_alias,
- (char *__restrict __s, int __n,
- FILE *__restrict __stream), fgets_unlocked)
- __wur __attr_access ((__write_only__, 1, 2));
-extern char *__REDIRECT (__fgets_unlocked_chk_warn,
- (char *__restrict __s, size_t __size, int __n,
- FILE *__restrict __stream), __fgets_unlocked_chk)
- __wur __warnattr ("fgets_unlocked called with bigger size than length "
- "of destination buffer");
-
__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
{
@@ -265,18 +229,6 @@ fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
#ifdef __USE_MISC
# undef fread_unlocked
-extern size_t __REDIRECT (__fread_unlocked_alias,
- (void *__restrict __ptr, size_t __size,
- size_t __n, FILE *__restrict __stream),
- fread_unlocked) __wur;
-extern size_t __REDIRECT (__fread_unlocked_chk_warn,
- (void *__restrict __ptr, size_t __ptrlen,
- size_t __size, size_t __n,
- FILE *__restrict __stream),
- __fread_unlocked_chk)
- __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
- "length of destination buffer");
-
__fortify_function __wur size_t
fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 13/15] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (11 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 12/15] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 14/15] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
` (2 subsequent siblings)
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
The change is meant to avoid unwanted PLT entry for the fgets_unlocked
routine when _FORTIFY_SOURCE is set.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
libio/bits/stdio2-decl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
index 114b06d24b..d7ef7283d6 100644
--- a/libio/bits/stdio2-decl.h
+++ b/libio/bits/stdio2-decl.h
@@ -122,7 +122,7 @@ extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
FILE *__restrict __stream) __wur;
#ifdef __USE_GNU
-extern char *__REDIRECT (__fgets_unlocked_alias,
+extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias,
(char *__restrict __s, int __n,
FILE *__restrict __stream), fgets_unlocked)
__wur __attr_access ((__write_only__, 1, 2));
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 14/15] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (12 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 13/15] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 15/15] Add --enable-fortify-source option Frédéric Bérat
2023-07-05 0:13 ` [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Siddhesh Poyarekar
15 siblings, 0 replies; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Siddhesh Poyarekar
Return value from *scanf and *asprintf routines are now properly checked
in test-scanf-ldbl-compat-template.c and test-printf-ldbl-compat.c.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
.../test-printf-ldbl-compat.c | 10 +++++----
.../test-scanf-ldbl-compat-template.c | 21 ++++++++++---------
2 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c b/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
index 3c759e1427..be37af7c31 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
@@ -30,12 +30,13 @@ do_test_call_varg (FILE *stream, const char *format, ...)
char *buffer = NULL;
char string[128];
va_list args;
+ int ret;
printf ("%15s", "vasprintf: ");
va_start (args, format);
- vasprintf (&buffer, format, args);
+ ret = vasprintf (&buffer, format, args);
va_end (args);
- if (buffer == NULL)
+ if (ret == -1 || buffer == NULL)
printf ("Error using vasprintf\n");
else
{
@@ -82,10 +83,11 @@ do_test_call_rarg (FILE *stream, const char *format, long double ld, double d)
{
char *buffer = NULL;
char string[128];
+ int ret;
printf ("%15s", "asprintf: ");
- asprintf (&buffer, format, ld, d);
- if (buffer == NULL)
+ ret = asprintf (&buffer, format, ld, d);
+ if (ret == -1 || buffer == NULL)
printf ("Error using asprintf\n");
else
{
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c b/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
index e8da3a67f0..776c12dd16 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
@@ -37,10 +37,10 @@
ldptr = va_arg (args, long double *); \
fptr = va_arg (args, float *); \
va_end (args); \
- if (*ldptr == -1 && *fptr == -2) \
+ if (*ldptr == -1 && *fptr == -2 && ret == 2) \
printf ("OK"); \
else \
- printf ("ERROR (%Lf %f)", *ldptr, *fptr); \
+ printf ("ERROR (%Lf %f %d)", *ldptr, *fptr, ret); \
printf ("\n");
#define CLEAR_VALUE \
@@ -48,10 +48,10 @@
f = 0;
#define CHECK_VALUE \
- if (ld == -1 && f == -2) \
+ if (ld == -1 && f == -2 && ret == 2) \
printf ("OK"); \
else \
- printf ("ERROR (%Lf %f)", ld, f); \
+ printf ("ERROR (%Lf %f %d)", ld, f, ret); \
printf ("\n");
static void
@@ -62,40 +62,41 @@ do_test_call (FILE *stream, CHAR *string, const CHAR *format, ...)
float *fptr;
long double *ldptr;
va_list args;
+ int ret;
CLEAR_VALUE
printf ("fscanf: ");
- FSCANF (stream, format, &ld, &f);
+ ret = FSCANF (stream, format, &ld, &f);
CHECK_VALUE
CLEAR_VALUE
printf ("scanf: ");
- SCANF (format, &ld, &f);
+ ret = SCANF (format, &ld, &f);
CHECK_VALUE
CLEAR_VALUE
printf ("sscanf: ");
- SSCANF (string, format, &ld, &f);
+ ret = SSCANF (string, format, &ld, &f);
CHECK_VALUE
CLEAR_VARGS
printf ("vfscanf: ");
va_start (args, format);
- VFSCANF (stream, format, args);
+ ret = VFSCANF (stream, format, args);
va_end (args);
CHECK_VARGS
CLEAR_VARGS
printf ("vscanf: ");
va_start (args, format);
- VSCANF (format, args);
+ ret = VSCANF (format, args);
va_end (args);
CHECK_VARGS
CLEAR_VARGS
printf ("vsscanf: ");
va_start (args, format);
- VSSCANF (string, format, args);
+ ret = VSSCANF (string, format, args);
va_end (args);
CHECK_VARGS
}
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH v4 15/15] Add --enable-fortify-source option
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (13 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 14/15] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
@ 2023-07-04 16:55 ` Frédéric Bérat
2023-07-05 0:02 ` Siddhesh Poyarekar
2023-07-05 0:13 ` [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Siddhesh Poyarekar
15 siblings, 1 reply; 26+ messages in thread
From: Frédéric Bérat @ 2023-07-04 16:55 UTC (permalink / raw)
To: libc-alpha; +Cc: siddhesh, fberat, Adhemerval Zanella Netto, Andreas Schwab
It is now possible to enable fortification through a configure option.
The level may be given as parameter, if none is provided, the configure
script will determine what is the highest level possible that can be set
considering GCC built-ins availability and set it.
If level is explicitly set to 3, configure checks if the compiler
supports the built-in function necessary for it or raise an error if it
isn't.
If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is
forcibly undefined (and therefore disabled).
The result of the configure checks is a new variables, ${fortify_source}
that can be used to appropriately populate CFLAGS.
Updated NEWS and INSTALL.
Adding dedicated x86_64 variant that enables the configuration.
---
INSTALL | 8 ++++
Makeconfig | 9 ++++-
NEWS | 6 +++
config.make.in | 1 +
configure | 77 ++++++++++++++++++++++++++++++++++++
configure.ac | 42 ++++++++++++++++++--
manual/install.texi | 8 ++++
scripts/build-many-glibcs.py | 4 +-
8 files changed, 150 insertions(+), 5 deletions(-)
diff --git a/INSTALL b/INSTALL
index fe591c7dae..873deeccf3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -276,6 +276,14 @@ if ‘CFLAGS’ is specified it must enable optimization. For example:
the GNU C Library. The default value refers to the main
bug-reporting information for the GNU C Library.
+‘--enable-fortify-source’
+‘--enable-fortify-source=LEVEL’
+ Use -D_FORTIFY_SOURCE=‘LEVEL’ to control code hardening. If not
+ provided, ‘LEVEL’ defaults to highest possible value for your
+ system, based on the supported ‘CC’ features.
+
+ Default is to disable fortification.
+
To build the library and related programs, type ‘make’. This will
produce a lot of output, some of which may look like errors from ‘make’
but aren’t. Look for error messages from ‘make’ containing ‘***’.
diff --git a/Makeconfig b/Makeconfig
index f6396b3e0c..84e5043b14 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -902,6 +902,11 @@ define elide-stack-protector
$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
endef
+# We might want to compile with fortify-source
+ifneq ($(fortify-source),)
++fortify-source=$(fortify-source)
+endif
+
# Some routine can't be fortified like the ones used by fortify
define elide-fortify-source
$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
@@ -973,7 +978,9 @@ endif # $(+cflags) == ""
# loader, cannot be fortified. Lastly debug is the fortification routines
# themselves and they cannot be fortified.
do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
-ifneq ($(do-fortify),$(subdir))
+ifeq ($(do-fortify),$(subdir))
++cflags += $(+fortify-source)
+else
+cflags += $(no-fortify-source)
endif
diff --git a/NEWS b/NEWS
index 2ec05cfe0f..1286f87159 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,12 @@ Major new features:
* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
for parts of the library that can't be built with it.
+* A new configure option, "--enable-fortify-source", can be used to build GLIBC
+ with _FORTIFY_SOURCE. The level of fortification can either be provided, or
+ is set to the highest value supported by the compiler. If not explicitly
+ enabled, then fortify source is forcibly disabled so to keep original
+ behavior unchanged.
+
Deprecated and removed features, and other changes affecting compatibility:
* In the Linux kernel for the hppa/parisc architecture some of the
diff --git a/config.make.in b/config.make.in
index 75ad9765aa..d487a4f4e9 100644
--- a/config.make.in
+++ b/config.make.in
@@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
have-ssp = @libc_cv_ssp@
stack-protector = @stack_protector@
no-stack-protector = @no_stack_protector@
+fortify-source = @fortify_source@
no-fortify-source = @no_fortify_source@
have-selinux = @have_selinux@
have-libaudit = @have_libaudit@
diff --git a/configure b/configure
index 7a15f8d3e6..daa84f2d35 100755
--- a/configure
+++ b/configure
@@ -611,7 +611,10 @@ libc_cv_gcc_unwind_find_fde
libc_extra_cppflags
libc_extra_cflags
libc_cv_cxx_thread_local
+fortify_source
no_fortify_source
+libc_cv_fortify_source
+enable_fortify_source
have_selinux
have_libcap
have_libaudit
@@ -782,6 +785,7 @@ enable_pt_chown
enable_mathvec
enable_cet
enable_scv
+enable_fortify_source
with_cpu
'
ac_precious_vars='build_alias
@@ -1452,6 +1456,10 @@ Optional Features:
(CET), x86 only
--disable-scv syscalls will not use scv instruction, even if the
kernel supports it, powerpc only
+ --enable-fortify-source[=1|2|3]
+ Use -D_FORTIFY_SOURCE=[1|2|3] to control code
+ hardening, defaults to highest possible value for
+ your system
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -3717,6 +3725,18 @@ if test "$use_scv" != "no"; then :
fi
+# Check whether --enable-fortify-source was given.
+if test "${enable_fortify_source+set}" = set; then :
+ enableval=$enable_fortify_source; enable_fortify_source=$enableval
+else
+ enable_fortify_source=no
+fi
+
+case "$enable_fortify_source" in
+1|2|3|no|yes) ;;
+*) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;;
+esac
+
# We keep the original values in `$config_*' and never modify them, so we
# can write them unchanged into config.make. Everything else uses
# $machine, $vendor, and $os, and changes them whenever convenient.
@@ -6354,6 +6374,63 @@ fi
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
+fortify_source="${no_fortify_source}"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
+$as_echo_n "checking for __builtin_dynamic_object_size... " >&6; }
+if ${libc_cv___builtin_dynamic_object_size+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+__builtin_dynamic_object_size("", 0)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ libc_cv___builtin_dynamic_object_size=yes
+ if test "$enable_fortify_source" = yes; then :
+ enable_fortify_source=3
+fi
+else
+ libc_cv___builtin_dynamic_object_size=no
+ if test "$enable_fortify_source" = yes; then :
+ enable_fortify_source=2
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
+$as_echo "$libc_cv___builtin_dynamic_object_size" >&6; }
+
+case $enable_fortify_source in #(
+ 1|2) :
+ libc_cv_fortify_source=yes ;; #(
+ 3) :
+ if test "$libc_cv___builtin_dynamic_object_size" = yes; then :
+ libc_cv_fortify_source=yes
+else
+ as_fn_error $? "Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3" "$LINENO" 5
+fi ;; #(
+ *) :
+ libc_cv_fortify_source=no ;;
+esac
+
+if test "$libc_cv_fortify_source" = yes; then :
+ fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"
+
+fi
+
+
+
diff --git a/configure.ac b/configure.ac
index ebc04d49e6..12493367b1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -466,6 +466,17 @@ AC_ARG_ENABLE([scv],
AS_IF([[test "$use_scv" != "no"]],[AC_DEFINE(USE_PPC_SCV)])
+dnl Build glibc with _FORTIFY_SOURCE
+AC_ARG_ENABLE(fortify-source,
+ AS_HELP_STRING([--enable-fortify-source@<:@=1|2|3@:>@],
+ [Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value for your system]),
+ [enable_fortify_source=$enableval],
+ [enable_fortify_source=no])
+case "$enable_fortify_source" in
+1|2|3|no|yes) ;;
+*) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);;
+esac
+
# We keep the original values in `$config_*' and never modify them, so we
# can write them unchanged into config.make. Everything else uses
# $machine, $vendor, and $os, and changes them whenever convenient.
@@ -1559,12 +1570,37 @@ if test "x$have_selinux" = xyes; then
fi
AC_SUBST(have_selinux)
-dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
-dnl This will allow users to enable fortification through FLAGS or compiler
-dnl defaults macro definitions.
+dnl Check if we support the requested _FORTIFY_SOURCE level
+dnl If not, then don't use it.
+dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
+dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
+dnl support it
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
+fortify_source="${no_fortify_source}"
+
+AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
+ [libc_cv___builtin_dynamic_object_size=yes
+ AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
+ [libc_cv___builtin_dynamic_object_size=no
+ AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
+])
+
+AS_CASE([$enable_fortify_source],
+ [1|2], [libc_cv_fortify_source=yes],
+ [3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
+ [libc_cv_fortify_source=yes],
+ [AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
+ [libc_cv_fortify_source=no])
+
+AS_IF([test "$libc_cv_fortify_source" = yes],
+ [fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"]
+ )
+AC_SUBST(enable_fortify_source)
+AC_SUBST(libc_cv_fortify_source)
AC_SUBST(no_fortify_source)
+AC_SUBST(fortify_source)
dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
dnl to one symbol (PR 23840).
diff --git a/manual/install.texi b/manual/install.texi
index a44a552d1f..eb7cb74c2d 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -303,6 +303,14 @@ Specify the URL that users should visit if they wish to report a bug,
to be included in @option{--help} output from programs installed with
@theglibc{}. The default value refers to the main bug-reporting
information for @theglibc{}.
+
+@item --enable-fortify-source
+@itemx --enable-fortify-source=@var{LEVEL}
+Use -D_FORTIFY_SOURCE=@option{LEVEL} to control code hardening. If not
+provided, @option{LEVEL} defaults to highest possible value for your system,
+based on the supported @code{CC} features.
+
+Default is to disable fortification.
@end table
To build the library and related programs, type @code{make}. This will
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index e022abe284..e4eaec01e3 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -464,7 +464,9 @@ class Context(object):
{'arch': 'i486',
'ccopts': '-m32 -march=i486'},
{'arch': 'i586',
- 'ccopts': '-m32 -march=i586'}])
+ 'ccopts': '-m32 -march=i586'},
+ {'variant': 'enable-fortify-source',
+ 'cfg': ['--enable-fortify-source']}])
self.add_config(arch='x86_64',
os_name='gnu',
gcc_cfg=['--disable-multilib'])
--
2.41.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 01/15] Allow glibc to be built with _FORTIFY_SOURCE
2023-07-04 16:55 ` [PATCH v4 01/15] " Frédéric Bérat
@ 2023-07-04 23:45 ` Siddhesh Poyarekar
0 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-04 23:45 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha; +Cc: Joseph Myers
On 2023-07-04 12:55, Frédéric Bérat wrote:
> Glibc can now be built with _FORTIFY_SOURCE.
> Since the feature needs some of the routines provided by Glibc, these
> can be excluded from the fortification using the newly created
> $(no_fortify_source) variable.
>
> A dedicated patch will follow to make use of this variable in Makefiles
> when necessary.
>
> Update NEWS.
> ---
If it's not too much, please merge 15/15 with this, there's no reason to
keep them separate given that there's consensus on direction now.
> Makeconfig | 28 +++++++++++++++++++++++++---
> NEWS | 3 +++
> config.make.in | 2 +-
> configure | 34 ++--------------------------------
> configure.ac | 24 ++++++------------------
> elf/rtld-Rules | 2 +-
> 6 files changed, 38 insertions(+), 55 deletions(-)
>
> diff --git a/Makeconfig b/Makeconfig
> index 2514db35f6..f6396b3e0c 100644
> --- a/Makeconfig
> +++ b/Makeconfig
> @@ -543,12 +543,13 @@ endif # +link
> # ARM, gcc always produces different debugging symbols when invoked with
> # a -O greater than 0 than when invoked with -O0, regardless of anything else
> # we're using to suppress optimizations. Therefore, we need to explicitly pass
> -# -O0 to it through CFLAGS.
> +# -O0 to it through CFLAGS. By side effect, any fortification needs to be
> +# disabled as it needs -O greater than 0.
s/By side effect/As a result/
> # Additionally, the build system will try to -include $(common-objpfx)/config.h
> # when compiling the tests, which will throw an error if some special macros
> # (such as __OPTIMIZE__ and IS_IN_build) aren't defined. To avoid this, we
> # tell gcc to define IS_IN_build.
> -CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build
> +CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build $(no-fortify-source)
>
> ifeq (yes,$(build-shared))
> # These indicate whether to link using the built ld.so or the installed one.
> @@ -901,6 +902,11 @@ define elide-stack-protector
> $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
> endef
>
> +# Some routine can't be fortified like the ones used by fortify
> +define elide-fortify-source
> +$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
> +endef
> +
> # The program that makes Emacs-style TAGS files.
> ETAGS := etags
>
> @@ -961,6 +967,16 @@ endif # $(+cflags) == ""
> $(+stack-protector) -fno-common
> +gcc-nowarn := -w
>
> +# We must filter out elf because the early bootstrap of the dynamic loader
> +# cannot be fortified. Likewise we exclude dlfcn because it is entangled
> +# with the loader. We must filter out csu because early startup, like the
> +# loader, cannot be fortified. Lastly debug is the fortification routines
> +# themselves and they cannot be fortified.
> +do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
> +ifneq ($(do-fortify),$(subdir))
> ++cflags += $(no-fortify-source)
> +endif
> +
> # Each sysdeps directory can contain header files that both will be
> # used to compile and will be installed. Each can also contain an
> # include/ subdirectory, whose header files will be used to compile
> @@ -1010,7 +1026,7 @@ module-cppflags = $(if $(filter %.mk.i %.v.i,$(@F)),,$(module-cppflags-real))
> # Note that we can't use -std=* in CPPFLAGS, because it overrides
> # the implicit -lang-asm and breaks cpp behavior for .S files--notably
> # it causes cpp to stop predefining __ASSEMBLER__.
> -CPPFLAGS = $(config-extra-cppflags) $(CPPUNDEFS) $(CPPFLAGS-config) \
> +CPPFLAGS = $(config-extra-cppflags) $(CPPFLAGS-config) \
> $($(subdir)-CPPFLAGS) \
> $(+includes) $(defines) $(module-cppflags) \
> -include $(..)include/libc-symbols.h $(sysdep-CPPFLAGS) \
> @@ -1049,6 +1065,8 @@ object-suffixes :=
> CPPFLAGS-.o = $(pic-default)
> # libc.a must be compiled with -fPIE/-fpie for static PIE.
> CFLAGS-.o = $(filter %frame-pointer,$(+cflags)) $(pie-default)
> +CFLAGS-.o += $(call elide-fortify-source,.o,$(routines_no_fortify))
> +CFLAGS-.o += $(call elide-fortify-source,_chk.o,$(routines_no_fortify))
> libtype.o := lib%.a
> object-suffixes += .o
> ifeq (yes,$(build-shared))
> @@ -1058,6 +1076,8 @@ object-suffixes += .os
> pic-cppflags = -DPIC -DSHARED
> CPPFLAGS-.os = $(pic-cppflags)
> CFLAGS-.os = $(filter %frame-pointer,$(+cflags)) $(pic-ccflag)
> +CFLAGS-.os += $(call elide-fortify-source,.os,$(routines_no_fortify))
> +CFLAGS-.os += $(call elide-fortify-source,_chk.os,$(routines_no_fortify))
> libtype.os := lib%_pic.a
> # This can be changed by a sysdep makefile
> pic-ccflag = -fPIC
> @@ -1077,6 +1097,8 @@ object-suffixes += .op
> CPPFLAGS-.op = -DPROF $(pic-default)
> # libc_p.a must be compiled with -fPIE/-fpie for static PIE.
> CFLAGS-.op = -pg $(pie-default)
> +CFLAGS-.op += $(call elide-fortify-source,.op,$(routines_no_fortify))
> +CFLAGS-.op += $(call elide-fortify-source,_chk.op,$(routines_no_fortify))
> libtype.op = lib%_p.a
> endif
>
> diff --git a/NEWS b/NEWS
> index 709ee40e50..2ec05cfe0f 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -48,6 +48,9 @@ Major new features:
> * The strlcpy and strlcat functions have been added. They are derived
> from OpenBSD, and are expected to be added to a future POSIX version.
>
> +* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
> + for parts of the library that can't be built with it.
> +
s/Glibc now supports to be built/The GNU C Library can now be built/
Also, s/The value is undefined/The macro is undefined/
> Deprecated and removed features, and other changes affecting compatibility:
>
> * In the Linux kernel for the hppa/parisc architecture some of the
> diff --git a/config.make.in b/config.make.in
> index 4afd37feaf..75ad9765aa 100644
> --- a/config.make.in
> +++ b/config.make.in
> @@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
> have-ssp = @libc_cv_ssp@
> stack-protector = @stack_protector@
> no-stack-protector = @no_stack_protector@
> +no-fortify-source = @no_fortify_source@
> have-selinux = @have_selinux@
> have-libaudit = @have_libaudit@
> have-libcap = @have_libcap@
> @@ -101,7 +102,6 @@ CXX = @CXX@
> BUILD_CC = @BUILD_CC@
> CFLAGS = @CFLAGS@
> CPPFLAGS-config = @CPPFLAGS@
> -CPPUNDEFS = @CPPUNDEFS@
> extra-nonshared-cflags = @extra_nonshared_cflags@
> rtld-early-cflags = @rtld_early_cflags@
> ASFLAGS-config = @ASFLAGS_config@
> diff --git a/configure b/configure
> index f84040644b..7a15f8d3e6 100755
> --- a/configure
> +++ b/configure
> @@ -611,7 +611,7 @@ libc_cv_gcc_unwind_find_fde
> libc_extra_cppflags
> libc_extra_cflags
> libc_cv_cxx_thread_local
> -CPPUNDEFS
> +no_fortify_source
> have_selinux
> have_libcap
> have_libaudit
> @@ -6353,38 +6353,8 @@ $as_echo "#define HAVE_LIBCAP 1" >>confdefs.h
> fi
>
>
> -CPPUNDEFS=
> -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCE predefine" >&5
> -$as_echo_n "checking for _FORTIFY_SOURCE predefine... " >&6; }
> -if ${libc_cv_predef_fortify_source+:} false; then :
> - $as_echo_n "(cached) " >&6
> -else
> - cat confdefs.h - <<_ACEOF >conftest.$ac_ext
> -/* end confdefs.h. */
> -
> -int
> -main ()
> -{
> +no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
>
> -#ifdef _FORTIFY_SOURCE
> -# error bogon
> -#endif
> - ;
> - return 0;
> -}
> -_ACEOF
> -if ac_fn_c_try_compile "$LINENO"; then :
> - libc_cv_predef_fortify_source=no
> -else
> - libc_cv_predef_fortify_source=yes
> -fi
> -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
> -fi
> -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_predef_fortify_source" >&5
> -$as_echo "$libc_cv_predef_fortify_source" >&6; }
> -if test $libc_cv_predef_fortify_source = yes; then
> - CPPUNDEFS="${CPPUNDEFS:+$CPPUNDEFS }-U_FORTIFY_SOURCE"
> -fi
>
>
> { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
> diff --git a/configure.ac b/configure.ac
> index 21879c933c..ebc04d49e6 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1559,24 +1559,12 @@ if test "x$have_selinux" = xyes; then
> fi
> AC_SUBST(have_selinux)
>
> -CPPUNDEFS=
> -dnl Check for silly hacked compilers predefining _FORTIFY_SOURCE.
> -dnl Since we are building the implementations of the fortified functions here,
> -dnl having the macro defined interacts very badly.
> -dnl _FORTIFY_SOURCE requires compiler optimization level 1 (gcc -O1)
> -dnl and above (see "man FEATURE_TEST_MACROS").
> -dnl So do NOT replace AC_COMPILE_IFELSE with AC_PREPROC_IFELSE.
> -AC_CACHE_CHECK([for _FORTIFY_SOURCE predefine], libc_cv_predef_fortify_source,
> -[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[
> -#ifdef _FORTIFY_SOURCE
> -# error bogon
> -#endif]])],
> - [libc_cv_predef_fortify_source=no],
> - [libc_cv_predef_fortify_source=yes])])
> -if test $libc_cv_predef_fortify_source = yes; then
> - CPPUNDEFS="${CPPUNDEFS:+$CPPUNDEFS }-U_FORTIFY_SOURCE"
> -fi
> -AC_SUBST(CPPUNDEFS)
> +dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
> +dnl This will allow users to enable fortification through FLAGS or compiler
> +dnl defaults macro definitions.
> +no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
> +
> +AC_SUBST(no_fortify_source)
>
> dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
> dnl to one symbol (PR 23840).
> diff --git a/elf/rtld-Rules b/elf/rtld-Rules
> index 56bc4543de..365a3408f3 100644
> --- a/elf/rtld-Rules
> +++ b/elf/rtld-Rules
> @@ -144,6 +144,6 @@ cpp-srcs-left := $(rtld-modules:%.os=%)
> lib := rtld
> include $(patsubst %,$(..)libof-iterator.mk,$(cpp-srcs-left))
>
> -rtld-CFLAGS += $(no-stack-protector)
> +rtld-CFLAGS += $(no-stack-protector) $(no-fortify-source)
>
> endif
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 02/15] Exclude routines from fortification
2023-07-04 16:55 ` [PATCH v4 02/15] Exclude routines from fortification Frédéric Bérat
@ 2023-07-04 23:48 ` Siddhesh Poyarekar
0 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-04 23:48 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha
On 2023-07-04 12:55, Frédéric Bérat wrote:
> Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
> be excluded from the fortification.
>
> On top of that:
> - some tests explicitly verify that some level of fortification works
> appropriately, we therefore shouldn't modify the level set for them.
> - some objects need to be build with optimization disabled, which
> prevents _FORTIFY_SOURCE to be used for them.
>
> Assembler files that implement architecture specific versions of the
> fortified routines were not excluded from _FORTIFY_SOURCE as there is no
> C header included that would impact their behavior.
> ---
OK.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> debug/Makefile | 12 +--
> io/Makefile | 16 ++++
> libio/Makefile | 23 +++++-
> login/Makefile | 6 ++
> misc/Makefile | 7 ++
> posix/Makefile | 11 +++
> rt/Makefile | 5 ++
> setjmp/Makefile | 9 +++
> socket/Makefile | 6 ++
> stdio-common/Makefile | 15 +++-
> stdlib/Makefile | 7 ++
> string/Makefile | 17 +++++
> sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
> sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
> sysdeps/pthread/Makefile | 4 +
> sysdeps/unix/sysv/linux/Makefile | 3 +
> wcsmbs/Makefile | 23 +++++-
> 17 files changed, 248 insertions(+), 26 deletions(-)
>
> diff --git a/debug/Makefile b/debug/Makefile
> index 9d658e3002..434e52f780 100644
> --- a/debug/Makefile
> +++ b/debug/Makefile
> @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
> # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
> # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
> CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>
> # _FORTIFY_SOURCE tests.
> # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
> @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
> # cannot be disabled via pragmas, so require -Wno-error to be used.
> define gen-chk-test
> tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
> +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
> -Wno-deprecated-declarations \
> -Wno-error
> $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> diff --git a/io/Makefile b/io/Makefile
> index d573064ecc..6ccc0e8691 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -149,6 +149,22 @@ routines := \
> write \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + getcwd \
> + getwd \
> + open \
> + open64 \
> + openat \
> + openat64 \
> + poll \
> + ppoll \
> + read \
> + readlink \
> + readlinkat \
> + ttyname_r \
> + # routines_no_fortify
> +
> others := \
> pwd \
> # others
> diff --git a/libio/Makefile b/libio/Makefile
> index 2877fec484..287ec11338 100644
> --- a/libio/Makefile
> +++ b/libio/Makefile
> @@ -53,6 +53,21 @@ routines := \
>
> gen-as-const-headers += libio-macros.sym
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + fwprintf \
> + iofgets \
> + iofgets_u \
> + iofgetws \
> + iofgetws_u \
> + swprintf \
> + vasprintf \
> + vsnprintf \
> + vswprintf \
> + vwprintf \
> + wprintf \
> + # routines_no_fortify
> +
> tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
> tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
> tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf \
> @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
> CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
> # XXX Do we need filedoalloc and wfiledoalloc? Others?
>
> +# Prevent fortification as these are built with -O0
> +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> +
> CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
>
> # These test cases intentionally use overlapping arguments
> -CFLAGS-tst-sprintf-ub.c += -Wno-restrict
> -CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
> +CFLAGS-tst-sprintf-ub.c += -Wno-restrict $(no-fortify-source)
> +CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
>
> LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
>
> diff --git a/login/Makefile b/login/Makefile
> index 13b155d344..74216cbcb2 100644
> --- a/login/Makefile
> +++ b/login/Makefile
> @@ -66,6 +66,12 @@ include ../Rules
> CFLAGS-getpt.c += -fexceptions
> CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + getlogin_r \
> + ptsname_r \
> + # routines_no_fortify
> +
> ifeq (yesyes,$(have-fpie)$(build-shared))
> pt_chown-cflags += $(pie-ccflag)
> endif
> diff --git a/misc/Makefile b/misc/Makefile
> index 84aa4cb0ad..36ba7a0bad 100644
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -205,6 +205,13 @@ routines := \
> writev \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + getdomain \
> + gethostname \
> + syslog \
> + # routines_no_fortify
> +
> generated += \
> tst-allocate_once-mem.out \
> tst-allocate_once.mtrace \
> diff --git a/posix/Makefile b/posix/Makefile
> index ad43cbdec6..5113ee3b74 100644
> --- a/posix/Makefile
> +++ b/posix/Makefile
> @@ -183,6 +183,14 @@ routines := \
> wordexp \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + confstr \
> + getgroups \
> + pread \
> + pread64 \
> + # routines_no_fortify
> +
> aux := \
> environ \
> init-posix \
> @@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
> tst-execvp3-ARGS = --test-dir=$(objpfx)
> CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
>
> +# Test voluntarily overflows struct dirent
> +CFLAGS-bug-glob2.c += $(no-fortify-source)
> +
> $(objpfx)testcases.h: TESTS TESTS2C.sed
> LC_ALL=C sed -f TESTS2C.sed < $< > $@T
> mv $@T $@
> diff --git a/rt/Makefile b/rt/Makefile
> index a97333dc02..3d4a3f0eec 100644
> --- a/rt/Makefile
> +++ b/rt/Makefile
> @@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
> CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
> CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + mq_open \
> + # routines_no_fortify
> +
> LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
>
> $(objpfx)librt.so: $(shared-thread-library)
> diff --git a/setjmp/Makefile b/setjmp/Makefile
> index e5733a8c52..363fb6673c 100644
> --- a/setjmp/Makefile
> +++ b/setjmp/Makefile
> @@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
>
> include ../Rules
>
> +# This test messes the stack on purpose, which triggers longjump fortify
> +# failure
> +CFLAGS-bug269-setjmp.c += $(no-fortify-source)
> +
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + longjmp \
> + # routines_no_fortify
> +
> $(objpfx)tst-setjmp-fp: $(libm)
> diff --git a/socket/Makefile b/socket/Makefile
> index d9b0b4af64..08f20118cd 100644
> --- a/socket/Makefile
> +++ b/socket/Makefile
> @@ -60,6 +60,12 @@ routines := \
> socketpair \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + recv \
> + recvfrom \
> + # routines_no_fortify
> +
> tests := \
> tst-accept4 \
> tst-cmsg_cloexec \
> diff --git a/stdio-common/Makefile b/stdio-common/Makefile
> index 8871ec7668..fe304b8373 100644
> --- a/stdio-common/Makefile
> +++ b/stdio-common/Makefile
> @@ -117,6 +117,19 @@ routines := \
> wprintf_function_invoke \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + asprintf \
> + dprintf \
> + fprintf \
> + printf \
> + snprintf \
> + sprintf \
> + vfprintf \
> + vfwprintf \
> + vprintf \
> + # routines_no_fortify
> +
> aux := \
> errlist \
> errlist-data \
> @@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
>
> # BZ #11319 was first fixed for regular vdprintf, then reopened because
> # the fortified version had the same bug.
> -CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> +CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>
> CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
>
> diff --git a/stdlib/Makefile b/stdlib/Makefile
> index 0975f55ee6..25e42a77e7 100644
> --- a/stdlib/Makefile
> +++ b/stdlib/Makefile
> @@ -145,6 +145,13 @@ routines := \
> xpg_basename \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + mbstowcs \
> + wcstombs \
> + wctomb \
> + # routines_no_fortify
> +
> aux = \
> grouping \
> groupingwc \
> diff --git a/string/Makefile b/string/Makefile
> index d3106d10a9..8cdfd5b000 100644
> --- a/string/Makefile
> +++ b/string/Makefile
> @@ -118,6 +118,23 @@ routines := \
> xpg-strerror \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + explicit_bzero \
> + memcpy \
> + memmove \
> + mempcpy \
> + memset \
> + stpcpy \
> + stpncpy \
> + strcat \
> + strcpy \
> + strlcat \
> + strlcpy \
> + strncat \
> + strncpy \
> + # routines_no_fortify
> +
> tests := \
> bug-envz1 \
> bug-strcoll1 \
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> index 42cca25a09..34273a5f58 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> @@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
> CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-obstack-ieee128 test-obstack-ibm128
> -CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
> -CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> tests-internal += test-scanf-ieee128 test-scanf-ibm128
> CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
> @@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
> obstack_chk \
> vobstack_chk
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
> -CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
> CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
> - -Wno-psabi -Wno-unused-result
> + -Wno-psabi -Wno-unused-result \
> + $(no-fortify-source)
> CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> - -Wno-unused-result
> + -Wno-unused-result \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
> -CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
> CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
> - -Wno-psabi -Wno-unused-result
> + -Wno-psabi -Wno-unused-result \
> + $(no-fortify-source)
> CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> - -Wno-unused-result
> + -Wno-unused-result \
> + $(no-fortify-source)
> endif
>
> ifeq ($(subdir),argp)
> @@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-container += test-syslog-ieee128 test-syslog-ibm128
> -CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
> -CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
> endif
>
> ifeq ($(subdir),stdlib)
> @@ -395,6 +419,31 @@ endif
> # Add IEEE binary128 files as make targets.
> routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
>
> +routines_no_fortify += \
> + ieee128-asprintf \
> + ieee128-dprintf \
> + ieee128-fprintf \
> + ieee128-fwprintf \
> + ieee128-obstack \
> + ieee128-printf \
> + ieee128-snprintf \
> + ieee128-sprintf \
> + ieee128-swprintf \
> + ieee128-syslog \
> + ieee128-vasprintf \
> + ieee128-vdprintf \
> + ieee128-vfprintf \
> + ieee128-vfwprintf \
> + ieee128-vobstack \
> + ieee128-vprintf \
> + ieee128-vsnprintf \
> + ieee128-vsprintf \
> + ieee128-vswprintf \
> + ieee128-vsyslog \
> + ieee128-vwprintf \
> + ieee128-wprintf \
> + # routines_no_fortify
> +
> # On powerpc64le, the routines responsible for converting between long
> # double and string (e.g.: printf, scanf, strtold, strfroml) default to
> # IBM long double mode. When support for TS 18661-3 was added, several
> diff --git a/sysdeps/ieee754/ldbl-opt/Makefile b/sysdeps/ieee754/ldbl-opt/Makefile
> index 22e778ad0e..0ed1cd2cae 100644
> --- a/sysdeps/ieee754/ldbl-opt/Makefile
> +++ b/sysdeps/ieee754/ldbl-opt/Makefile
> @@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
> -DOBJPFX=\"$(objpfx)\"
>
> endif
> +
> +routines_no_fortify += \
> + nldbl-asprintf \
> + nldbl-dprintf \
> + nldbl-fprintf \
> + nldbl-fwprintf \
> + nldbl-obstack_printf \
> + nldbl-obstack_vprintf \
> + nldbl-printf \
> + nldbl-snprintf \
> + nldbl-sprintf \
> + nldbl-swprintf \
> + nldbl-syslog \
> + nldbl-vasprintf \
> + nldbl-vdprintf \
> + nldbl-vfprintf \
> + nldbl-vfwprintf \
> + nldbl-vprintf \
> + nldbl-vsnprintf \
> + nldbl-vsprintf \
> + nldbl-vswprintf \
> + nldbl-vsyslog \
> + nldbl-vwprintf \
> + nldbl-wprintf \
> + # routines_no_fortify
> +
> +# We can't rely on Makeconfig here for whatever reason
> +CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
> +CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
> diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
> index 32cf4eb119..31028406d5 100644
> --- a/sysdeps/pthread/Makefile
> +++ b/sysdeps/pthread/Makefile
> @@ -304,6 +304,10 @@ tests-nolibpthread += \
> CFLAGS-tst-cleanup2.c += -fno-builtin
> CFLAGS-tst-cleanupx2.c += -fno-builtin
>
> +# Disable fortification due to sprintf(NULL,...)
> +CFLAGS-tst-cleanup2.c += $(no-fortify-source)
> +CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
> +
> tests += \
> tst-cancelx2 \
> tst-cancelx3 \
> diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
> index 23a84cf225..be801e3be4 100644
> --- a/sysdeps/unix/sysv/linux/Makefile
> +++ b/sysdeps/unix/sysv/linux/Makefile
> @@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
> CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
> CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
>
> +# The test triggers FORTIFY abortion due to purposely wrong parameters
> +CFLAGS-test-errno-linux.c += $(no-fortify-source)
> +
> sysdep_headers += \
> bits/a.out.h \
> bits/epoll.h \
> diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
> index 22192985e1..d25a2214f8 100644
> --- a/wcsmbs/Makefile
> +++ b/wcsmbs/Makefile
> @@ -121,6 +121,27 @@ routines := \
> wmemset \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + mbsnrtowcs \
> + mbsrtowcs \
> + wcpcpy \
> + wcpncpy \
> + wcrtomb \
> + wcscat \
> + wcscpy \
> + wcslcat \
> + wcslcpy \
> + wcsncat \
> + wcsncpy \
> + wcsnrtombs \
> + wcsrtombs \
> + wmemcpy \
> + wmemmove \
> + wmempcpy \
> + wmemset \
> + # routines_no_fortify
> +
> tests := \
> test-c8rtomb \
> test-char-types \
> @@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
> CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> -CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>
> CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
> CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 05/15] stdio: Ensure *_chk routines have their hidden builtin definition available
2023-07-04 16:55 ` [PATCH v4 05/15] stdio: " Frédéric Bérat
@ 2023-07-04 23:49 ` Siddhesh Poyarekar
2023-07-06 21:15 ` Paul E Murphy
2023-07-05 12:12 ` Carlos O'Donell
1 sibling, 1 reply; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-04 23:49 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha; +Cc: Paul E Murphy
On 2023-07-04 12:55, Frédéric Bérat wrote:
> If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
> there are unwanted PLT entries in libc.so.
>
> There is a special case with __asprintf_chk:
> If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
> if it isn't, ppc64le isn't building due to multiple asm redirections.
>
> This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
> isn't for s390x. This header creates redirections, which are not
> compatible with the ones generated using libc_hidden_def.
> Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
> create a simple strong alias (e.g. as done on x86_64), but a versioned
> alias, leading to ABI breakage.
>
> This results in errors on s390x:
> /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference
> to `__asprintf_chk'
>
> Original __asprintf_chk symbols:
> 00000000001395b0 T __asprintf_chk
> 0000000000177e90 T __nldbl___asprintf_chk
>
> __asprintf_chk symbols with ldbl_* macros:
> 000000000012d590 t ___asprintf_chk
> 000000000012d590 t __asprintf_chk@@GLIBC_2.4
> 000000000012d590 t __GI___asprintf_chk
> 000000000012d590 t __GL____asprintf_chk___asprintf_chk
> 0000000000172240 T __nldbl___asprintf_chk
>
> __asprintf_chk symbols with the patch:
> 000000000012d590 t ___asprintf_chk
> 000000000012d590 T __asprintf_chk
> 000000000012d590 t __GI___asprintf_chk
> 0000000000172240 T __nldbl___asprintf_chk
> ---
I'm leaving this one for you Paul.
thanks,
Sid
> debug/asprintf_chk.c | 18 +++++++++++++++++-
> debug/fgets_u_chk.c | 1 +
> debug/fprintf_chk.c | 1 +
> debug/sprintf_chk.c | 1 +
> include/stdio.h | 13 ++++++++++++-
> .../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 1 +
> .../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 1 +
> .../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 1 +
> .../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 1 +
> 9 files changed, 36 insertions(+), 2 deletions(-)
>
> diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
> index 651c2cd76b..e233d5d737 100644
> --- a/debug/asprintf_chk.c
> +++ b/debug/asprintf_chk.c
> @@ -22,7 +22,7 @@
> /* Write formatted output from FORMAT to a string which is
> allocated with malloc and stored in *STRING_PTR. */
> int
> -__asprintf_chk (char **result_ptr, int flag, const char *format, ...)
> +___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
> {
> /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
> can only come from read-only format strings. */
> @@ -36,3 +36,19 @@ __asprintf_chk (char **result_ptr, int flag, const char *format, ...)
>
> return ret;
> }
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> +/* This is needed since <bits/stdio-lbdl.h> is included in this case, leading to
> + * multiple asm redirection of the same symbol
> + */
> +ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
> +ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
> +#else
> +/* On some systems introduction of ldbl_* macros lead to ABI breakage due to the
> + * long_double_symbol aliasing, e.g. on s390x:
> + * /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference to
> + * `__asprintf_chk'
> + * Due to __asprintf_chk@@GLIBC_2.4 alias replacing __asprintf_chk.
> + */
> +strong_alias (___asprintf_chk, __asprintf_chk)
> +libc_hidden_def (__asprintf_chk)
> +#endif
> diff --git a/debug/fgets_u_chk.c b/debug/fgets_u_chk.c
> index a16ba655e6..74275381f5 100644
> --- a/debug/fgets_u_chk.c
> +++ b/debug/fgets_u_chk.c
> @@ -56,3 +56,4 @@ __fgets_unlocked_chk (char *buf, size_t size, int n, FILE *fp)
> fp->_flags |= old_error;
> return result;
> }
> +libc_hidden_builtin_def (__fgets_unlocked_chk)
> diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c
> index b57d538d03..273051ef91 100644
> --- a/debug/fprintf_chk.c
> +++ b/debug/fprintf_chk.c
> @@ -35,4 +35,5 @@ ___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>
> return ret;
> }
> +ldbl_hidden_def (___fprintf_chk, __fprintf_chk)
> ldbl_strong_alias (___fprintf_chk, __fprintf_chk)
> diff --git a/debug/sprintf_chk.c b/debug/sprintf_chk.c
> index b27f4afae8..e45f1e7b3b 100644
> --- a/debug/sprintf_chk.c
> +++ b/debug/sprintf_chk.c
> @@ -42,4 +42,5 @@ ___sprintf_chk (char *s, int flag, size_t slen, const char *format, ...)
>
> return ret;
> }
> +ldbl_hidden_def (___sprintf_chk, __sprintf_chk)
> ldbl_strong_alias (___sprintf_chk, __sprintf_chk)
> diff --git a/include/stdio.h b/include/stdio.h
> index da47d1ce99..6755877911 100644
> --- a/include/stdio.h
> +++ b/include/stdio.h
> @@ -276,7 +276,18 @@ extern FILE *__open_memstream (char **, size_t *) __THROW __wur;
> libc_hidden_proto (__open_memstream)
> libc_hidden_proto (__libc_fatal)
> rtld_hidden_proto (__libc_fatal)
> -libc_hidden_proto (__vsprintf_chk)
> +
> +libc_hidden_proto (__fgets_unlocked_chk)
> +
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> +libc_hidden_ldbl_proto (__asprintf_chk)
> +#else
> +libc_hidden_proto (__asprintf_chk)
> +#endif
> +
> +libc_hidden_ldbl_proto (__fprintf_chk)
> +libc_hidden_ldbl_proto (__sprintf_chk)
> +libc_hidden_ldbl_proto (__vsprintf_chk)
>
> extern FILE * __fmemopen (void *buf, size_t len, const char *mode);
> libc_hidden_proto (__fmemopen)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> index fbf953a728..6e93ee81fc 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
>
> return done;
> }
> +hidden_def (___ieee128___asprintf_chk)
> strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> index bd10e9c3db..e0865b6663 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>
> return done;
> }
> +hidden_def (___ieee128___fprintf_chk)
> strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> index 0039c3b53d..762757a5c7 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> @@ -43,4 +43,5 @@ ___ieee128___sprintf_chk (char *s, int flag, size_t slen,
>
> return done;
> }
> +hidden_def (___ieee128___sprintf_chk)
> strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> index 22137269c0..c251b60d4e 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
>
> return __vsprintf_internal (string, slen, format, ap, mode);
> }
> +hidden_def (___ieee128___vsprintf_chk)
> strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 07/15] wchar: Avoid PLT entries with _FORTIFY_SOURCE
2023-07-04 16:55 ` [PATCH v4 07/15] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
@ 2023-07-04 23:51 ` Siddhesh Poyarekar
0 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-04 23:51 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha
On 2023-07-04 12:55, Frédéric Bérat wrote:
> The change is meant to avoid unwanted PLT entries for the wmemset and
> wcrtomb routines when _FORTIFY_SOURCE is set.
>
> On top of that, ensure that *_chk routines have their hidden builtin
> definitions available.
> ---
> debug/wcrtomb_chk.c | 1 +
> debug/wmemset_chk.c | 1 +
> include/wchar.h | 15 +++++++++++++++
> sysdeps/x86_64/multiarch/wmemset_chk.c | 4 ++++
> wcsmbs/bits/wchar2-decl.h | 4 ++--
> 5 files changed, 23 insertions(+), 2 deletions(-)
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> diff --git a/debug/wcrtomb_chk.c b/debug/wcrtomb_chk.c
> index 657be7471d..c156fe09c1 100644
> --- a/debug/wcrtomb_chk.c
> +++ b/debug/wcrtomb_chk.c
> @@ -28,3 +28,4 @@ __wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
> {
> return __wcrtomb_internal (s, wchar, ps, buflen);
> }
> +libc_hidden_def (__wcrtomb_chk)
> diff --git a/debug/wmemset_chk.c b/debug/wmemset_chk.c
> index e11a92815e..1e7fc4fdea 100644
> --- a/debug/wmemset_chk.c
> +++ b/debug/wmemset_chk.c
> @@ -26,3 +26,4 @@ __wmemset_chk (wchar_t *s, wchar_t c, size_t n, size_t dstlen)
>
> return wmemset (s, c, n);
> }
> +libc_hidden_builtin_def (__wmemset_chk)
> diff --git a/include/wchar.h b/include/wchar.h
> index 7b763bc24f..484e6b3fef 100644
> --- a/include/wchar.h
> +++ b/include/wchar.h
> @@ -166,6 +166,8 @@ libc_hidden_proto (putwc)
>
> libc_hidden_proto (mbrtowc)
> libc_hidden_proto (wcrtomb)
> +libc_hidden_proto (__wcrtomb_chk)
> +
> extern int __wcscmp (const wchar_t *__s1, const wchar_t *__s2)
> __THROW __attribute_pure__;
> libc_hidden_proto (__wcscmp)
> @@ -260,16 +262,25 @@ extern wchar_t *__wcschrnul (const wchar_t *__s, wchar_t __wc)
>
> extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
> size_t __ns) __THROW;
> +libc_hidden_builtin_proto (__wmemset_chk)
>
> extern int __vfwscanf (__FILE *__restrict __s,
> const wchar_t *__restrict __format,
> __gnuc_va_list __arg)
> attribute_hidden
> /* __attribute__ ((__format__ (__wscanf__, 2, 0)) */;
> +
> +extern int __swprintf_chk (wchar_t *__restrict __s, size_t __n,
> + int __flag, size_t __s_len,
> + const wchar_t *__restrict __format, ...)
> + __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 6))) */;
> +
> extern int __fwprintf (__FILE *__restrict __s,
> const wchar_t *__restrict __format, ...)
> attribute_hidden
> /* __attribute__ ((__format__ (__wprintf__, 2, 3))) */;
> +extern int __wprintf_chk (int __flag, const wchar_t *__restrict __format,
> + ...);
> extern int __vfwprintf_chk (FILE *__restrict __s, int __flag,
> const wchar_t *__restrict __format,
> __gnuc_va_list __arg)
> @@ -279,6 +290,10 @@ extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
> const wchar_t *__restrict __format,
> __gnuc_va_list __arg)
> /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
> +extern int __fwprintf_chk (__FILE *__restrict __stream, int __flag,
> + const wchar_t *__restrict __format, ...);
> +extern int __vwprintf_chk (int __flag, const wchar_t *__restrict __format,
> + __gnuc_va_list __ap);
>
> extern int __isoc99_fwscanf (__FILE *__restrict __stream,
> const wchar_t *__restrict __format, ...);
> diff --git a/sysdeps/x86_64/multiarch/wmemset_chk.c b/sysdeps/x86_64/multiarch/wmemset_chk.c
> index ac93a1f376..00edf44918 100644
> --- a/sysdeps/x86_64/multiarch/wmemset_chk.c
> +++ b/sysdeps/x86_64/multiarch/wmemset_chk.c
> @@ -28,4 +28,8 @@
>
> libc_ifunc_redirected (__redirect_wmemset_chk, __wmemset_chk,
> IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__wmemset_chk, __GI___wmemset_chk, __redirect_wmemset_chk)
> + __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__wmemset_chk);
> +# endif
> #endif
> diff --git a/wcsmbs/bits/wchar2-decl.h b/wcsmbs/bits/wchar2-decl.h
> index f3a2fd3c99..08c8ebd0e8 100644
> --- a/wcsmbs/bits/wchar2-decl.h
> +++ b/wcsmbs/bits/wchar2-decl.h
> @@ -71,7 +71,7 @@ extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn,
>
> extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
> size_t __ns) __THROW;
> -extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
> +extern wchar_t *__REDIRECT_FORTIFY_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
> size_t __n), wmemset);
> extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
> (wchar_t *__s, wchar_t __c, size_t __n,
> @@ -203,7 +203,7 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
> extern size_t __wcrtomb_chk (char *__restrict __s, wchar_t __wchar,
> mbstate_t *__restrict __p,
> size_t __buflen) __THROW __wur;
> -extern size_t __REDIRECT_NTH (__wcrtomb_alias,
> +extern size_t __REDIRECT_FORTIFY_NTH (__wcrtomb_alias,
> (char *__restrict __s, wchar_t __wchar,
> mbstate_t *__restrict __ps), wcrtomb) __wur;
>
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 09/15] unistd: Avoid PLT entries with _FORTIFY_SOURCE
2023-07-04 16:55 ` [PATCH v4 09/15] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
@ 2023-07-04 23:52 ` Siddhesh Poyarekar
0 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-04 23:52 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha
On 2023-07-04 12:55, Frédéric Bérat wrote:
> The change is meant to avoid unwanted PLT entries for the read_chk,
> getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set.
> ---
> debug/getdomainname_chk.c | 1 +
> debug/read_chk.c | 1 +
> include/unistd.h | 4 ++++
> login/getlogin_r_chk.c | 1 +
> posix/bits/unistd-decl.h | 6 +++---
> 5 files changed, 10 insertions(+), 3 deletions(-)
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
>
> diff --git a/debug/getdomainname_chk.c b/debug/getdomainname_chk.c
> index ccea1b2d9e..a7492adf95 100644
> --- a/debug/getdomainname_chk.c
> +++ b/debug/getdomainname_chk.c
> @@ -26,3 +26,4 @@ __getdomainname_chk (char *buf, size_t buflen, size_t nreal)
>
> return getdomainname (buf, buflen);
> }
> +libc_hidden_def (__getdomainname_chk)
> diff --git a/debug/read_chk.c b/debug/read_chk.c
> index 17588736a1..75d902a8ba 100644
> --- a/debug/read_chk.c
> +++ b/debug/read_chk.c
> @@ -25,3 +25,4 @@ __read_chk (int fd, void *buf, size_t nbytes, size_t buflen)
>
> return __read (fd, buf, nbytes);
> }
> +libc_hidden_def (__read_chk)
> diff --git a/include/unistd.h b/include/unistd.h
> index b042a485f9..e241603b81 100644
> --- a/include/unistd.h
> +++ b/include/unistd.h
> @@ -32,6 +32,10 @@ libc_hidden_proto (readlinkat)
> libc_hidden_proto (fsync)
> libc_hidden_proto (fdatasync)
>
> +libc_hidden_proto (__read_chk)
> +libc_hidden_proto (__getdomainname_chk)
> +libc_hidden_proto (__getlogin_r_chk)
> +
> /* Now define the internal interfaces. */
> extern int __access (const char *__name, int __type);
> libc_hidden_proto (__access)
> diff --git a/login/getlogin_r_chk.c b/login/getlogin_r_chk.c
> index 12a0d12bd4..26ec3e6970 100644
> --- a/login/getlogin_r_chk.c
> +++ b/login/getlogin_r_chk.c
> @@ -26,3 +26,4 @@ __getlogin_r_chk (char *buf, size_t buflen, size_t nreal)
>
> return getlogin_r (buf, buflen);
> }
> +libc_hidden_def (__getlogin_r_chk)
> diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
> index 2d0f7a4456..2603039767 100644
> --- a/posix/bits/unistd-decl.h
> +++ b/posix/bits/unistd-decl.h
> @@ -26,7 +26,7 @@
> extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
> size_t __buflen)
> __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
> +extern ssize_t __REDIRECT_FORTIFY (__read_alias, (int __fd, void *__buf,
> size_t __nbytes), read)
> __wur __attr_access ((__write_only__, 2, 3));
> extern ssize_t __REDIRECT (__read_chk_warn,
> @@ -157,7 +157,7 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
> #ifdef __USE_POSIX199506
> extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
> __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
> +extern int __REDIRECT_FORTIFY (__getlogin_r_alias, (char *__buf, size_t __buflen),
> getlogin_r) __nonnull ((1));
> extern int __REDIRECT (__getlogin_r_chk_warn,
> (char *__buf, size_t __buflen, size_t __nreal),
> @@ -184,7 +184,7 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
> #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
> extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
> __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
> +extern int __REDIRECT_FORTIFY_NTH (__getdomainname_alias, (char *__buf,
> size_t __buflen),
> getdomainname) __nonnull ((1))
> __wur __attr_access ((__write_only__, 1, 2));
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 10/15] misc/bits/select2.h: Clearly separate declaration from definitions
2023-07-04 16:55 ` [PATCH v4 10/15] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
@ 2023-07-04 23:53 ` Siddhesh Poyarekar
0 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-04 23:53 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha
On 2023-07-04 12:55, Frédéric Bérat wrote:
> The __fdelt_chk declaration needs to be available so that
> libc_hidden_proto can be used while not redefining __FD_ELT.
> Thus, misc/bits/select-decl.h is created to hold the corresponding
> prototypes.
> ---
> debug/fdelt_chk.c | 1 +
> include/bits/select-decl.h | 1 +
> include/sys/select.h | 4 ++++
> misc/Makefile | 1 +
> misc/bits/select-decl.h | 31 +++++++++++++++++++++++++++++++
> misc/bits/select2.h | 6 ++----
> 6 files changed, 40 insertions(+), 4 deletions(-)
> create mode 100644 include/bits/select-decl.h
> create mode 100644 misc/bits/select-decl.h
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
>
> diff --git a/debug/fdelt_chk.c b/debug/fdelt_chk.c
> index d1d3a19460..bcf8f333f9 100644
> --- a/debug/fdelt_chk.c
> +++ b/debug/fdelt_chk.c
> @@ -28,3 +28,4 @@ __fdelt_chk (long int d)
> return d / __NFDBITS;
> }
> strong_alias (__fdelt_chk, __fdelt_warn)
> +libc_hidden_def (__fdelt_chk)
> diff --git a/include/bits/select-decl.h b/include/bits/select-decl.h
> new file mode 100644
> index 0000000000..43db738a61
> --- /dev/null
> +++ b/include/bits/select-decl.h
> @@ -0,0 +1 @@
> +#include <misc/bits/select-decl.h>
> diff --git a/include/sys/select.h b/include/sys/select.h
> index a8961afbed..45376461e9 100644
> --- a/include/sys/select.h
> +++ b/include/sys/select.h
> @@ -3,6 +3,10 @@
>
> #ifndef _ISOMAC
> /* Now define the internal interfaces. */
> +
> +#include <bits/select-decl.h>
> +libc_hidden_proto (__fdelt_chk)
> +
> # if __TIMESIZE == 64
> # define __pselect64 __pselect
> # define __select64 __select
> diff --git a/misc/Makefile b/misc/Makefile
> index 36ba7a0bad..3497d30f3b 100644
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -68,6 +68,7 @@ headers := \
> bits/syslog-ldbl.h \
> bits/syslog-path.h \
> bits/error.h \
> + bits/select-decl.h \
> bits/select2.h \
> bits/hwcap.h \
> sys/auxv.h \
> diff --git a/misc/bits/select-decl.h b/misc/bits/select-decl.h
> new file mode 100644
> index 0000000000..95962e1b98
> --- /dev/null
> +++ b/misc/bits/select-decl.h
> @@ -0,0 +1,31 @@
> +/* Checking routines for select functions. Declaration only.
> + Copyright (C) 2023 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +#ifndef _BITS_SELECT_DECL_H
> +#define _BITS_SELECT_DECL_H 1
> +
> +#ifndef _SYS_SELECT_H
> +# error "Never include <bits/select-decl.h> directly; use <sys/select.h> instead."
> +#endif
> +
> +/* Helper functions to issue warnings and errors when needed. */
> +extern long int __fdelt_chk (long int __d);
> +extern long int __fdelt_warn (long int __d)
> + __warnattr ("bit outside of fd_set selected");
> +
> +#endif
> diff --git a/misc/bits/select2.h b/misc/bits/select2.h
> index abd84a19d5..91e85c87d1 100644
> --- a/misc/bits/select2.h
> +++ b/misc/bits/select2.h
> @@ -20,10 +20,8 @@
> # error "Never include <bits/select2.h> directly; use <sys/select.h> instead."
> #endif
>
> -/* Helper functions to issue warnings and errors when needed. */
> -extern long int __fdelt_chk (long int __d);
> -extern long int __fdelt_warn (long int __d)
> - __warnattr ("bit outside of fd_set selected");
> +#include <bits/select-decl.h>
> +
> #undef __FD_ELT
> #define __FD_ELT(d) \
> __extension__ \
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 15/15] Add --enable-fortify-source option
2023-07-04 16:55 ` [PATCH v4 15/15] Add --enable-fortify-source option Frédéric Bérat
@ 2023-07-05 0:02 ` Siddhesh Poyarekar
0 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-05 0:02 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha
Cc: Adhemerval Zanella Netto, Andreas Schwab
On 2023-07-04 12:55, Frédéric Bérat wrote:
> It is now possible to enable fortification through a configure option.
> The level may be given as parameter, if none is provided, the configure
> script will determine what is the highest level possible that can be set
> considering GCC built-ins availability and set it.
> If level is explicitly set to 3, configure checks if the compiler
> supports the built-in function necessary for it or raise an error if it
> isn't.
>
> If the configure option isn't explicitly enabled, it _FORTIFY_SOURCE is
> forcibly undefined (and therefore disabled).
>
> The result of the configure checks is a new variables, ${fortify_source}
> that can be used to appropriately populate CFLAGS.
>
> Updated NEWS and INSTALL.
>
> Adding dedicated x86_64 variant that enables the configuration.
> ---
> INSTALL | 8 ++++
> Makeconfig | 9 ++++-
> NEWS | 6 +++
> config.make.in | 1 +
> configure | 77 ++++++++++++++++++++++++++++++++++++
> configure.ac | 42 ++++++++++++++++++--
> manual/install.texi | 8 ++++
> scripts/build-many-glibcs.py | 4 +-
> 8 files changed, 150 insertions(+), 5 deletions(-)
Probably best to merge this into 1/15.
>
> diff --git a/INSTALL b/INSTALL
> index fe591c7dae..873deeccf3 100644
> --- a/INSTALL
> +++ b/INSTALL
> @@ -276,6 +276,14 @@ if ‘CFLAGS’ is specified it must enable optimization. For example:
> the GNU C Library. The default value refers to the main
> bug-reporting information for the GNU C Library.
>
> +‘--enable-fortify-source’
> +‘--enable-fortify-source=LEVEL’
> + Use -D_FORTIFY_SOURCE=‘LEVEL’ to control code hardening. If not
To be specific, s/control code hardening/control hardening in the GNU C
Library/
> + provided, ‘LEVEL’ defaults to highest possible value for your
> + system, based on the supported ‘CC’ features.
> +
> + Default is to disable fortification.
> +
> To build the library and related programs, type ‘make’. This will
> produce a lot of output, some of which may look like errors from ‘make’
> but aren’t. Look for error messages from ‘make’ containing ‘***’.
> diff --git a/Makeconfig b/Makeconfig
> index f6396b3e0c..84e5043b14 100644
> --- a/Makeconfig
> +++ b/Makeconfig
> @@ -902,6 +902,11 @@ define elide-stack-protector
> $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
> endef
>
> +# We might want to compile with fortify-source
> +ifneq ($(fortify-source),)
> ++fortify-source=$(fortify-source)
> +endif
> +
> # Some routine can't be fortified like the ones used by fortify
> define elide-fortify-source
> $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
> @@ -973,7 +978,9 @@ endif # $(+cflags) == ""
> # loader, cannot be fortified. Lastly debug is the fortification routines
> # themselves and they cannot be fortified.
> do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
> -ifneq ($(do-fortify),$(subdir))
> +ifeq ($(do-fortify),$(subdir))
> ++cflags += $(+fortify-source)
> +else
> +cflags += $(no-fortify-source)
> endif
>
> diff --git a/NEWS b/NEWS
> index 2ec05cfe0f..1286f87159 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -51,6 +51,12 @@ Major new features:
> * Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
> for parts of the library that can't be built with it.
>
> +* A new configure option, "--enable-fortify-source", can be used to build GLIBC
> + with _FORTIFY_SOURCE. The level of fortification can either be provided, or
> + is set to the highest value supported by the compiler. If not explicitly
> + enabled, then fortify source is forcibly disabled so to keep original
> + behavior unchanged.
> +
The old NEWS should be replaced with this. Also, s/GLIBC/The GNU C Library/
> Deprecated and removed features, and other changes affecting compatibility:
>
> * In the Linux kernel for the hppa/parisc architecture some of the
> diff --git a/config.make.in b/config.make.in
> index 75ad9765aa..d487a4f4e9 100644
> --- a/config.make.in
> +++ b/config.make.in
> @@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
> have-ssp = @libc_cv_ssp@
> stack-protector = @stack_protector@
> no-stack-protector = @no_stack_protector@
> +fortify-source = @fortify_source@
> no-fortify-source = @no_fortify_source@
> have-selinux = @have_selinux@
> have-libaudit = @have_libaudit@
> diff --git a/configure b/configure
> index 7a15f8d3e6..daa84f2d35 100755
> --- a/configure
> +++ b/configure
> @@ -611,7 +611,10 @@ libc_cv_gcc_unwind_find_fde
> libc_extra_cppflags
> libc_extra_cflags
> libc_cv_cxx_thread_local
> +fortify_source
> no_fortify_source
> +libc_cv_fortify_source
> +enable_fortify_source
> have_selinux
> have_libcap
> have_libaudit
> @@ -782,6 +785,7 @@ enable_pt_chown
> enable_mathvec
> enable_cet
> enable_scv
> +enable_fortify_source
> with_cpu
> '
> ac_precious_vars='build_alias
> @@ -1452,6 +1456,10 @@ Optional Features:
> (CET), x86 only
> --disable-scv syscalls will not use scv instruction, even if the
> kernel supports it, powerpc only
> + --enable-fortify-source[=1|2|3]
> + Use -D_FORTIFY_SOURCE=[1|2|3] to control code
> + hardening, defaults to highest possible value for
> + your system
highest possible value supported by the build compiler.
>
> Optional Packages:
> --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
> @@ -3717,6 +3725,18 @@ if test "$use_scv" != "no"; then :
>
> fi
>
> +# Check whether --enable-fortify-source was given.
> +if test "${enable_fortify_source+set}" = set; then :
> + enableval=$enable_fortify_source; enable_fortify_source=$enableval
> +else
> + enable_fortify_source=no
> +fi
> +
> +case "$enable_fortify_source" in
> +1|2|3|no|yes) ;;
> +*) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;;
> +esac
> +
> # We keep the original values in `$config_*' and never modify them, so we
> # can write them unchanged into config.make. Everything else uses
> # $machine, $vendor, and $os, and changes them whenever convenient.
> @@ -6354,6 +6374,63 @@ fi
>
>
> no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
> +fortify_source="${no_fortify_source}"
> +
> +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
> +$as_echo_n "checking for __builtin_dynamic_object_size... " >&6; }
> +if ${libc_cv___builtin_dynamic_object_size+:} false; then :
> + $as_echo_n "(cached) " >&6
> +else
> +
> + cat confdefs.h - <<_ACEOF >conftest.$ac_ext
> +/* end confdefs.h. */
> +
> +int
> +main ()
> +{
> +__builtin_dynamic_object_size("", 0)
> + ;
> + return 0;
> +}
> +_ACEOF
> +if ac_fn_c_try_link "$LINENO"; then :
> + libc_cv___builtin_dynamic_object_size=yes
> + if test "$enable_fortify_source" = yes; then :
> + enable_fortify_source=3
> +fi
> +else
> + libc_cv___builtin_dynamic_object_size=no
> + if test "$enable_fortify_source" = yes; then :
> + enable_fortify_source=2
> +fi
> +fi
> +rm -f core conftest.err conftest.$ac_objext \
> + conftest$ac_exeext conftest.$ac_ext
> +
> +fi
> +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
> +$as_echo "$libc_cv___builtin_dynamic_object_size" >&6; }
> +
> +case $enable_fortify_source in #(
> + 1|2) :
> + libc_cv_fortify_source=yes ;; #(
> + 3) :
> + if test "$libc_cv___builtin_dynamic_object_size" = yes; then :
> + libc_cv_fortify_source=yes
> +else
> + as_fn_error $? "Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3" "$LINENO" 5
> +fi ;; #(
> + *) :
> + libc_cv_fortify_source=no ;;
> +esac
> +
> +if test "$libc_cv_fortify_source" = yes; then :
> + fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"
> +
> +fi
> +
> +
> +
>
>
>
> diff --git a/configure.ac b/configure.ac
> index ebc04d49e6..12493367b1 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -466,6 +466,17 @@ AC_ARG_ENABLE([scv],
>
> AS_IF([[test "$use_scv" != "no"]],[AC_DEFINE(USE_PPC_SCV)])
>
> +dnl Build glibc with _FORTIFY_SOURCE
> +AC_ARG_ENABLE(fortify-source,
> + AS_HELP_STRING([--enable-fortify-source@<:@=1|2|3@:>@],
> + [Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value for your system]),
> + [enable_fortify_source=$enableval],
> + [enable_fortify_source=no])
> +case "$enable_fortify_source" in
> +1|2|3|no|yes) ;;
> +*) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);;
> +esac
> +
> # We keep the original values in `$config_*' and never modify them, so we
> # can write them unchanged into config.make. Everything else uses
> # $machine, $vendor, and $os, and changes them whenever convenient.
> @@ -1559,12 +1570,37 @@ if test "x$have_selinux" = xyes; then
> fi
> AC_SUBST(have_selinux)
>
> -dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
> -dnl This will allow users to enable fortification through FLAGS or compiler
> -dnl defaults macro definitions.
> +dnl Check if we support the requested _FORTIFY_SOURCE level
> +dnl If not, then don't use it.
> +dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
> +dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
> +dnl support it
> no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
> +fortify_source="${no_fortify_source}"
> +
> +AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
> + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
> + [libc_cv___builtin_dynamic_object_size=yes
> + AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
> + [libc_cv___builtin_dynamic_object_size=no
> + AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
> +])
> +
> +AS_CASE([$enable_fortify_source],
> + [1|2], [libc_cv_fortify_source=yes],
> + [3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
> + [libc_cv_fortify_source=yes],
> + [AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
> + [libc_cv_fortify_source=no])
> +
> +AS_IF([test "$libc_cv_fortify_source" = yes],
> + [fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"]
> + )
>
> +AC_SUBST(enable_fortify_source)
> +AC_SUBST(libc_cv_fortify_source)
> AC_SUBST(no_fortify_source)
> +AC_SUBST(fortify_source)
>
> dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
> dnl to one symbol (PR 23840).
> diff --git a/manual/install.texi b/manual/install.texi
> index a44a552d1f..eb7cb74c2d 100644
> --- a/manual/install.texi
> +++ b/manual/install.texi
> @@ -303,6 +303,14 @@ Specify the URL that users should visit if they wish to report a bug,
> to be included in @option{--help} output from programs installed with
> @theglibc{}. The default value refers to the main bug-reporting
> information for @theglibc{}.
> +
> +@item --enable-fortify-source
> +@itemx --enable-fortify-source=@var{LEVEL}
> +Use -D_FORTIFY_SOURCE=@option{LEVEL} to control code hardening. If not
> +provided, @option{LEVEL} defaults to highest possible value for your system,
> +based on the supported @code{CC} features.
Same as above, highest possible value supported by the build compiler.
> +
> +Default is to disable fortification.
> @end table
>
> To build the library and related programs, type @code{make}. This will
> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
> index e022abe284..e4eaec01e3 100755
> --- a/scripts/build-many-glibcs.py
> +++ b/scripts/build-many-glibcs.py
> @@ -464,7 +464,9 @@ class Context(object):
> {'arch': 'i486',
> 'ccopts': '-m32 -march=i486'},
> {'arch': 'i586',
> - 'ccopts': '-m32 -march=i586'}])
> + 'ccopts': '-m32 -march=i586'},
> + {'variant': 'enable-fortify-source',
> + 'cfg': ['--enable-fortify-source']}])
> self.add_config(arch='x86_64',
> os_name='gnu',
> gcc_cfg=['--disable-multilib'])
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
` (14 preceding siblings ...)
2023-07-04 16:55 ` [PATCH v4 15/15] Add --enable-fortify-source option Frédéric Bérat
@ 2023-07-05 0:13 ` Siddhesh Poyarekar
15 siblings, 0 replies; 26+ messages in thread
From: Siddhesh Poyarekar @ 2023-07-05 0:13 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha
On 2023-07-04 12:55, Frédéric Bérat wrote:
> Hello,
>
> This patch series introduces a new "--enable-fortify-source" option to glibc
> build. This option may either be set to a value between 1 and 3, or left empty
> to let configure select the highest value available for the build system.
>
> The first patch adds the new configure option, the second excludes the routines
> that can't be built with the option enabled.
>
> The next patches are fixing test and compilation errors that arose with
> fortification enabled.
>
> I couldn't test the patch series in all configuration possible on all arches
> possible but I ran the following:
>
> - build-many-glibcs was executed on x86_64, for all arches/variants. This was
> mainly done to ensure that installed headers were not broken (as some
> patches are modifying system headers)
> - The new "enable-fortify-source" variant for BMG got executed on x86_64
> - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64,
> s390x, with and without fortification enabled.
>
> Fred.
>
> Changes since v1:
> - The patch that introduced the new config option has been split in 2.
> There is now one patch that allows glibc to be built with fortification and
> one that adds a new configure option to enable it.
> The patch adding the configure option has been moved to the end of the
> series.
> - A new variant has been added to x86_64 bmg to test enable-fortify-source.
> - NEWS and INSTALL have been updated.
> - Patch series has been re-based
> - Error message has been fixed in newly introduced headers
> - Include directive has been fixed in newly introduced include/* headers
>
> Changes since v2:
> - Test for bug269 modifies the stack in a way that may trigger an abort on
> longjump when fortification is enabled. Thus, disable fortification for this
> test.
> - Added 2 patches to perform the same changes on stdio.h that was done for
> unistd.h and wchar.h. Declarations that were in stdio2.h are moved into
> existing stdio-decl.h, and __REDIRECT is rplaced by __REDIRECT_FORTIFY for
> fgets_unlocked_alias.
> - Title for some patches were modified without content change.
>
> Changes since v3:
> - Patch 02 (Exclude routines from fortification): Add $(no-fortify-source) to
> CFLAGS-tst-sprintf-ub.c
> - Patch 06 (asprintf_chk: Ensure compatibility for both s390x and ppc64le) is
> squashed in patch 05 (stdio: Ensure *_chk routines have their hidden builtin
> definition available). Hence, reviewed-by on patch 05 is dropped.
> - Patch 05 now details why s390x couldn't build if ldbl_* macros are used with
> __asprintf_chk
> - Patch 08 (wchar: Avoid PLT entries with _FORTIFY_SOURCE): unexpected left
> over is removed.
> - Patch 10 (unistd: Avoid PLT entries with _FORTIFY_SOURCE):
> libc_hidden_builtin_{def,proto} replaced with libc_hidden_{def,proto}
> - Patch 11 (misc/bits/select2.h: Clearly separate declaration from
> definitions): libc_hidden_builtin_{def,proto} replaced with
> libc_hidden_{def,proto}
> - Patch 16 (Add --enable-fortify-source option): if "--enable-fortify-source"
> is NOT set (i.e. assume "--disable-fortify-source"), forcibly undefine
> _FORTIFY_SOURCE (instead of letting it pass-through). This is the default
> and matches old behavior.
Almost done. In summary:
- Wait for Paul to review the ldbl-128 symbol hacks
- Merge 1/15 and 15/15 together into a single, first patch of the series
with the recommended changes.
That should get us through.
Given that you'll likely be doing more glibc work, I'll be happy to
sponsor write access for you if you like so that you can push your own
patches after review. Please review the consensus[1] wiki page to
understand the responsibilities of someone with write access and then
once you're ready, request an account on sourceware[2].
Cheers,
Sid
[1] https://sourceware.org/glibc/wiki/Consensus
[2] https://sourceware.org/cgi-bin/pdw/ps_form.cgi
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 05/15] stdio: Ensure *_chk routines have their hidden builtin definition available
2023-07-04 16:55 ` [PATCH v4 05/15] stdio: " Frédéric Bérat
2023-07-04 23:49 ` Siddhesh Poyarekar
@ 2023-07-05 12:12 ` Carlos O'Donell
1 sibling, 0 replies; 26+ messages in thread
From: Carlos O'Donell @ 2023-07-05 12:12 UTC (permalink / raw)
To: Frédéric Bérat, libc-alpha; +Cc: siddhesh, Paul E Murphy
On 7/4/23 12:55, Frédéric Bérat via Libc-alpha wrote:
> If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
> there are unwanted PLT entries in libc.so.
>
> There is a special case with __asprintf_chk:
> If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
> if it isn't, ppc64le isn't building due to multiple asm redirections.
OK.
> This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
> isn't for s390x. This header creates redirections, which are not
> compatible with the ones generated using libc_hidden_def.
> Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
> create a simple strong alias (e.g. as done on x86_64), but a versioned
> alias, leading to ABI breakage.
LGTM. I would like to see this move forward for the release. We are in the release
freeze.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> This results in errors on s390x:
> /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference
> to `__asprintf_chk'
>
> Original __asprintf_chk symbols:
> 00000000001395b0 T __asprintf_chk
> 0000000000177e90 T __nldbl___asprintf_chk
>
> __asprintf_chk symbols with ldbl_* macros:
> 000000000012d590 t ___asprintf_chk
> 000000000012d590 t __asprintf_chk@@GLIBC_2.4
> 000000000012d590 t __GI___asprintf_chk
> 000000000012d590 t __GL____asprintf_chk___asprintf_chk
> 0000000000172240 T __nldbl___asprintf_chk
>
> __asprintf_chk symbols with the patch:
> 000000000012d590 t ___asprintf_chk
> 000000000012d590 T __asprintf_chk
> 000000000012d590 t __GI___asprintf_chk
> 0000000000172240 T __nldbl___asprintf_chk
> ---
> debug/asprintf_chk.c | 18 +++++++++++++++++-
> debug/fgets_u_chk.c | 1 +
> debug/fprintf_chk.c | 1 +
> debug/sprintf_chk.c | 1 +
> include/stdio.h | 13 ++++++++++++-
> .../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 1 +
> .../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 1 +
> .../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 1 +
> .../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 1 +
> 9 files changed, 36 insertions(+), 2 deletions(-)
>
> diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
> index 651c2cd76b..e233d5d737 100644
> --- a/debug/asprintf_chk.c
> +++ b/debug/asprintf_chk.c
> @@ -22,7 +22,7 @@
> /* Write formatted output from FORMAT to a string which is
> allocated with malloc and stored in *STRING_PTR. */
> int
> -__asprintf_chk (char **result_ptr, int flag, const char *format, ...)
> +___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
OK. Adds extra underscore to differentiate the redirects.
> {
> /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
> can only come from read-only format strings. */
> @@ -36,3 +36,19 @@ __asprintf_chk (char **result_ptr, int flag, const char *format, ...)
>
> return ret;
> }
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> +/* This is needed since <bits/stdio-lbdl.h> is included in this case, leading to
> + * multiple asm redirection of the same symbol
> + */
> +ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
> +ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
> +#else
> +/* On some systems introduction of ldbl_* macros lead to ABI breakage due to the
> + * long_double_symbol aliasing, e.g. on s390x:
> + * /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference to
> + * `__asprintf_chk'
> + * Due to __asprintf_chk@@GLIBC_2.4 alias replacing __asprintf_chk.
> + */
> +strong_alias (___asprintf_chk, __asprintf_chk)
> +libc_hidden_def (__asprintf_chk)
OK.
> +#endif
> diff --git a/debug/fgets_u_chk.c b/debug/fgets_u_chk.c
> index a16ba655e6..74275381f5 100644
> --- a/debug/fgets_u_chk.c
> +++ b/debug/fgets_u_chk.c
> @@ -56,3 +56,4 @@ __fgets_unlocked_chk (char *buf, size_t size, int n, FILE *fp)
> fp->_flags |= old_error;
> return result;
> }
> +libc_hidden_builtin_def (__fgets_unlocked_chk)
OK.
> diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c
> index b57d538d03..273051ef91 100644
> --- a/debug/fprintf_chk.c
> +++ b/debug/fprintf_chk.c
> @@ -35,4 +35,5 @@ ___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>
> return ret;
> }
> +ldbl_hidden_def (___fprintf_chk, __fprintf_chk)
OK.
> ldbl_strong_alias (___fprintf_chk, __fprintf_chk)
> diff --git a/debug/sprintf_chk.c b/debug/sprintf_chk.c
> index b27f4afae8..e45f1e7b3b 100644
> --- a/debug/sprintf_chk.c
> +++ b/debug/sprintf_chk.c
> @@ -42,4 +42,5 @@ ___sprintf_chk (char *s, int flag, size_t slen, const char *format, ...)
>
> return ret;
> }
> +ldbl_hidden_def (___sprintf_chk, __sprintf_chk)
OK.
> ldbl_strong_alias (___sprintf_chk, __sprintf_chk)
> diff --git a/include/stdio.h b/include/stdio.h
> index da47d1ce99..6755877911 100644
> --- a/include/stdio.h
> +++ b/include/stdio.h
> @@ -276,7 +276,18 @@ extern FILE *__open_memstream (char **, size_t *) __THROW __wur;
> libc_hidden_proto (__open_memstream)
> libc_hidden_proto (__libc_fatal)
> rtld_hidden_proto (__libc_fatal)
> -libc_hidden_proto (__vsprintf_chk)
> +
> +libc_hidden_proto (__fgets_unlocked_chk)
> +
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> +libc_hidden_ldbl_proto (__asprintf_chk)
> +#else
> +libc_hidden_proto (__asprintf_chk)
> +#endif
> +
> +libc_hidden_ldbl_proto (__fprintf_chk)
> +libc_hidden_ldbl_proto (__sprintf_chk)
> +libc_hidden_ldbl_proto (__vsprintf_chk)
OK.
>
> extern FILE * __fmemopen (void *buf, size_t len, const char *mode);
> libc_hidden_proto (__fmemopen)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> index fbf953a728..6e93ee81fc 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
>
> return done;
> }
> +hidden_def (___ieee128___asprintf_chk)
OK.
> strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> index bd10e9c3db..e0865b6663 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>
> return done;
> }
> +hidden_def (___ieee128___fprintf_chk)
OK.
> strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> index 0039c3b53d..762757a5c7 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> @@ -43,4 +43,5 @@ ___ieee128___sprintf_chk (char *s, int flag, size_t slen,
>
> return done;
> }
> +hidden_def (___ieee128___sprintf_chk)
OK.
> strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> index 22137269c0..c251b60d4e 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
>
> return __vsprintf_internal (string, slen, format, ap, mode);
> }
> +hidden_def (___ieee128___vsprintf_chk)
OK.
> strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
--
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH v4 05/15] stdio: Ensure *_chk routines have their hidden builtin definition available
2023-07-04 23:49 ` Siddhesh Poyarekar
@ 2023-07-06 21:15 ` Paul E Murphy
0 siblings, 0 replies; 26+ messages in thread
From: Paul E Murphy @ 2023-07-06 21:15 UTC (permalink / raw)
To: Siddhesh Poyarekar, Frédéric Bérat, libc-alpha
On 7/4/23 6:49 PM, Siddhesh Poyarekar wrote:
> On 2023-07-04 12:55, Frédéric Bérat wrote:
>> If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
>> there are unwanted PLT entries in libc.so.
>>
>> There is a special case with __asprintf_chk:
>> If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
>> if it isn't, ppc64le isn't building due to multiple asm redirections.
>>
>> This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
>> isn't for s390x. This header creates redirections, which are not
>> compatible with the ones generated using libc_hidden_def.
>> Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
>> create a simple strong alias (e.g. as done on x86_64), but a versioned
>> alias, leading to ABI breakage.
>>
>> This results in errors on s390x:
>> /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference
>> to `__asprintf_chk'
>>
>> Original __asprintf_chk symbols:
>> 00000000001395b0 T __asprintf_chk
>> 0000000000177e90 T __nldbl___asprintf_chk
>>
>> __asprintf_chk symbols with ldbl_* macros:
>> 000000000012d590 t ___asprintf_chk
>> 000000000012d590 t __asprintf_chk@@GLIBC_2.4
>> 000000000012d590 t __GI___asprintf_chk
>> 000000000012d590 t __GL____asprintf_chk___asprintf_chk
>> 0000000000172240 T __nldbl___asprintf_chk
>>
>> __asprintf_chk symbols with the patch:
>> 000000000012d590 t ___asprintf_chk
>> 000000000012d590 T __asprintf_chk
>> 000000000012d590 t __GI___asprintf_chk
>> 0000000000172240 T __nldbl___asprintf_chk
>> ---
>
> I'm leaving this one for you Paul.
__asprintf_chk is an oddball as it was introduced in 2.8, but all the
current targets who switched to a distinct long double switched, did so
at 2.4. For those targets, they shouldn't be using any ldbl macros,
there was never a concern for backwards compatibility.
powerpc64le is where things get weird. Internally, everything is
compiled to use ibm long double. I suspect the special cases can be
removed entirely, I think they only get used when building the
nldbl/ieee128 variants of __asprintf_chk. These variants should never
need any internal PLT redirection. I don't think the special case for
them is needed, but should be harmless.
I think this patch is OK.
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2023-07-06 21:44 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-04 16:55 [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 01/15] " Frédéric Bérat
2023-07-04 23:45 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 02/15] Exclude routines from fortification Frédéric Bérat
2023-07-04 23:48 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 03/15] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 04/15] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 05/15] stdio: " Frédéric Bérat
2023-07-04 23:49 ` Siddhesh Poyarekar
2023-07-06 21:15 ` Paul E Murphy
2023-07-05 12:12 ` Carlos O'Donell
2023-07-04 16:55 ` [PATCH v4 06/15] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 07/15] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-07-04 23:51 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 08/15] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 09/15] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-07-04 23:52 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 10/15] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-07-04 23:53 ` Siddhesh Poyarekar
2023-07-04 16:55 ` [PATCH v4 11/15] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 12/15] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 13/15] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 14/15] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
2023-07-04 16:55 ` [PATCH v4 15/15] Add --enable-fortify-source option Frédéric Bérat
2023-07-05 0:02 ` Siddhesh Poyarekar
2023-07-05 0:13 ` [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE Siddhesh Poyarekar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).