From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) by sourceware.org (Postfix) with ESMTPS id 9CB543858D1E for ; Mon, 3 Jul 2023 12:51:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9CB543858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ot1-x331.google.com with SMTP id 46e09a7af769-6b886456f66so2557965a34.0 for ; Mon, 03 Jul 2023 05:51:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1688388668; x=1690980668; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=UlBtq/sgCukLWfC9+/V548A04ewtgATD1BaISpHWwUg=; b=JeQb/psI9gHu+vVaCNATREWa6fnyOu3ckvRcId6pGiq90RthkEBhum10Tbr9hs4lNd j5q0Tx4is2UvWHWPaoMG1Hd6sPzVBxrtyaoTvhB1AtG1nOVCcxwrLs6Eo1VkyScKCdsB SkHmt61FDTShLrE3MGaFe3QUgEoqwICGIqBys5o5NEbD1WrVUu4rZKvvpGPKiIbDzs9H WRhT+YXdNVu0PK47YSysTLOZINFzUJMfa47RxveQfFFzeD/uSWBVv/lkvnvla/9VK1kv hccu2LMYJ84Zt1hQY0ag8j7Ghz1T9p7GBPLTaZkhOPIAre+7Bipb6fQg6tBLa3nNBjgG 4dNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688388668; x=1690980668; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UlBtq/sgCukLWfC9+/V548A04ewtgATD1BaISpHWwUg=; b=YHNZEeNxfFJs8pGBahsItor4tEezExcqikLifFebH59otLCaVj0tgBdNQ/UegwI98y S+TsIJntcbQ38nwwS2IygpTlzUw2F9NiUbc37Ij3f8lsev+qv4tansLO3VGEwRol3ntc Migtiu+tsZaCxIYBiob0Tj8Y6P9HMFWG0ElWGGEayZuQTsgsFBz8zT2vKBdRnbfIQw38 8qI/Lhwx/cfuCmek32AhiO1zyIKCZtfZTkWpg2sq3aR7QCYhK2MtMZuCvEth0OpQ47TG YHg0DDs0VSC/4U0GFJ41epgttmFJJo/kR9ClGG/kDgEFVMbBLEeCZRnQC4tPg+cSpxRa pApA== X-Gm-Message-State: AC+VfDw7lxE8M0YG/tc6lrgXlqeHwtStsyY34A+sEKbt3lxd+lsU8l7t RIpN5PwRDjLGlNQRuJ5UaLDnkQ== X-Google-Smtp-Source: ACHHUZ5T+jJeItAp8UAM6KR9jfiK10pt2zAouimcH0yQR12xuOSBYPK2XGo08sfhcPcqYS7JWhx7DQ== X-Received: by 2002:a05:6830:149a:b0:6b7:1fd6:50b3 with SMTP id s26-20020a056830149a00b006b71fd650b3mr8104736otq.31.1688388667987; Mon, 03 Jul 2023 05:51:07 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c3:665c:4c86:ac7d:d2ce:ef? ([2804:1b3:a7c3:665c:4c86:ac7d:d2ce:ef]) by smtp.gmail.com with ESMTPSA id j2-20020a9d7382000000b006b8cf55a997sm492503otk.28.2023.07.03.05.51.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 03 Jul 2023 05:51:07 -0700 (PDT) Message-ID: <74d8f503-e056-254c-6a01-8d50cfc9f6f0@linaro.org> Date: Mon, 3 Jul 2023 09:51:04 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 16/16] Add --enable-fortify-source option Content-Language: en-US To: Andreas Schwab , Siddhesh Poyarekar Cc: =?UTF-8?B?RnLDqWTDqXJpYyBCw6lyYXQ=?= , libc-alpha@sourceware.org References: <20230628084246.778302-1-fberat@redhat.com> <20230628084246.778302-17-fberat@redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 03/07/23 05:50, Andreas Schwab wrote: > On Jun 30 2023, Siddhesh Poyarekar wrote: > >> On 2023-06-28 04:42, Frédéric Bérat wrote: >>> It is now possible to enable fortification through a configure option. >>> The level may be given as parameter, if none is provided, the configure >>> script will determine what is the highest level possible that can be set >>> considering GCC built-ins availability and set it. >>> If level is explicitly set to 3, configure checks if the compiler >>> supports the built-in function necessary for it or raise an error if it >>> isn't. >>> The result of the configure checks is a new variables, ${fortify_source} >>> that can be used to appropriately populate CFLAGS. >>> Updated NEWS and INSTALL. >>> Adding dedicated x86_64 variant that enables the configuration. >> >> Adhemerval, do you still think we should drop this and only look at >> CFLAGS? I am still not a 100% convinced that we should only look at >> CFLAGS (it gives much less control which makes me uneasy) but I see your >> point. We'll be setting CFLAGS in Fedora anyway (which I guess will be >> true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will >> likely have _FORTIFY_SOURCE disabled so we may have adequate coverage. > > I prefer a configure option, mirroring --enable-stack-protector. Since > glibc has very strict requirements wrt compiler flags it needs to handle > it specially anyway, and making it explicit is cleaner. > Fair enough, I am aiming to simplify the configure options and thus the build permutation that arise for multiple option; but I see that following current practice should be ok.