From: "Frédéric Bérat" <fberat@redhat.com>
To: libc-alpha@sourceware.org
Cc: siddhesh@gotplt.org, fberat@redhat.com
Subject: [PATCH v5 00/14] Allow glibc to be built with _FORTIFY_SOURCE
Date: Wed, 5 Jul 2023 16:10:35 +0200 [thread overview]
Message-ID: <20230705141055.274575-1-fberat@redhat.com> (raw)
Hello,
This patch series introduces a new "--enable-fortify-source" option to glibc
build. This option may either be set to a value between 1 and 3, or left empty
to let configure select the highest value available for the build system.
The first patch adds the new configure option, the second excludes the routines
that can't be built with the option enabled.
The next patches are fixing test and compilation errors that arose with
fortification enabled.
I couldn't test the patch series in all configuration possible on all arches
possible but I ran the following:
- build-many-glibcs was executed on x86_64, for all arches/variants. This was
mainly done to ensure that installed headers were not broken (as some
patches are modifying system headers)
- The new "enable-fortify-source" variant for BMG got executed on x86_64
- make check and benchtests were executed on x86_64, i686, ppc64le, aarch64,
s390x, with and without fortification enabled.
Fred.
Changes since v1:
- The patch that introduced the new config option has been split in 2.
There is now one patch that allows glibc to be built with fortification and
one that adds a new configure option to enable it.
The patch adding the configure option has been moved to the end of the
series.
- A new variant has been added to x86_64 bmg to test enable-fortify-source.
- NEWS and INSTALL have been updated.
- Patch series has been re-based
- Error message has been fixed in newly introduced headers
- Include directive has been fixed in newly introduced include/* headers
Changes since v2:
- Test for bug269 modifies the stack in a way that may trigger an abort on
longjump when fortification is enabled. Thus, disable fortification for this
test.
- Added 2 patches to perform the same changes on stdio.h that was done for
unistd.h and wchar.h. Declarations that were in stdio2.h are moved into
existing stdio-decl.h, and __REDIRECT is rplaced by __REDIRECT_FORTIFY for
fgets_unlocked_alias.
- Title for some patches were modified without content change.
Changes since v3:
- Patch 02 (Exclude routines from fortification): Add $(no-fortify-source) to
CFLAGS-tst-sprintf-ub.c
- Patch 06 (asprintf_chk: Ensure compatibility for both s390x and ppc64le) is
squashed in patch 05 (stdio: Ensure *_chk routines have their hidden builtin
definition available). Hence, reviewed-by on patch 05 is dropped.
- Patch 05 now details why s390x couldn't build if ldbl_* macros are used with
__asprintf_chk
- Patch 08 (wchar: Avoid PLT entries with _FORTIFY_SOURCE): unexpected left
over is removed.
- Patch 10 (unistd: Avoid PLT entries with _FORTIFY_SOURCE):
libc_hidden_builtin_{def,proto} replaced with libc_hidden_{def,proto}
- Patch 11 (misc/bits/select2.h: Clearly separate declaration from
definitions): libc_hidden_builtin_{def,proto} replaced with
libc_hidden_{def,proto}
- Patch 16 (Add --enable-fortify-source option): if "--enable-fortify-source"
is NOT set (i.e. assume "--disable-fortify-source"), forcibly undefine
_FORTIFY_SOURCE (instead of letting it pass-through). This is the default
and matches old behavior.
Changes since v4:
- Patch 15 (Add --enable-fortify-source option): squashed back in patch 01
(Allow glibc to be built with _FORTIFY_SOURCE)
- Patch 01: Rephrasing Makeconfig, NEWS, INSTALL and configure help.
---
Frédéric Bérat (14):
Allow glibc to be built with _FORTIFY_SOURCE
Exclude routines from fortification
sysdeps: Ensure ieee128*_chk routines to be properly named
string: Ensure *_chk routines have their hidden builtin definition
available
stdio: Ensure *_chk routines have their hidden builtin definition
available
misc/sys/cdefs.h: Create FORTIFY redirects for internal calls
wchar: Avoid PLT entries with _FORTIFY_SOURCE
posix/bits/unistd.h: Clearly separate declaration from definitions
unistd: Avoid PLT entries with _FORTIFY_SOURCE
misc/bits/select2.h: Clearly separate declaration from definitions
misc/bits/syslog.h: Clearly separate declaration from definition
libio/bits/stdio2.h: Clearly separate declaration from definitions
libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE
sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result
INSTALL | 8 +
Makeconfig | 35 +++-
NEWS | 6 +
config.make.in | 3 +-
configure | 83 ++++++--
configure.ac | 60 ++++--
debug/Makefile | 12 +-
debug/asprintf_chk.c | 18 +-
debug/fdelt_chk.c | 1 +
debug/fgets_u_chk.c | 1 +
debug/fprintf_chk.c | 1 +
debug/getdomainname_chk.c | 1 +
debug/memcpy_chk.c | 1 +
debug/memmove_chk.c | 1 +
debug/mempcpy_chk.c | 1 +
debug/memset_chk.c | 1 +
debug/read_chk.c | 1 +
debug/sprintf_chk.c | 1 +
debug/stpcpy_chk.c | 1 +
debug/wcrtomb_chk.c | 1 +
debug/wmemset_chk.c | 1 +
elf/rtld-Rules | 2 +-
include/bits/select-decl.h | 1 +
include/bits/syslog-decl.h | 1 +
include/bits/unistd-decl.h | 1 +
include/stdio.h | 13 +-
include/string.h | 7 +
include/sys/cdefs.h | 14 ++
include/sys/select.h | 4 +
include/sys/syslog.h | 4 +
include/unistd.h | 5 +
include/wchar.h | 15 ++
io/Makefile | 16 ++
libio/Makefile | 23 +-
libio/bits/stdio2-decl.h | 49 +++++
libio/bits/stdio2.h | 48 -----
login/Makefile | 6 +
login/getlogin_r_chk.c | 1 +
manual/install.texi | 8 +
misc/Makefile | 9 +
misc/bits/select-decl.h | 31 +++
misc/bits/select2.h | 6 +-
misc/bits/syslog-decl.h | 35 ++++
misc/bits/syslog.h | 10 +-
misc/sys/cdefs.h | 8 +
misc/syslog.c | 4 +-
posix/Makefile | 12 ++
posix/bits/unistd-decl.h | 198 ++++++++++++++++++
posix/bits/unistd.h | 154 +-------------
rt/Makefile | 5 +
scripts/build-many-glibcs.py | 4 +-
setjmp/Makefile | 9 +
socket/Makefile | 6 +
stdio-common/Makefile | 15 +-
stdlib/Makefile | 7 +
string/Makefile | 17 ++
sysdeps/i386/i586/memcpy.S | 1 +
sysdeps/i386/i586/memset.S | 1 +
sysdeps/i386/i686/memcpy.S | 1 +
sysdeps/i386/i686/memmove.S | 1 +
sysdeps/i386/i686/mempcpy.S | 1 +
sysdeps/i386/i686/memset.S | 1 +
sysdeps/i386/i686/multiarch/memcpy_chk.c | 4 +
sysdeps/i386/i686/multiarch/memmove_chk.c | 4 +
sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 +
sysdeps/i386/i686/multiarch/memset_chk.c | 5 +-
sysdeps/i386/memcpy_chk.S | 1 +
sysdeps/i386/memmove_chk.S | 1 +
sysdeps/i386/mempcpy_chk.S | 1 +
sysdeps/i386/memset_chk.S | 1 +
sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++--
.../ldbl-128ibm-compat/ieee128-asprintf_chk.c | 5 +-
.../ldbl-128ibm-compat/ieee128-dprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-fprintf_chk.c | 5 +-
.../ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-printf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-sprintf_chk.c | 5 +-
.../ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-syslog.c | 9 +-
.../ieee128-vasprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 +-
.../ieee128-vfwprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vprintf_chk.c | 4 +-
.../ieee128-vsnprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 5 +-
.../ieee128-vswprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 +-
.../ldbl-128ibm-compat/ieee128-wprintf_chk.c | 4 +-
.../test-printf-ldbl-compat.c | 10 +-
.../test-scanf-ldbl-compat-template.c | 21 +-
sysdeps/ieee754/ldbl-opt/Makefile | 29 +++
sysdeps/pthread/Makefile | 4 +
sysdeps/unix/sysv/linux/Makefile | 3 +
sysdeps/x86_64/memcpy_chk.S | 1 +
sysdeps/x86_64/memmove_chk.S | 1 +
sysdeps/x86_64/mempcpy_chk.S | 1 +
sysdeps/x86_64/memset_chk.S | 1 +
sysdeps/x86_64/multiarch/memcpy_chk.c | 4 +
sysdeps/x86_64/multiarch/memmove_chk.c | 4 +
sysdeps/x86_64/multiarch/mempcpy_chk.c | 4 +
sysdeps/x86_64/multiarch/memset_chk.c | 4 +
sysdeps/x86_64/multiarch/wmemset_chk.c | 4 +
wcsmbs/Makefile | 23 +-
wcsmbs/bits/wchar2-decl.h | 4 +-
106 files changed, 955 insertions(+), 342 deletions(-)
create mode 100644 include/bits/select-decl.h
create mode 100644 include/bits/syslog-decl.h
create mode 100644 include/bits/unistd-decl.h
create mode 100644 misc/bits/select-decl.h
create mode 100644 misc/bits/syslog-decl.h
create mode 100644 posix/bits/unistd-decl.h
--
2.41.0
next reply other threads:[~2023-07-05 14:11 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-05 14:10 Frédéric Bérat [this message]
2023-07-05 14:10 ` [PATCH v5 01/14] " Frédéric Bérat
2023-07-05 14:30 ` Siddhesh Poyarekar
2023-07-05 14:10 ` [PATCH v5 02/14] Exclude routines from fortification Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 03/14] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 04/14] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 05/14] stdio: " Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 06/14] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 07/14] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 08/14] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 09/14] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 10/14] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 11/14] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 12/14] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 13/14] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-07-05 14:10 ` [PATCH v5 14/14] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230705141055.274575-1-fberat@redhat.com \
--to=fberat@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).