From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 0) id 790183851C34; Wed, 30 Dec 2020 16:50:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 790183851C34 Resent-From: Christopher Faylor Resent-Date: Wed, 30 Dec 2020 16:50:26 +0000 Resent-Message-ID: <20201230165026.GA3020380@server2.sourceware.org> Resent-To: libc-alpha@sourceware.org From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Cc: adhemerval.zanella@linaro.org, fweimer@redhat.com, jakub@redhat.com Subject: [PATCH v7 0/4] _FORTIFY_SOURCE=3 Date: Wed, 30 Dec 2020 12:13:44 +0530 Message-Id: <20201230064348.376092-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Dec 2020 16:50:26 -0000 This patchset implements a new fortification level, _FORTIFY_SOURCE=3D3. This level allows size information to be dynamic, which may potentially have a noticeable performance impact. It uses the __builtin_dynamic_object_size builtin available in clang to expand coverage of fortifications at the expense of some performance. Patch 1/4 adds a warning on unsupported _FORTIFY_LEVEL values. This change can go in independently of the new fortification level. Patch 2/4 adds the macro scaffolding to allow the new _FORTIFY_SOURCE level and to select the __builtin_dynamic_object_size builtin when it is available. Patch 3/4 adds support for string functions; these functions have additional fortified builtins of the form __builtin___func_chk. Patch 4/4 adds support for non-string functions that are fortification-ready for levels 1 and 2. Testing: The glibc testsuite doesn't directly support clang at the moment, so having tests in the glibc source tree is pointless as long as gcc does not have support for __builtin_dynamic_object_size. There is a separate project on GitHub called fortify-test-suite[1] that houses fortification tests and is capable of testing multiple levels of fortification with multiple compilers. I have proposed a PR[2] to add support for _FORTIFY_SOURCE=3D3 and have verified my changes with those tests. Those tests run clean for clang when run with these changes and PR[2] and they fail at level 3 for gcc, as expected. [1] https://github.com/serge-sans-paille/fortify-test-suite [2] https://github.com/serge-sans-paille/fortify-test-suite/pull/9 Changes since last version of the patchset: - Split out patches as suggested during review - Renamed __objsize to __glibc_objsize Siddhesh Poyarekar (4): Warn on unsupported fortification levels Introduce _FORTIFY_SOURCE=3D3 string: Enable __FORTIFY_LEVEL=3D3 nonstring: Enable __FORTIFY_LEVEL=3D3 NEWS | 6 ++ include/features.h | 8 ++ include/string.h | 5 +- io/bits/poll2.h | 18 ++-- libio/bits/stdio.h | 2 +- libio/bits/stdio2.h | 62 ++++++++------ manual/creature.texi | 3 +- misc/sys/cdefs.h | 9 ++ posix/bits/unistd.h | 120 ++++++++++++++------------ socket/bits/socket2.h | 22 ++--- stdlib/bits/stdlib.h | 42 +++++---- string/bits/string_fortified.h | 29 ++++--- string/bits/strings_fortified.h | 6 +- wcsmbs/bits/wchar2.h | 146 ++++++++++++++++++-------------- 14 files changed, 279 insertions(+), 199 deletions(-) --=20 2.29.2