From: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
To: Andreas Schwab <schwab@suse.de>,
Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: "Frédéric Bérat" <fberat@redhat.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v3 16/16] Add --enable-fortify-source option
Date: Mon, 3 Jul 2023 09:51:04 -0300 [thread overview]
Message-ID: <74d8f503-e056-254c-6a01-8d50cfc9f6f0@linaro.org> (raw)
In-Reply-To: <mvmilb1tm4m.fsf@suse.de>
On 03/07/23 05:50, Andreas Schwab wrote:
> On Jun 30 2023, Siddhesh Poyarekar wrote:
>
>> On 2023-06-28 04:42, Frédéric Bérat wrote:
>>> It is now possible to enable fortification through a configure option.
>>> The level may be given as parameter, if none is provided, the configure
>>> script will determine what is the highest level possible that can be set
>>> considering GCC built-ins availability and set it.
>>> If level is explicitly set to 3, configure checks if the compiler
>>> supports the built-in function necessary for it or raise an error if it
>>> isn't.
>>> The result of the configure checks is a new variables, ${fortify_source}
>>> that can be used to appropriately populate CFLAGS.
>>> Updated NEWS and INSTALL.
>>> Adding dedicated x86_64 variant that enables the configuration.
>>
>> Adhemerval, do you still think we should drop this and only look at
>> CFLAGS? I am still not a 100% convinced that we should only look at
>> CFLAGS (it gives much less control which makes me uneasy) but I see your
>> point. We'll be setting CFLAGS in Fedora anyway (which I guess will be
>> true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will
>> likely have _FORTIFY_SOURCE disabled so we may have adequate coverage.
>
> I prefer a configure option, mirroring --enable-stack-protector. Since
> glibc has very strict requirements wrt compiler flags it needs to handle
> it specially anyway, and making it explicit is cleaner.
>
Fair enough, I am aiming to simplify the configure options and thus the
build permutation that arise for multiple option; but I see that following
current practice should be ok.
next prev parent reply other threads:[~2023-07-03 12:51 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 8:42 [PATCH v3 00/16] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
2023-06-28 8:42 ` [PATCH v3 01/16] " Frédéric Bérat
2023-06-28 14:48 ` Joseph Myers
2023-06-28 8:42 ` [PATCH v3 02/16] Exclude routines from fortification Frédéric Bérat
2023-06-30 14:55 ` Siddhesh Poyarekar
2023-07-03 15:16 ` Frederic Berat
2023-07-04 16:04 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
2023-06-30 14:58 ` Siddhesh Poyarekar
2023-06-30 15:55 ` Paul E Murphy
2023-06-30 15:57 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 04/16] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
2023-06-30 15:06 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 05/16] stdio: " Frédéric Bérat
2023-06-30 15:09 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le Frédéric Bérat
2023-06-30 15:11 ` Siddhesh Poyarekar
2023-06-30 16:08 ` Rajalakshmi Srinivasaraghavan
2023-06-30 17:51 ` Paul E Murphy
2023-07-03 5:35 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 07/16] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
2023-06-30 15:13 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 08/16] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:17 ` Siddhesh Poyarekar
2023-06-30 15:26 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 09/16] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:19 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 10/16] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:25 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 11/16] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:26 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 12/16] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
2023-06-30 15:28 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 13/16] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:29 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:30 ` Siddhesh Poyarekar
2023-06-30 15:38 ` Frederic Berat
2023-06-30 15:48 ` Siddhesh Poyarekar
2023-06-30 17:08 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 15/16] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
2023-06-30 15:33 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 16/16] Add --enable-fortify-source option Frédéric Bérat
2023-06-30 13:51 ` Siddhesh Poyarekar
2023-07-03 8:50 ` Andreas Schwab
2023-07-03 12:51 ` Adhemerval Zanella Netto [this message]
2023-07-04 12:40 ` Frederic Berat
2023-07-04 15:59 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74d8f503-e056-254c-6a01-8d50cfc9f6f0@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=fberat@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=schwab@suse.de \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).