[PATCH v3 00/16] Allow glibc to be built with _FORTIFY_SOURCE

[PATCH v3 00/16] Allow glibc to be built with _FORTIFY_SOURCE

[Frédéric Bérat]

Hello,

This patch series introduces a new "--enable-fortify-source" option to glibc
build. This option may either be set to a value between 1 and 3, or left empty
to let configure select the highest value available for the build system.

The first patch adds the new configure option, the second excludes the routines
that can't be built with the option enabled.

The next patches are fixing test and compilation errors that arose with
fortification enabled.

I couldn't test the patch series in all configuration possible on all arches
possible but I ran the following:

 - build-many-glibcs was executed on x86_64, for all arches/variants. This was
   mainly done to ensure that installed headers were not broken (as some
   patches are modifying system headers)
 - The new "enable-fortify-source" variant for BMG got executed on x86_64
 - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64,
   s390x, with and without fortification enabled.

Fred.

Changes since v1:
 - The patch that introduced the new config option has been split in 2.
   There is now one patch that allows glibc to be built with fortification and
   one that adds a new configure option to enable it.
   The patch adding the configure option has been moved to the end of the
   series.
 - A new variant has been added to x86_64 bmg to test enable-fortify-source.
 - NEWS and INSTALL have been updated.
 - Patch series has been re-based
 - Error message has been fixed in newly introduced headers
 - Include directive has been fixed in newly introduced include/* headers

Changes since v2:
 - Test for bug269 modifies the stack in a way that may trigger an abort on
   longjump when fortification is enabled. Thus, disable fortification for this
   test.
 - Added 2 patches to perform the same changes on stdio.h that was done for
   unistd.h and wchar.h. Declarations that were in stdio2.h are moved into
   existing stdio-decl.h, and __REDIRECT is rplaced by __REDIRECT_FORTIFY for
   fgets_unlocked_alias.
 - Title for some patches were modified without content change.

---
Frédéric Bérat (16):
  Allow glibc to be built with _FORTIFY_SOURCE
  Exclude routines from fortification
  sysdeps: Ensure ieee128*_chk routines to be properly named
  string: Ensure *_chk routines have their hidden builtin definition
    available
  stdio: Ensure *_chk routines have their hidden builtin definition
    available
  asprintf_chk: Ensure compatibility for both s390x and ppc64le
  misc/sys/cdefs.h: Create FORTIFY redirects for internal calls
  wchar: Avoid PLT entries with _FORTIFY_SOURCE
  posix/bits/unistd.h: Clearly separate declaration from definitions
  unistd: Avoid PLT entries with _FORTIFY_SOURCE
  misc/bits/select2.h: Clearly separate declaration from definitions
  misc/bits/syslog.h: Clearly separate declaration from definition
  libio/bits/stdio2.h: Clearly separate declaration from definitions
  libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE
  sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result
  Add --enable-fortify-source option

 INSTALL                                       |   6 +
 Makeconfig                                    |  35 +++-
 NEWS                                          |   4 +
 config.make.in                                |   3 +-
 configure                                     |  83 ++++++--
 configure.ac                                  |  60 ++++--
 debug/Makefile                                |  12 +-
 debug/asprintf_chk.c                          |  16 +-
 debug/fdelt_chk.c                             |   2 +
 debug/fgets_u_chk.c                           |   1 +
 debug/fprintf_chk.c                           |   1 +
 debug/getdomainname_chk.c                     |   1 +
 debug/memcpy_chk.c                            |   1 +
 debug/memmove_chk.c                           |   1 +
 debug/mempcpy_chk.c                           |   1 +
 debug/memset_chk.c                            |   1 +
 debug/read_chk.c                              |   1 +
 debug/sprintf_chk.c                           |   1 +
 debug/stpcpy_chk.c                            |   1 +
 debug/wcrtomb_chk.c                           |   1 +
 debug/wmemset_chk.c                           |   1 +
 elf/rtld-Rules                                |   2 +-
 include/bits/select-decl.h                    |   1 +
 include/bits/syslog-decl.h                    |   1 +
 include/bits/unistd-decl.h                    |   1 +
 include/stdio.h                               |  13 +-
 include/string.h                              |   7 +
 include/sys/cdefs.h                           |  14 ++
 include/sys/select.h                          |   4 +
 include/sys/syslog.h                          |   4 +
 include/unistd.h                              |   5 +
 include/wchar.h                               |  15 ++
 io/Makefile                                   |  16 ++
 libio/Makefile                                |  21 +-
 libio/bits/stdio2-decl.h                      |  49 +++++
 libio/bits/stdio2.h                           |  48 -----
 login/Makefile                                |   6 +
 login/getlogin_r_chk.c                        |   1 +
 manual/install.texi                           |   6 +
 misc/Makefile                                 |   9 +
 misc/bits/select-decl.h                       |  31 +++
 misc/bits/select2.h                           |   6 +-
 misc/bits/syslog-decl.h                       |  35 ++++
 misc/bits/syslog.h                            |  10 +-
 misc/sys/cdefs.h                              |   8 +
 misc/syslog.c                                 |   4 +-
 posix/Makefile                                |  12 ++
 posix/bits/unistd-decl.h                      | 198 ++++++++++++++++++
 posix/bits/unistd.h                           | 154 +-------------
 rt/Makefile                                   |   5 +
 scripts/build-many-glibcs.py                  |   4 +-
 setjmp/Makefile                               |   9 +
 socket/Makefile                               |   6 +
 stdio-common/Makefile                         |  15 +-
 stdlib/Makefile                               |   7 +
 string/Makefile                               |  17 ++
 sysdeps/i386/i586/memcpy.S                    |   1 +
 sysdeps/i386/i586/memset.S                    |   1 +
 sysdeps/i386/i686/memcpy.S                    |   1 +
 sysdeps/i386/i686/memmove.S                   |   1 +
 sysdeps/i386/i686/mempcpy.S                   |   1 +
 sysdeps/i386/i686/memset.S                    |   1 +
 sysdeps/i386/i686/multiarch/memcpy_chk.c      |   4 +
 sysdeps/i386/i686/multiarch/memmove_chk.c     |   4 +
 sysdeps/i386/i686/multiarch/mempcpy_chk.c     |   4 +
 sysdeps/i386/i686/multiarch/memset_chk.c      |   5 +-
 sysdeps/i386/memcpy_chk.S                     |   1 +
 sysdeps/i386/memmove_chk.S                    |   1 +
 sysdeps/i386/mempcpy_chk.S                    |   1 +
 sysdeps/i386/memset_chk.S                     |   1 +
 sysdeps/ieee754/ldbl-128ibm-compat/Makefile   |  81 +++++--
 .../ldbl-128ibm-compat/ieee128-asprintf_chk.c |   5 +-
 .../ldbl-128ibm-compat/ieee128-dprintf_chk.c  |   4 +-
 .../ldbl-128ibm-compat/ieee128-fprintf_chk.c  |   5 +-
 .../ldbl-128ibm-compat/ieee128-fwprintf_chk.c |   5 +-
 .../ldbl-128ibm-compat/ieee128-printf_chk.c   |   4 +-
 .../ldbl-128ibm-compat/ieee128-snprintf_chk.c |   4 +-
 .../ldbl-128ibm-compat/ieee128-sprintf_chk.c  |   5 +-
 .../ldbl-128ibm-compat/ieee128-swprintf_chk.c |   4 +-
 .../ldbl-128ibm-compat/ieee128-syslog.c       |   9 +-
 .../ieee128-vasprintf_chk.c                   |   4 +-
 .../ldbl-128ibm-compat/ieee128-vdprintf_chk.c |   4 +-
 .../ldbl-128ibm-compat/ieee128-vfprintf_chk.c |   4 +-
 .../ieee128-vfwprintf_chk.c                   |   4 +-
 .../ldbl-128ibm-compat/ieee128-vprintf_chk.c  |   4 +-
 .../ieee128-vsnprintf_chk.c                   |   4 +-
 .../ldbl-128ibm-compat/ieee128-vsprintf_chk.c |   5 +-
 .../ieee128-vswprintf_chk.c                   |   4 +-
 .../ldbl-128ibm-compat/ieee128-vwprintf_chk.c |   4 +-
 .../ldbl-128ibm-compat/ieee128-wprintf_chk.c  |   4 +-
 .../test-printf-ldbl-compat.c                 |  10 +-
 .../test-scanf-ldbl-compat-template.c         |  21 +-
 sysdeps/ieee754/ldbl-opt/Makefile             |  29 +++
 sysdeps/pthread/Makefile                      |   4 +
 sysdeps/unix/sysv/linux/Makefile              |   3 +
 sysdeps/x86_64/memcpy_chk.S                   |   1 +
 sysdeps/x86_64/memmove_chk.S                  |   1 +
 sysdeps/x86_64/mempcpy_chk.S                  |   1 +
 sysdeps/x86_64/memset_chk.S                   |   1 +
 sysdeps/x86_64/multiarch/memcpy_chk.c         |   4 +
 sysdeps/x86_64/multiarch/memmove_chk.c        |   4 +
 sysdeps/x86_64/multiarch/mempcpy_chk.c        |   4 +
 sysdeps/x86_64/multiarch/memset_chk.c         |   4 +
 sysdeps/x86_64/multiarch/wmemset_chk.c        |   4 +
 wcsmbs/Makefile                               |  23 +-
 wcsmbs/bits/wchar2-decl.h                     |   4 +-
 106 files changed, 948 insertions(+), 341 deletions(-)
 create mode 100644 include/bits/select-decl.h
 create mode 100644 include/bits/syslog-decl.h
 create mode 100644 include/bits/unistd-decl.h
 create mode 100644 misc/bits/select-decl.h
 create mode 100644 misc/bits/syslog-decl.h
 create mode 100644 posix/bits/unistd-decl.h

-- 
2.41.0

[PATCH v3 01/16] Allow glibc to be built with _FORTIFY_SOURCE

[Frédéric Bérat]

Glibc can now be built with _FORTIFY_SOURCE.
Since the feature needs some of the routines provided by Glibc, these
can be excluded from the fortification using the newly created
$(no_fortify_source) variable.

A dedicated patch will follow to make use of this variable in Makefiles
when necessary.

Update NEWS.
---
 Makeconfig     | 28 +++++++++++++++++++++++++---
 NEWS           |  3 +++
 config.make.in |  2 +-
 configure      | 34 ++--------------------------------
 configure.ac   | 24 ++++++------------------
 elf/rtld-Rules |  2 +-
 6 files changed, 38 insertions(+), 55 deletions(-)

diff --git a/Makeconfig b/Makeconfig
index 2514db35f6..f6396b3e0c 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -543,12 +543,13 @@ endif  # +link
 # ARM, gcc always produces different debugging symbols when invoked with
 # a -O greater than 0 than when invoked with -O0, regardless of anything else
 # we're using to suppress optimizations.  Therefore, we need to explicitly pass
-# -O0 to it through CFLAGS.
+# -O0 to it through CFLAGS. By side effect, any fortification needs to be
+# disabled as it needs -O greater than 0.
 # Additionally, the build system will try to -include $(common-objpfx)/config.h
 # when compiling the tests, which will throw an error if some special macros
 # (such as __OPTIMIZE__ and IS_IN_build) aren't defined.  To avoid this, we
 # tell gcc to define IS_IN_build.
-CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build
+CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build $(no-fortify-source)
 
 ifeq (yes,$(build-shared))
 # These indicate whether to link using the built ld.so or the installed one.
@@ -901,6 +902,11 @@ define elide-stack-protector
 $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
 endef
 
+# Some routine can't be fortified like the ones used by fortify
+define elide-fortify-source
+$(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
+endef
+
 # The program that makes Emacs-style TAGS files.
 ETAGS	:= etags
 
@@ -961,6 +967,16 @@ endif	# $(+cflags) == ""
 	   $(+stack-protector) -fno-common
 +gcc-nowarn := -w
 
+# We must filter out elf because the early bootstrap of the dynamic loader
+# cannot be fortified. Likewise we exclude dlfcn because it is entangled
+# with the loader. We must filter out csu because early startup, like the
+# loader, cannot be fortified. Lastly debug is the fortification routines
+# themselves and they cannot be fortified.
+do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
+ifneq ($(do-fortify),$(subdir))
++cflags += $(no-fortify-source)
+endif
+
 # Each sysdeps directory can contain header files that both will be
 # used to compile and will be installed.  Each can also contain an
 # include/ subdirectory, whose header files will be used to compile
@@ -1010,7 +1026,7 @@ module-cppflags = $(if $(filter %.mk.i %.v.i,$(@F)),,$(module-cppflags-real))
 # Note that we can't use -std=* in CPPFLAGS, because it overrides
 # the implicit -lang-asm and breaks cpp behavior for .S files--notably
 # it causes cpp to stop predefining __ASSEMBLER__.
-CPPFLAGS = $(config-extra-cppflags) $(CPPUNDEFS) $(CPPFLAGS-config) \
+CPPFLAGS = $(config-extra-cppflags) $(CPPFLAGS-config) \
 	   $($(subdir)-CPPFLAGS) \
 	   $(+includes) $(defines) $(module-cppflags) \
 	   -include $(..)include/libc-symbols.h $(sysdep-CPPFLAGS) \
@@ -1049,6 +1065,8 @@ object-suffixes :=
 CPPFLAGS-.o = $(pic-default)
 # libc.a must be compiled with -fPIE/-fpie for static PIE.
 CFLAGS-.o = $(filter %frame-pointer,$(+cflags)) $(pie-default)
+CFLAGS-.o += $(call elide-fortify-source,.o,$(routines_no_fortify))
+CFLAGS-.o += $(call elide-fortify-source,_chk.o,$(routines_no_fortify))
 libtype.o := lib%.a
 object-suffixes += .o
 ifeq (yes,$(build-shared))
@@ -1058,6 +1076,8 @@ object-suffixes += .os
 pic-cppflags = -DPIC -DSHARED
 CPPFLAGS-.os = $(pic-cppflags)
 CFLAGS-.os = $(filter %frame-pointer,$(+cflags)) $(pic-ccflag)
+CFLAGS-.os += $(call elide-fortify-source,.os,$(routines_no_fortify))
+CFLAGS-.os += $(call elide-fortify-source,_chk.os,$(routines_no_fortify))
 libtype.os := lib%_pic.a
 # This can be changed by a sysdep makefile
 pic-ccflag = -fPIC
@@ -1077,6 +1097,8 @@ object-suffixes += .op
 CPPFLAGS-.op = -DPROF $(pic-default)
 # libc_p.a must be compiled with -fPIE/-fpie for static PIE.
 CFLAGS-.op = -pg $(pie-default)
+CFLAGS-.op += $(call elide-fortify-source,.op,$(routines_no_fortify))
+CFLAGS-.op += $(call elide-fortify-source,_chk.op,$(routines_no_fortify))
 libtype.op = lib%_p.a
 endif
 
diff --git a/NEWS b/NEWS
index 709ee40e50..027506a44c 100644
--- a/NEWS
+++ b/NEWS
@@ -502,6 +502,9 @@ Major new features:
 * The audit libraries will avoid unnecessary slowdown if it is not required
   PLT tracking (by not implementing the la_pltenter or la_pltexit callbacks).
 
+* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
+  for parts of the library that can't be built with it.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
diff --git a/config.make.in b/config.make.in
index 4afd37feaf..75ad9765aa 100644
--- a/config.make.in
+++ b/config.make.in
@@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
 have-ssp = @libc_cv_ssp@
 stack-protector = @stack_protector@
 no-stack-protector = @no_stack_protector@
+no-fortify-source = @no_fortify_source@
 have-selinux = @have_selinux@
 have-libaudit = @have_libaudit@
 have-libcap = @have_libcap@
@@ -101,7 +102,6 @@ CXX = @CXX@
 BUILD_CC = @BUILD_CC@
 CFLAGS = @CFLAGS@
 CPPFLAGS-config = @CPPFLAGS@
-CPPUNDEFS = @CPPUNDEFS@
 extra-nonshared-cflags = @extra_nonshared_cflags@
 rtld-early-cflags = @rtld_early_cflags@
 ASFLAGS-config = @ASFLAGS_config@
diff --git a/configure b/configure
index f84040644b..7a15f8d3e6 100755
--- a/configure
+++ b/configure
@@ -611,7 +611,7 @@ libc_cv_gcc_unwind_find_fde
 libc_extra_cppflags
 libc_extra_cflags
 libc_cv_cxx_thread_local
-CPPUNDEFS
+no_fortify_source
 have_selinux
 have_libcap
 have_libaudit
@@ -6353,38 +6353,8 @@ $as_echo "#define HAVE_LIBCAP 1" >>confdefs.h
 fi
 
 
-CPPUNDEFS=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FORTIFY_SOURCE predefine" >&5
-$as_echo_n "checking for _FORTIFY_SOURCE predefine... " >&6; }
-if ${libc_cv_predef_fortify_source+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-int
-main ()
-{
+no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
 
-#ifdef _FORTIFY_SOURCE
-# error bogon
-#endif
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  libc_cv_predef_fortify_source=no
-else
-  libc_cv_predef_fortify_source=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_predef_fortify_source" >&5
-$as_echo "$libc_cv_predef_fortify_source" >&6; }
-if test $libc_cv_predef_fortify_source = yes; then
-  CPPUNDEFS="${CPPUNDEFS:+$CPPUNDEFS }-U_FORTIFY_SOURCE"
-fi
 
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
diff --git a/configure.ac b/configure.ac
index 21879c933c..ebc04d49e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1559,24 +1559,12 @@ if test "x$have_selinux" = xyes; then
 fi
 AC_SUBST(have_selinux)
 
-CPPUNDEFS=
-dnl Check for silly hacked compilers predefining _FORTIFY_SOURCE.
-dnl Since we are building the implementations of the fortified functions here,
-dnl having the macro defined interacts very badly.
-dnl _FORTIFY_SOURCE requires compiler optimization level 1 (gcc -O1)
-dnl and above (see "man FEATURE_TEST_MACROS").
-dnl So do NOT replace AC_COMPILE_IFELSE with AC_PREPROC_IFELSE.
-AC_CACHE_CHECK([for _FORTIFY_SOURCE predefine], libc_cv_predef_fortify_source,
-[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[
-#ifdef _FORTIFY_SOURCE
-# error bogon
-#endif]])],
-		[libc_cv_predef_fortify_source=no],
-		[libc_cv_predef_fortify_source=yes])])
-if test $libc_cv_predef_fortify_source = yes; then
-  CPPUNDEFS="${CPPUNDEFS:+$CPPUNDEFS }-U_FORTIFY_SOURCE"
-fi
-AC_SUBST(CPPUNDEFS)
+dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
+dnl This will allow users to enable fortification through FLAGS or compiler
+dnl defaults macro definitions.
+no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
+
+AC_SUBST(no_fortify_source)
 
 dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
 dnl to one symbol (PR 23840).
diff --git a/elf/rtld-Rules b/elf/rtld-Rules
index 56bc4543de..365a3408f3 100644
--- a/elf/rtld-Rules
+++ b/elf/rtld-Rules
@@ -144,6 +144,6 @@ cpp-srcs-left := $(rtld-modules:%.os=%)
 lib := rtld
 include $(patsubst %,$(..)libof-iterator.mk,$(cpp-srcs-left))
 
-rtld-CFLAGS += $(no-stack-protector)
+rtld-CFLAGS += $(no-stack-protector) $(no-fortify-source)
 
 endif
-- 
2.41.0

Re: [PATCH v3 01/16] Allow glibc to be built with _FORTIFY_SOURCE

[Joseph Myers]

[-- Attachment #1: Type: text/plain, Size: 725 bytes --]

On Wed, 28 Jun 2023, Frédéric Bérat via Libc-alpha wrote:

> diff --git a/NEWS b/NEWS
> index 709ee40e50..027506a44c 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -502,6 +502,9 @@ Major new features:
>  * The audit libraries will avoid unnecessary slowdown if it is not required
>    PLT tracking (by not implementing the la_pltenter or la_pltexit callbacks).
>  
> +* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
> +  for parts of the library that can't be built with it.

My comment on the previous version of the series still applies: this is 
the wrong section of NEWS, you need to put it in the NEWS section for the 
*next* release, not an old release.

-- 
Joseph S. Myers
joseph@codesourcery.com

[PATCH v3 02/16] Exclude routines from fortification

[Frédéric Bérat]

Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
be excluded from the fortification.

On top of that:
 - some tests explicitly verify that some level of fortification works
   appropriately, we therefore shouldn't modify the level set for them.
 - some objects need to be build with optimization disabled, which
   prevents _FORTIFY_SOURCE to be used for them.

Assembler files that implement architecture specific versions of the
fortified routines were not excluded from _FORTIFY_SOURCE as there is no
C header included that would impact their behavior.
---
 debug/Makefile                              | 12 +--
 io/Makefile                                 | 16 ++++
 libio/Makefile                              | 21 +++++-
 login/Makefile                              |  6 ++
 misc/Makefile                               |  7 ++
 posix/Makefile                              | 11 +++
 rt/Makefile                                 |  5 ++
 setjmp/Makefile                             |  9 +++
 socket/Makefile                             |  6 ++
 stdio-common/Makefile                       | 15 +++-
 stdlib/Makefile                             |  7 ++
 string/Makefile                             | 17 +++++
 sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
 sysdeps/ieee754/ldbl-opt/Makefile           | 29 ++++++++
 sysdeps/pthread/Makefile                    |  4 +
 sysdeps/unix/sysv/linux/Makefile            |  3 +
 wcsmbs/Makefile                             | 23 +++++-
 17 files changed, 247 insertions(+), 25 deletions(-)

diff --git a/debug/Makefile b/debug/Makefile
index 9d658e3002..434e52f780 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
 # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
 # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
 CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
 CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
 CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
-CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
-CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
 
 # _FORTIFY_SOURCE tests.
 # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
@@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
 # cannot be disabled via pragmas, so require -Wno-error to be used.
 define gen-chk-test
 tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
-CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
+CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
 					  -Wno-deprecated-declarations \
 					  -Wno-error
 $(eval $(call cflags-$(2),$(1),$(3),$(4)))
diff --git a/io/Makefile b/io/Makefile
index d573064ecc..6ccc0e8691 100644
--- a/io/Makefile
+++ b/io/Makefile
@@ -149,6 +149,22 @@ routines := \
   write \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  getcwd \
+  getwd \
+  open \
+  open64 \
+  openat \
+  openat64 \
+  poll \
+  ppoll \
+  read \
+  readlink \
+  readlinkat \
+  ttyname_r \
+  # routines_no_fortify
+
 others := \
  pwd \
  # others
diff --git a/libio/Makefile b/libio/Makefile
index 2877fec484..f5c487d9f5 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -53,6 +53,21 @@ routines	:=							      \
 
 gen-as-const-headers += libio-macros.sym
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  fwprintf \
+  iofgets \
+  iofgets_u \
+  iofgetws \
+  iofgetws_u \
+  swprintf \
+  vasprintf \
+  vsnprintf \
+  vswprintf \
+  vwprintf \
+  wprintf \
+  # routines_no_fortify
+
 tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc   \
 	tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
 	tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf	      \
@@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
 CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
 # XXX Do we need filedoalloc and wfiledoalloc?  Others?
 
+# Prevent fortification as these are built with -O0
+CFLAGS-tst-bz24051.c += $(no-fortify-source)
+CFLAGS-tst-bz24153.c += $(no-fortify-source)
+
 CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
 
 # These test cases intentionally use overlapping arguments
 CFLAGS-tst-sprintf-ub.c += -Wno-restrict
-CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
+CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
 
 LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
 
diff --git a/login/Makefile b/login/Makefile
index 13b155d344..74216cbcb2 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -66,6 +66,12 @@ include ../Rules
 CFLAGS-getpt.c += -fexceptions
 CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  getlogin_r \
+  ptsname_r \
+  # routines_no_fortify
+
 ifeq (yesyes,$(have-fpie)$(build-shared))
 pt_chown-cflags += $(pie-ccflag)
 endif
diff --git a/misc/Makefile b/misc/Makefile
index 84aa4cb0ad..36ba7a0bad 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -205,6 +205,13 @@ routines := \
   writev \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  getdomain \
+  gethostname \
+  syslog \
+  # routines_no_fortify
+
 generated += \
   tst-allocate_once-mem.out \
   tst-allocate_once.mtrace \
diff --git a/posix/Makefile b/posix/Makefile
index ad43cbdec6..5113ee3b74 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -183,6 +183,14 @@ routines := \
   wordexp \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  confstr \
+  getgroups \
+  pread \
+  pread64 \
+  # routines_no_fortify
+
 aux := \
   environ \
   init-posix \
@@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
 tst-execvp3-ARGS = --test-dir=$(objpfx)
 CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
 
+# Test voluntarily overflows struct dirent
+CFLAGS-bug-glob2.c += $(no-fortify-source)
+
 $(objpfx)testcases.h: TESTS TESTS2C.sed
 	LC_ALL=C sed -f TESTS2C.sed < $< > $@T
 	mv $@T $@
diff --git a/rt/Makefile b/rt/Makefile
index a97333dc02..3d4a3f0eec 100644
--- a/rt/Makefile
+++ b/rt/Makefile
@@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
 CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
 CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  mq_open \
+  # routines_no_fortify
+
 LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
 
 $(objpfx)librt.so: $(shared-thread-library)
diff --git a/setjmp/Makefile b/setjmp/Makefile
index e5733a8c52..363fb6673c 100644
--- a/setjmp/Makefile
+++ b/setjmp/Makefile
@@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
 
 include ../Rules
 
+# This test messes the stack on purpose, which triggers longjump fortify
+# failure
+CFLAGS-bug269-setjmp.c += $(no-fortify-source)
+
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  longjmp \
+  # routines_no_fortify
+
 $(objpfx)tst-setjmp-fp: $(libm)
diff --git a/socket/Makefile b/socket/Makefile
index d9b0b4af64..08f20118cd 100644
--- a/socket/Makefile
+++ b/socket/Makefile
@@ -60,6 +60,12 @@ routines := \
   socketpair \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  recv \
+  recvfrom \
+  # routines_no_fortify
+
 tests := \
   tst-accept4 \
   tst-cmsg_cloexec \
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 8871ec7668..fe304b8373 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -117,6 +117,19 @@ routines := \
   wprintf_function_invoke \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  asprintf \
+  dprintf \
+  fprintf \
+  printf \
+  snprintf \
+  sprintf \
+  vfprintf \
+  vfwprintf \
+  vprintf \
+  # routines_no_fortify
+
 aux := \
   errlist \
   errlist-data \
@@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
 
 # BZ #11319 was first fixed for regular vdprintf, then reopened because
 # the fortified version had the same bug.
-CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
 
 CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
 
diff --git a/stdlib/Makefile b/stdlib/Makefile
index 0975f55ee6..25e42a77e7 100644
--- a/stdlib/Makefile
+++ b/stdlib/Makefile
@@ -145,6 +145,13 @@ routines := \
   xpg_basename \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  mbstowcs \
+  wcstombs \
+  wctomb \
+  # routines_no_fortify
+
 aux = \
   grouping \
   groupingwc \
diff --git a/string/Makefile b/string/Makefile
index d3106d10a9..8cdfd5b000 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -118,6 +118,23 @@ routines := \
   xpg-strerror \
 # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  explicit_bzero \
+  memcpy \
+  memmove \
+  mempcpy \
+  memset \
+  stpcpy \
+  stpncpy \
+  strcat \
+  strcpy \
+  strlcat \
+  strlcpy \
+  strncat \
+  strncpy \
+  # routines_no_fortify
+
 tests := \
   bug-envz1 \
   bug-strcoll1 \
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
index 42cca25a09..34273a5f58 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
@@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
 CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-obstack-ieee128 test-obstack-ibm128
-CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+				 $(no-fortify-source)
+CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+				$(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
-CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+				     $(no-fortify-source)
+CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+				    $(no-fortify-source)
 
 tests-internal += test-scanf-ieee128 test-scanf-ibm128
 CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
@@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
 		       obstack_chk \
 		       vobstack_chk
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
-CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+				    $(no-fortify-source)
+CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+				   $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
 CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
-					  -Wno-psabi -Wno-unused-result
+					  -Wno-psabi -Wno-unused-result \
+					  $(no-fortify-source)
 CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
-					 -Wno-unused-result
+					 -Wno-unused-result \
+					 $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
-CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+				     $(no-fortify-source)
+CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+				    $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
 CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
-					   -Wno-psabi -Wno-unused-result
+					   -Wno-psabi -Wno-unused-result \
+					   $(no-fortify-source)
 CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
-					  -Wno-unused-result
+					  -Wno-unused-result \
+					  $(no-fortify-source)
 endif
 
 ifeq ($(subdir),argp)
@@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-container += test-syslog-ieee128 test-syslog-ibm128
-CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+				$(no-fortify-source)
+CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+			       $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
-CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+				    $(no-fortify-source)
+CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+				   $(no-fortify-source)
 endif
 
 ifeq ($(subdir),stdlib)
@@ -395,6 +419,31 @@ endif
 # Add IEEE binary128 files as make targets.
 routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
 
+routines_no_fortify += \
+  ieee128-asprintf \
+  ieee128-dprintf \
+  ieee128-fprintf \
+  ieee128-fwprintf \
+  ieee128-obstack \
+  ieee128-printf \
+  ieee128-snprintf \
+  ieee128-sprintf \
+  ieee128-swprintf \
+  ieee128-syslog \
+  ieee128-vasprintf \
+  ieee128-vdprintf \
+  ieee128-vfprintf \
+  ieee128-vfwprintf \
+  ieee128-vobstack \
+  ieee128-vprintf \
+  ieee128-vsnprintf \
+  ieee128-vsprintf \
+  ieee128-vswprintf \
+  ieee128-vsyslog \
+  ieee128-vwprintf \
+  ieee128-wprintf \
+  # routines_no_fortify
+
 # On powerpc64le, the routines responsible for converting between long
 # double and string (e.g.: printf, scanf, strtold, strfroml) default to
 # IBM long double mode.  When support for TS 18661-3 was added, several
diff --git a/sysdeps/ieee754/ldbl-opt/Makefile b/sysdeps/ieee754/ldbl-opt/Makefile
index 22e778ad0e..0ed1cd2cae 100644
--- a/sysdeps/ieee754/ldbl-opt/Makefile
+++ b/sysdeps/ieee754/ldbl-opt/Makefile
@@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
 					  -DOBJPFX=\"$(objpfx)\"
 
 endif
+
+routines_no_fortify += \
+  nldbl-asprintf \
+  nldbl-dprintf \
+  nldbl-fprintf \
+  nldbl-fwprintf \
+  nldbl-obstack_printf \
+  nldbl-obstack_vprintf \
+  nldbl-printf \
+  nldbl-snprintf \
+  nldbl-sprintf \
+  nldbl-swprintf \
+  nldbl-syslog \
+  nldbl-vasprintf \
+  nldbl-vdprintf \
+  nldbl-vfprintf \
+  nldbl-vfwprintf \
+  nldbl-vprintf \
+  nldbl-vsnprintf \
+  nldbl-vsprintf \
+  nldbl-vswprintf \
+  nldbl-vsyslog \
+  nldbl-vwprintf \
+  nldbl-wprintf \
+  # routines_no_fortify
+
+# We can't rely on Makeconfig here for whatever reason
+CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
+CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
index 32cf4eb119..31028406d5 100644
--- a/sysdeps/pthread/Makefile
+++ b/sysdeps/pthread/Makefile
@@ -304,6 +304,10 @@ tests-nolibpthread += \
 CFLAGS-tst-cleanup2.c += -fno-builtin
 CFLAGS-tst-cleanupx2.c += -fno-builtin
 
+# Disable fortification due to sprintf(NULL,...)
+CFLAGS-tst-cleanup2.c += $(no-fortify-source)
+CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
+
 tests += \
   tst-cancelx2 \
   tst-cancelx3 \
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
index 594a5dc53e..9108b7d2ed 100644
--- a/sysdeps/unix/sysv/linux/Makefile
+++ b/sysdeps/unix/sysv/linux/Makefile
@@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
 CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
 CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
 
+# The test triggers FORTIFY abortion due to purposely wrong parameters
+CFLAGS-test-errno-linux.c += $(no-fortify-source)
+
 sysdep_headers += \
   bits/a.out.h \
   bits/epoll.h \
diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
index 22192985e1..d25a2214f8 100644
--- a/wcsmbs/Makefile
+++ b/wcsmbs/Makefile
@@ -121,6 +121,27 @@ routines := \
   wmemset \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  mbsnrtowcs \
+  mbsrtowcs \
+  wcpcpy \
+  wcpncpy \
+  wcrtomb \
+  wcscat \
+  wcscpy \
+  wcslcat \
+  wcslcpy \
+  wcsncat \
+  wcsncpy \
+  wcsnrtombs \
+  wcsrtombs \
+  wmemcpy \
+  wmemmove \
+  wmempcpy \
+  wmemset \
+  # routines_no_fortify
+
 tests := \
   test-c8rtomb \
   test-char-types \
@@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
 CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
 CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
 CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
-CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
 
 CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
 CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
-- 
2.41.0

Re: [PATCH v3 02/16] Exclude routines from fortification

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
> be excluded from the fortification.
> 
> On top of that:
>   - some tests explicitly verify that some level of fortification works
>     appropriately, we therefore shouldn't modify the level set for them.
>   - some objects need to be build with optimization disabled, which
>     prevents _FORTIFY_SOURCE to be used for them.
> 
> Assembler files that implement architecture specific versions of the
> fortified routines were not excluded from _FORTIFY_SOURCE as there is no
> C header included that would impact their behavior.
> ---
>   debug/Makefile                              | 12 +--
>   io/Makefile                                 | 16 ++++
>   libio/Makefile                              | 21 +++++-
>   login/Makefile                              |  6 ++
>   misc/Makefile                               |  7 ++
>   posix/Makefile                              | 11 +++
>   rt/Makefile                                 |  5 ++
>   setjmp/Makefile                             |  9 +++
>   socket/Makefile                             |  6 ++
>   stdio-common/Makefile                       | 15 +++-
>   stdlib/Makefile                             |  7 ++
>   string/Makefile                             | 17 +++++
>   sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
>   sysdeps/ieee754/ldbl-opt/Makefile           | 29 ++++++++
>   sysdeps/pthread/Makefile                    |  4 +
>   sysdeps/unix/sysv/linux/Makefile            |  3 +
>   wcsmbs/Makefile                             | 23 +++++-
>   17 files changed, 247 insertions(+), 25 deletions(-)
> 
> diff --git a/debug/Makefile b/debug/Makefile
> index 9d658e3002..434e52f780 100644
> --- a/debug/Makefile
> +++ b/debug/Makefile
> @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
>   # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
>   # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
>   CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
>   CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
>   CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>   
>   # _FORTIFY_SOURCE tests.
>   # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
> @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
>   # cannot be disabled via pragmas, so require -Wno-error to be used.
>   define gen-chk-test
>   tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
> +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
>   					  -Wno-deprecated-declarations \
>   					  -Wno-error
>   $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> diff --git a/io/Makefile b/io/Makefile
> index d573064ecc..6ccc0e8691 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -149,6 +149,22 @@ routines := \
>     write \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  getcwd \
> +  getwd \
> +  open \
> +  open64 \
> +  openat \
> +  openat64 \
> +  poll \
> +  ppoll \
> +  read \
> +  readlink \
> +  readlinkat \
> +  ttyname_r \
> +  # routines_no_fortify
> +
>   others := \
>    pwd \
>    # others
> diff --git a/libio/Makefile b/libio/Makefile
> index 2877fec484..f5c487d9f5 100644
> --- a/libio/Makefile
> +++ b/libio/Makefile
> @@ -53,6 +53,21 @@ routines	:=							      \
>   
>   gen-as-const-headers += libio-macros.sym
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  fwprintf \
> +  iofgets \
> +  iofgets_u \
> +  iofgetws \
> +  iofgetws_u \
> +  swprintf \
> +  vasprintf \
> +  vsnprintf \
> +  vswprintf \
> +  vwprintf \
> +  wprintf \
> +  # routines_no_fortify
> +
>   tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc   \
>   	tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
>   	tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf	      \
> @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
>   CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
>   # XXX Do we need filedoalloc and wfiledoalloc?  Others?
>   
> +# Prevent fortification as these are built with -O0
> +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> +
>   CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
>   
>   # These test cases intentionally use overlapping arguments
>   CFLAGS-tst-sprintf-ub.c += -Wno-restrict

This should also be built without fortification because the test 
specifically tries to validate the sprintf entry point; the 
__sprintf_chk entry point ought to get checked by the 
tst-sprintf-chk-ub.c test.

In fact, I wonder if *all* tests should be built without fortification 
by default regardless of whether glibc is built with fortification.  We 
have specific tests in debug/ to test the _chk entry points and it seems 
like the tests should stick to validating only the regular entry points 
unless otherwise specified.

Sid

> -CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
> +CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
>   
>   LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
>   
> diff --git a/login/Makefile b/login/Makefile
> index 13b155d344..74216cbcb2 100644
> --- a/login/Makefile
> +++ b/login/Makefile
> @@ -66,6 +66,12 @@ include ../Rules
>   CFLAGS-getpt.c += -fexceptions
>   CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  getlogin_r \
> +  ptsname_r \
> +  # routines_no_fortify
> +
>   ifeq (yesyes,$(have-fpie)$(build-shared))
>   pt_chown-cflags += $(pie-ccflag)
>   endif
> diff --git a/misc/Makefile b/misc/Makefile
> index 84aa4cb0ad..36ba7a0bad 100644
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -205,6 +205,13 @@ routines := \
>     writev \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  getdomain \
> +  gethostname \
> +  syslog \
> +  # routines_no_fortify
> +
>   generated += \
>     tst-allocate_once-mem.out \
>     tst-allocate_once.mtrace \
> diff --git a/posix/Makefile b/posix/Makefile
> index ad43cbdec6..5113ee3b74 100644
> --- a/posix/Makefile
> +++ b/posix/Makefile
> @@ -183,6 +183,14 @@ routines := \
>     wordexp \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  confstr \
> +  getgroups \
> +  pread \
> +  pread64 \
> +  # routines_no_fortify
> +
>   aux := \
>     environ \
>     init-posix \
> @@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
>   tst-execvp3-ARGS = --test-dir=$(objpfx)
>   CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
>   
> +# Test voluntarily overflows struct dirent
> +CFLAGS-bug-glob2.c += $(no-fortify-source)
> +
>   $(objpfx)testcases.h: TESTS TESTS2C.sed
>   	LC_ALL=C sed -f TESTS2C.sed < $< > $@T
>   	mv $@T $@
> diff --git a/rt/Makefile b/rt/Makefile
> index a97333dc02..3d4a3f0eec 100644
> --- a/rt/Makefile
> +++ b/rt/Makefile
> @@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
>   CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
>   CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  mq_open \
> +  # routines_no_fortify
> +
>   LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
>   
>   $(objpfx)librt.so: $(shared-thread-library)
> diff --git a/setjmp/Makefile b/setjmp/Makefile
> index e5733a8c52..363fb6673c 100644
> --- a/setjmp/Makefile
> +++ b/setjmp/Makefile
> @@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
>   
>   include ../Rules
>   
> +# This test messes the stack on purpose, which triggers longjump fortify
> +# failure
> +CFLAGS-bug269-setjmp.c += $(no-fortify-source)
> +
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  longjmp \
> +  # routines_no_fortify
> +
>   $(objpfx)tst-setjmp-fp: $(libm)
> diff --git a/socket/Makefile b/socket/Makefile
> index d9b0b4af64..08f20118cd 100644
> --- a/socket/Makefile
> +++ b/socket/Makefile
> @@ -60,6 +60,12 @@ routines := \
>     socketpair \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  recv \
> +  recvfrom \
> +  # routines_no_fortify
> +
>   tests := \
>     tst-accept4 \
>     tst-cmsg_cloexec \
> diff --git a/stdio-common/Makefile b/stdio-common/Makefile
> index 8871ec7668..fe304b8373 100644
> --- a/stdio-common/Makefile
> +++ b/stdio-common/Makefile
> @@ -117,6 +117,19 @@ routines := \
>     wprintf_function_invoke \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  asprintf \
> +  dprintf \
> +  fprintf \
> +  printf \
> +  snprintf \
> +  sprintf \
> +  vfprintf \
> +  vfwprintf \
> +  vprintf \
> +  # routines_no_fortify
> +
>   aux := \
>     errlist \
>     errlist-data \
> @@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
>   
>   # BZ #11319 was first fixed for regular vdprintf, then reopened because
>   # the fortified version had the same bug.
> -CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> +CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>   
>   CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
>   
> diff --git a/stdlib/Makefile b/stdlib/Makefile
> index 0975f55ee6..25e42a77e7 100644
> --- a/stdlib/Makefile
> +++ b/stdlib/Makefile
> @@ -145,6 +145,13 @@ routines := \
>     xpg_basename \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  mbstowcs \
> +  wcstombs \
> +  wctomb \
> +  # routines_no_fortify
> +
>   aux = \
>     grouping \
>     groupingwc \
> diff --git a/string/Makefile b/string/Makefile
> index d3106d10a9..8cdfd5b000 100644
> --- a/string/Makefile
> +++ b/string/Makefile
> @@ -118,6 +118,23 @@ routines := \
>     xpg-strerror \
>   # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  explicit_bzero \
> +  memcpy \
> +  memmove \
> +  mempcpy \
> +  memset \
> +  stpcpy \
> +  stpncpy \
> +  strcat \
> +  strcpy \
> +  strlcat \
> +  strlcpy \
> +  strncat \
> +  strncpy \
> +  # routines_no_fortify
> +
>   tests := \
>     bug-envz1 \
>     bug-strcoll1 \
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> index 42cca25a09..34273a5f58 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> @@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
>   CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
>   CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-internal += test-obstack-ieee128 test-obstack-ibm128
> -CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> +				 $(no-fortify-source)
> +CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> +				$(no-fortify-source)
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
> -CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> +				     $(no-fortify-source)
> +CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> +				    $(no-fortify-source)
>   
>   tests-internal += test-scanf-ieee128 test-scanf-ibm128
>   CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
> @@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
>   		       obstack_chk \
>   		       vobstack_chk
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
> -CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> +				    $(no-fortify-source)
> +CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> +				   $(no-fortify-source)
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
>   CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
> -					  -Wno-psabi -Wno-unused-result
> +					  -Wno-psabi -Wno-unused-result \
> +					  $(no-fortify-source)
>   CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> -					 -Wno-unused-result
> +					 -Wno-unused-result \
> +					 $(no-fortify-source)
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
> -CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> +				     $(no-fortify-source)
> +CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> +				    $(no-fortify-source)
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
>   CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
> -					   -Wno-psabi -Wno-unused-result
> +					   -Wno-psabi -Wno-unused-result \
> +					   $(no-fortify-source)
>   CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> -					  -Wno-unused-result
> +					  -Wno-unused-result \
> +					  $(no-fortify-source)
>   endif
>   
>   ifeq ($(subdir),argp)
> @@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
>   CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
>   CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-container += test-syslog-ieee128 test-syslog-ibm128
> -CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> +				$(no-fortify-source)
> +CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> +			       $(no-fortify-source)
>   
> +# The following tests are setting _FORTIFY_SOURCE internally
>   tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
> -CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> +				    $(no-fortify-source)
> +CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> +				   $(no-fortify-source)
>   endif
>   
>   ifeq ($(subdir),stdlib)
> @@ -395,6 +419,31 @@ endif
>   # Add IEEE binary128 files as make targets.
>   routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
>   
> +routines_no_fortify += \
> +  ieee128-asprintf \
> +  ieee128-dprintf \
> +  ieee128-fprintf \
> +  ieee128-fwprintf \
> +  ieee128-obstack \
> +  ieee128-printf \
> +  ieee128-snprintf \
> +  ieee128-sprintf \
> +  ieee128-swprintf \
> +  ieee128-syslog \
> +  ieee128-vasprintf \
> +  ieee128-vdprintf \
> +  ieee128-vfprintf \
> +  ieee128-vfwprintf \
> +  ieee128-vobstack \
> +  ieee128-vprintf \
> +  ieee128-vsnprintf \
> +  ieee128-vsprintf \
> +  ieee128-vswprintf \
> +  ieee128-vsyslog \
> +  ieee128-vwprintf \
> +  ieee128-wprintf \
> +  # routines_no_fortify
> +
>   # On powerpc64le, the routines responsible for converting between long
>   # double and string (e.g.: printf, scanf, strtold, strfroml) default to
>   # IBM long double mode.  When support for TS 18661-3 was added, several
> diff --git a/sysdeps/ieee754/ldbl-opt/Makefile b/sysdeps/ieee754/ldbl-opt/Makefile
> index 22e778ad0e..0ed1cd2cae 100644
> --- a/sysdeps/ieee754/ldbl-opt/Makefile
> +++ b/sysdeps/ieee754/ldbl-opt/Makefile
> @@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
>   					  -DOBJPFX=\"$(objpfx)\"
>   
>   endif
> +
> +routines_no_fortify += \
> +  nldbl-asprintf \
> +  nldbl-dprintf \
> +  nldbl-fprintf \
> +  nldbl-fwprintf \
> +  nldbl-obstack_printf \
> +  nldbl-obstack_vprintf \
> +  nldbl-printf \
> +  nldbl-snprintf \
> +  nldbl-sprintf \
> +  nldbl-swprintf \
> +  nldbl-syslog \
> +  nldbl-vasprintf \
> +  nldbl-vdprintf \
> +  nldbl-vfprintf \
> +  nldbl-vfwprintf \
> +  nldbl-vprintf \
> +  nldbl-vsnprintf \
> +  nldbl-vsprintf \
> +  nldbl-vswprintf \
> +  nldbl-vsyslog \
> +  nldbl-vwprintf \
> +  nldbl-wprintf \
> +  # routines_no_fortify
> +
> +# We can't rely on Makeconfig here for whatever reason
> +CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
> +CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
> diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
> index 32cf4eb119..31028406d5 100644
> --- a/sysdeps/pthread/Makefile
> +++ b/sysdeps/pthread/Makefile
> @@ -304,6 +304,10 @@ tests-nolibpthread += \
>   CFLAGS-tst-cleanup2.c += -fno-builtin
>   CFLAGS-tst-cleanupx2.c += -fno-builtin
>   
> +# Disable fortification due to sprintf(NULL,...)
> +CFLAGS-tst-cleanup2.c += $(no-fortify-source)
> +CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
> +
>   tests += \
>     tst-cancelx2 \
>     tst-cancelx3 \
> diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
> index 594a5dc53e..9108b7d2ed 100644
> --- a/sysdeps/unix/sysv/linux/Makefile
> +++ b/sysdeps/unix/sysv/linux/Makefile
> @@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
>   CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
>   CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
>   
> +# The test triggers FORTIFY abortion due to purposely wrong parameters
> +CFLAGS-test-errno-linux.c += $(no-fortify-source)
> +
>   sysdep_headers += \
>     bits/a.out.h \
>     bits/epoll.h \
> diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
> index 22192985e1..d25a2214f8 100644
> --- a/wcsmbs/Makefile
> +++ b/wcsmbs/Makefile
> @@ -121,6 +121,27 @@ routines := \
>     wmemset \
>     # routines
>   
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> +  mbsnrtowcs \
> +  mbsrtowcs \
> +  wcpcpy \
> +  wcpncpy \
> +  wcrtomb \
> +  wcscat \
> +  wcscpy \
> +  wcslcat \
> +  wcslcpy \
> +  wcsncat \
> +  wcsncpy \
> +  wcsnrtombs \
> +  wcsrtombs \
> +  wmemcpy \
> +  wmemmove \
> +  wmempcpy \
> +  wmemset \
> +  # routines_no_fortify
> +
>   tests := \
>     test-c8rtomb \
>     test-char-types \
> @@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
>   CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
>   CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
>   CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> -CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>   
>   CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
>   CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)

Re: [PATCH v3 02/16] Exclude routines from fortification

[Frederic Berat]

[-- Attachment #1: Type: text/plain, Size: 25042 bytes --]

On Fri, Jun 30, 2023 at 4:55 PM Siddhesh Poyarekar <siddhesh@gotplt.org>
wrote:

> On 2023-06-28 04:42, Frédéric Bérat wrote:
> > Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need
> to
> > be excluded from the fortification.
> >
> > On top of that:
> >   - some tests explicitly verify that some level of fortification works
> >     appropriately, we therefore shouldn't modify the level set for them.
> >   - some objects need to be build with optimization disabled, which
> >     prevents _FORTIFY_SOURCE to be used for them.
> >
> > Assembler files that implement architecture specific versions of the
> > fortified routines were not excluded from _FORTIFY_SOURCE as there is no
> > C header included that would impact their behavior.
> > ---
> >   debug/Makefile                              | 12 +--
> >   io/Makefile                                 | 16 ++++
> >   libio/Makefile                              | 21 +++++-
> >   login/Makefile                              |  6 ++
> >   misc/Makefile                               |  7 ++
> >   posix/Makefile                              | 11 +++
> >   rt/Makefile                                 |  5 ++
> >   setjmp/Makefile                             |  9 +++
> >   socket/Makefile                             |  6 ++
> >   stdio-common/Makefile                       | 15 +++-
> >   stdlib/Makefile                             |  7 ++
> >   string/Makefile                             | 17 +++++
> >   sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
> >   sysdeps/ieee754/ldbl-opt/Makefile           | 29 ++++++++
> >   sysdeps/pthread/Makefile                    |  4 +
> >   sysdeps/unix/sysv/linux/Makefile            |  3 +
> >   wcsmbs/Makefile                             | 23 +++++-
> >   17 files changed, 247 insertions(+), 25 deletions(-)
> >
> > diff --git a/debug/Makefile b/debug/Makefile
> > index 9d658e3002..434e52f780 100644
> > --- a/debug/Makefile
> > +++ b/debug/Makefile
> > @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions
> -fasynchronous-unwind-tables
> >   # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the
> order is:
> >   # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
> >   CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> >   CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> >   CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> > -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> > -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> >   # _FORTIFY_SOURCE tests.
> >   # Auto-generate tests for _FORTIFY_SOURCE for different levels,
> compilers and
> > @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
> >   # cannot be disabled via pragmas, so require -Wno-error to be used.
> >   define gen-chk-test
> >   tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> > -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3)
> -Wno-format \
> > +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
> >                                         -Wno-deprecated-declarations \
> >                                         -Wno-error
> >   $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> > diff --git a/io/Makefile b/io/Makefile
> > index d573064ecc..6ccc0e8691 100644
> > --- a/io/Makefile
> > +++ b/io/Makefile
> > @@ -149,6 +149,22 @@ routines := \
> >     write \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  getcwd \
> > +  getwd \
> > +  open \
> > +  open64 \
> > +  openat \
> > +  openat64 \
> > +  poll \
> > +  ppoll \
> > +  read \
> > +  readlink \
> > +  readlinkat \
> > +  ttyname_r \
> > +  # routines_no_fortify
> > +
> >   others := \
> >    pwd \
> >    # others
> > diff --git a/libio/Makefile b/libio/Makefile
> > index 2877fec484..f5c487d9f5 100644
> > --- a/libio/Makefile
> > +++ b/libio/Makefile
> > @@ -53,6 +53,21 @@ routines   :=
>                     \
> >
> >   gen-as-const-headers += libio-macros.sym
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  fwprintf \
> > +  iofgets \
> > +  iofgets_u \
> > +  iofgetws \
> > +  iofgetws_u \
> > +  swprintf \
> > +  vasprintf \
> > +  vsnprintf \
> > +  vswprintf \
> > +  vwprintf \
> > +  wprintf \
> > +  # routines_no_fortify
> > +
> >   tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc
> tst_putwc   \
> >       tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
> >       tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf
>    \
> > @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c +=
> $(config-cflags-wno-ignored-attributes)
> >   CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
> >   # XXX Do we need filedoalloc and wfiledoalloc?  Others?
> >
> > +# Prevent fortification as these are built with -O0
> > +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> > +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> > +
> >   CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
> >
> >   # These test cases intentionally use overlapping arguments
> >   CFLAGS-tst-sprintf-ub.c += -Wno-restrict
>
> This should also be built without fortification because the test
> specifically tries to validate the sprintf entry point; the
> __sprintf_chk entry point ought to get checked by the
> tst-sprintf-chk-ub.c test.
>
> In fact, I wonder if *all* tests should be built without fortification
> by default regardless of whether glibc is built with fortification.  We
> have specific tests in debug/ to test the _chk entry points and it seems
> like the tests should stick to validating only the regular entry points
> unless otherwise specified.
>
>
I'm not so sure.  The fact that fortification is enabled doesn't diminish
the validity of the tests, at the very end fortified function shouldn't
modify the behavior of these routines (modulo the additional tests on input
parameters).
Unless the test breaks because of fortification (like when tests
voluntarily mess with input parameters in a way that the test aborts on chk
routines), I don't see the need to undefine _FORTIFY_SOURCE.

Thus, by having fortification enabled during the tests, I could catch
errors in the tests (e.g. Incorrect maxlen parameter for swprintf
427dbaee86bcec31ba2fe9a42f32842cf17c4e77).

On top of that in the current configuration, assuming
"--enable-fortify-source" is **not** set, and the _FORTIFY_SOURCE macro is
**not** set through the environment neither, these are still tested without
fortification.
In one sense, having the glibc CI testing the entry points directly, while
the community will probably test with fortification, may help catch
unwanted behavioral changes (if that ever happens) due to incorrect check
routines implementation.

All of that said, we may need to reconsider the tests like
tst-sprintf-chk-ub.c though, considering the capability to enable
fortification from configure.

What do you think ?

Fred.


> Sid
>
> > -CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
> > +CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
> >
> >   LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
> >
> > diff --git a/login/Makefile b/login/Makefile
> > index 13b155d344..74216cbcb2 100644
> > --- a/login/Makefile
> > +++ b/login/Makefile
> > @@ -66,6 +66,12 @@ include ../Rules
> >   CFLAGS-getpt.c += -fexceptions
> >   CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  getlogin_r \
> > +  ptsname_r \
> > +  # routines_no_fortify
> > +
> >   ifeq (yesyes,$(have-fpie)$(build-shared))
> >   pt_chown-cflags += $(pie-ccflag)
> >   endif
> > diff --git a/misc/Makefile b/misc/Makefile
> > index 84aa4cb0ad..36ba7a0bad 100644
> > --- a/misc/Makefile
> > +++ b/misc/Makefile
> > @@ -205,6 +205,13 @@ routines := \
> >     writev \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  getdomain \
> > +  gethostname \
> > +  syslog \
> > +  # routines_no_fortify
> > +
> >   generated += \
> >     tst-allocate_once-mem.out \
> >     tst-allocate_once.mtrace \
> > diff --git a/posix/Makefile b/posix/Makefile
> > index ad43cbdec6..5113ee3b74 100644
> > --- a/posix/Makefile
> > +++ b/posix/Makefile
> > @@ -183,6 +183,14 @@ routines := \
> >     wordexp \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  confstr \
> > +  getgroups \
> > +  pread \
> > +  pread64 \
> > +  # routines_no_fortify
> > +
> >   aux := \
> >     environ \
> >     init-posix \
> > @@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
> >   tst-execvp3-ARGS = --test-dir=$(objpfx)
> >   CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
> >
> > +# Test voluntarily overflows struct dirent
> > +CFLAGS-bug-glob2.c += $(no-fortify-source)
> > +
> >   $(objpfx)testcases.h: TESTS TESTS2C.sed
> >       LC_ALL=C sed -f TESTS2C.sed < $< > $@T
> >       mv $@T $@
> > diff --git a/rt/Makefile b/rt/Makefile
> > index a97333dc02..3d4a3f0eec 100644
> > --- a/rt/Makefile
> > +++ b/rt/Makefile
> > @@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
> >   CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
> >   CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  mq_open \
> > +  # routines_no_fortify
> > +
> >   LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
> >
> >   $(objpfx)librt.so: $(shared-thread-library)
> > diff --git a/setjmp/Makefile b/setjmp/Makefile
> > index e5733a8c52..363fb6673c 100644
> > --- a/setjmp/Makefile
> > +++ b/setjmp/Makefile
> > @@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
> >
> >   include ../Rules
> >
> > +# This test messes the stack on purpose, which triggers longjump fortify
> > +# failure
> > +CFLAGS-bug269-setjmp.c += $(no-fortify-source)
> > +
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  longjmp \
> > +  # routines_no_fortify
> > +
> >   $(objpfx)tst-setjmp-fp: $(libm)
> > diff --git a/socket/Makefile b/socket/Makefile
> > index d9b0b4af64..08f20118cd 100644
> > --- a/socket/Makefile
> > +++ b/socket/Makefile
> > @@ -60,6 +60,12 @@ routines := \
> >     socketpair \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  recv \
> > +  recvfrom \
> > +  # routines_no_fortify
> > +
> >   tests := \
> >     tst-accept4 \
> >     tst-cmsg_cloexec \
> > diff --git a/stdio-common/Makefile b/stdio-common/Makefile
> > index 8871ec7668..fe304b8373 100644
> > --- a/stdio-common/Makefile
> > +++ b/stdio-common/Makefile
> > @@ -117,6 +117,19 @@ routines := \
> >     wprintf_function_invoke \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  asprintf \
> > +  dprintf \
> > +  fprintf \
> > +  printf \
> > +  snprintf \
> > +  sprintf \
> > +  vfprintf \
> > +  vfwprintf \
> > +  vprintf \
> > +  # routines_no_fortify
> > +
> >   aux := \
> >     errlist \
> >     errlist-data \
> > @@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
> >
> >   # BZ #11319 was first fixed for regular vdprintf, then reopened because
> >   # the fortified version had the same bug.
> > -CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> > +CFLAGS-tst-bz11319-fortify2.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> >   CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
> >
> > diff --git a/stdlib/Makefile b/stdlib/Makefile
> > index 0975f55ee6..25e42a77e7 100644
> > --- a/stdlib/Makefile
> > +++ b/stdlib/Makefile
> > @@ -145,6 +145,13 @@ routines := \
> >     xpg_basename \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  mbstowcs \
> > +  wcstombs \
> > +  wctomb \
> > +  # routines_no_fortify
> > +
> >   aux = \
> >     grouping \
> >     groupingwc \
> > diff --git a/string/Makefile b/string/Makefile
> > index d3106d10a9..8cdfd5b000 100644
> > --- a/string/Makefile
> > +++ b/string/Makefile
> > @@ -118,6 +118,23 @@ routines := \
> >     xpg-strerror \
> >   # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  explicit_bzero \
> > +  memcpy \
> > +  memmove \
> > +  mempcpy \
> > +  memset \
> > +  stpcpy \
> > +  stpncpy \
> > +  strcat \
> > +  strcpy \
> > +  strlcat \
> > +  strlcpy \
> > +  strncat \
> > +  strncpy \
> > +  # routines_no_fortify
> > +
> >   tests := \
> >     bug-envz1 \
> >     bug-strcoll1 \
> > diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > index 42cca25a09..34273a5f58 100644
> > --- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > +++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > @@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128
> test-wprintf-ibm128
> >   CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> >   CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-internal += test-obstack-ieee128 test-obstack-ibm128
> > -CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > +                              $(no-fortify-source)
> > +CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > +                             $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
> > -CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > +                                  $(no-fortify-source)
> > +CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > +                                 $(no-fortify-source)
> >
> >   tests-internal += test-scanf-ieee128 test-scanf-ibm128
> >   CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi -std=c89 -D_GNU_SOURCE
> > @@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
> >                      obstack_chk \
> >                      vobstack_chk
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
> > -CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > +                                 $(no-fortify-source)
> > +CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > +                                $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-internal += test-printf-chk-redir-ieee128
> test-printf-chk-redir-ibm128
> >   CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128
> -mabi=ieeelongdouble \
> > -                                       -Wno-psabi -Wno-unused-result
> > +                                       -Wno-psabi -Wno-unused-result \
> > +                                       $(no-fortify-source)
> >   CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble
> -Wno-psabi \
> > -                                      -Wno-unused-result
> > +                                      -Wno-unused-result \
> > +                                      $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
> > -CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > +                                  $(no-fortify-source)
> > +CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > +                                 $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-internal += test-wprintf-chk-redir-ieee128
> test-wprintf-chk-redir-ibm128
> >   CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128
> -mabi=ieeelongdouble \
> > -                                        -Wno-psabi -Wno-unused-result
> > +                                        -Wno-psabi -Wno-unused-result \
> > +                                        $(no-fortify-source)
> >   CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble
> -Wno-psabi \
> > -                                       -Wno-unused-result
> > +                                       -Wno-unused-result \
> > +                                       $(no-fortify-source)
> >   endif
> >
> >   ifeq ($(subdir),argp)
> > @@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128
> -mabi=ieeelongdouble -Wno-psabi
> >   CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> >   CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-container += test-syslog-ieee128 test-syslog-ibm128
> > -CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > +                             $(no-fortify-source)
> > +CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > +                            $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> >   tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
> > -CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > +                                 $(no-fortify-source)
> > +CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > +                                $(no-fortify-source)
> >   endif
> >
> >   ifeq ($(subdir),stdlib)
> > @@ -395,6 +419,31 @@ endif
> >   # Add IEEE binary128 files as make targets.
> >   routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
> >
> > +routines_no_fortify += \
> > +  ieee128-asprintf \
> > +  ieee128-dprintf \
> > +  ieee128-fprintf \
> > +  ieee128-fwprintf \
> > +  ieee128-obstack \
> > +  ieee128-printf \
> > +  ieee128-snprintf \
> > +  ieee128-sprintf \
> > +  ieee128-swprintf \
> > +  ieee128-syslog \
> > +  ieee128-vasprintf \
> > +  ieee128-vdprintf \
> > +  ieee128-vfprintf \
> > +  ieee128-vfwprintf \
> > +  ieee128-vobstack \
> > +  ieee128-vprintf \
> > +  ieee128-vsnprintf \
> > +  ieee128-vsprintf \
> > +  ieee128-vswprintf \
> > +  ieee128-vsyslog \
> > +  ieee128-vwprintf \
> > +  ieee128-wprintf \
> > +  # routines_no_fortify
> > +
> >   # On powerpc64le, the routines responsible for converting between long
> >   # double and string (e.g.: printf, scanf, strtold, strfroml) default to
> >   # IBM long double mode.  When support for TS 18661-3 was added, several
> > diff --git a/sysdeps/ieee754/ldbl-opt/Makefile
> b/sysdeps/ieee754/ldbl-opt/Makefile
> > index 22e778ad0e..0ed1cd2cae 100644
> > --- a/sysdeps/ieee754/ldbl-opt/Makefile
> > +++ b/sysdeps/ieee754/ldbl-opt/Makefile
> > @@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c +=
> -mlong-double-64 -std=gnu89 \
> >                                         -DOBJPFX=\"$(objpfx)\"
> >
> >   endif
> > +
> > +routines_no_fortify += \
> > +  nldbl-asprintf \
> > +  nldbl-dprintf \
> > +  nldbl-fprintf \
> > +  nldbl-fwprintf \
> > +  nldbl-obstack_printf \
> > +  nldbl-obstack_vprintf \
> > +  nldbl-printf \
> > +  nldbl-snprintf \
> > +  nldbl-sprintf \
> > +  nldbl-swprintf \
> > +  nldbl-syslog \
> > +  nldbl-vasprintf \
> > +  nldbl-vdprintf \
> > +  nldbl-vfprintf \
> > +  nldbl-vfwprintf \
> > +  nldbl-vprintf \
> > +  nldbl-vsnprintf \
> > +  nldbl-vsprintf \
> > +  nldbl-vswprintf \
> > +  nldbl-vsyslog \
> > +  nldbl-vwprintf \
> > +  nldbl-wprintf \
> > +  # routines_no_fortify
> > +
> > +# We can't rely on Makeconfig here for whatever reason
> > +CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
> > +CFLAGS-.oS += $(call
> elide-fortify-source,_chk.oS,$(routines_no_fortify))
> > diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
> > index 32cf4eb119..31028406d5 100644
> > --- a/sysdeps/pthread/Makefile
> > +++ b/sysdeps/pthread/Makefile
> > @@ -304,6 +304,10 @@ tests-nolibpthread += \
> >   CFLAGS-tst-cleanup2.c += -fno-builtin
> >   CFLAGS-tst-cleanupx2.c += -fno-builtin
> >
> > +# Disable fortification due to sprintf(NULL,...)
> > +CFLAGS-tst-cleanup2.c += $(no-fortify-source)
> > +CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
> > +
> >   tests += \
> >     tst-cancelx2 \
> >     tst-cancelx3 \
> > diff --git a/sysdeps/unix/sysv/linux/Makefile
> b/sysdeps/unix/sysv/linux/Makefile
> > index 594a5dc53e..9108b7d2ed 100644
> > --- a/sysdeps/unix/sysv/linux/Makefile
> > +++ b/sysdeps/unix/sysv/linux/Makefile
> > @@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions
> -fasynchronous-unwind-tables
> >   CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
> >   CFLAGS-tst-writev.c +=
> "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
> >
> > +# The test triggers FORTIFY abortion due to purposely wrong parameters
> > +CFLAGS-test-errno-linux.c += $(no-fortify-source)
> > +
> >   sysdep_headers += \
> >     bits/a.out.h \
> >     bits/epoll.h \
> > diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
> > index 22192985e1..d25a2214f8 100644
> > --- a/wcsmbs/Makefile
> > +++ b/wcsmbs/Makefile
> > @@ -121,6 +121,27 @@ routines := \
> >     wmemset \
> >     # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > +  mbsnrtowcs \
> > +  mbsrtowcs \
> > +  wcpcpy \
> > +  wcpncpy \
> > +  wcrtomb \
> > +  wcscat \
> > +  wcscpy \
> > +  wcslcat \
> > +  wcslcpy \
> > +  wcsncat \
> > +  wcsncpy \
> > +  wcsnrtombs \
> > +  wcsrtombs \
> > +  wmemcpy \
> > +  wmemmove \
> > +  wmempcpy \
> > +  wmemset \
> > +  # routines_no_fortify
> > +
> >   tests := \
> >     test-c8rtomb \
> >     test-char-types \
> > @@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> >   CFLAGS-wcstold_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> >   CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
> >   CFLAGS-wcstof_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > -CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> >   CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
> >   CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
>
>

Re: [PATCH v3 02/16] Exclude routines from fortification

[Siddhesh Poyarekar]

On 2023-07-03 11:16, Frederic Berat wrote:
> 
> 
> On Fri, Jun 30, 2023 at 4:55 PM Siddhesh Poyarekar <siddhesh@gotplt.org 
> <mailto:siddhesh@gotplt.org>> wrote:
> 
>     On 2023-06-28 04:42, Frédéric Bérat wrote:
>      > Since the _FORTIFY_SOURCE feature uses some routines of Glibc,
>     they need to
>      > be excluded from the fortification.
>      >
>      > On top of that:
>      >   - some tests explicitly verify that some level of fortification
>     works
>      >     appropriately, we therefore shouldn't modify the level set
>     for them.
>      >   - some objects need to be build with optimization disabled, which
>      >     prevents _FORTIFY_SOURCE to be used for them.
>      >
>      > Assembler files that implement architecture specific versions of the
>      > fortified routines were not excluded from _FORTIFY_SOURCE as
>     there is no
>      > C header included that would impact their behavior.
>      > ---
>      >   debug/Makefile                              | 12 +--
>      >   io/Makefile                                 | 16 ++++
>      >   libio/Makefile                              | 21 +++++-
>      >   login/Makefile                              |  6 ++
>      >   misc/Makefile                               |  7 ++
>      >   posix/Makefile                              | 11 +++
>      >   rt/Makefile                                 |  5 ++
>      >   setjmp/Makefile                             |  9 +++
>      >   socket/Makefile                             |  6 ++
>      >   stdio-common/Makefile                       | 15 +++-
>      >   stdlib/Makefile                             |  7 ++
>      >   string/Makefile                             | 17 +++++
>      >   sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81
>     +++++++++++++++++----
>      >   sysdeps/ieee754/ldbl-opt/Makefile           | 29 ++++++++
>      >   sysdeps/pthread/Makefile                    |  4 +
>      >   sysdeps/unix/sysv/linux/Makefile            |  3 +
>      >   wcsmbs/Makefile                             | 23 +++++-
>      >   17 files changed, 247 insertions(+), 25 deletions(-)
>      >
>      > diff --git a/debug/Makefile b/debug/Makefile
>      > index 9d658e3002..434e52f780 100644
>      > --- a/debug/Makefile
>      > +++ b/debug/Makefile
>      > @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions
>     -fasynchronous-unwind-tables
>      >   # set up for us, so keep the CFLAGS/CPPFLAGS split logical as
>     the order is:
>      >   # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
>      >   CFLAGS-tst-longjmp_chk.c += -fexceptions
>     -fasynchronous-unwind-tables
>      > -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
>      > +CPPFLAGS-tst-longjmp_chk.c +=
>     $(no-fortify-source),-D_FORTIFY_SOURCE=1
>      >   CFLAGS-tst-longjmp_chk2.c += -fexceptions
>     -fasynchronous-unwind-tables
>      > -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
>      > +CPPFLAGS-tst-longjmp_chk2.c +=
>     $(no-fortify-source),-D_FORTIFY_SOURCE=1
>      >   CFLAGS-tst-longjmp_chk3.c += -fexceptions
>     -fasynchronous-unwind-tables
>      > -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
>      > -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
>      > -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
>      > +CPPFLAGS-tst-longjmp_chk3.c +=
>     $(no-fortify-source),-D_FORTIFY_SOURCE=1
>      > +CPPFLAGS-tst-realpath-chk.c +=
>     $(no-fortify-source),-D_FORTIFY_SOURCE=2
>      > +CPPFLAGS-tst-chk-cancel.c +=
>     $(no-fortify-source),-D_FORTIFY_SOURCE=2
>      >
>      >   # _FORTIFY_SOURCE tests.
>      >   # Auto-generate tests for _FORTIFY_SOURCE for different levels,
>     compilers and
>      > @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
>      >   # cannot be disabled via pragmas, so require -Wno-error to be used.
>      >   define gen-chk-test
>      >   tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
>      > -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
>     -D_FORTIFY_SOURCE=$(3) -Wno-format \
>      > +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
>     $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
>      >                                       
>       -Wno-deprecated-declarations \
>      >                                         -Wno-error
>      >   $(eval $(call cflags-$(2),$(1),$(3),$(4)))
>      > diff --git a/io/Makefile b/io/Makefile
>      > index d573064ecc..6ccc0e8691 100644
>      > --- a/io/Makefile
>      > +++ b/io/Makefile
>      > @@ -149,6 +149,22 @@ routines := \
>      >     write \
>      >     # routines
>      >
>      > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
>      > +routines_no_fortify += \
>      > +  getcwd \
>      > +  getwd \
>      > +  open \
>      > +  open64 \
>      > +  openat \
>      > +  openat64 \
>      > +  poll \
>      > +  ppoll \
>      > +  read \
>      > +  readlink \
>      > +  readlinkat \
>      > +  ttyname_r \
>      > +  # routines_no_fortify
>      > +
>      >   others := \
>      >    pwd \
>      >    # others
>      > diff --git a/libio/Makefile b/libio/Makefile
>      > index 2877fec484..f5c487d9f5 100644
>      > --- a/libio/Makefile
>      > +++ b/libio/Makefile
>      > @@ -53,6 +53,21 @@ routines   :=                                 
>                                \
>      >
>      >   gen-as-const-headers += libio-macros.sym
>      >
>      > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
>      > +routines_no_fortify += \
>      > +  fwprintf \
>      > +  iofgets \
>      > +  iofgets_u \
>      > +  iofgetws \
>      > +  iofgetws_u \
>      > +  swprintf \
>      > +  vasprintf \
>      > +  vsnprintf \
>      > +  vswprintf \
>      > +  vwprintf \
>      > +  wprintf \
>      > +  # routines_no_fortify
>      > +
>      >   tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf
>     tst_getwc tst_putwc   \
>      >       tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
>      >       tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf
>     tst-sscanf           \
>      > @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c +=
>     $(config-cflags-wno-ignored-attributes)
>      >   CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
>      >   # XXX Do we need filedoalloc and wfiledoalloc?  Others?
>      >
>      > +# Prevent fortification as these are built with -O0
>      > +CFLAGS-tst-bz24051.c += $(no-fortify-source)
>      > +CFLAGS-tst-bz24153.c += $(no-fortify-source)
>      > +
>      >   CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
>      >
>      >   # These test cases intentionally use overlapping arguments
>      >   CFLAGS-tst-sprintf-ub.c += -Wno-restrict
> 
>     This should also be built without fortification because the test
>     specifically tries to validate the sprintf entry point; the
>     __sprintf_chk entry point ought to get checked by the
>     tst-sprintf-chk-ub.c test.
> 
>     In fact, I wonder if *all* tests should be built without fortification
>     by default regardless of whether glibc is built with fortification.  We
>     have specific tests in debug/ to test the _chk entry points and it
>     seems
>     like the tests should stick to validating only the regular entry points
>     unless otherwise specified.
> 
> I'm not so sure.  The fact that fortification is enabled doesn't 
> diminish the validity of the tests, at the very end fortified function 
> shouldn't modify the behavior of these routines (modulo the additional 
> tests on input parameters).
> Unless the test breaks because of fortification (like when tests 
> voluntarily mess with input parameters in a way that the test aborts on 
> chk routines), I don't see the need to undefine _FORTIFY_SOURCE.
> 
> Thus, by having fortification enabled during the tests, I could catch 
> errors in the tests (e.g. Incorrect maxlen parameter for swprintf 
> 427dbaee86bcec31ba2fe9a42f32842cf17c4e77).
> 
> On top of that in the current configuration, assuming 
> "--enable-fortify-source" is **not** set, and the _FORTIFY_SOURCE macro 
> is **not** set through the environment neither, these are still tested 
> without fortification.
> In one sense, having the glibc CI testing the entry points directly, 
> while the community will probably test with fortification, may help 
> catch unwanted behavioral changes (if that ever happens) due to 
> incorrect check routines implementation.
> 
> All of that said, we may need to reconsider the tests like 
> tst-sprintf-chk-ub.c though, considering the capability to enable 
> fortification from configure.
> 
> What do you think ?

OK that's fine, just that we'd need to do further fixups to tests in 
future where we're testing fortified and unfortified variants.

Sid

[PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named

[Frédéric Bérat]

The *_chk routines naming doesn't match the name that would be generated
using libc_hidden_ldbl_proto. Since the macro is needed for some of
these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to
be fixed.
While at it, all the *_chk function get renamed appropriately for
consistency, even if not strictly necessary.
---
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c  | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c  | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c   | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c  | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c       | 8 ++++----
 .../ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c    | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 ++--
 .../ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c    | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c  | 4 ++--
 .../ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c    | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 4 ++--
 .../ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c    | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 ++--
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c  | 4 ++--
 19 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
index a50e334a2c..fbf953a728 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_asprintf_chk (char **string_ptr, int flag, const char *format, ...)
+___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
 {
   va_list ap;
   int done;
@@ -35,4 +35,4 @@ ___ieee128_asprintf_chk (char **string_ptr, int flag, const char *format, ...)
 
   return done;
 }
-strong_alias (___ieee128_asprintf_chk, __asprintf_chkieee128)
+strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
index b53b06a513..7121020ed5 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_dprintf_chk (int d, int flag, const char *format, ...)
+___ieee128___dprintf_chk (int d, int flag, const char *format, ...)
 {
   va_list ap;
   int done;
@@ -35,4 +35,4 @@ ___ieee128_dprintf_chk (int d, int flag, const char *format, ...)
 
   return done;
 }
-strong_alias (___ieee128_dprintf_chk, __dprintf_chkieee128)
+strong_alias (___ieee128___dprintf_chk, __dprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
index 44eed0de99..bd10e9c3db 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_fprintf_chk (FILE *fp, int flag, const char *format, ...)
+___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
 {
   va_list ap;
   int done;
@@ -35,4 +35,4 @@ ___ieee128_fprintf_chk (FILE *fp, int flag, const char *format, ...)
 
   return done;
 }
-strong_alias (___ieee128_fprintf_chk, __fprintf_chkieee128)
+strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
index 83c2f8e8d7..5b6cc3e768 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
+___ieee128___fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
 {
   va_list ap;
   int done;
@@ -35,4 +35,4 @@ ___ieee128_fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
 
   return done;
 }
-strong_alias (___ieee128_fwprintf_chk, __fwprintf_chkieee128)
+strong_alias (___ieee128___fwprintf_chk, __fwprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
index ab5fe59c37..333f4e14b1 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_printf_chk (int flag, const char *format, ...)
+___ieee128___printf_chk (int flag, const char *format, ...)
 {
   va_list ap;
   int done;
@@ -35,4 +35,4 @@ ___ieee128_printf_chk (int flag, const char *format, ...)
 
   return done;
 }
-strong_alias (___ieee128_printf_chk, __printf_chkieee128)
+strong_alias (___ieee128___printf_chk, __printf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
index 0ff2486642..a65f193dc1 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
+___ieee128___snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
 			const char *format, ...)
 {
   va_list ap;
@@ -39,4 +39,4 @@ ___ieee128_snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
 
   return done;
 }
-strong_alias (___ieee128_snprintf_chk, __snprintf_chkieee128)
+strong_alias (___ieee128___snprintf_chk, __snprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
index a0e598db42..0039c3b53d 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_sprintf_chk (char *s, int flag, size_t slen,
+___ieee128___sprintf_chk (char *s, int flag, size_t slen,
 		       const char *format, ...)
 {
   va_list ap;
@@ -43,4 +43,4 @@ ___ieee128_sprintf_chk (char *s, int flag, size_t slen,
 
   return done;
 }
-strong_alias (___ieee128_sprintf_chk, __sprintf_chkieee128)
+strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
index 2453c231b8..b81e9ccc05 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_swprintf_chk (wchar_t *string, size_t maxlen, int flag,
+___ieee128___swprintf_chk (wchar_t *string, size_t maxlen, int flag,
 			size_t slen, const wchar_t *format, ...)
 {
   va_list ap;
@@ -39,4 +39,4 @@ ___ieee128_swprintf_chk (wchar_t *string, size_t maxlen, int flag,
 
   return done;
 }
-strong_alias (___ieee128_swprintf_chk, __swprintf_chkieee128)
+strong_alias (___ieee128___swprintf_chk, __swprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
index 4ed4621b96..18aa7f707f 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
@@ -40,7 +40,7 @@ ___ieee128_vsyslog (int pri, const char *fmt, va_list ap)
 strong_alias (___ieee128_vsyslog, __vsyslogieee128)
 
 void
-___ieee128_syslog_chk (int pri, int flag, const char *fmt, ...)
+___ieee128___syslog_chk (int pri, int flag, const char *fmt, ...)
 {
   va_list ap;
 
@@ -52,10 +52,10 @@ ___ieee128_syslog_chk (int pri, int flag, const char *fmt, ...)
   __vsyslog_internal (pri, fmt, ap, mode);
   va_end (ap);
 }
-strong_alias (___ieee128_syslog_chk, __syslog_chkieee128)
+strong_alias (___ieee128___syslog_chk, __syslog_chkieee128)
 
 void
-___ieee128_vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
+___ieee128___vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
   if (flag > 0)
@@ -63,4 +63,4 @@ ___ieee128_vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
 
   __vsyslog_internal (pri, fmt, ap, mode);
 }
-strong_alias (___ieee128_vsyslog_chk, __vsyslog_chkieee128)
+strong_alias (___ieee128___vsyslog_chk, __vsyslog_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
index 5350e777f3..a5a048f2b5 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vasprintf_chk (char **result_ptr, int flag, const char *format,
+___ieee128___vasprintf_chk (char **result_ptr, int flag, const char *format,
 			 va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -28,4 +28,4 @@ ___ieee128_vasprintf_chk (char **result_ptr, int flag, const char *format,
 
   return __vasprintf_internal (result_ptr, format, ap, mode);
 }
-strong_alias (___ieee128_vasprintf_chk, __vasprintf_chkieee128)
+strong_alias (___ieee128___vasprintf_chk, __vasprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
index 7e38917cb5..ac7f26ec6d 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vdprintf_chk (int d, int flag, const char *format, va_list ap)
+___ieee128___vdprintf_chk (int d, int flag, const char *format, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
   if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vdprintf_chk (int d, int flag, const char *format, va_list ap)
 
   return __vdprintf_internal (d, format, ap, mode);
 }
-strong_alias (___ieee128_vdprintf_chk, __vdprintf_chkieee128)
+strong_alias (___ieee128___vdprintf_chk, __vdprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
index bf2ace508f..50c12265bc 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
+___ieee128___vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
   if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
 
   return __vfprintf_internal (fp, format, ap, mode);
 }
-strong_alias (___ieee128_vfprintf_chk, __vfprintf_chkieee128)
+strong_alias (___ieee128___vfprintf_chk, __vfprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
index b2379176f2..a5005927dc 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
+___ieee128___vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
 			 va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -28,4 +28,4 @@ ___ieee128_vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
 
   return __vfwprintf_internal (fp, format, ap, mode);
 }
-strong_alias (___ieee128_vfwprintf_chk, __vfwprintf_chkieee128)
+strong_alias (___ieee128___vfwprintf_chk, __vfwprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
index ca718d06bb..1281e41b6f 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vprintf_chk (int flag, const char *format, va_list ap)
+___ieee128___vprintf_chk (int flag, const char *format, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
   if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vprintf_chk (int flag, const char *format, va_list ap)
 
   return __vfprintf_internal (stdout, format, ap, mode);
 }
-strong_alias (___ieee128_vprintf_chk, __vprintf_chkieee128)
+strong_alias (___ieee128___vprintf_chk, __vprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
index 79d359b5d4..d91e8fa956 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vsnprintf_chk (char *string, size_t maxlen, int flag,
+___ieee128___vsnprintf_chk (char *string, size_t maxlen, int flag,
 			 size_t slen, const char *format, va_list ap)
 {
   if (__glibc_unlikely (slen < maxlen))
@@ -31,4 +31,4 @@ ___ieee128_vsnprintf_chk (char *string, size_t maxlen, int flag,
 
   return __vsnprintf_internal (string, maxlen, format, ap, mode);
 }
-strong_alias (___ieee128_vsnprintf_chk, __vsnprintf_chkieee128)
+strong_alias (___ieee128___vsnprintf_chk, __vsnprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
index b4b2b2d14f..22137269c0 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vsprintf_chk (char *string, int flag, size_t slen,
+___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
 			const char *format, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -35,4 +35,4 @@ ___ieee128_vsprintf_chk (char *string, int flag, size_t slen,
 
   return __vsprintf_internal (string, slen, format, ap, mode);
 }
-strong_alias (___ieee128_vsprintf_chk, __vsprintf_chkieee128)
+strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
index 9cd56ba5d4..888513d3c6 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
+___ieee128___vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
 			 size_t slen, const wchar_t *format, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
@@ -31,4 +31,4 @@ ___ieee128_vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
 
   return __vswprintf_internal (string, maxlen, format, ap, mode);
 }
-strong_alias (___ieee128_vswprintf_chk, __vswprintf_chkieee128)
+strong_alias (___ieee128___vswprintf_chk, __vswprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
index 3861edf480..f61f2d6c44 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
@@ -19,7 +19,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_vwprintf_chk (int flag, const wchar_t *format, va_list ap)
+___ieee128___vwprintf_chk (int flag, const wchar_t *format, va_list ap)
 {
   unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
   if (flag > 0)
@@ -27,4 +27,4 @@ ___ieee128_vwprintf_chk (int flag, const wchar_t *format, va_list ap)
 
   return __vfwprintf_internal (stdout, format, ap, mode);
 }
-strong_alias (___ieee128_vwprintf_chk, __vwprintf_chkieee128)
+strong_alias (___ieee128___vwprintf_chk, __vwprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
index 440e0691cb..19d9a92dd2 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
@@ -20,7 +20,7 @@
 #include <libio/libioP.h>
 
 extern int
-___ieee128_wprintf_chk (int flag, const wchar_t *format, ...)
+___ieee128___wprintf_chk (int flag, const wchar_t *format, ...)
 {
   va_list ap;
   int done;
@@ -35,4 +35,4 @@ ___ieee128_wprintf_chk (int flag, const wchar_t *format, ...)
 
   return done;
 }
-strong_alias (___ieee128_wprintf_chk, __wprintf_chkieee128)
+strong_alias (___ieee128___wprintf_chk, __wprintf_chkieee128)
-- 
2.41.0

Re: [PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> The *_chk routines naming doesn't match the name that would be generated
> using libc_hidden_ldbl_proto. Since the macro is needed for some of
> these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to
> be fixed.
> While at it, all the *_chk function get renamed appropriately for
> consistency, even if not strictly necessary.
> ---

LGTM, but I'd like Raji to pitch in as well as ppc maintainer.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c  | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c  | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c   | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c  | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c       | 8 ++++----
>   .../ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c    | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c | 4 ++--
>   .../ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c    | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c  | 4 ++--
>   .../ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c    | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 4 ++--
>   .../ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c    | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c | 4 ++--
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c  | 4 ++--
>   19 files changed, 40 insertions(+), 40 deletions(-)
> 
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> index a50e334a2c..fbf953a728 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_asprintf_chk (char **string_ptr, int flag, const char *format, ...)
> +___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
>   {
>     va_list ap;
>     int done;
> @@ -35,4 +35,4 @@ ___ieee128_asprintf_chk (char **string_ptr, int flag, const char *format, ...)
>   
>     return done;
>   }
> -strong_alias (___ieee128_asprintf_chk, __asprintf_chkieee128)
> +strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
> index b53b06a513..7121020ed5 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-dprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_dprintf_chk (int d, int flag, const char *format, ...)
> +___ieee128___dprintf_chk (int d, int flag, const char *format, ...)
>   {
>     va_list ap;
>     int done;
> @@ -35,4 +35,4 @@ ___ieee128_dprintf_chk (int d, int flag, const char *format, ...)
>   
>     return done;
>   }
> -strong_alias (___ieee128_dprintf_chk, __dprintf_chkieee128)
> +strong_alias (___ieee128___dprintf_chk, __dprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> index 44eed0de99..bd10e9c3db 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_fprintf_chk (FILE *fp, int flag, const char *format, ...)
> +___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>   {
>     va_list ap;
>     int done;
> @@ -35,4 +35,4 @@ ___ieee128_fprintf_chk (FILE *fp, int flag, const char *format, ...)
>   
>     return done;
>   }
> -strong_alias (___ieee128_fprintf_chk, __fprintf_chkieee128)
> +strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> index 83c2f8e8d7..5b6cc3e768 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
> +___ieee128___fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
>   {
>     va_list ap;
>     int done;
> @@ -35,4 +35,4 @@ ___ieee128_fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
>   
>     return done;
>   }
> -strong_alias (___ieee128_fwprintf_chk, __fwprintf_chkieee128)
> +strong_alias (___ieee128___fwprintf_chk, __fwprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
> index ab5fe59c37..333f4e14b1 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-printf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_printf_chk (int flag, const char *format, ...)
> +___ieee128___printf_chk (int flag, const char *format, ...)
>   {
>     va_list ap;
>     int done;
> @@ -35,4 +35,4 @@ ___ieee128_printf_chk (int flag, const char *format, ...)
>   
>     return done;
>   }
> -strong_alias (___ieee128_printf_chk, __printf_chkieee128)
> +strong_alias (___ieee128___printf_chk, __printf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
> index 0ff2486642..a65f193dc1 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-snprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
> +___ieee128___snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
>   			const char *format, ...)
>   {
>     va_list ap;
> @@ -39,4 +39,4 @@ ___ieee128_snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
>   
>     return done;
>   }
> -strong_alias (___ieee128_snprintf_chk, __snprintf_chkieee128)
> +strong_alias (___ieee128___snprintf_chk, __snprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> index a0e598db42..0039c3b53d 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_sprintf_chk (char *s, int flag, size_t slen,
> +___ieee128___sprintf_chk (char *s, int flag, size_t slen,
>   		       const char *format, ...)
>   {
>     va_list ap;
> @@ -43,4 +43,4 @@ ___ieee128_sprintf_chk (char *s, int flag, size_t slen,
>   
>     return done;
>   }
> -strong_alias (___ieee128_sprintf_chk, __sprintf_chkieee128)
> +strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
> index 2453c231b8..b81e9ccc05 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-swprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_swprintf_chk (wchar_t *string, size_t maxlen, int flag,
> +___ieee128___swprintf_chk (wchar_t *string, size_t maxlen, int flag,
>   			size_t slen, const wchar_t *format, ...)
>   {
>     va_list ap;
> @@ -39,4 +39,4 @@ ___ieee128_swprintf_chk (wchar_t *string, size_t maxlen, int flag,
>   
>     return done;
>   }
> -strong_alias (___ieee128_swprintf_chk, __swprintf_chkieee128)
> +strong_alias (___ieee128___swprintf_chk, __swprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
> index 4ed4621b96..18aa7f707f 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
> @@ -40,7 +40,7 @@ ___ieee128_vsyslog (int pri, const char *fmt, va_list ap)
>   strong_alias (___ieee128_vsyslog, __vsyslogieee128)
>   
>   void
> -___ieee128_syslog_chk (int pri, int flag, const char *fmt, ...)
> +___ieee128___syslog_chk (int pri, int flag, const char *fmt, ...)
>   {
>     va_list ap;
>   
> @@ -52,10 +52,10 @@ ___ieee128_syslog_chk (int pri, int flag, const char *fmt, ...)
>     __vsyslog_internal (pri, fmt, ap, mode);
>     va_end (ap);
>   }
> -strong_alias (___ieee128_syslog_chk, __syslog_chkieee128)
> +strong_alias (___ieee128___syslog_chk, __syslog_chkieee128)
>   
>   void
> -___ieee128_vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
> +___ieee128___vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
>     if (flag > 0)
> @@ -63,4 +63,4 @@ ___ieee128_vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
>   
>     __vsyslog_internal (pri, fmt, ap, mode);
>   }
> -strong_alias (___ieee128_vsyslog_chk, __vsyslog_chkieee128)
> +strong_alias (___ieee128___vsyslog_chk, __vsyslog_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
> index 5350e777f3..a5a048f2b5 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vasprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vasprintf_chk (char **result_ptr, int flag, const char *format,
> +___ieee128___vasprintf_chk (char **result_ptr, int flag, const char *format,
>   			 va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
> @@ -28,4 +28,4 @@ ___ieee128_vasprintf_chk (char **result_ptr, int flag, const char *format,
>   
>     return __vasprintf_internal (result_ptr, format, ap, mode);
>   }
> -strong_alias (___ieee128_vasprintf_chk, __vasprintf_chkieee128)
> +strong_alias (___ieee128___vasprintf_chk, __vasprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
> index 7e38917cb5..ac7f26ec6d 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vdprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vdprintf_chk (int d, int flag, const char *format, va_list ap)
> +___ieee128___vdprintf_chk (int d, int flag, const char *format, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
>     if (flag > 0)
> @@ -27,4 +27,4 @@ ___ieee128_vdprintf_chk (int d, int flag, const char *format, va_list ap)
>   
>     return __vdprintf_internal (d, format, ap, mode);
>   }
> -strong_alias (___ieee128_vdprintf_chk, __vdprintf_chkieee128)
> +strong_alias (___ieee128___vdprintf_chk, __vdprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
> index bf2ace508f..50c12265bc 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
> +___ieee128___vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
>     if (flag > 0)
> @@ -27,4 +27,4 @@ ___ieee128_vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
>   
>     return __vfprintf_internal (fp, format, ap, mode);
>   }
> -strong_alias (___ieee128_vfprintf_chk, __vfprintf_chkieee128)
> +strong_alias (___ieee128___vfprintf_chk, __vfprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
> index b2379176f2..a5005927dc 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vfwprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
> +___ieee128___vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
>   			 va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
> @@ -28,4 +28,4 @@ ___ieee128_vfwprintf_chk (FILE *fp, int flag, const wchar_t *format,
>   
>     return __vfwprintf_internal (fp, format, ap, mode);
>   }
> -strong_alias (___ieee128_vfwprintf_chk, __vfwprintf_chkieee128)
> +strong_alias (___ieee128___vfwprintf_chk, __vfwprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
> index ca718d06bb..1281e41b6f 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vprintf_chk (int flag, const char *format, va_list ap)
> +___ieee128___vprintf_chk (int flag, const char *format, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
>     if (flag > 0)
> @@ -27,4 +27,4 @@ ___ieee128_vprintf_chk (int flag, const char *format, va_list ap)
>   
>     return __vfprintf_internal (stdout, format, ap, mode);
>   }
> -strong_alias (___ieee128_vprintf_chk, __vprintf_chkieee128)
> +strong_alias (___ieee128___vprintf_chk, __vprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
> index 79d359b5d4..d91e8fa956 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsnprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vsnprintf_chk (char *string, size_t maxlen, int flag,
> +___ieee128___vsnprintf_chk (char *string, size_t maxlen, int flag,
>   			 size_t slen, const char *format, va_list ap)
>   {
>     if (__glibc_unlikely (slen < maxlen))
> @@ -31,4 +31,4 @@ ___ieee128_vsnprintf_chk (char *string, size_t maxlen, int flag,
>   
>     return __vsnprintf_internal (string, maxlen, format, ap, mode);
>   }
> -strong_alias (___ieee128_vsnprintf_chk, __vsnprintf_chkieee128)
> +strong_alias (___ieee128___vsnprintf_chk, __vsnprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> index b4b2b2d14f..22137269c0 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vsprintf_chk (char *string, int flag, size_t slen,
> +___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
>   			const char *format, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
> @@ -35,4 +35,4 @@ ___ieee128_vsprintf_chk (char *string, int flag, size_t slen,
>   
>     return __vsprintf_internal (string, slen, format, ap, mode);
>   }
> -strong_alias (___ieee128_vsprintf_chk, __vsprintf_chkieee128)
> +strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
> index 9cd56ba5d4..888513d3c6 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vswprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
> +___ieee128___vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
>   			 size_t slen, const wchar_t *format, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
> @@ -31,4 +31,4 @@ ___ieee128_vswprintf_chk (wchar_t *string, size_t maxlen, int flag,
>   
>     return __vswprintf_internal (string, maxlen, format, ap, mode);
>   }
> -strong_alias (___ieee128_vswprintf_chk, __vswprintf_chkieee128)
> +strong_alias (___ieee128___vswprintf_chk, __vswprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
> index 3861edf480..f61f2d6c44 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vwprintf_chk.c
> @@ -19,7 +19,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_vwprintf_chk (int flag, const wchar_t *format, va_list ap)
> +___ieee128___vwprintf_chk (int flag, const wchar_t *format, va_list ap)
>   {
>     unsigned int mode = PRINTF_LDBL_USES_FLOAT128;
>     if (flag > 0)
> @@ -27,4 +27,4 @@ ___ieee128_vwprintf_chk (int flag, const wchar_t *format, va_list ap)
>   
>     return __vfwprintf_internal (stdout, format, ap, mode);
>   }
> -strong_alias (___ieee128_vwprintf_chk, __vwprintf_chkieee128)
> +strong_alias (___ieee128___vwprintf_chk, __vwprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
> index 440e0691cb..19d9a92dd2 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-wprintf_chk.c
> @@ -20,7 +20,7 @@
>   #include <libio/libioP.h>
>   
>   extern int
> -___ieee128_wprintf_chk (int flag, const wchar_t *format, ...)
> +___ieee128___wprintf_chk (int flag, const wchar_t *format, ...)
>   {
>     va_list ap;
>     int done;
> @@ -35,4 +35,4 @@ ___ieee128_wprintf_chk (int flag, const wchar_t *format, ...)
>   
>     return done;
>   }
> -strong_alias (___ieee128_wprintf_chk, __wprintf_chkieee128)
> +strong_alias (___ieee128___wprintf_chk, __wprintf_chkieee128)

Re: [PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named

[Paul E Murphy]

On 6/30/23 9:58 AM, Siddhesh Poyarekar wrote:
> 
> 
> On 2023-06-28 04:42, Frédéric Bérat wrote:
>> The *_chk routines naming doesn't match the name that would be generated
>> using libc_hidden_ldbl_proto. Since the macro is needed for some of
>> these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to
>> be fixed.
>> While at it, all the *_chk function get renamed appropriately for
>> consistency, even if not strictly necessary.
>> ---
> 
> LGTM, but I'd like Raji to pitch in as well as ppc maintainer.


This LGTM (on behalf of Raji).  I am surprised this wasn't noticed 
sooner.  Was it not noticed because there are no internal calls within 
libc to these functions?

Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>

Re: [PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named

[Frederic Berat]

[-- Attachment #1: Type: text/plain, Size: 1051 bytes --]

On Fri, Jun 30, 2023 at 5:55 PM Paul E Murphy <murphyp@linux.ibm.com> wrote:

>
>
> On 6/30/23 9:58 AM, Siddhesh Poyarekar wrote:
> >
> >
> > On 2023-06-28 04:42, Frédéric Bérat wrote:
> >> The *_chk routines naming doesn't match the name that would be generated
> >> using libc_hidden_ldbl_proto. Since the macro is needed for some of
> >> these *_chk functions for _FORTIFY_SOURCE to be enabled, that needed to
> >> be fixed.
> >> While at it, all the *_chk function get renamed appropriately for
> >> consistency, even if not strictly necessary.
> >> ---
> >
> > LGTM, but I'd like Raji to pitch in as well as ppc maintainer.
>
>
> This LGTM (on behalf of Raji).  I am surprised this wasn't noticed
> sooner.  Was it not noticed because there are no internal calls within
> libc to these functions?
>
>
It wasn't noticed because the macros were not used nor needed as long as
building glibc with fortification was forbidden by the configure script.


> Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
>
>
>

[PATCH v3 04/16] string: Ensure *_chk routines have their hidden builtin definition available

[Frédéric Bérat]

If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
there are unwanted PLT entries in libc.so.
---
 debug/memcpy_chk.c                        | 1 +
 debug/memmove_chk.c                       | 1 +
 debug/mempcpy_chk.c                       | 1 +
 debug/memset_chk.c                        | 1 +
 debug/stpcpy_chk.c                        | 1 +
 include/string.h                          | 7 +++++++
 sysdeps/i386/i586/memcpy.S                | 1 +
 sysdeps/i386/i586/memset.S                | 1 +
 sysdeps/i386/i686/memcpy.S                | 1 +
 sysdeps/i386/i686/memmove.S               | 1 +
 sysdeps/i386/i686/mempcpy.S               | 1 +
 sysdeps/i386/i686/memset.S                | 1 +
 sysdeps/i386/i686/multiarch/memcpy_chk.c  | 4 ++++
 sysdeps/i386/i686/multiarch/memmove_chk.c | 4 ++++
 sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 ++++
 sysdeps/i386/i686/multiarch/memset_chk.c  | 5 ++++-
 sysdeps/i386/memcpy_chk.S                 | 1 +
 sysdeps/i386/memmove_chk.S                | 1 +
 sysdeps/i386/mempcpy_chk.S                | 1 +
 sysdeps/i386/memset_chk.S                 | 1 +
 sysdeps/x86_64/memcpy_chk.S               | 1 +
 sysdeps/x86_64/memmove_chk.S              | 1 +
 sysdeps/x86_64/mempcpy_chk.S              | 1 +
 sysdeps/x86_64/memset_chk.S               | 1 +
 sysdeps/x86_64/multiarch/memcpy_chk.c     | 4 ++++
 sysdeps/x86_64/multiarch/memmove_chk.c    | 4 ++++
 sysdeps/x86_64/multiarch/mempcpy_chk.c    | 4 ++++
 sysdeps/x86_64/multiarch/memset_chk.c     | 4 ++++
 28 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/debug/memcpy_chk.c b/debug/memcpy_chk.c
index c6dd94c83f..1e4a82c063 100644
--- a/debug/memcpy_chk.c
+++ b/debug/memcpy_chk.c
@@ -28,3 +28,4 @@ __memcpy_chk (void *dstpp, const void *srcpp, size_t len, size_t dstlen)
 
   return memcpy (dstpp, srcpp, len);
 }
+libc_hidden_builtin_def (__memcpy_chk)
diff --git a/debug/memmove_chk.c b/debug/memmove_chk.c
index 8922a1ba26..b714aa474c 100644
--- a/debug/memmove_chk.c
+++ b/debug/memmove_chk.c
@@ -32,3 +32,4 @@ MEMMOVE_CHK (void *dest, const void *src, size_t len, size_t destlen)
 
   return memmove (dest, src, len);
 }
+libc_hidden_builtin_def (MEMMOVE_CHK)
diff --git a/debug/mempcpy_chk.c b/debug/mempcpy_chk.c
index 17a46a3b4d..b47b14ee9a 100644
--- a/debug/mempcpy_chk.c
+++ b/debug/mempcpy_chk.c
@@ -29,3 +29,4 @@ __mempcpy_chk (void *dstpp, const void *srcpp, size_t len, size_t dstlen)
 
   return __mempcpy (dstpp, srcpp, len);
 }
+libc_hidden_builtin_def (__mempcpy_chk)
diff --git a/debug/memset_chk.c b/debug/memset_chk.c
index 4fc0b55d82..93901f5f34 100644
--- a/debug/memset_chk.c
+++ b/debug/memset_chk.c
@@ -26,3 +26,4 @@ __memset_chk (void *dstpp, int c, size_t len, size_t dstlen)
 
   return memset (dstpp, c, len);
 }
+libc_hidden_builtin_def (__memset_chk)
diff --git a/debug/stpcpy_chk.c b/debug/stpcpy_chk.c
index 230b52bd01..518dd78dca 100644
--- a/debug/stpcpy_chk.c
+++ b/debug/stpcpy_chk.c
@@ -32,3 +32,4 @@ __stpcpy_chk (char *dest, const char *src, size_t destlen)
 
   return memcpy (dest, src, len + 1) + len;
 }
+libc_hidden_builtin_def (__stpcpy_chk)
diff --git a/include/string.h b/include/string.h
index 0c78ad2539..659530d1aa 100644
--- a/include/string.h
+++ b/include/string.h
@@ -208,6 +208,13 @@ extern char *__strcat_chk (char *__restrict __dest,
 extern char *__strncat_chk (char *__restrict __dest,
 			    const char *__restrict __src,
 			    size_t __len, size_t __destlen) __THROW;
+
+libc_hidden_builtin_proto (__memcpy_chk)
+libc_hidden_builtin_proto (__memmove_chk)
+libc_hidden_builtin_proto (__mempcpy_chk)
+libc_hidden_builtin_proto (__memset_chk)
+libc_hidden_builtin_proto (__stpcpy_chk)
+
 #endif
 
 #endif
diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S
index 58061d5adf..e3405e577c 100644
--- a/sysdeps/i386/i586/memcpy.S
+++ b/sysdeps/i386/i586/memcpy.S
@@ -32,6 +32,7 @@ ENTRY (__memcpy_chk)
 	cmpl	%eax, 16(%esp)
 	jb	HIDDEN_JUMPTARGET (__chk_fail)
 END (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
 #endif
 ENTRY (memcpy)
 
diff --git a/sysdeps/i386/i586/memset.S b/sysdeps/i386/i586/memset.S
index 413e8ec6a9..f1f0e1a99b 100644
--- a/sysdeps/i386/i586/memset.S
+++ b/sysdeps/i386/i586/memset.S
@@ -33,6 +33,7 @@ ENTRY (__memset_chk)
 	cmpl	%eax, 16(%esp)
 	jb	HIDDEN_JUMPTARGET (__chk_fail)
 END (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
 #endif
 ENTRY (memset)
 
diff --git a/sysdeps/i386/i686/memcpy.S b/sysdeps/i386/i686/memcpy.S
index 604d3088f6..9b48ec0ea1 100644
--- a/sysdeps/i386/i686/memcpy.S
+++ b/sysdeps/i386/i686/memcpy.S
@@ -33,6 +33,7 @@ ENTRY_CHK (__memcpy_chk)
 	cmpl	%eax, 16(%esp)
 	jb	HIDDEN_JUMPTARGET (__chk_fail)
 END_CHK (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
 #endif
 ENTRY (memcpy)
 
diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S
index cff06c27e5..06fe2a7668 100644
--- a/sysdeps/i386/i686/memmove.S
+++ b/sysdeps/i386/i686/memmove.S
@@ -35,6 +35,7 @@ ENTRY_CHK (__memmove_chk)
 	cmpl	%eax, 16(%esp)
 	jb	HIDDEN_JUMPTARGET (__chk_fail)
 END_CHK (__memmove_chk)
+libc_hidden_builtin_def (__memmove_chk)
 #endif
 
 ENTRY (memmove)
diff --git a/sysdeps/i386/i686/mempcpy.S b/sysdeps/i386/i686/mempcpy.S
index af3f2cca08..26f8501e7d 100644
--- a/sysdeps/i386/i686/mempcpy.S
+++ b/sysdeps/i386/i686/mempcpy.S
@@ -33,6 +33,7 @@ ENTRY_CHK (__mempcpy_chk)
 	cmpl	%eax, 16(%esp)
 	jb	HIDDEN_JUMPTARGET (__chk_fail)
 END_CHK (__mempcpy_chk)
+libc_hidden_builtin_def (__mempcpy_chk)
 #endif
 ENTRY (__mempcpy)
 
diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S
index d4891880d7..0b5e671d83 100644
--- a/sysdeps/i386/i686/memset.S
+++ b/sysdeps/i386/i686/memset.S
@@ -33,6 +33,7 @@ ENTRY_CHK (__memset_chk)
 	cmpl	%eax, 16(%esp)
 	jb	HIDDEN_JUMPTARGET (__chk_fail)
 END_CHK (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
 #endif
 ENTRY (memset)
 
diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.c b/sysdeps/i386/i686/multiarch/memcpy_chk.c
index 5ac5cb1d7a..ec945dc91f 100644
--- a/sysdeps/i386/i686/multiarch/memcpy_chk.c
+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
+# endif
 #endif
diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.c b/sysdeps/i386/i686/multiarch/memmove_chk.c
index 28161d3c27..55c7601d5d 100644
--- a/sysdeps/i386/i686/multiarch/memmove_chk.c
+++ b/sysdeps/i386/i686/multiarch/memmove_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
+# endif
 #endif
diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.c b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
index 36c81ae61a..83569cf9d9 100644
--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.c
+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
+# endif
 #endif
diff --git a/sysdeps/i386/i686/multiarch/memset_chk.c b/sysdeps/i386/i686/multiarch/memset_chk.c
index cf3e811327..1a7503858d 100644
--- a/sysdeps/i386/i686/multiarch/memset_chk.c
+++ b/sysdeps/i386/i686/multiarch/memset_chk.c
@@ -28,5 +28,8 @@
 
 libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
 		       IFUNC_SELECTOR ());
-
+# ifdef SHARED
+__hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
+# endif
 #endif
diff --git a/sysdeps/i386/memcpy_chk.S b/sysdeps/i386/memcpy_chk.S
index b5244cc69b..7b12c12aba 100644
--- a/sysdeps/i386/memcpy_chk.S
+++ b/sysdeps/i386/memcpy_chk.S
@@ -31,4 +31,5 @@ ENTRY (__memcpy_chk)
 	jb	__chk_fail
 	jmp	memcpy
 END (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
 #endif
diff --git a/sysdeps/i386/memmove_chk.S b/sysdeps/i386/memmove_chk.S
index 517d8cb15a..604aea8305 100644
--- a/sysdeps/i386/memmove_chk.S
+++ b/sysdeps/i386/memmove_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memmove_chk)
 	jb	__chk_fail
 	jmp	memmove
 END (__memmove_chk)
+libc_hidden_builtin_def (MEMMOVE_CHK)
 #endif
diff --git a/sysdeps/i386/mempcpy_chk.S b/sysdeps/i386/mempcpy_chk.S
index 1e9bf71bfb..276eab1e8a 100644
--- a/sysdeps/i386/mempcpy_chk.S
+++ b/sysdeps/i386/mempcpy_chk.S
@@ -30,4 +30,5 @@ ENTRY (__mempcpy_chk)
 	jb	__chk_fail
 	jmp	__mempcpy
 END (__mempcpy_chk)
+libc_hidden_builtin_def (__mempcpy_chk)
 #endif
diff --git a/sysdeps/i386/memset_chk.S b/sysdeps/i386/memset_chk.S
index 0e6060a0a6..a2e9208e1c 100644
--- a/sysdeps/i386/memset_chk.S
+++ b/sysdeps/i386/memset_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memset_chk)
 	jb	__chk_fail
 	jmp	memset
 END (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
 #endif
diff --git a/sysdeps/x86_64/memcpy_chk.S b/sysdeps/x86_64/memcpy_chk.S
index 25cbeb37ee..43843a7abb 100644
--- a/sysdeps/x86_64/memcpy_chk.S
+++ b/sysdeps/x86_64/memcpy_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memcpy_chk)
 	jb	__chk_fail
 	jmp	memcpy
 END (__memcpy_chk)
+libc_hidden_builtin_def (__memcpy_chk)
 #endif
diff --git a/sysdeps/x86_64/memmove_chk.S b/sysdeps/x86_64/memmove_chk.S
index 165d42cfa8..37e2c30ba8 100644
--- a/sysdeps/x86_64/memmove_chk.S
+++ b/sysdeps/x86_64/memmove_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memmove_chk)
 	jb	__chk_fail
 	jmp	memmove
 END (__memmove_chk)
+libc_hidden_builtin_def (MEMMOVE_CHK)
 #endif
diff --git a/sysdeps/x86_64/mempcpy_chk.S b/sysdeps/x86_64/mempcpy_chk.S
index b60ee4ff08..facdac50d8 100644
--- a/sysdeps/x86_64/mempcpy_chk.S
+++ b/sysdeps/x86_64/mempcpy_chk.S
@@ -30,4 +30,5 @@ ENTRY (__mempcpy_chk)
 	jb	__chk_fail
 	jmp	__mempcpy
 END (__mempcpy_chk)
+libc_hidden_builtin_def (__mempcpy_chk)
 #endif
diff --git a/sysdeps/x86_64/memset_chk.S b/sysdeps/x86_64/memset_chk.S
index ed53b8927f..c927884b1a 100644
--- a/sysdeps/x86_64/memset_chk.S
+++ b/sysdeps/x86_64/memset_chk.S
@@ -30,4 +30,5 @@ ENTRY (__memset_chk)
 	jb	__chk_fail
 	jmp	memset
 END (__memset_chk)
+libc_hidden_builtin_def (__memset_chk)
 #endif
diff --git a/sysdeps/x86_64/multiarch/memcpy_chk.c b/sysdeps/x86_64/multiarch/memcpy_chk.c
index 5ac5cb1d7a..ec945dc91f 100644
--- a/sysdeps/x86_64/multiarch/memcpy_chk.c
+++ b/sysdeps/x86_64/multiarch/memcpy_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
+# endif
 #endif
diff --git a/sysdeps/x86_64/multiarch/memmove_chk.c b/sysdeps/x86_64/multiarch/memmove_chk.c
index 28161d3c27..55c7601d5d 100644
--- a/sysdeps/x86_64/multiarch/memmove_chk.c
+++ b/sysdeps/x86_64/multiarch/memmove_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
+# endif
 #endif
diff --git a/sysdeps/x86_64/multiarch/mempcpy_chk.c b/sysdeps/x86_64/multiarch/mempcpy_chk.c
index 36c81ae61a..83569cf9d9 100644
--- a/sysdeps/x86_64/multiarch/mempcpy_chk.c
+++ b/sysdeps/x86_64/multiarch/mempcpy_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
+# endif
 #endif
diff --git a/sysdeps/x86_64/multiarch/memset_chk.c b/sysdeps/x86_64/multiarch/memset_chk.c
index d81147a70c..1a7503858d 100644
--- a/sysdeps/x86_64/multiarch/memset_chk.c
+++ b/sysdeps/x86_64/multiarch/memset_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
+# endif
 #endif
-- 
2.41.0

Re: [PATCH v3 04/16] string: Ensure *_chk routines have their hidden builtin definition available

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
> there are unwanted PLT entries in libc.so.
> ---

LGTM.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   debug/memcpy_chk.c                        | 1 +
>   debug/memmove_chk.c                       | 1 +
>   debug/mempcpy_chk.c                       | 1 +
>   debug/memset_chk.c                        | 1 +
>   debug/stpcpy_chk.c                        | 1 +
>   include/string.h                          | 7 +++++++
>   sysdeps/i386/i586/memcpy.S                | 1 +
>   sysdeps/i386/i586/memset.S                | 1 +
>   sysdeps/i386/i686/memcpy.S                | 1 +
>   sysdeps/i386/i686/memmove.S               | 1 +
>   sysdeps/i386/i686/mempcpy.S               | 1 +
>   sysdeps/i386/i686/memset.S                | 1 +
>   sysdeps/i386/i686/multiarch/memcpy_chk.c  | 4 ++++
>   sysdeps/i386/i686/multiarch/memmove_chk.c | 4 ++++
>   sysdeps/i386/i686/multiarch/mempcpy_chk.c | 4 ++++
>   sysdeps/i386/i686/multiarch/memset_chk.c  | 5 ++++-
>   sysdeps/i386/memcpy_chk.S                 | 1 +
>   sysdeps/i386/memmove_chk.S                | 1 +
>   sysdeps/i386/mempcpy_chk.S                | 1 +
>   sysdeps/i386/memset_chk.S                 | 1 +
>   sysdeps/x86_64/memcpy_chk.S               | 1 +
>   sysdeps/x86_64/memmove_chk.S              | 1 +
>   sysdeps/x86_64/mempcpy_chk.S              | 1 +
>   sysdeps/x86_64/memset_chk.S               | 1 +
>   sysdeps/x86_64/multiarch/memcpy_chk.c     | 4 ++++
>   sysdeps/x86_64/multiarch/memmove_chk.c    | 4 ++++
>   sysdeps/x86_64/multiarch/mempcpy_chk.c    | 4 ++++
>   sysdeps/x86_64/multiarch/memset_chk.c     | 4 ++++
>   28 files changed, 58 insertions(+), 1 deletion(-)
> 
> diff --git a/debug/memcpy_chk.c b/debug/memcpy_chk.c
> index c6dd94c83f..1e4a82c063 100644
> --- a/debug/memcpy_chk.c
> +++ b/debug/memcpy_chk.c
> @@ -28,3 +28,4 @@ __memcpy_chk (void *dstpp, const void *srcpp, size_t len, size_t dstlen)
>   
>     return memcpy (dstpp, srcpp, len);
>   }
> +libc_hidden_builtin_def (__memcpy_chk)
> diff --git a/debug/memmove_chk.c b/debug/memmove_chk.c
> index 8922a1ba26..b714aa474c 100644
> --- a/debug/memmove_chk.c
> +++ b/debug/memmove_chk.c
> @@ -32,3 +32,4 @@ MEMMOVE_CHK (void *dest, const void *src, size_t len, size_t destlen)
>   
>     return memmove (dest, src, len);
>   }
> +libc_hidden_builtin_def (MEMMOVE_CHK)
> diff --git a/debug/mempcpy_chk.c b/debug/mempcpy_chk.c
> index 17a46a3b4d..b47b14ee9a 100644
> --- a/debug/mempcpy_chk.c
> +++ b/debug/mempcpy_chk.c
> @@ -29,3 +29,4 @@ __mempcpy_chk (void *dstpp, const void *srcpp, size_t len, size_t dstlen)
>   
>     return __mempcpy (dstpp, srcpp, len);
>   }
> +libc_hidden_builtin_def (__mempcpy_chk)
> diff --git a/debug/memset_chk.c b/debug/memset_chk.c
> index 4fc0b55d82..93901f5f34 100644
> --- a/debug/memset_chk.c
> +++ b/debug/memset_chk.c
> @@ -26,3 +26,4 @@ __memset_chk (void *dstpp, int c, size_t len, size_t dstlen)
>   
>     return memset (dstpp, c, len);
>   }
> +libc_hidden_builtin_def (__memset_chk)
> diff --git a/debug/stpcpy_chk.c b/debug/stpcpy_chk.c
> index 230b52bd01..518dd78dca 100644
> --- a/debug/stpcpy_chk.c
> +++ b/debug/stpcpy_chk.c
> @@ -32,3 +32,4 @@ __stpcpy_chk (char *dest, const char *src, size_t destlen)
>   
>     return memcpy (dest, src, len + 1) + len;
>   }
> +libc_hidden_builtin_def (__stpcpy_chk)
> diff --git a/include/string.h b/include/string.h
> index 0c78ad2539..659530d1aa 100644
> --- a/include/string.h
> +++ b/include/string.h
> @@ -208,6 +208,13 @@ extern char *__strcat_chk (char *__restrict __dest,
>   extern char *__strncat_chk (char *__restrict __dest,
>   			    const char *__restrict __src,
>   			    size_t __len, size_t __destlen) __THROW;
> +
> +libc_hidden_builtin_proto (__memcpy_chk)
> +libc_hidden_builtin_proto (__memmove_chk)
> +libc_hidden_builtin_proto (__mempcpy_chk)
> +libc_hidden_builtin_proto (__memset_chk)
> +libc_hidden_builtin_proto (__stpcpy_chk)
> +
>   #endif
>   
>   #endif
> diff --git a/sysdeps/i386/i586/memcpy.S b/sysdeps/i386/i586/memcpy.S
> index 58061d5adf..e3405e577c 100644
> --- a/sysdeps/i386/i586/memcpy.S
> +++ b/sysdeps/i386/i586/memcpy.S
> @@ -32,6 +32,7 @@ ENTRY (__memcpy_chk)
>   	cmpl	%eax, 16(%esp)
>   	jb	HIDDEN_JUMPTARGET (__chk_fail)
>   END (__memcpy_chk)
> +libc_hidden_builtin_def (__memcpy_chk)
>   #endif
>   ENTRY (memcpy)
>   
> diff --git a/sysdeps/i386/i586/memset.S b/sysdeps/i386/i586/memset.S
> index 413e8ec6a9..f1f0e1a99b 100644
> --- a/sysdeps/i386/i586/memset.S
> +++ b/sysdeps/i386/i586/memset.S
> @@ -33,6 +33,7 @@ ENTRY (__memset_chk)
>   	cmpl	%eax, 16(%esp)
>   	jb	HIDDEN_JUMPTARGET (__chk_fail)
>   END (__memset_chk)
> +libc_hidden_builtin_def (__memset_chk)
>   #endif
>   ENTRY (memset)
>   
> diff --git a/sysdeps/i386/i686/memcpy.S b/sysdeps/i386/i686/memcpy.S
> index 604d3088f6..9b48ec0ea1 100644
> --- a/sysdeps/i386/i686/memcpy.S
> +++ b/sysdeps/i386/i686/memcpy.S
> @@ -33,6 +33,7 @@ ENTRY_CHK (__memcpy_chk)
>   	cmpl	%eax, 16(%esp)
>   	jb	HIDDEN_JUMPTARGET (__chk_fail)
>   END_CHK (__memcpy_chk)
> +libc_hidden_builtin_def (__memcpy_chk)
>   #endif
>   ENTRY (memcpy)
>   
> diff --git a/sysdeps/i386/i686/memmove.S b/sysdeps/i386/i686/memmove.S
> index cff06c27e5..06fe2a7668 100644
> --- a/sysdeps/i386/i686/memmove.S
> +++ b/sysdeps/i386/i686/memmove.S
> @@ -35,6 +35,7 @@ ENTRY_CHK (__memmove_chk)
>   	cmpl	%eax, 16(%esp)
>   	jb	HIDDEN_JUMPTARGET (__chk_fail)
>   END_CHK (__memmove_chk)
> +libc_hidden_builtin_def (__memmove_chk)
>   #endif
>   
>   ENTRY (memmove)
> diff --git a/sysdeps/i386/i686/mempcpy.S b/sysdeps/i386/i686/mempcpy.S
> index af3f2cca08..26f8501e7d 100644
> --- a/sysdeps/i386/i686/mempcpy.S
> +++ b/sysdeps/i386/i686/mempcpy.S
> @@ -33,6 +33,7 @@ ENTRY_CHK (__mempcpy_chk)
>   	cmpl	%eax, 16(%esp)
>   	jb	HIDDEN_JUMPTARGET (__chk_fail)
>   END_CHK (__mempcpy_chk)
> +libc_hidden_builtin_def (__mempcpy_chk)
>   #endif
>   ENTRY (__mempcpy)
>   
> diff --git a/sysdeps/i386/i686/memset.S b/sysdeps/i386/i686/memset.S
> index d4891880d7..0b5e671d83 100644
> --- a/sysdeps/i386/i686/memset.S
> +++ b/sysdeps/i386/i686/memset.S
> @@ -33,6 +33,7 @@ ENTRY_CHK (__memset_chk)
>   	cmpl	%eax, 16(%esp)
>   	jb	HIDDEN_JUMPTARGET (__chk_fail)
>   END_CHK (__memset_chk)
> +libc_hidden_builtin_def (__memset_chk)
>   #endif
>   ENTRY (memset)
>   
> diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.c b/sysdeps/i386/i686/multiarch/memcpy_chk.c
> index 5ac5cb1d7a..ec945dc91f 100644
> --- a/sysdeps/i386/i686/multiarch/memcpy_chk.c
> +++ b/sysdeps/i386/i686/multiarch/memcpy_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.c b/sysdeps/i386/i686/multiarch/memmove_chk.c
> index 28161d3c27..55c7601d5d 100644
> --- a/sysdeps/i386/i686/multiarch/memmove_chk.c
> +++ b/sysdeps/i386/i686/multiarch/memmove_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.c b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
> index 36c81ae61a..83569cf9d9 100644
> --- a/sysdeps/i386/i686/multiarch/mempcpy_chk.c
> +++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/i386/i686/multiarch/memset_chk.c b/sysdeps/i386/i686/multiarch/memset_chk.c
> index cf3e811327..1a7503858d 100644
> --- a/sysdeps/i386/i686/multiarch/memset_chk.c
> +++ b/sysdeps/i386/i686/multiarch/memset_chk.c
> @@ -28,5 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
>   		       IFUNC_SELECTOR ());
> -
> +# ifdef SHARED
> +__hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/i386/memcpy_chk.S b/sysdeps/i386/memcpy_chk.S
> index b5244cc69b..7b12c12aba 100644
> --- a/sysdeps/i386/memcpy_chk.S
> +++ b/sysdeps/i386/memcpy_chk.S
> @@ -31,4 +31,5 @@ ENTRY (__memcpy_chk)
>   	jb	__chk_fail
>   	jmp	memcpy
>   END (__memcpy_chk)
> +libc_hidden_builtin_def (__memcpy_chk)
>   #endif
> diff --git a/sysdeps/i386/memmove_chk.S b/sysdeps/i386/memmove_chk.S
> index 517d8cb15a..604aea8305 100644
> --- a/sysdeps/i386/memmove_chk.S
> +++ b/sysdeps/i386/memmove_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__memmove_chk)
>   	jb	__chk_fail
>   	jmp	memmove
>   END (__memmove_chk)
> +libc_hidden_builtin_def (MEMMOVE_CHK)
>   #endif
> diff --git a/sysdeps/i386/mempcpy_chk.S b/sysdeps/i386/mempcpy_chk.S
> index 1e9bf71bfb..276eab1e8a 100644
> --- a/sysdeps/i386/mempcpy_chk.S
> +++ b/sysdeps/i386/mempcpy_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__mempcpy_chk)
>   	jb	__chk_fail
>   	jmp	__mempcpy
>   END (__mempcpy_chk)
> +libc_hidden_builtin_def (__mempcpy_chk)
>   #endif
> diff --git a/sysdeps/i386/memset_chk.S b/sysdeps/i386/memset_chk.S
> index 0e6060a0a6..a2e9208e1c 100644
> --- a/sysdeps/i386/memset_chk.S
> +++ b/sysdeps/i386/memset_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__memset_chk)
>   	jb	__chk_fail
>   	jmp	memset
>   END (__memset_chk)
> +libc_hidden_builtin_def (__memset_chk)
>   #endif
> diff --git a/sysdeps/x86_64/memcpy_chk.S b/sysdeps/x86_64/memcpy_chk.S
> index 25cbeb37ee..43843a7abb 100644
> --- a/sysdeps/x86_64/memcpy_chk.S
> +++ b/sysdeps/x86_64/memcpy_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__memcpy_chk)
>   	jb	__chk_fail
>   	jmp	memcpy
>   END (__memcpy_chk)
> +libc_hidden_builtin_def (__memcpy_chk)
>   #endif
> diff --git a/sysdeps/x86_64/memmove_chk.S b/sysdeps/x86_64/memmove_chk.S
> index 165d42cfa8..37e2c30ba8 100644
> --- a/sysdeps/x86_64/memmove_chk.S
> +++ b/sysdeps/x86_64/memmove_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__memmove_chk)
>   	jb	__chk_fail
>   	jmp	memmove
>   END (__memmove_chk)
> +libc_hidden_builtin_def (MEMMOVE_CHK)
>   #endif
> diff --git a/sysdeps/x86_64/mempcpy_chk.S b/sysdeps/x86_64/mempcpy_chk.S
> index b60ee4ff08..facdac50d8 100644
> --- a/sysdeps/x86_64/mempcpy_chk.S
> +++ b/sysdeps/x86_64/mempcpy_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__mempcpy_chk)
>   	jb	__chk_fail
>   	jmp	__mempcpy
>   END (__mempcpy_chk)
> +libc_hidden_builtin_def (__mempcpy_chk)
>   #endif
> diff --git a/sysdeps/x86_64/memset_chk.S b/sysdeps/x86_64/memset_chk.S
> index ed53b8927f..c927884b1a 100644
> --- a/sysdeps/x86_64/memset_chk.S
> +++ b/sysdeps/x86_64/memset_chk.S
> @@ -30,4 +30,5 @@ ENTRY (__memset_chk)
>   	jb	__chk_fail
>   	jmp	memset
>   END (__memset_chk)
> +libc_hidden_builtin_def (__memset_chk)
>   #endif
> diff --git a/sysdeps/x86_64/multiarch/memcpy_chk.c b/sysdeps/x86_64/multiarch/memcpy_chk.c
> index 5ac5cb1d7a..ec945dc91f 100644
> --- a/sysdeps/x86_64/multiarch/memcpy_chk.c
> +++ b/sysdeps/x86_64/multiarch/memcpy_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/x86_64/multiarch/memmove_chk.c b/sysdeps/x86_64/multiarch/memmove_chk.c
> index 28161d3c27..55c7601d5d 100644
> --- a/sysdeps/x86_64/multiarch/memmove_chk.c
> +++ b/sysdeps/x86_64/multiarch/memmove_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/x86_64/multiarch/mempcpy_chk.c b/sysdeps/x86_64/multiarch/mempcpy_chk.c
> index 36c81ae61a..83569cf9d9 100644
> --- a/sysdeps/x86_64/multiarch/mempcpy_chk.c
> +++ b/sysdeps/x86_64/multiarch/mempcpy_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk);
> +# endif
>   #endif
> diff --git a/sysdeps/x86_64/multiarch/memset_chk.c b/sysdeps/x86_64/multiarch/memset_chk.c
> index d81147a70c..1a7503858d 100644
> --- a/sysdeps/x86_64/multiarch/memset_chk.c
> +++ b/sysdeps/x86_64/multiarch/memset_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_memset_chk, __memset_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk);
> +# endif
>   #endif

[PATCH v3 05/16] stdio: Ensure *_chk routines have their hidden builtin definition available

[Frédéric Bérat]

If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
there are unwanted PLT entries in libc.so.
---
 debug/asprintf_chk.c                                      | 4 +++-
 debug/fgets_u_chk.c                                       | 1 +
 debug/fprintf_chk.c                                       | 1 +
 debug/sprintf_chk.c                                       | 1 +
 include/stdio.h                                           | 8 +++++++-
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c | 1 +
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c  | 1 +
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c  | 1 +
 sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 1 +
 9 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
index 651c2cd76b..06d112de00 100644
--- a/debug/asprintf_chk.c
+++ b/debug/asprintf_chk.c
@@ -22,7 +22,7 @@
 /* Write formatted output from FORMAT to a string which is
    allocated with malloc and stored in *STRING_PTR.  */
 int
-__asprintf_chk (char **result_ptr, int flag, const char *format, ...)
+___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
 {
   /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
      can only come from read-only format strings.  */
@@ -36,3 +36,5 @@ __asprintf_chk (char **result_ptr, int flag, const char *format, ...)
 
   return ret;
 }
+ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
+ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
diff --git a/debug/fgets_u_chk.c b/debug/fgets_u_chk.c
index a16ba655e6..74275381f5 100644
--- a/debug/fgets_u_chk.c
+++ b/debug/fgets_u_chk.c
@@ -56,3 +56,4 @@ __fgets_unlocked_chk (char *buf, size_t size, int n, FILE *fp)
   fp->_flags |= old_error;
   return result;
 }
+libc_hidden_builtin_def (__fgets_unlocked_chk)
diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c
index b57d538d03..273051ef91 100644
--- a/debug/fprintf_chk.c
+++ b/debug/fprintf_chk.c
@@ -35,4 +35,5 @@ ___fprintf_chk (FILE *fp, int flag, const char *format, ...)
 
   return ret;
 }
+ldbl_hidden_def (___fprintf_chk, __fprintf_chk)
 ldbl_strong_alias (___fprintf_chk, __fprintf_chk)
diff --git a/debug/sprintf_chk.c b/debug/sprintf_chk.c
index b27f4afae8..e45f1e7b3b 100644
--- a/debug/sprintf_chk.c
+++ b/debug/sprintf_chk.c
@@ -42,4 +42,5 @@ ___sprintf_chk (char *s, int flag, size_t slen, const char *format, ...)
 
   return ret;
 }
+ldbl_hidden_def (___sprintf_chk, __sprintf_chk)
 ldbl_strong_alias (___sprintf_chk, __sprintf_chk)
diff --git a/include/stdio.h b/include/stdio.h
index da47d1ce99..3afb0ff77b 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -276,7 +276,13 @@ extern FILE *__open_memstream (char **, size_t *) __THROW __wur;
 libc_hidden_proto (__open_memstream)
 libc_hidden_proto (__libc_fatal)
 rtld_hidden_proto (__libc_fatal)
-libc_hidden_proto (__vsprintf_chk)
+
+libc_hidden_proto (__fgets_unlocked_chk)
+
+libc_hidden_ldbl_proto (__asprintf_chk)
+libc_hidden_ldbl_proto (__fprintf_chk)
+libc_hidden_ldbl_proto (__sprintf_chk)
+libc_hidden_ldbl_proto (__vsprintf_chk)
 
 extern FILE * __fmemopen (void *buf, size_t len, const char *mode);
 libc_hidden_proto (__fmemopen)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
index fbf953a728..6e93ee81fc 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
@@ -35,4 +35,5 @@ ___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
 
   return done;
 }
+hidden_def (___ieee128___asprintf_chk)
 strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
index bd10e9c3db..e0865b6663 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
@@ -35,4 +35,5 @@ ___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
 
   return done;
 }
+hidden_def (___ieee128___fprintf_chk)
 strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
index 0039c3b53d..762757a5c7 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
@@ -43,4 +43,5 @@ ___ieee128___sprintf_chk (char *s, int flag, size_t slen,
 
   return done;
 }
+hidden_def (___ieee128___sprintf_chk)
 strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
index 22137269c0..c251b60d4e 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
@@ -35,4 +35,5 @@ ___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
 
   return __vsprintf_internal (string, slen, format, ap, mode);
 }
+hidden_def (___ieee128___vsprintf_chk)
 strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)
-- 
2.41.0

Re: [PATCH v3 05/16] stdio: Ensure *_chk routines have their hidden builtin definition available

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines,
> there are unwanted PLT entries in libc.so.
> ---

LGTM, but also pulling in Raji for a review of the ldbl bits.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   debug/asprintf_chk.c                                      | 4 +++-
>   debug/fgets_u_chk.c                                       | 1 +
>   debug/fprintf_chk.c                                       | 1 +
>   debug/sprintf_chk.c                                       | 1 +
>   include/stdio.h                                           | 8 +++++++-
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c | 1 +
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c  | 1 +
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c  | 1 +
>   sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c | 1 +
>   9 files changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
> index 651c2cd76b..06d112de00 100644
> --- a/debug/asprintf_chk.c
> +++ b/debug/asprintf_chk.c
> @@ -22,7 +22,7 @@
>   /* Write formatted output from FORMAT to a string which is
>      allocated with malloc and stored in *STRING_PTR.  */
>   int
> -__asprintf_chk (char **result_ptr, int flag, const char *format, ...)
> +___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
>   {
>     /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
>        can only come from read-only format strings.  */
> @@ -36,3 +36,5 @@ __asprintf_chk (char **result_ptr, int flag, const char *format, ...)
>   
>     return ret;
>   }
> +ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
> +ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
> diff --git a/debug/fgets_u_chk.c b/debug/fgets_u_chk.c
> index a16ba655e6..74275381f5 100644
> --- a/debug/fgets_u_chk.c
> +++ b/debug/fgets_u_chk.c
> @@ -56,3 +56,4 @@ __fgets_unlocked_chk (char *buf, size_t size, int n, FILE *fp)
>     fp->_flags |= old_error;
>     return result;
>   }
> +libc_hidden_builtin_def (__fgets_unlocked_chk)
> diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c
> index b57d538d03..273051ef91 100644
> --- a/debug/fprintf_chk.c
> +++ b/debug/fprintf_chk.c
> @@ -35,4 +35,5 @@ ___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>   
>     return ret;
>   }
> +ldbl_hidden_def (___fprintf_chk, __fprintf_chk)
>   ldbl_strong_alias (___fprintf_chk, __fprintf_chk)
> diff --git a/debug/sprintf_chk.c b/debug/sprintf_chk.c
> index b27f4afae8..e45f1e7b3b 100644
> --- a/debug/sprintf_chk.c
> +++ b/debug/sprintf_chk.c
> @@ -42,4 +42,5 @@ ___sprintf_chk (char *s, int flag, size_t slen, const char *format, ...)
>   
>     return ret;
>   }
> +ldbl_hidden_def (___sprintf_chk, __sprintf_chk)
>   ldbl_strong_alias (___sprintf_chk, __sprintf_chk)
> diff --git a/include/stdio.h b/include/stdio.h
> index da47d1ce99..3afb0ff77b 100644
> --- a/include/stdio.h
> +++ b/include/stdio.h
> @@ -276,7 +276,13 @@ extern FILE *__open_memstream (char **, size_t *) __THROW __wur;
>   libc_hidden_proto (__open_memstream)
>   libc_hidden_proto (__libc_fatal)
>   rtld_hidden_proto (__libc_fatal)
> -libc_hidden_proto (__vsprintf_chk)
> +
> +libc_hidden_proto (__fgets_unlocked_chk)
> +
> +libc_hidden_ldbl_proto (__asprintf_chk)
> +libc_hidden_ldbl_proto (__fprintf_chk)
> +libc_hidden_ldbl_proto (__sprintf_chk)
> +libc_hidden_ldbl_proto (__vsprintf_chk)
>   
>   extern FILE * __fmemopen (void *buf, size_t len, const char *mode);
>   libc_hidden_proto (__fmemopen)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> index fbf953a728..6e93ee81fc 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-asprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___asprintf_chk (char **string_ptr, int flag, const char *format, ...)
>   
>     return done;
>   }
> +hidden_def (___ieee128___asprintf_chk)
>   strong_alias (___ieee128___asprintf_chk, __asprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> index bd10e9c3db..e0865b6663 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___fprintf_chk (FILE *fp, int flag, const char *format, ...)
>   
>     return done;
>   }
> +hidden_def (___ieee128___fprintf_chk)
>   strong_alias (___ieee128___fprintf_chk, __fprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> index 0039c3b53d..762757a5c7 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-sprintf_chk.c
> @@ -43,4 +43,5 @@ ___ieee128___sprintf_chk (char *s, int flag, size_t slen,
>   
>     return done;
>   }
> +hidden_def (___ieee128___sprintf_chk)
>   strong_alias (___ieee128___sprintf_chk, __sprintf_chkieee128)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> index 22137269c0..c251b60d4e 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-vsprintf_chk.c
> @@ -35,4 +35,5 @@ ___ieee128___vsprintf_chk (char *string, int flag, size_t slen,
>   
>     return __vsprintf_internal (string, slen, format, ap, mode);
>   }
> +hidden_def (___ieee128___vsprintf_chk)
>   strong_alias (___ieee128___vsprintf_chk, __vsprintf_chkieee128)

[PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le

[Frédéric Bérat]

If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
if it isn't, ppc64le isn't building due to multiple asm redirections.

This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
isn't for s390x. This header creates redirections, which are not
compatible with the ones generated using libc_hidden_builtin_def.
Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
create a simple strong alias (e.g. as done on x86_64), but a versioned
alias, leading to ABI breakage.
---
 debug/asprintf_chk.c | 12 ++++++++++++
 include/stdio.h      |  5 +++++
 2 files changed, 17 insertions(+)

diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
index 06d112de00..7da1cddacb 100644
--- a/debug/asprintf_chk.c
+++ b/debug/asprintf_chk.c
@@ -36,5 +36,17 @@ ___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
 
   return ret;
 }
+#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
+/* This is needed since <bits/stdio-lbdl.h> is included in this case, leading to
+ * multiple asm redirection of the same symbol
+ */
 ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
 ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
+#else
+/* Yet, we can't use ldbl_* macros on some systems, even if they don't fall in
+ * the first case as this leads to ABI breakage due to the long_double_symbol
+ * aliasing, which is versionned.
+ */
+strong_alias (___asprintf_chk, __asprintf_chk)
+libc_hidden_builtin_def (__asprintf_chk)
+#endif
diff --git a/include/stdio.h b/include/stdio.h
index 3afb0ff77b..6755877911 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -279,7 +279,12 @@ rtld_hidden_proto (__libc_fatal)
 
 libc_hidden_proto (__fgets_unlocked_chk)
 
+#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
 libc_hidden_ldbl_proto (__asprintf_chk)
+#else
+libc_hidden_proto (__asprintf_chk)
+#endif
+
 libc_hidden_ldbl_proto (__fprintf_chk)
 libc_hidden_ldbl_proto (__sprintf_chk)
 libc_hidden_ldbl_proto (__vsprintf_chk)
-- 
2.41.0

Re: [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
> if it isn't, ppc64le isn't building due to multiple asm redirections.
> 
> This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
> isn't for s390x. This header creates redirections, which are not
> compatible with the ones generated using libc_hidden_builtin_def.
> Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
> create a simple strong alias (e.g. as done on x86_64), but a versioned
> alias, leading to ABI breakage.
> ---

Looks OK to me, but deferring to the IBM maintainers.  Raji, Stefan, 
does this look right to you?

Thanks,
Sid


>   debug/asprintf_chk.c | 12 ++++++++++++
>   include/stdio.h      |  5 +++++
>   2 files changed, 17 insertions(+)
> 
> diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
> index 06d112de00..7da1cddacb 100644
> --- a/debug/asprintf_chk.c
> +++ b/debug/asprintf_chk.c
> @@ -36,5 +36,17 @@ ___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
>   
>     return ret;
>   }
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> +/* This is needed since <bits/stdio-lbdl.h> is included in this case, leading to
> + * multiple asm redirection of the same symbol
> + */
>   ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
>   ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
> +#else
> +/* Yet, we can't use ldbl_* macros on some systems, even if they don't fall in
> + * the first case as this leads to ABI breakage due to the long_double_symbol
> + * aliasing, which is versionned.
> + */
> +strong_alias (___asprintf_chk, __asprintf_chk)
> +libc_hidden_builtin_def (__asprintf_chk)
> +#endif
> diff --git a/include/stdio.h b/include/stdio.h
> index 3afb0ff77b..6755877911 100644
> --- a/include/stdio.h
> +++ b/include/stdio.h
> @@ -279,7 +279,12 @@ rtld_hidden_proto (__libc_fatal)
>   
>   libc_hidden_proto (__fgets_unlocked_chk)
>   
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
>   libc_hidden_ldbl_proto (__asprintf_chk)
> +#else
> +libc_hidden_proto (__asprintf_chk)
> +#endif
> +
>   libc_hidden_ldbl_proto (__fprintf_chk)
>   libc_hidden_ldbl_proto (__sprintf_chk)
>   libc_hidden_ldbl_proto (__vsprintf_chk)

Re: [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le

[Rajalakshmi Srinivasaraghavan]

[-- Attachment #1: Type: text/plain, Size: 2888 bytes --]


On 6/30/23 10:11 AM, Siddhesh Poyarekar wrote:
> Subject:
> Re: [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x 
> and ppc64le
> From:
> Siddhesh Poyarekar <siddhesh@gotplt.org>
> Date:
> 6/30/23, 10:11 AM
>
> To:
> Frédéric Bérat <fberat@redhat.com>, libc-alpha@sourceware.org
> CC:
> Stefan Liebler <stli@linux.ibm.com>, Rajalakshmi Srinivasaraghavan 
> <rajis@linux.vnet.ibm.com>
>
>
>
>
> On 2023-06-28 04:42, Frédéric Bérat wrote:
>> If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
>> if it isn't, ppc64le isn't building due to multiple asm redirections.
>>
>> This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
>> isn't for s390x. This header creates redirections, which are not
>> compatible with the ones generated using libc_hidden_builtin_def.
>> Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
>> create a simple strong alias (e.g. as done on x86_64), but a versioned
>> alias, leading to ABI breakage.
>> ---
>
> Looks OK to me, but deferring to the IBM maintainers.  Raji, Stefan, 
> does this look right to you?


Paul Murphy is our expert on this topic.  Paul,  Can you comment on this 
too?  Thanks.

>
> Thanks,
> Sid
>
>
>> debug/asprintf_chk.c | 12 ++++++++++++
>>   include/stdio.h      |  5 +++++
>>   2 files changed, 17 insertions(+)
>>
>> diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
>> index 06d112de00..7da1cddacb 100644
>> --- a/debug/asprintf_chk.c
>> +++ b/debug/asprintf_chk.c
>> @@ -36,5 +36,17 @@ ___asprintf_chk (char **result_ptr, int flag, 
>> const char *format, ...)
>>       return ret;
>>   }
>> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
>> +/* This is needed since <bits/stdio-lbdl.h> is included in this 
>> case, leading to
>> + * multiple asm redirection of the same symbol
>> + */
>>   ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
>>   ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
>> +#else
>> +/* Yet, we can't use ldbl_* macros on some systems, even if they 
>> don't fall in
>> + * the first case as this leads to ABI breakage due to the 
>> long_double_symbol
>> + * aliasing, which is versionned.
>> + */
>> +strong_alias (___asprintf_chk, __asprintf_chk)
>> +libc_hidden_builtin_def (__asprintf_chk)
>> +#endif
>> diff --git a/include/stdio.h b/include/stdio.h
>> index 3afb0ff77b..6755877911 100644
>> --- a/include/stdio.h
>> +++ b/include/stdio.h
>> @@ -279,7 +279,12 @@ rtld_hidden_proto (__libc_fatal)
>>     libc_hidden_proto (__fgets_unlocked_chk)
>>   +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
>>   libc_hidden_ldbl_proto (__asprintf_chk)
>> +#else
>> +libc_hidden_proto (__asprintf_chk)
>> +#endif
>> +
>>   libc_hidden_ldbl_proto (__fprintf_chk)
>>   libc_hidden_ldbl_proto (__sprintf_chk)
>>   libc_hidden_ldbl_proto (__vsprintf_chk)

Re: [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le

[Paul E Murphy]

On 6/28/23 3:42 AM, Frédéric Bérat via Libc-alpha wrote:
> If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
> if it isn't, ppc64le isn't building due to multiple asm redirections.
> 
> This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
> isn't for s390x. This header creates redirections, which are not
> compatible with the ones generated using libc_hidden_builtin_def.
> Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
> create a simple strong alias (e.g. as done on x86_64), but a versioned
> alias, leading to ABI breakage.
> ---
>   debug/asprintf_chk.c | 12 ++++++++++++
>   include/stdio.h      |  5 +++++
>   2 files changed, 17 insertions(+)
> 
> diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
> index 06d112de00..7da1cddacb 100644
> --- a/debug/asprintf_chk.c
> +++ b/debug/asprintf_chk.c
> @@ -36,5 +36,17 @@ ___asprintf_chk (char **result_ptr, int flag, const char *format, ...)
> 
>     return ret;
>   }
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1 > +/* This is needed since <bits/stdio-lbdl.h> is included in this 
case, leading to
> + * multiple asm redirection of the same symbol
> + */
>   ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
>   ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
> +#else
> +/* Yet, we can't use ldbl_* macros on some systems, even if they don't fall in
> + * the first case as this leads to ABI breakage due to the long_double_symbol
> + * aliasing, which is versionned.

s/versionned/versioned/

It has been a few years since I really looked at this macros, why only 
asprintf and not the other printf functions?  I find the ABI comment 
hard to follow, could it include more details about how it would be 
broken by using the ldbl_* macros?

Also, does patchset 5 in this series break ppc64le or s390x build 
without this patch?  This seems like it should be squashed with the 
previous patch.

> + */
> +strong_alias (___asprintf_chk, __asprintf_chk)
> +libc_hidden_builtin_def (__asprintf_chk)
> +#endif
> diff --git a/include/stdio.h b/include/stdio.h
> index 3afb0ff77b..6755877911 100644
> --- a/include/stdio.h
> +++ b/include/stdio.h
> @@ -279,7 +279,12 @@ rtld_hidden_proto (__libc_fatal)
> 
>   libc_hidden_proto (__fgets_unlocked_chk)
> 
> +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
>   libc_hidden_ldbl_proto (__asprintf_chk)
> +#else
> +libc_hidden_proto (__asprintf_chk)
> +#endif
> +
>   libc_hidden_ldbl_proto (__fprintf_chk)
>   libc_hidden_ldbl_proto (__sprintf_chk)
>   libc_hidden_ldbl_proto (__vsprintf_chk)

Re: [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le

[Frederic Berat]

[-- Attachment #1: Type: text/plain, Size: 3591 bytes --]

On Fri, Jun 30, 2023 at 7:51 PM Paul E Murphy <murphyp@linux.ibm.com> wrote:

>
>
> On 6/28/23 3:42 AM, Frédéric Bérat via Libc-alpha wrote:
> > If ldbl_* macros are used for asprintf, ABI gets broken on s390x,
> > if it isn't, ppc64le isn't building due to multiple asm redirections.
> >
> > This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it
> > isn't for s390x. This header creates redirections, which are not
> > compatible with the ones generated using libc_hidden_builtin_def.
> > Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not
> > create a simple strong alias (e.g. as done on x86_64), but a versioned
> > alias, leading to ABI breakage.
> > ---
> >   debug/asprintf_chk.c | 12 ++++++++++++
> >   include/stdio.h      |  5 +++++
> >   2 files changed, 17 insertions(+)
> >
> > diff --git a/debug/asprintf_chk.c b/debug/asprintf_chk.c
> > index 06d112de00..7da1cddacb 100644
> > --- a/debug/asprintf_chk.c
> > +++ b/debug/asprintf_chk.c
> > @@ -36,5 +36,17 @@ ___asprintf_chk (char **result_ptr, int flag, const
> char *format, ...)
> >
> >     return ret;
> >   }
> > +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1 >
> +/* This is needed since <bits/stdio-lbdl.h> is included in this
> case, leading to
> > + * multiple asm redirection of the same symbol
> > + */
> >   ldbl_hidden_def (___asprintf_chk, __asprintf_chk)
> >   ldbl_strong_alias (___asprintf_chk, __asprintf_chk)
> > +#else
> > +/* Yet, we can't use ldbl_* macros on some systems, even if they don't
> fall in
> > + * the first case as this leads to ABI breakage due to the
> long_double_symbol
> > + * aliasing, which is versionned.
>
> s/versionned/versioned/
>
> It has been a few years since I really looked at this macros, why only
> asprintf and not the other printf functions?  I find the ABI comment
> hard to follow, could it include more details about how it would be
> broken by using the ldbl_* macros?
>

I didn't do this for other functions as it didn't appear to be necessary.
Yes, I can be more specific about the breakage. Basically, the
__asprintf_chk routine disappears from the ABI list on s390x, which breaks
linkage. That is due to the fact that ldbl_strong_alias may create
*versioned* alias (depending on build options), while strong_alias never
does. I'll expand on the comment, I can reproduce the error to be explicit
about it.


>
> Also, does patchset 5 in this series break ppc64le or s390x build
> without this patch?  This seems like it should be squashed with the
> previous patch.
>

On s390x yes, not ppc. I was afraid to kind of hide this change in the
middle of the other changes, that's why I kept them separated, so that this
gets carefully reviewed.
I can squash this into patch 5 if you are fine with it.


> > + */
> > +strong_alias (___asprintf_chk, __asprintf_chk)
> > +libc_hidden_builtin_def (__asprintf_chk)
> > +#endif
> > diff --git a/include/stdio.h b/include/stdio.h
> > index 3afb0ff77b..6755877911 100644
> > --- a/include/stdio.h
> > +++ b/include/stdio.h
> > @@ -279,7 +279,12 @@ rtld_hidden_proto (__libc_fatal)
> >
> >   libc_hidden_proto (__fgets_unlocked_chk)
> >
> > +#if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> >   libc_hidden_ldbl_proto (__asprintf_chk)
> > +#else
> > +libc_hidden_proto (__asprintf_chk)
> > +#endif
> > +
> >   libc_hidden_ldbl_proto (__fprintf_chk)
> >   libc_hidden_ldbl_proto (__sprintf_chk)
> >   libc_hidden_ldbl_proto (__vsprintf_chk)
>
>

[PATCH v3 07/16] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls

[Frédéric Bérat]

The __REDIRECT* macros are creating aliases which may lead to unwanted
PLT entries when fortification is enabled.
To prevent these entries, the REDIRECT alias should be set to point to the
existing __GI_* aliases.
This is done transparently by creating a __REDIRECT_FORTIFY* version of
these macros, that can be overwritten internally when necessary.
---
 include/sys/cdefs.h | 14 ++++++++++++++
 misc/sys/cdefs.h    |  8 ++++++++
 2 files changed, 22 insertions(+)

diff --git a/include/sys/cdefs.h b/include/sys/cdefs.h
index 56adb231aa..b84ad34a70 100644
--- a/include/sys/cdefs.h
+++ b/include/sys/cdefs.h
@@ -40,6 +40,20 @@ rtld_hidden_proto (__chk_fail)
 
 #endif
 
+#if defined SHARED
+#if IS_IN (libc) && __USE_FORTIFY_LEVEL > 0 && defined __fortify_function
+
+#undef __REDIRECT_FORTIFY
+#define __REDIRECT_FORTIFY(name, proto, alias) \
+  __REDIRECT(name, proto, __GI_##alias)
+
+#undef __REDIRECT_FORTIFY_NTH
+#define __REDIRECT_FORTIFY_NTH(name, proto, alias) \
+  __REDIRECT_NTH(name, proto, __GI_##alias)
+
+#endif
+#endif /* defined SHARED */
+
 #endif /* !defined _ISOMAC */
 
 #endif
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 393d9091d9..90c21e2703 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -268,6 +268,14 @@
 # define __ASMNAME(cname)  __ASMNAME2 (__USER_LABEL_PREFIX__, cname)
 # define __ASMNAME2(prefix, cname) __STRING (prefix) cname
 
+#ifndef __REDIRECT_FORTIFY
+#define __REDIRECT_FORTIFY __REDIRECT
+#endif
+
+#ifndef __REDIRECT_FORTIFY_NTH
+#define __REDIRECT_FORTIFY_NTH __REDIRECT_NTH
+#endif
+
 /*
 #elif __SOME_OTHER_COMPILER__
 
-- 
2.41.0

Re: [PATCH v3 07/16] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> The __REDIRECT* macros are creating aliases which may lead to unwanted
> PLT entries when fortification is enabled.
> To prevent these entries, the REDIRECT alias should be set to point to the
> existing __GI_* aliases.
> This is done transparently by creating a __REDIRECT_FORTIFY* version of
> these macros, that can be overwritten internally when necessary.
> ---

LGTM.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>


>   include/sys/cdefs.h | 14 ++++++++++++++
>   misc/sys/cdefs.h    |  8 ++++++++
>   2 files changed, 22 insertions(+)
> 
> diff --git a/include/sys/cdefs.h b/include/sys/cdefs.h
> index 56adb231aa..b84ad34a70 100644
> --- a/include/sys/cdefs.h
> +++ b/include/sys/cdefs.h
> @@ -40,6 +40,20 @@ rtld_hidden_proto (__chk_fail)
>   
>   #endif
>   
> +#if defined SHARED
> +#if IS_IN (libc) && __USE_FORTIFY_LEVEL > 0 && defined __fortify_function
> +
> +#undef __REDIRECT_FORTIFY
> +#define __REDIRECT_FORTIFY(name, proto, alias) \
> +  __REDIRECT(name, proto, __GI_##alias)
> +
> +#undef __REDIRECT_FORTIFY_NTH
> +#define __REDIRECT_FORTIFY_NTH(name, proto, alias) \
> +  __REDIRECT_NTH(name, proto, __GI_##alias)
> +
> +#endif
> +#endif /* defined SHARED */
> +
>   #endif /* !defined _ISOMAC */
>   
>   #endif
> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
> index 393d9091d9..90c21e2703 100644
> --- a/misc/sys/cdefs.h
> +++ b/misc/sys/cdefs.h
> @@ -268,6 +268,14 @@
>   # define __ASMNAME(cname)  __ASMNAME2 (__USER_LABEL_PREFIX__, cname)
>   # define __ASMNAME2(prefix, cname) __STRING (prefix) cname
>   
> +#ifndef __REDIRECT_FORTIFY
> +#define __REDIRECT_FORTIFY __REDIRECT
> +#endif
> +
> +#ifndef __REDIRECT_FORTIFY_NTH
> +#define __REDIRECT_FORTIFY_NTH __REDIRECT_NTH
> +#endif
> +
>   /*
>   #elif __SOME_OTHER_COMPILER__
>   

[PATCH v3 08/16] wchar: Avoid PLT entries with _FORTIFY_SOURCE

[Frédéric Bérat]

The change is meant to avoid unwanted PLT entries for the wmemset and
wcrtomb routines when _FORTIFY_SOURCE is set.

On top of that, ensure that *_chk routines have their hidden builtin
definitions available.
---
 debug/wcrtomb_chk.c                               |  1 +
 debug/wmemset_chk.c                               |  1 +
 include/wchar.h                                   | 15 +++++++++++++++
 .../ldbl-128ibm-compat/ieee128-fwprintf_chk.c     |  1 +
 sysdeps/x86_64/multiarch/wmemset_chk.c            |  4 ++++
 wcsmbs/bits/wchar2-decl.h                         |  4 ++--
 6 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/debug/wcrtomb_chk.c b/debug/wcrtomb_chk.c
index 657be7471d..c156fe09c1 100644
--- a/debug/wcrtomb_chk.c
+++ b/debug/wcrtomb_chk.c
@@ -28,3 +28,4 @@ __wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
 {
   return __wcrtomb_internal (s, wchar, ps, buflen);
 }
+libc_hidden_def (__wcrtomb_chk)
diff --git a/debug/wmemset_chk.c b/debug/wmemset_chk.c
index e11a92815e..1e7fc4fdea 100644
--- a/debug/wmemset_chk.c
+++ b/debug/wmemset_chk.c
@@ -26,3 +26,4 @@ __wmemset_chk (wchar_t *s, wchar_t c, size_t n, size_t dstlen)
 
   return wmemset (s, c, n);
 }
+libc_hidden_builtin_def (__wmemset_chk)
diff --git a/include/wchar.h b/include/wchar.h
index 7b763bc24f..484e6b3fef 100644
--- a/include/wchar.h
+++ b/include/wchar.h
@@ -166,6 +166,8 @@ libc_hidden_proto (putwc)
 
 libc_hidden_proto (mbrtowc)
 libc_hidden_proto (wcrtomb)
+libc_hidden_proto (__wcrtomb_chk)
+
 extern int __wcscmp (const wchar_t *__s1, const wchar_t *__s2)
      __THROW __attribute_pure__;
 libc_hidden_proto (__wcscmp)
@@ -260,16 +262,25 @@ extern wchar_t *__wcschrnul (const wchar_t *__s, wchar_t __wc)
 
 extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
 			       size_t __ns) __THROW;
+libc_hidden_builtin_proto (__wmemset_chk)
 
 extern int __vfwscanf (__FILE *__restrict __s,
 		       const wchar_t *__restrict __format,
 		       __gnuc_va_list __arg)
      attribute_hidden
      /* __attribute__ ((__format__ (__wscanf__, 2, 0)) */;
+
+extern int __swprintf_chk (wchar_t *__restrict __s, size_t __n,
+			   int __flag, size_t __s_len,
+			   const wchar_t *__restrict __format, ...)
+     __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 6))) */;
+
 extern int __fwprintf (__FILE *__restrict __s,
 		       const wchar_t *__restrict __format, ...)
      attribute_hidden
      /* __attribute__ ((__format__ (__wprintf__, 2, 3))) */;
+extern int __wprintf_chk (int __flag, const wchar_t *__restrict __format,
+			  ...);
 extern int __vfwprintf_chk (FILE *__restrict __s, int __flag,
 			    const wchar_t *__restrict __format,
 			    __gnuc_va_list __arg)
@@ -279,6 +290,10 @@ extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
 			    const wchar_t *__restrict __format,
 			    __gnuc_va_list __arg)
      /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
+extern int __fwprintf_chk (__FILE *__restrict __stream, int __flag,
+			   const wchar_t *__restrict __format, ...);
+extern int __vwprintf_chk (int __flag, const wchar_t *__restrict __format,
+			   __gnuc_va_list __ap);
 
 extern int __isoc99_fwscanf (__FILE *__restrict __stream,
 			     const wchar_t *__restrict __format, ...);
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
index 5b6cc3e768..10658ab125 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
@@ -17,6 +17,7 @@
    <https://www.gnu.org/licenses/>.  */
 
 #include <stdarg.h>
+#include <wchar.h>
 #include <libio/libioP.h>
 
 extern int
diff --git a/sysdeps/x86_64/multiarch/wmemset_chk.c b/sysdeps/x86_64/multiarch/wmemset_chk.c
index ac93a1f376..00edf44918 100644
--- a/sysdeps/x86_64/multiarch/wmemset_chk.c
+++ b/sysdeps/x86_64/multiarch/wmemset_chk.c
@@ -28,4 +28,8 @@
 
 libc_ifunc_redirected (__redirect_wmemset_chk, __wmemset_chk,
 		       IFUNC_SELECTOR ());
+# ifdef SHARED
+__hidden_ver1 (__wmemset_chk, __GI___wmemset_chk, __redirect_wmemset_chk)
+  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__wmemset_chk);
+# endif
 #endif
diff --git a/wcsmbs/bits/wchar2-decl.h b/wcsmbs/bits/wchar2-decl.h
index f3a2fd3c99..08c8ebd0e8 100644
--- a/wcsmbs/bits/wchar2-decl.h
+++ b/wcsmbs/bits/wchar2-decl.h
@@ -71,7 +71,7 @@ extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn,
 
 extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
 			       size_t __ns) __THROW;
-extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
+extern wchar_t *__REDIRECT_FORTIFY_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
 							  size_t __n), wmemset);
 extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
 				(wchar_t *__s, wchar_t __c, size_t __n,
@@ -203,7 +203,7 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
 extern size_t __wcrtomb_chk (char *__restrict __s, wchar_t __wchar,
 			     mbstate_t *__restrict __p,
 			     size_t __buflen) __THROW __wur;
-extern size_t __REDIRECT_NTH (__wcrtomb_alias,
+extern size_t __REDIRECT_FORTIFY_NTH (__wcrtomb_alias,
 				      (char *__restrict __s, wchar_t __wchar,
 				      mbstate_t *__restrict __ps), wcrtomb) __wur;
 
-- 
2.41.0

Re: [PATCH v3 08/16] wchar: Avoid PLT entries with _FORTIFY_SOURCE

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> The change is meant to avoid unwanted PLT entries for the wmemset and
> wcrtomb routines when _FORTIFY_SOURCE is set.
> 
> On top of that, ensure that *_chk routines have their hidden builtin
> definitions available.
> ---

Looks mostly OK except for a question below.

>   debug/wcrtomb_chk.c                               |  1 +
>   debug/wmemset_chk.c                               |  1 +
>   include/wchar.h                                   | 15 +++++++++++++++
>   .../ldbl-128ibm-compat/ieee128-fwprintf_chk.c     |  1 +
>   sysdeps/x86_64/multiarch/wmemset_chk.c            |  4 ++++
>   wcsmbs/bits/wchar2-decl.h                         |  4 ++--
>   6 files changed, 24 insertions(+), 2 deletions(-)
> 
> diff --git a/debug/wcrtomb_chk.c b/debug/wcrtomb_chk.c
> index 657be7471d..c156fe09c1 100644
> --- a/debug/wcrtomb_chk.c
> +++ b/debug/wcrtomb_chk.c
> @@ -28,3 +28,4 @@ __wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
>   {
>     return __wcrtomb_internal (s, wchar, ps, buflen);
>   }
> +libc_hidden_def (__wcrtomb_chk)
> diff --git a/debug/wmemset_chk.c b/debug/wmemset_chk.c
> index e11a92815e..1e7fc4fdea 100644
> --- a/debug/wmemset_chk.c
> +++ b/debug/wmemset_chk.c
> @@ -26,3 +26,4 @@ __wmemset_chk (wchar_t *s, wchar_t c, size_t n, size_t dstlen)
>   
>     return wmemset (s, c, n);
>   }
> +libc_hidden_builtin_def (__wmemset_chk)
> diff --git a/include/wchar.h b/include/wchar.h
> index 7b763bc24f..484e6b3fef 100644
> --- a/include/wchar.h
> +++ b/include/wchar.h
> @@ -166,6 +166,8 @@ libc_hidden_proto (putwc)
>   
>   libc_hidden_proto (mbrtowc)
>   libc_hidden_proto (wcrtomb)
> +libc_hidden_proto (__wcrtomb_chk)
> +
>   extern int __wcscmp (const wchar_t *__s1, const wchar_t *__s2)
>        __THROW __attribute_pure__;
>   libc_hidden_proto (__wcscmp)
> @@ -260,16 +262,25 @@ extern wchar_t *__wcschrnul (const wchar_t *__s, wchar_t __wc)
>   
>   extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
>   			       size_t __ns) __THROW;
> +libc_hidden_builtin_proto (__wmemset_chk)
>   
>   extern int __vfwscanf (__FILE *__restrict __s,
>   		       const wchar_t *__restrict __format,
>   		       __gnuc_va_list __arg)
>        attribute_hidden
>        /* __attribute__ ((__format__ (__wscanf__, 2, 0)) */;
> +
> +extern int __swprintf_chk (wchar_t *__restrict __s, size_t __n,
> +			   int __flag, size_t __s_len,
> +			   const wchar_t *__restrict __format, ...)
> +     __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 6))) */;
> +
>   extern int __fwprintf (__FILE *__restrict __s,
>   		       const wchar_t *__restrict __format, ...)
>        attribute_hidden
>        /* __attribute__ ((__format__ (__wprintf__, 2, 3))) */;
> +extern int __wprintf_chk (int __flag, const wchar_t *__restrict __format,
> +			  ...);
>   extern int __vfwprintf_chk (FILE *__restrict __s, int __flag,
>   			    const wchar_t *__restrict __format,
>   			    __gnuc_va_list __arg)
> @@ -279,6 +290,10 @@ extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
>   			    const wchar_t *__restrict __format,
>   			    __gnuc_va_list __arg)
>        /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
> +extern int __fwprintf_chk (__FILE *__restrict __stream, int __flag,
> +			   const wchar_t *__restrict __format, ...);
> +extern int __vwprintf_chk (int __flag, const wchar_t *__restrict __format,
> +			   __gnuc_va_list __ap);
>   
>   extern int __isoc99_fwscanf (__FILE *__restrict __stream,
>   			     const wchar_t *__restrict __format, ...);
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> index 5b6cc3e768..10658ab125 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> @@ -17,6 +17,7 @@
>      <https://www.gnu.org/licenses/>.  */
>   
>   #include <stdarg.h>
> +#include <wchar.h>
>   #include <libio/libioP.h>

Why do you need this?

>   
>   extern int
> diff --git a/sysdeps/x86_64/multiarch/wmemset_chk.c b/sysdeps/x86_64/multiarch/wmemset_chk.c
> index ac93a1f376..00edf44918 100644
> --- a/sysdeps/x86_64/multiarch/wmemset_chk.c
> +++ b/sysdeps/x86_64/multiarch/wmemset_chk.c
> @@ -28,4 +28,8 @@
>   
>   libc_ifunc_redirected (__redirect_wmemset_chk, __wmemset_chk,
>   		       IFUNC_SELECTOR ());
> +# ifdef SHARED
> +__hidden_ver1 (__wmemset_chk, __GI___wmemset_chk, __redirect_wmemset_chk)
> +  __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__wmemset_chk);
> +# endif
>   #endif
> diff --git a/wcsmbs/bits/wchar2-decl.h b/wcsmbs/bits/wchar2-decl.h
> index f3a2fd3c99..08c8ebd0e8 100644
> --- a/wcsmbs/bits/wchar2-decl.h
> +++ b/wcsmbs/bits/wchar2-decl.h
> @@ -71,7 +71,7 @@ extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn,
>   
>   extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
>   			       size_t __ns) __THROW;
> -extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
> +extern wchar_t *__REDIRECT_FORTIFY_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
>   							  size_t __n), wmemset);
>   extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
>   				(wchar_t *__s, wchar_t __c, size_t __n,
> @@ -203,7 +203,7 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
>   extern size_t __wcrtomb_chk (char *__restrict __s, wchar_t __wchar,
>   			     mbstate_t *__restrict __p,
>   			     size_t __buflen) __THROW __wur;
> -extern size_t __REDIRECT_NTH (__wcrtomb_alias,
> +extern size_t __REDIRECT_FORTIFY_NTH (__wcrtomb_alias,
>   				      (char *__restrict __s, wchar_t __wchar,
>   				      mbstate_t *__restrict __ps), wcrtomb) __wur;
>   

Re: [PATCH v3 08/16] wchar: Avoid PLT entries with _FORTIFY_SOURCE

[Frederic Berat]

[-- Attachment #1: Type: text/plain, Size: 6736 bytes --]

On Fri, Jun 30, 2023 at 5:17 PM Siddhesh Poyarekar <siddhesh@gotplt.org>
wrote:

>
>
> On 2023-06-28 04:42, Frédéric Bérat wrote:
> > The change is meant to avoid unwanted PLT entries for the wmemset and
> > wcrtomb routines when _FORTIFY_SOURCE is set.
> >
> > On top of that, ensure that *_chk routines have their hidden builtin
> > definitions available.
> > ---
>
> Looks mostly OK except for a question below.
>
> >   debug/wcrtomb_chk.c                               |  1 +
> >   debug/wmemset_chk.c                               |  1 +
> >   include/wchar.h                                   | 15 +++++++++++++++
> >   .../ldbl-128ibm-compat/ieee128-fwprintf_chk.c     |  1 +
> >   sysdeps/x86_64/multiarch/wmemset_chk.c            |  4 ++++
> >   wcsmbs/bits/wchar2-decl.h                         |  4 ++--
> >   6 files changed, 24 insertions(+), 2 deletions(-)
> >
> > diff --git a/debug/wcrtomb_chk.c b/debug/wcrtomb_chk.c
> > index 657be7471d..c156fe09c1 100644
> > --- a/debug/wcrtomb_chk.c
> > +++ b/debug/wcrtomb_chk.c
> > @@ -28,3 +28,4 @@ __wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps,
> size_t buflen)
> >   {
> >     return __wcrtomb_internal (s, wchar, ps, buflen);
> >   }
> > +libc_hidden_def (__wcrtomb_chk)
> > diff --git a/debug/wmemset_chk.c b/debug/wmemset_chk.c
> > index e11a92815e..1e7fc4fdea 100644
> > --- a/debug/wmemset_chk.c
> > +++ b/debug/wmemset_chk.c
> > @@ -26,3 +26,4 @@ __wmemset_chk (wchar_t *s, wchar_t c, size_t n, size_t
> dstlen)
> >
> >     return wmemset (s, c, n);
> >   }
> > +libc_hidden_builtin_def (__wmemset_chk)
> > diff --git a/include/wchar.h b/include/wchar.h
> > index 7b763bc24f..484e6b3fef 100644
> > --- a/include/wchar.h
> > +++ b/include/wchar.h
> > @@ -166,6 +166,8 @@ libc_hidden_proto (putwc)
> >
> >   libc_hidden_proto (mbrtowc)
> >   libc_hidden_proto (wcrtomb)
> > +libc_hidden_proto (__wcrtomb_chk)
> > +
> >   extern int __wcscmp (const wchar_t *__s1, const wchar_t *__s2)
> >        __THROW __attribute_pure__;
> >   libc_hidden_proto (__wcscmp)
> > @@ -260,16 +262,25 @@ extern wchar_t *__wcschrnul (const wchar_t *__s,
> wchar_t __wc)
> >
> >   extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
> >                              size_t __ns) __THROW;
> > +libc_hidden_builtin_proto (__wmemset_chk)
> >
> >   extern int __vfwscanf (__FILE *__restrict __s,
> >                      const wchar_t *__restrict __format,
> >                      __gnuc_va_list __arg)
> >        attribute_hidden
> >        /* __attribute__ ((__format__ (__wscanf__, 2, 0)) */;
> > +
> > +extern int __swprintf_chk (wchar_t *__restrict __s, size_t __n,
> > +                        int __flag, size_t __s_len,
> > +                        const wchar_t *__restrict __format, ...)
> > +     __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 6))) */;
> > +
> >   extern int __fwprintf (__FILE *__restrict __s,
> >                      const wchar_t *__restrict __format, ...)
> >        attribute_hidden
> >        /* __attribute__ ((__format__ (__wprintf__, 2, 3))) */;
> > +extern int __wprintf_chk (int __flag, const wchar_t *__restrict
> __format,
> > +                       ...);
> >   extern int __vfwprintf_chk (FILE *__restrict __s, int __flag,
> >                           const wchar_t *__restrict __format,
> >                           __gnuc_va_list __arg)
> > @@ -279,6 +290,10 @@ extern int __vswprintf_chk (wchar_t *__restrict
> __s, size_t __n,
> >                           const wchar_t *__restrict __format,
> >                           __gnuc_va_list __arg)
> >        /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
> > +extern int __fwprintf_chk (__FILE *__restrict __stream, int __flag,
> > +                        const wchar_t *__restrict __format, ...);
> > +extern int __vwprintf_chk (int __flag, const wchar_t *__restrict
> __format,
> > +                        __gnuc_va_list __ap);
> >
> >   extern int __isoc99_fwscanf (__FILE *__restrict __stream,
> >                            const wchar_t *__restrict __format, ...);
> > diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> > index 5b6cc3e768..10658ab125 100644
> > --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> > +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-fwprintf_chk.c
> > @@ -17,6 +17,7 @@
> >      <https://www.gnu.org/licenses/>.  */
> >
> >   #include <stdarg.h>
> > +#include <wchar.h>
> >   #include <libio/libioP.h>
>
> Why do you need this?
>

Probably a leftover from my investigation. I'll double check.

>
> >   extern int
> > diff --git a/sysdeps/x86_64/multiarch/wmemset_chk.c
> b/sysdeps/x86_64/multiarch/wmemset_chk.c
> > index ac93a1f376..00edf44918 100644
> > --- a/sysdeps/x86_64/multiarch/wmemset_chk.c
> > +++ b/sysdeps/x86_64/multiarch/wmemset_chk.c
> > @@ -28,4 +28,8 @@
> >
> >   libc_ifunc_redirected (__redirect_wmemset_chk, __wmemset_chk,
> >                      IFUNC_SELECTOR ());
> > +# ifdef SHARED
> > +__hidden_ver1 (__wmemset_chk, __GI___wmemset_chk,
> __redirect_wmemset_chk)
> > +  __attribute__ ((visibility ("hidden"))) __attribute_copy__
> (__wmemset_chk);
> > +# endif
> >   #endif
> > diff --git a/wcsmbs/bits/wchar2-decl.h b/wcsmbs/bits/wchar2-decl.h
> > index f3a2fd3c99..08c8ebd0e8 100644
> > --- a/wcsmbs/bits/wchar2-decl.h
> > +++ b/wcsmbs/bits/wchar2-decl.h
> > @@ -71,7 +71,7 @@ extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn,
> >
> >   extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
> >                              size_t __ns) __THROW;
> > -extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t
> __c,
> > +extern wchar_t *__REDIRECT_FORTIFY_NTH (__wmemset_alias, (wchar_t *__s,
> wchar_t __c,
> >                                                         size_t __n),
> wmemset);
> >   extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
> >                               (wchar_t *__s, wchar_t __c, size_t __n,
> > @@ -203,7 +203,7 @@ extern wchar_t *__REDIRECT
> (__fgetws_unlocked_chk_warn,
> >   extern size_t __wcrtomb_chk (char *__restrict __s, wchar_t __wchar,
> >                            mbstate_t *__restrict __p,
> >                            size_t __buflen) __THROW __wur;
> > -extern size_t __REDIRECT_NTH (__wcrtomb_alias,
> > +extern size_t __REDIRECT_FORTIFY_NTH (__wcrtomb_alias,
> >                                     (char *__restrict __s, wchar_t
> __wchar,
> >                                     mbstate_t *__restrict __ps),
> wcrtomb) __wur;
> >
>
>

[PATCH v3 09/16] posix/bits/unistd.h: Clearly separate declaration from definitions

[Frédéric Bérat]

This change is similar to what was done for bits/wchar2.h.
Routines declaration are moved into a dedicated bits/unistd-decl.h file
which is then included into the bits/unistd.h file.

This will allow to adapt the files so that PLT entries are not created when
_FORTIFY_SOURCE is enabled.
---
 include/bits/unistd-decl.h |   1 +
 include/unistd.h           |   1 +
 posix/Makefile             |   1 +
 posix/bits/unistd-decl.h   | 198 +++++++++++++++++++++++++++++++++++++
 posix/bits/unistd.h        | 154 +----------------------------
 5 files changed, 202 insertions(+), 153 deletions(-)
 create mode 100644 include/bits/unistd-decl.h
 create mode 100644 posix/bits/unistd-decl.h

diff --git a/include/bits/unistd-decl.h b/include/bits/unistd-decl.h
new file mode 100644
index 0000000000..7fcbd272ac
--- /dev/null
+++ b/include/bits/unistd-decl.h
@@ -0,0 +1 @@
+#include <posix/bits/unistd-decl.h>
diff --git a/include/unistd.h b/include/unistd.h
index 4345d08d60..b042a485f9 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -5,6 +5,7 @@
 
 #  include <stdbool.h>
 #  include <kernel-features.h>
+#  include <bits/unistd-decl.h>
 
 libc_hidden_proto (_exit, __noreturn__)
 #  ifndef NO_RTLD_HIDDEN
diff --git a/posix/Makefile b/posix/Makefile
index 5113ee3b74..3d368b91f6 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -42,6 +42,7 @@ headers := \
   bits/types/idtype_t.h \
   bits/types/struct_sched_param.h \
   bits/typesizes.h \
+  bits/unistd-decl.h \
   bits/unistd.h \
   bits/unistd_ext.h \
   bits/utsname.h \
diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
new file mode 100644
index 0000000000..2d0f7a4456
--- /dev/null
+++ b/posix/bits/unistd-decl.h
@@ -0,0 +1,198 @@
+/* Checking routines for unistd functions. Declaration only.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _BITS_UNISTD_DECL_H
+#define _BITS_UNISTD_DECL_H 1
+
+#ifndef _UNISTD_H
+# error "Never include <bits/unistd-decl.h> directly; use <unistd.h> instead."
+#endif
+
+extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
+			   size_t __buflen)
+     __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
+						  size_t __nbytes), read)
+     __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__read_chk_warn,
+			   (int __fd, void *__buf, size_t __nbytes,
+			    size_t __buflen), __read_chk)
+     __wur __warnattr ("read called with bigger length than size of "
+		       "the destination buffer");
+
+#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
+extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
+			    __off_t __offset, size_t __bufsize)
+     __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __pread64_chk (int __fd, void *__buf, size_t __nbytes,
+			      __off64_t __offset, size_t __bufsize)
+     __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__pread_alias,
+			   (int __fd, void *__buf, size_t __nbytes,
+			    __off_t __offset), pread)
+     __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__pread64_alias,
+			   (int __fd, void *__buf, size_t __nbytes,
+			    __off64_t __offset), pread64)
+     __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT (__pread_chk_warn,
+			   (int __fd, void *__buf, size_t __nbytes,
+			    __off_t __offset, size_t __bufsize), __pread_chk)
+     __wur __warnattr ("pread called with bigger length than size of "
+		       "the destination buffer");
+extern ssize_t __REDIRECT (__pread64_chk_warn,
+			   (int __fd, void *__buf, size_t __nbytes,
+			    __off64_t __offset, size_t __bufsize),
+			    __pread64_chk)
+     __wur __warnattr ("pread64 called with bigger length than size of "
+		       "the destination buffer");
+#endif
+
+#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
+extern ssize_t __readlink_chk (const char *__restrict __path,
+			       char *__restrict __buf, size_t __len,
+			       size_t __buflen)
+     __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT_NTH (__readlink_alias,
+			       (const char *__restrict __path,
+				char *__restrict __buf, size_t __len), readlink)
+     __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
+extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
+			       (const char *__restrict __path,
+				char *__restrict __buf, size_t __len,
+				size_t __buflen), __readlink_chk)
+     __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
+					  "than size of destination buffer");
+#endif
+
+#ifdef __USE_ATFILE
+extern ssize_t __readlinkat_chk (int __fd, const char *__restrict __path,
+				 char *__restrict __buf, size_t __len,
+				 size_t __buflen)
+     __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
+extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
+			       (int __fd, const char *__restrict __path,
+				char *__restrict __buf, size_t __len),
+			       readlinkat)
+     __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
+extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
+			       (int __fd, const char *__restrict __path,
+				char *__restrict __buf, size_t __len,
+				size_t __buflen), __readlinkat_chk)
+     __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
+					  "length than size of destination "
+					  "buffer");
+#endif
+
+extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
+     __THROW __wur;
+extern char *__REDIRECT_NTH (__getcwd_alias,
+			     (char *__buf, size_t __size), getcwd) __wur;
+extern char *__REDIRECT_NTH (__getcwd_chk_warn,
+			     (char *__buf, size_t __size, size_t __buflen),
+			     __getcwd_chk)
+     __wur __warnattr ("getcwd caller with bigger length than size of "
+		       "destination buffer");
+
+#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
+extern char *__getwd_chk (char *__buf, size_t buflen)
+     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
+extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
+     __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
+				       "doesn't specify buffer size");
+#endif
+
+extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
+			     size_t __buflen) __THROW
+     __attr_access ((__write_only__, 2, 3));
+extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
+						size_t __len), confstr)
+     __attr_access ((__write_only__, 2, 3));
+extern size_t __REDIRECT_NTH (__confstr_chk_warn,
+			      (int __name, char *__buf, size_t __len,
+			       size_t __buflen), __confstr_chk)
+     __warnattr ("confstr called with bigger length than size of destination "
+		 "buffer");
+
+
+extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
+     __THROW __wur __attr_access ((__write_only__, 2, 1));
+extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
+			   getgroups) __wur __attr_access ((__write_only__, 2, 1));
+extern int __REDIRECT_NTH (__getgroups_chk_warn,
+			   (int __size, __gid_t __list[], size_t __listlen),
+			   __getgroups_chk)
+     __wur __warnattr ("getgroups called with bigger group count than what "
+		       "can fit into destination buffer");
+
+
+extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
+			    size_t __nreal) __THROW __nonnull ((2))
+     __attr_access ((__write_only__, 2, 3));
+extern int __REDIRECT_NTH (__ttyname_r_alias, (int __fd, char *__buf,
+					       size_t __buflen), ttyname_r)
+     __nonnull ((2));
+extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
+			   (int __fd, char *__buf, size_t __buflen,
+			    size_t __nreal), __ttyname_r_chk)
+     __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
+				 "size of destination buffer");
+
+
+#ifdef __USE_POSIX199506
+extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
+     __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
+		       getlogin_r) __nonnull ((1));
+extern int __REDIRECT (__getlogin_r_chk_warn,
+		       (char *__buf, size_t __buflen, size_t __nreal),
+		       __getlogin_r_chk)
+     __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
+				 "size of destination buffer");
+#endif
+
+
+#if defined __USE_MISC || defined __USE_UNIX98
+extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
+     __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
+			   gethostname)
+     __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__gethostname_chk_warn,
+			   (char *__buf, size_t __buflen, size_t __nreal),
+			   __gethostname_chk)
+     __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
+				 "size of destination buffer");
+#endif
+
+
+#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
+extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
+     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
+						   size_t __buflen),
+			   getdomainname) __nonnull ((1))
+     __wur __attr_access ((__write_only__, 1, 2));
+extern int __REDIRECT_NTH (__getdomainname_chk_warn,
+			   (char *__buf, size_t __buflen, size_t __nreal),
+			   __getdomainname_chk)
+     __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
+				       "buflen than size of destination "
+				       "buffer");
+#endif
+#endif /* bits/unistd-decl.h.  */
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index 2a0782e6c8..6a381116a9 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -20,17 +20,7 @@
 # error "Never include <bits/unistd.h> directly; use <unistd.h> instead."
 #endif
 
-extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
-			   size_t __buflen)
-  __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
-					  size_t __nbytes), read)
-  __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__read_chk_warn,
-			   (int __fd, void *__buf, size_t __nbytes,
-			    size_t __buflen), __read_chk)
-     __wur __warnattr ("read called with bigger length than size of "
-		       "the destination buffer");
+# include <bits/unistd-decl.h>
 
 __fortify_function __wur ssize_t
 read (int __fd, void *__buf, size_t __nbytes)
@@ -41,32 +31,6 @@ read (int __fd, void *__buf, size_t __nbytes)
 }
 
 #if defined __USE_UNIX98 || defined __USE_XOPEN2K8
-extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
-			    __off_t __offset, size_t __bufsize)
-  __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __pread64_chk (int __fd, void *__buf, size_t __nbytes,
-			      __off64_t __offset, size_t __bufsize)
-  __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__pread_alias,
-			   (int __fd, void *__buf, size_t __nbytes,
-			    __off_t __offset), pread)
-  __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__pread64_alias,
-			   (int __fd, void *__buf, size_t __nbytes,
-			    __off64_t __offset), pread64)
-  __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__pread_chk_warn,
-			   (int __fd, void *__buf, size_t __nbytes,
-			    __off_t __offset, size_t __bufsize), __pread_chk)
-     __wur __warnattr ("pread called with bigger length than size of "
-		       "the destination buffer");
-extern ssize_t __REDIRECT (__pread64_chk_warn,
-			   (int __fd, void *__buf, size_t __nbytes,
-			    __off64_t __offset, size_t __bufsize),
-			    __pread64_chk)
-     __wur __warnattr ("pread64 called with bigger length than size of "
-		       "the destination buffer");
-
 # ifndef __USE_FILE_OFFSET64
 __fortify_function __wur ssize_t
 pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
@@ -97,21 +61,6 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
 #endif
 
 #if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
-extern ssize_t __readlink_chk (const char *__restrict __path,
-			       char *__restrict __buf, size_t __len,
-			       size_t __buflen)
-     __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT_NTH (__readlink_alias,
-			       (const char *__restrict __path,
-				char *__restrict __buf, size_t __len), readlink)
-     __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
-			       (const char *__restrict __path,
-				char *__restrict __buf, size_t __len,
-				size_t __buflen), __readlink_chk)
-     __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
-					  "than size of destination buffer");
-
 __fortify_function __nonnull ((1, 2)) __wur ssize_t
 __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
 		 size_t __len))
@@ -123,23 +72,6 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
 #endif
 
 #ifdef __USE_ATFILE
-extern ssize_t __readlinkat_chk (int __fd, const char *__restrict __path,
-				 char *__restrict __buf, size_t __len,
-				 size_t __buflen)
-     __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
-extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
-			       (int __fd, const char *__restrict __path,
-				char *__restrict __buf, size_t __len),
-			       readlinkat)
-     __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
-extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
-			       (int __fd, const char *__restrict __path,
-				char *__restrict __buf, size_t __len,
-				size_t __buflen), __readlinkat_chk)
-     __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
-					  "length than size of destination "
-					  "buffer");
-
 __fortify_function __nonnull ((2, 3)) __wur ssize_t
 __NTH (readlinkat (int __fd, const char *__restrict __path,
 		   char *__restrict __buf, size_t __len))
@@ -150,16 +82,6 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
 }
 #endif
 
-extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
-     __THROW __wur;
-extern char *__REDIRECT_NTH (__getcwd_alias,
-			     (char *__buf, size_t __size), getcwd) __wur;
-extern char *__REDIRECT_NTH (__getcwd_chk_warn,
-			     (char *__buf, size_t __size, size_t __buflen),
-			     __getcwd_chk)
-     __wur __warnattr ("getcwd caller with bigger length than size of "
-		       "destination buffer");
-
 __fortify_function __wur char *
 __NTH (getcwd (char *__buf, size_t __size))
 {
@@ -169,12 +91,6 @@ __NTH (getcwd (char *__buf, size_t __size))
 }
 
 #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
-extern char *__getwd_chk (char *__buf, size_t buflen)
-     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
-extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
-     __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
-				       "doesn't specify buffer size");
-
 __fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
 __NTH (getwd (char *__buf))
 {
@@ -184,18 +100,6 @@ __NTH (getwd (char *__buf))
 }
 #endif
 
-extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
-			     size_t __buflen) __THROW
-  __attr_access ((__write_only__, 2, 3));
-extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
-						size_t __len), confstr)
-   __attr_access ((__write_only__, 2, 3));
-extern size_t __REDIRECT_NTH (__confstr_chk_warn,
-			      (int __name, char *__buf, size_t __len,
-			       size_t __buflen), __confstr_chk)
-     __warnattr ("confstr called with bigger length than size of destination "
-		 "buffer");
-
 __fortify_function size_t
 __NTH (confstr (int __name, char *__buf, size_t __len))
 {
@@ -205,16 +109,6 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
 }
 
 
-extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
-  __THROW __wur __attr_access ((__write_only__, 2, 1));
-extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
-			   getgroups) __wur __attr_access ((__write_only__, 2, 1));
-extern int __REDIRECT_NTH (__getgroups_chk_warn,
-			   (int __size, __gid_t __list[], size_t __listlen),
-			   __getgroups_chk)
-     __wur __warnattr ("getgroups called with bigger group count than what "
-		       "can fit into destination buffer");
-
 __fortify_function int
 __NTH (getgroups (int __size, __gid_t __list[]))
 {
@@ -224,18 +118,6 @@ __NTH (getgroups (int __size, __gid_t __list[]))
 }
 
 
-extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
-			    size_t __nreal) __THROW __nonnull ((2))
-   __attr_access ((__write_only__, 2, 3));
-extern int __REDIRECT_NTH (__ttyname_r_alias, (int __fd, char *__buf,
-					       size_t __buflen), ttyname_r)
-     __nonnull ((2));
-extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
-			   (int __fd, char *__buf, size_t __buflen,
-			    size_t __nreal), __ttyname_r_chk)
-     __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
-				 "size of destination buffer");
-
 __fortify_function int
 __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
 {
@@ -246,16 +128,6 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
 
 
 #ifdef __USE_POSIX199506
-extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
-     __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
-		       getlogin_r) __nonnull ((1));
-extern int __REDIRECT (__getlogin_r_chk_warn,
-		       (char *__buf, size_t __buflen, size_t __nreal),
-		       __getlogin_r_chk)
-     __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
-				 "size of destination buffer");
-
 __fortify_function int
 getlogin_r (char *__buf, size_t __buflen)
 {
@@ -267,17 +139,6 @@ getlogin_r (char *__buf, size_t __buflen)
 
 
 #if defined __USE_MISC || defined __USE_UNIX98
-extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
-     __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
-			   gethostname)
-  __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__gethostname_chk_warn,
-			   (char *__buf, size_t __buflen, size_t __nreal),
-			   __gethostname_chk)
-     __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
-				 "size of destination buffer");
-
 __fortify_function int
 __NTH (gethostname (char *__buf, size_t __buflen))
 {
@@ -289,19 +150,6 @@ __NTH (gethostname (char *__buf, size_t __buflen))
 
 
 #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
-extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
-     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
-						   size_t __buflen),
-			   getdomainname) __nonnull ((1))
-  __wur __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__getdomainname_chk_warn,
-			   (char *__buf, size_t __buflen, size_t __nreal),
-			   __getdomainname_chk)
-     __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
-				       "buflen than size of destination "
-				       "buffer");
-
 __fortify_function int
 __NTH (getdomainname (char *__buf, size_t __buflen))
 {
-- 
2.41.0

Re: [PATCH v3 09/16] posix/bits/unistd.h: Clearly separate declaration from definitions

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> This change is similar to what was done for bits/wchar2.h.
> Routines declaration are moved into a dedicated bits/unistd-decl.h file
> which is then included into the bits/unistd.h file.
> 
> This will allow to adapt the files so that PLT entries are not created when
> _FORTIFY_SOURCE is enabled.
> ---

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   include/bits/unistd-decl.h |   1 +
>   include/unistd.h           |   1 +
>   posix/Makefile             |   1 +
>   posix/bits/unistd-decl.h   | 198 +++++++++++++++++++++++++++++++++++++
>   posix/bits/unistd.h        | 154 +----------------------------
>   5 files changed, 202 insertions(+), 153 deletions(-)
>   create mode 100644 include/bits/unistd-decl.h
>   create mode 100644 posix/bits/unistd-decl.h
> 
> diff --git a/include/bits/unistd-decl.h b/include/bits/unistd-decl.h
> new file mode 100644
> index 0000000000..7fcbd272ac
> --- /dev/null
> +++ b/include/bits/unistd-decl.h
> @@ -0,0 +1 @@
> +#include <posix/bits/unistd-decl.h>
> diff --git a/include/unistd.h b/include/unistd.h
> index 4345d08d60..b042a485f9 100644
> --- a/include/unistd.h
> +++ b/include/unistd.h
> @@ -5,6 +5,7 @@
>   
>   #  include <stdbool.h>
>   #  include <kernel-features.h>
> +#  include <bits/unistd-decl.h>
>   
>   libc_hidden_proto (_exit, __noreturn__)
>   #  ifndef NO_RTLD_HIDDEN
> diff --git a/posix/Makefile b/posix/Makefile
> index 5113ee3b74..3d368b91f6 100644
> --- a/posix/Makefile
> +++ b/posix/Makefile
> @@ -42,6 +42,7 @@ headers := \
>     bits/types/idtype_t.h \
>     bits/types/struct_sched_param.h \
>     bits/typesizes.h \
> +  bits/unistd-decl.h \
>     bits/unistd.h \
>     bits/unistd_ext.h \
>     bits/utsname.h \
> diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
> new file mode 100644
> index 0000000000..2d0f7a4456
> --- /dev/null
> +++ b/posix/bits/unistd-decl.h
> @@ -0,0 +1,198 @@
> +/* Checking routines for unistd functions. Declaration only.
> +   Copyright (C) 2023 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <https://www.gnu.org/licenses/>.  */
> +
> +#ifndef _BITS_UNISTD_DECL_H
> +#define _BITS_UNISTD_DECL_H 1
> +
> +#ifndef _UNISTD_H
> +# error "Never include <bits/unistd-decl.h> directly; use <unistd.h> instead."
> +#endif
> +
> +extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
> +			   size_t __buflen)
> +     __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
> +						  size_t __nbytes), read)
> +     __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT (__read_chk_warn,
> +			   (int __fd, void *__buf, size_t __nbytes,
> +			    size_t __buflen), __read_chk)
> +     __wur __warnattr ("read called with bigger length than size of "
> +		       "the destination buffer");
> +
> +#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
> +extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
> +			    __off_t __offset, size_t __bufsize)
> +     __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __pread64_chk (int __fd, void *__buf, size_t __nbytes,
> +			      __off64_t __offset, size_t __bufsize)
> +     __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT (__pread_alias,
> +			   (int __fd, void *__buf, size_t __nbytes,
> +			    __off_t __offset), pread)
> +     __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT (__pread64_alias,
> +			   (int __fd, void *__buf, size_t __nbytes,
> +			    __off64_t __offset), pread64)
> +     __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT (__pread_chk_warn,
> +			   (int __fd, void *__buf, size_t __nbytes,
> +			    __off_t __offset, size_t __bufsize), __pread_chk)
> +     __wur __warnattr ("pread called with bigger length than size of "
> +		       "the destination buffer");
> +extern ssize_t __REDIRECT (__pread64_chk_warn,
> +			   (int __fd, void *__buf, size_t __nbytes,
> +			    __off64_t __offset, size_t __bufsize),
> +			    __pread64_chk)
> +     __wur __warnattr ("pread64 called with bigger length than size of "
> +		       "the destination buffer");
> +#endif
> +
> +#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
> +extern ssize_t __readlink_chk (const char *__restrict __path,
> +			       char *__restrict __buf, size_t __len,
> +			       size_t __buflen)
> +     __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT_NTH (__readlink_alias,
> +			       (const char *__restrict __path,
> +				char *__restrict __buf, size_t __len), readlink)
> +     __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
> +extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
> +			       (const char *__restrict __path,
> +				char *__restrict __buf, size_t __len,
> +				size_t __buflen), __readlink_chk)
> +     __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
> +					  "than size of destination buffer");
> +#endif
> +
> +#ifdef __USE_ATFILE
> +extern ssize_t __readlinkat_chk (int __fd, const char *__restrict __path,
> +				 char *__restrict __buf, size_t __len,
> +				 size_t __buflen)
> +     __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
> +extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
> +			       (int __fd, const char *__restrict __path,
> +				char *__restrict __buf, size_t __len),
> +			       readlinkat)
> +     __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
> +extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
> +			       (int __fd, const char *__restrict __path,
> +				char *__restrict __buf, size_t __len,
> +				size_t __buflen), __readlinkat_chk)
> +     __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
> +					  "length than size of destination "
> +					  "buffer");
> +#endif
> +
> +extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
> +     __THROW __wur;
> +extern char *__REDIRECT_NTH (__getcwd_alias,
> +			     (char *__buf, size_t __size), getcwd) __wur;
> +extern char *__REDIRECT_NTH (__getcwd_chk_warn,
> +			     (char *__buf, size_t __size, size_t __buflen),
> +			     __getcwd_chk)
> +     __wur __warnattr ("getcwd caller with bigger length than size of "
> +		       "destination buffer");
> +
> +#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
> +extern char *__getwd_chk (char *__buf, size_t buflen)
> +     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
> +extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
> +     __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
> +				       "doesn't specify buffer size");
> +#endif
> +
> +extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
> +			     size_t __buflen) __THROW
> +     __attr_access ((__write_only__, 2, 3));
> +extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
> +						size_t __len), confstr)
> +     __attr_access ((__write_only__, 2, 3));
> +extern size_t __REDIRECT_NTH (__confstr_chk_warn,
> +			      (int __name, char *__buf, size_t __len,
> +			       size_t __buflen), __confstr_chk)
> +     __warnattr ("confstr called with bigger length than size of destination "
> +		 "buffer");
> +
> +
> +extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
> +     __THROW __wur __attr_access ((__write_only__, 2, 1));
> +extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
> +			   getgroups) __wur __attr_access ((__write_only__, 2, 1));
> +extern int __REDIRECT_NTH (__getgroups_chk_warn,
> +			   (int __size, __gid_t __list[], size_t __listlen),
> +			   __getgroups_chk)
> +     __wur __warnattr ("getgroups called with bigger group count than what "
> +		       "can fit into destination buffer");
> +
> +
> +extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
> +			    size_t __nreal) __THROW __nonnull ((2))
> +     __attr_access ((__write_only__, 2, 3));
> +extern int __REDIRECT_NTH (__ttyname_r_alias, (int __fd, char *__buf,
> +					       size_t __buflen), ttyname_r)
> +     __nonnull ((2));
> +extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
> +			   (int __fd, char *__buf, size_t __buflen,
> +			    size_t __nreal), __ttyname_r_chk)
> +     __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
> +				 "size of destination buffer");
> +
> +
> +#ifdef __USE_POSIX199506
> +extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
> +     __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> +extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
> +		       getlogin_r) __nonnull ((1));
> +extern int __REDIRECT (__getlogin_r_chk_warn,
> +		       (char *__buf, size_t __buflen, size_t __nreal),
> +		       __getlogin_r_chk)
> +     __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
> +				 "size of destination buffer");
> +#endif
> +
> +
> +#if defined __USE_MISC || defined __USE_UNIX98
> +extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
> +     __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> +extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
> +			   gethostname)
> +     __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> +extern int __REDIRECT_NTH (__gethostname_chk_warn,
> +			   (char *__buf, size_t __buflen, size_t __nreal),
> +			   __gethostname_chk)
> +     __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
> +				 "size of destination buffer");
> +#endif
> +
> +
> +#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
> +extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
> +     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
> +extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
> +						   size_t __buflen),
> +			   getdomainname) __nonnull ((1))
> +     __wur __attr_access ((__write_only__, 1, 2));
> +extern int __REDIRECT_NTH (__getdomainname_chk_warn,
> +			   (char *__buf, size_t __buflen, size_t __nreal),
> +			   __getdomainname_chk)
> +     __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
> +				       "buflen than size of destination "
> +				       "buffer");
> +#endif
> +#endif /* bits/unistd-decl.h.  */
> diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
> index 2a0782e6c8..6a381116a9 100644
> --- a/posix/bits/unistd.h
> +++ b/posix/bits/unistd.h
> @@ -20,17 +20,7 @@
>   # error "Never include <bits/unistd.h> directly; use <unistd.h> instead."
>   #endif
>   
> -extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
> -			   size_t __buflen)
> -  __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
> -					  size_t __nbytes), read)
> -  __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__read_chk_warn,
> -			   (int __fd, void *__buf, size_t __nbytes,
> -			    size_t __buflen), __read_chk)
> -     __wur __warnattr ("read called with bigger length than size of "
> -		       "the destination buffer");
> +# include <bits/unistd-decl.h>
>   
>   __fortify_function __wur ssize_t
>   read (int __fd, void *__buf, size_t __nbytes)
> @@ -41,32 +31,6 @@ read (int __fd, void *__buf, size_t __nbytes)
>   }
>   
>   #if defined __USE_UNIX98 || defined __USE_XOPEN2K8
> -extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
> -			    __off_t __offset, size_t __bufsize)
> -  __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __pread64_chk (int __fd, void *__buf, size_t __nbytes,
> -			      __off64_t __offset, size_t __bufsize)
> -  __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__pread_alias,
> -			   (int __fd, void *__buf, size_t __nbytes,
> -			    __off_t __offset), pread)
> -  __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__pread64_alias,
> -			   (int __fd, void *__buf, size_t __nbytes,
> -			    __off64_t __offset), pread64)
> -  __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__pread_chk_warn,
> -			   (int __fd, void *__buf, size_t __nbytes,
> -			    __off_t __offset, size_t __bufsize), __pread_chk)
> -     __wur __warnattr ("pread called with bigger length than size of "
> -		       "the destination buffer");
> -extern ssize_t __REDIRECT (__pread64_chk_warn,
> -			   (int __fd, void *__buf, size_t __nbytes,
> -			    __off64_t __offset, size_t __bufsize),
> -			    __pread64_chk)
> -     __wur __warnattr ("pread64 called with bigger length than size of "
> -		       "the destination buffer");
> -
>   # ifndef __USE_FILE_OFFSET64
>   __fortify_function __wur ssize_t
>   pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
> @@ -97,21 +61,6 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
>   #endif
>   
>   #if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
> -extern ssize_t __readlink_chk (const char *__restrict __path,
> -			       char *__restrict __buf, size_t __len,
> -			       size_t __buflen)
> -     __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT_NTH (__readlink_alias,
> -			       (const char *__restrict __path,
> -				char *__restrict __buf, size_t __len), readlink)
> -     __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
> -			       (const char *__restrict __path,
> -				char *__restrict __buf, size_t __len,
> -				size_t __buflen), __readlink_chk)
> -     __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
> -					  "than size of destination buffer");
> -
>   __fortify_function __nonnull ((1, 2)) __wur ssize_t
>   __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
>   		 size_t __len))
> @@ -123,23 +72,6 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
>   #endif
>   
>   #ifdef __USE_ATFILE
> -extern ssize_t __readlinkat_chk (int __fd, const char *__restrict __path,
> -				 char *__restrict __buf, size_t __len,
> -				 size_t __buflen)
> -     __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
> -extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
> -			       (int __fd, const char *__restrict __path,
> -				char *__restrict __buf, size_t __len),
> -			       readlinkat)
> -     __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
> -extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
> -			       (int __fd, const char *__restrict __path,
> -				char *__restrict __buf, size_t __len,
> -				size_t __buflen), __readlinkat_chk)
> -     __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
> -					  "length than size of destination "
> -					  "buffer");
> -
>   __fortify_function __nonnull ((2, 3)) __wur ssize_t
>   __NTH (readlinkat (int __fd, const char *__restrict __path,
>   		   char *__restrict __buf, size_t __len))
> @@ -150,16 +82,6 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
>   }
>   #endif
>   
> -extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
> -     __THROW __wur;
> -extern char *__REDIRECT_NTH (__getcwd_alias,
> -			     (char *__buf, size_t __size), getcwd) __wur;
> -extern char *__REDIRECT_NTH (__getcwd_chk_warn,
> -			     (char *__buf, size_t __size, size_t __buflen),
> -			     __getcwd_chk)
> -     __wur __warnattr ("getcwd caller with bigger length than size of "
> -		       "destination buffer");
> -
>   __fortify_function __wur char *
>   __NTH (getcwd (char *__buf, size_t __size))
>   {
> @@ -169,12 +91,6 @@ __NTH (getcwd (char *__buf, size_t __size))
>   }
>   
>   #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
> -extern char *__getwd_chk (char *__buf, size_t buflen)
> -     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
> -extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
> -     __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
> -				       "doesn't specify buffer size");
> -
>   __fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
>   __NTH (getwd (char *__buf))
>   {
> @@ -184,18 +100,6 @@ __NTH (getwd (char *__buf))
>   }
>   #endif
>   
> -extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
> -			     size_t __buflen) __THROW
> -  __attr_access ((__write_only__, 2, 3));
> -extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
> -						size_t __len), confstr)
> -   __attr_access ((__write_only__, 2, 3));
> -extern size_t __REDIRECT_NTH (__confstr_chk_warn,
> -			      (int __name, char *__buf, size_t __len,
> -			       size_t __buflen), __confstr_chk)
> -     __warnattr ("confstr called with bigger length than size of destination "
> -		 "buffer");
> -
>   __fortify_function size_t
>   __NTH (confstr (int __name, char *__buf, size_t __len))
>   {
> @@ -205,16 +109,6 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
>   }
>   
>   
> -extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
> -  __THROW __wur __attr_access ((__write_only__, 2, 1));
> -extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
> -			   getgroups) __wur __attr_access ((__write_only__, 2, 1));
> -extern int __REDIRECT_NTH (__getgroups_chk_warn,
> -			   (int __size, __gid_t __list[], size_t __listlen),
> -			   __getgroups_chk)
> -     __wur __warnattr ("getgroups called with bigger group count than what "
> -		       "can fit into destination buffer");
> -
>   __fortify_function int
>   __NTH (getgroups (int __size, __gid_t __list[]))
>   {
> @@ -224,18 +118,6 @@ __NTH (getgroups (int __size, __gid_t __list[]))
>   }
>   
>   
> -extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
> -			    size_t __nreal) __THROW __nonnull ((2))
> -   __attr_access ((__write_only__, 2, 3));
> -extern int __REDIRECT_NTH (__ttyname_r_alias, (int __fd, char *__buf,
> -					       size_t __buflen), ttyname_r)
> -     __nonnull ((2));
> -extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
> -			   (int __fd, char *__buf, size_t __buflen,
> -			    size_t __nreal), __ttyname_r_chk)
> -     __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
> -				 "size of destination buffer");
> -
>   __fortify_function int
>   __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
>   {
> @@ -246,16 +128,6 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
>   
>   
>   #ifdef __USE_POSIX199506
> -extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
> -     __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
> -		       getlogin_r) __nonnull ((1));
> -extern int __REDIRECT (__getlogin_r_chk_warn,
> -		       (char *__buf, size_t __buflen, size_t __nreal),
> -		       __getlogin_r_chk)
> -     __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
> -				 "size of destination buffer");
> -
>   __fortify_function int
>   getlogin_r (char *__buf, size_t __buflen)
>   {
> @@ -267,17 +139,6 @@ getlogin_r (char *__buf, size_t __buflen)
>   
>   
>   #if defined __USE_MISC || defined __USE_UNIX98
> -extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
> -     __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
> -			   gethostname)
> -  __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT_NTH (__gethostname_chk_warn,
> -			   (char *__buf, size_t __buflen, size_t __nreal),
> -			   __gethostname_chk)
> -     __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
> -				 "size of destination buffer");
> -
>   __fortify_function int
>   __NTH (gethostname (char *__buf, size_t __buflen))
>   {
> @@ -289,19 +150,6 @@ __NTH (gethostname (char *__buf, size_t __buflen))
>   
>   
>   #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
> -extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
> -     __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
> -						   size_t __buflen),
> -			   getdomainname) __nonnull ((1))
> -  __wur __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT_NTH (__getdomainname_chk_warn,
> -			   (char *__buf, size_t __buflen, size_t __nreal),
> -			   __getdomainname_chk)
> -     __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
> -				       "buflen than size of destination "
> -				       "buffer");
> -
>   __fortify_function int
>   __NTH (getdomainname (char *__buf, size_t __buflen))
>   {

[PATCH v3 10/16] unistd: Avoid PLT entries with _FORTIFY_SOURCE

[Frédéric Bérat]

The change is meant to avoid unwanted PLT entries for the read_chk,
getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set.
---
 debug/getdomainname_chk.c | 1 +
 debug/read_chk.c          | 1 +
 include/unistd.h          | 4 ++++
 login/getlogin_r_chk.c    | 1 +
 posix/bits/unistd-decl.h  | 6 +++---
 5 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/debug/getdomainname_chk.c b/debug/getdomainname_chk.c
index ccea1b2d9e..c0e6c7bd4b 100644
--- a/debug/getdomainname_chk.c
+++ b/debug/getdomainname_chk.c
@@ -26,3 +26,4 @@ __getdomainname_chk (char *buf, size_t buflen, size_t nreal)
 
   return getdomainname (buf, buflen);
 }
+libc_hidden_builtin_def (__getdomainname_chk)
diff --git a/debug/read_chk.c b/debug/read_chk.c
index 17588736a1..dfd87206b2 100644
--- a/debug/read_chk.c
+++ b/debug/read_chk.c
@@ -25,3 +25,4 @@ __read_chk (int fd, void *buf, size_t nbytes, size_t buflen)
 
   return __read (fd, buf, nbytes);
 }
+libc_hidden_builtin_def (__read_chk)
diff --git a/include/unistd.h b/include/unistd.h
index b042a485f9..243e52b471 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -32,6 +32,10 @@ libc_hidden_proto (readlinkat)
 libc_hidden_proto (fsync)
 libc_hidden_proto (fdatasync)
 
+libc_hidden_builtin_proto (__read_chk)
+libc_hidden_builtin_proto (__getdomainname_chk)
+libc_hidden_builtin_proto (__getlogin_r_chk)
+
 /* Now define the internal interfaces.  */
 extern int __access (const char *__name, int __type);
 libc_hidden_proto (__access)
diff --git a/login/getlogin_r_chk.c b/login/getlogin_r_chk.c
index 12a0d12bd4..576567f287 100644
--- a/login/getlogin_r_chk.c
+++ b/login/getlogin_r_chk.c
@@ -26,3 +26,4 @@ __getlogin_r_chk (char *buf, size_t buflen, size_t nreal)
 
   return getlogin_r (buf, buflen);
 }
+libc_hidden_builtin_def (__getlogin_r_chk)
diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
index 2d0f7a4456..2603039767 100644
--- a/posix/bits/unistd-decl.h
+++ b/posix/bits/unistd-decl.h
@@ -26,7 +26,7 @@
 extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
 			   size_t __buflen)
      __wur __attr_access ((__write_only__, 2, 3));
-extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
+extern ssize_t __REDIRECT_FORTIFY (__read_alias, (int __fd, void *__buf,
 						  size_t __nbytes), read)
      __wur __attr_access ((__write_only__, 2, 3));
 extern ssize_t __REDIRECT (__read_chk_warn,
@@ -157,7 +157,7 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
 #ifdef __USE_POSIX199506
 extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
      __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
+extern int __REDIRECT_FORTIFY (__getlogin_r_alias, (char *__buf, size_t __buflen),
 		       getlogin_r) __nonnull ((1));
 extern int __REDIRECT (__getlogin_r_chk_warn,
 		       (char *__buf, size_t __buflen, size_t __nreal),
@@ -184,7 +184,7 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
 #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
 extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
      __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
-extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
+extern int __REDIRECT_FORTIFY_NTH (__getdomainname_alias, (char *__buf,
 						   size_t __buflen),
 			   getdomainname) __nonnull ((1))
      __wur __attr_access ((__write_only__, 1, 2));
-- 
2.41.0

Re: [PATCH v3 10/16] unistd: Avoid PLT entries with _FORTIFY_SOURCE

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> The change is meant to avoid unwanted PLT entries for the read_chk,
> getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set.
> ---
>   debug/getdomainname_chk.c | 1 +
>   debug/read_chk.c          | 1 +
>   include/unistd.h          | 4 ++++
>   login/getlogin_r_chk.c    | 1 +
>   posix/bits/unistd-decl.h  | 6 +++---
>   5 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/debug/getdomainname_chk.c b/debug/getdomainname_chk.c
> index ccea1b2d9e..c0e6c7bd4b 100644
> --- a/debug/getdomainname_chk.c
> +++ b/debug/getdomainname_chk.c
> @@ -26,3 +26,4 @@ __getdomainname_chk (char *buf, size_t buflen, size_t nreal)
>   
>     return getdomainname (buf, buflen);
>   }
> +libc_hidden_builtin_def (__getdomainname_chk)

getdomainname is not a builtin, so perhaps just use libc_hidden_def?  It 
doesn't make a difference in practice, but I reckon we may make a 
distinction in future and this might slip up.

Builtins are defined in gcc sources, see gcc/builtins.def.  As an aside 
though, I wonder if we've ever made this distinction, but that's a QoI 
issue at the moment.

> diff --git a/debug/read_chk.c b/debug/read_chk.c
> index 17588736a1..dfd87206b2 100644
> --- a/debug/read_chk.c
> +++ b/debug/read_chk.c
> @@ -25,3 +25,4 @@ __read_chk (int fd, void *buf, size_t nbytes, size_t buflen)
>   
>     return __read (fd, buf, nbytes);
>   }
> +libc_hidden_builtin_def (__read_chk)

Likewise, not a builtin.

> diff --git a/include/unistd.h b/include/unistd.h
> index b042a485f9..243e52b471 100644
> --- a/include/unistd.h
> +++ b/include/unistd.h
> @@ -32,6 +32,10 @@ libc_hidden_proto (readlinkat)
>   libc_hidden_proto (fsync)
>   libc_hidden_proto (fdatasync)
>   
> +libc_hidden_builtin_proto (__read_chk)
> +libc_hidden_builtin_proto (__getdomainname_chk)
> +libc_hidden_builtin_proto (__getlogin_r_chk)

Likewise, libc_hidden_proto.

> +
>   /* Now define the internal interfaces.  */
>   extern int __access (const char *__name, int __type);
>   libc_hidden_proto (__access)
> diff --git a/login/getlogin_r_chk.c b/login/getlogin_r_chk.c
> index 12a0d12bd4..576567f287 100644
> --- a/login/getlogin_r_chk.c
> +++ b/login/getlogin_r_chk.c
> @@ -26,3 +26,4 @@ __getlogin_r_chk (char *buf, size_t buflen, size_t nreal)
>   
>     return getlogin_r (buf, buflen);
>   }
> +libc_hidden_builtin_def (__getlogin_r_chk)

Likewise.

> diff --git a/posix/bits/unistd-decl.h b/posix/bits/unistd-decl.h
> index 2d0f7a4456..2603039767 100644
> --- a/posix/bits/unistd-decl.h
> +++ b/posix/bits/unistd-decl.h
> @@ -26,7 +26,7 @@
>   extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
>   			   size_t __buflen)
>        __wur __attr_access ((__write_only__, 2, 3));
> -extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
> +extern ssize_t __REDIRECT_FORTIFY (__read_alias, (int __fd, void *__buf,
>   						  size_t __nbytes), read)
>        __wur __attr_access ((__write_only__, 2, 3));
>   extern ssize_t __REDIRECT (__read_chk_warn,
> @@ -157,7 +157,7 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
>   #ifdef __USE_POSIX199506
>   extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
>        __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
> +extern int __REDIRECT_FORTIFY (__getlogin_r_alias, (char *__buf, size_t __buflen),
>   		       getlogin_r) __nonnull ((1));
>   extern int __REDIRECT (__getlogin_r_chk_warn,
>   		       (char *__buf, size_t __buflen, size_t __nreal),
> @@ -184,7 +184,7 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
>   #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
>   extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
>        __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
> -extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
> +extern int __REDIRECT_FORTIFY_NTH (__getdomainname_alias, (char *__buf,
>   						   size_t __buflen),
>   			   getdomainname) __nonnull ((1))
>        __wur __attr_access ((__write_only__, 1, 2));

[PATCH v3 11/16] misc/bits/select2.h: Clearly separate declaration from definitions

[Frédéric Bérat]

The __fdelt_chk declaration needs to be available so that
libc_hidden_builtin_proto can be used while not redefining __FD_ELT.
Thus, misc/bits/select-decl.h is created to hold the corresponding
prototypes.
---
 debug/fdelt_chk.c          |  2 ++
 include/bits/select-decl.h |  1 +
 include/sys/select.h       |  4 ++++
 misc/Makefile              |  1 +
 misc/bits/select-decl.h    | 31 +++++++++++++++++++++++++++++++
 misc/bits/select2.h        |  6 ++----
 6 files changed, 41 insertions(+), 4 deletions(-)
 create mode 100644 include/bits/select-decl.h
 create mode 100644 misc/bits/select-decl.h

diff --git a/debug/fdelt_chk.c b/debug/fdelt_chk.c
index d1d3a19460..841337a55d 100644
--- a/debug/fdelt_chk.c
+++ b/debug/fdelt_chk.c
@@ -28,3 +28,5 @@ __fdelt_chk (long int d)
   return d / __NFDBITS;
 }
 strong_alias (__fdelt_chk, __fdelt_warn)
+
+libc_hidden_builtin_def (__fdelt_chk)
diff --git a/include/bits/select-decl.h b/include/bits/select-decl.h
new file mode 100644
index 0000000000..43db738a61
--- /dev/null
+++ b/include/bits/select-decl.h
@@ -0,0 +1 @@
+#include <misc/bits/select-decl.h>
diff --git a/include/sys/select.h b/include/sys/select.h
index a8961afbed..e87806c249 100644
--- a/include/sys/select.h
+++ b/include/sys/select.h
@@ -3,6 +3,10 @@
 
 #ifndef _ISOMAC
 /* Now define the internal interfaces.  */
+
+#include <bits/select-decl.h>
+libc_hidden_builtin_proto (__fdelt_chk)
+
 # if __TIMESIZE == 64
 #  define __pselect64 __pselect
 #  define __select64  __select
diff --git a/misc/Makefile b/misc/Makefile
index 36ba7a0bad..3497d30f3b 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -68,6 +68,7 @@ headers	:= \
   bits/syslog-ldbl.h \
   bits/syslog-path.h \
   bits/error.h \
+  bits/select-decl.h \
   bits/select2.h \
   bits/hwcap.h \
   sys/auxv.h \
diff --git a/misc/bits/select-decl.h b/misc/bits/select-decl.h
new file mode 100644
index 0000000000..95962e1b98
--- /dev/null
+++ b/misc/bits/select-decl.h
@@ -0,0 +1,31 @@
+/* Checking routines for select functions. Declaration only.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _BITS_SELECT_DECL_H
+#define _BITS_SELECT_DECL_H 1
+
+#ifndef _SYS_SELECT_H
+# error "Never include <bits/select-decl.h> directly; use <sys/select.h> instead."
+#endif
+
+/* Helper functions to issue warnings and errors when needed.  */
+extern long int __fdelt_chk (long int __d);
+extern long int __fdelt_warn (long int __d)
+  __warnattr ("bit outside of fd_set selected");
+
+#endif
diff --git a/misc/bits/select2.h b/misc/bits/select2.h
index abd84a19d5..91e85c87d1 100644
--- a/misc/bits/select2.h
+++ b/misc/bits/select2.h
@@ -20,10 +20,8 @@
 # error "Never include <bits/select2.h> directly; use <sys/select.h> instead."
 #endif
 
-/* Helper functions to issue warnings and errors when needed.  */
-extern long int __fdelt_chk (long int __d);
-extern long int __fdelt_warn (long int __d)
-  __warnattr ("bit outside of fd_set selected");
+#include <bits/select-decl.h>
+
 #undef __FD_ELT
 #define	__FD_ELT(d) \
   __extension__								    \
-- 
2.41.0

Re: [PATCH v3 11/16] misc/bits/select2.h: Clearly separate declaration from definitions

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> The __fdelt_chk declaration needs to be available so that
> libc_hidden_builtin_proto can be used while not redefining __FD_ELT.
> Thus, misc/bits/select-decl.h is created to hold the corresponding
> prototypes.
> ---
>   debug/fdelt_chk.c          |  2 ++
>   include/bits/select-decl.h |  1 +
>   include/sys/select.h       |  4 ++++
>   misc/Makefile              |  1 +
>   misc/bits/select-decl.h    | 31 +++++++++++++++++++++++++++++++
>   misc/bits/select2.h        |  6 ++----
>   6 files changed, 41 insertions(+), 4 deletions(-)
>   create mode 100644 include/bits/select-decl.h
>   create mode 100644 misc/bits/select-decl.h
> 
> diff --git a/debug/fdelt_chk.c b/debug/fdelt_chk.c
> index d1d3a19460..841337a55d 100644
> --- a/debug/fdelt_chk.c
> +++ b/debug/fdelt_chk.c
> @@ -28,3 +28,5 @@ __fdelt_chk (long int d)
>     return d / __NFDBITS;
>   }
>   strong_alias (__fdelt_chk, __fdelt_warn)
> +
> +libc_hidden_builtin_def (__fdelt_chk)

Not a builtin again, so just libc_hidden_def.

> diff --git a/include/bits/select-decl.h b/include/bits/select-decl.h
> new file mode 100644
> index 0000000000..43db738a61
> --- /dev/null
> +++ b/include/bits/select-decl.h
> @@ -0,0 +1 @@
> +#include <misc/bits/select-decl.h>
> diff --git a/include/sys/select.h b/include/sys/select.h
> index a8961afbed..e87806c249 100644
> --- a/include/sys/select.h
> +++ b/include/sys/select.h
> @@ -3,6 +3,10 @@
>   
>   #ifndef _ISOMAC
>   /* Now define the internal interfaces.  */
> +
> +#include <bits/select-decl.h>
> +libc_hidden_builtin_proto (__fdelt_chk)
> +
>   # if __TIMESIZE == 64
>   #  define __pselect64 __pselect
>   #  define __select64  __select
> diff --git a/misc/Makefile b/misc/Makefile
> index 36ba7a0bad..3497d30f3b 100644
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -68,6 +68,7 @@ headers	:= \
>     bits/syslog-ldbl.h \
>     bits/syslog-path.h \
>     bits/error.h \
> +  bits/select-decl.h \
>     bits/select2.h \
>     bits/hwcap.h \
>     sys/auxv.h \
> diff --git a/misc/bits/select-decl.h b/misc/bits/select-decl.h
> new file mode 100644
> index 0000000000..95962e1b98
> --- /dev/null
> +++ b/misc/bits/select-decl.h
> @@ -0,0 +1,31 @@
> +/* Checking routines for select functions. Declaration only.
> +   Copyright (C) 2023 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <https://www.gnu.org/licenses/>.  */
> +
> +#ifndef _BITS_SELECT_DECL_H
> +#define _BITS_SELECT_DECL_H 1
> +
> +#ifndef _SYS_SELECT_H
> +# error "Never include <bits/select-decl.h> directly; use <sys/select.h> instead."
> +#endif
> +
> +/* Helper functions to issue warnings and errors when needed.  */
> +extern long int __fdelt_chk (long int __d);
> +extern long int __fdelt_warn (long int __d)
> +  __warnattr ("bit outside of fd_set selected");
> +
> +#endif
> diff --git a/misc/bits/select2.h b/misc/bits/select2.h
> index abd84a19d5..91e85c87d1 100644
> --- a/misc/bits/select2.h
> +++ b/misc/bits/select2.h
> @@ -20,10 +20,8 @@
>   # error "Never include <bits/select2.h> directly; use <sys/select.h> instead."
>   #endif
>   
> -/* Helper functions to issue warnings and errors when needed.  */
> -extern long int __fdelt_chk (long int __d);
> -extern long int __fdelt_warn (long int __d)
> -  __warnattr ("bit outside of fd_set selected");
> +#include <bits/select-decl.h>
> +
>   #undef __FD_ELT
>   #define	__FD_ELT(d) \
>     __extension__								    \

[PATCH v3 12/16] misc/bits/syslog.h: Clearly separate declaration from definition

[Frédéric Bérat]

This allows to include bits/syslog-decl.h in include/sys/syslog.h and
therefore be able to create the libc_hidden_builtin_proto (__syslog_chk)
prototype.
---
 include/bits/syslog-decl.h                    |  1 +
 include/sys/syslog.h                          |  4 +++
 misc/Makefile                                 |  1 +
 misc/bits/syslog-decl.h                       | 35 +++++++++++++++++++
 misc/bits/syslog.h                            | 10 +-----
 misc/syslog.c                                 |  4 ++-
 .../ldbl-128ibm-compat/ieee128-syslog.c       |  1 +
 7 files changed, 46 insertions(+), 10 deletions(-)
 create mode 100644 include/bits/syslog-decl.h
 create mode 100644 misc/bits/syslog-decl.h

diff --git a/include/bits/syslog-decl.h b/include/bits/syslog-decl.h
new file mode 100644
index 0000000000..491a263777
--- /dev/null
+++ b/include/bits/syslog-decl.h
@@ -0,0 +1 @@
+#include <misc/bits/syslog-decl.h>
diff --git a/include/sys/syslog.h b/include/sys/syslog.h
index 44422eab13..1566228860 100644
--- a/include/sys/syslog.h
+++ b/include/sys/syslog.h
@@ -3,6 +3,8 @@
 #include <misc/sys/syslog.h>
 #ifndef _ISOMAC
 
+#include <bits/syslog-decl.h>
+
 libc_hidden_ldbl_proto (syslog)
 
 /* __vsyslog_internal uses the same mode_flags bits as
@@ -12,5 +14,7 @@ extern void __vsyslog_internal (int pri, const char *fmt, __gnuc_va_list ap,
      attribute_hidden
      __attribute__ ((__format__ (__printf__, 2, 0)));
 
+libc_hidden_ldbl_proto (__syslog_chk)
+
 #endif /* _ISOMAC */
 #endif /* syslog.h */
diff --git a/misc/Makefile b/misc/Makefile
index 3497d30f3b..fe0d49c1de 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -64,6 +64,7 @@ headers	:= \
   sys/xattr.h \
   syslog.h \
   sys/syslog.h \
+  bits/syslog-decl.h \
   bits/syslog.h \
   bits/syslog-ldbl.h \
   bits/syslog-path.h \
diff --git a/misc/bits/syslog-decl.h b/misc/bits/syslog-decl.h
new file mode 100644
index 0000000000..a9349feee0
--- /dev/null
+++ b/misc/bits/syslog-decl.h
@@ -0,0 +1,35 @@
+/* Checking routines for syslog functions. Declaration only.
+   Copyright (C) 2023 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _BITS_SYSLOG_DECL_H
+#define _BITS_SYSLOG_DECL_H 1
+
+#ifndef _SYS_SYSLOG_H
+# error "Never include <bits/syslog-decl.h> directly; use <sys/syslog.h> instead."
+#endif
+
+extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
+     __attribute__ ((__format__ (__printf__, 3, 4)));
+
+#ifdef __USE_MISC
+extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
+			   __gnuc_va_list __ap)
+     __attribute__ ((__format__ (__printf__, 3, 0)));
+#endif
+
+#endif
diff --git a/misc/bits/syslog.h b/misc/bits/syslog.h
index 305cac4ba0..d7de90ed14 100644
--- a/misc/bits/syslog.h
+++ b/misc/bits/syslog.h
@@ -20,15 +20,7 @@
 # error "Never include <bits/syslog.h> directly; use <sys/syslog.h> instead."
 #endif
 
-
-extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
-     __attribute__ ((__format__ (__printf__, 3, 4)));
-
-#ifdef __USE_MISC
-extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
-			   __gnuc_va_list __ap)
-     __attribute__ ((__format__ (__printf__, 3, 0)));
-#endif
+#include <bits/syslog-decl.h>
 
 #include <bits/floatn.h>
 #if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
diff --git a/misc/syslog.c b/misc/syslog.c
index f67d4b58a4..1b8cb722c5 100644
--- a/misc/syslog.c
+++ b/misc/syslog.c
@@ -101,7 +101,7 @@ __vsyslog (int pri, const char *fmt, va_list ap)
 ldbl_weak_alias (__vsyslog, vsyslog)
 
 void
-__syslog_chk (int pri, int flag, const char *fmt, ...)
+___syslog_chk (int pri, int flag, const char *fmt, ...)
 {
   va_list ap;
 
@@ -109,6 +109,8 @@ __syslog_chk (int pri, int flag, const char *fmt, ...)
   __vsyslog_internal (pri, fmt, ap, (flag > 0) ? PRINTF_FORTIFY : 0);
   va_end (ap);
 }
+ldbl_hidden_def (___syslog_chk, __syslog_chk)
+ldbl_strong_alias (___syslog_chk, __syslog_chk)
 
 void
 __vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
index 18aa7f707f..97810a7bbd 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
@@ -52,6 +52,7 @@ ___ieee128___syslog_chk (int pri, int flag, const char *fmt, ...)
   __vsyslog_internal (pri, fmt, ap, mode);
   va_end (ap);
 }
+hidden_def (___ieee128___syslog_chk)
 strong_alias (___ieee128___syslog_chk, __syslog_chkieee128)
 
 void
-- 
2.41.0

Re: [PATCH v3 12/16] misc/bits/syslog.h: Clearly separate declaration from definition

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> This allows to include bits/syslog-decl.h in include/sys/syslog.h and
> therefore be able to create the libc_hidden_builtin_proto (__syslog_chk)
> prototype.
> ---

LGTM.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

>   include/bits/syslog-decl.h                    |  1 +
>   include/sys/syslog.h                          |  4 +++
>   misc/Makefile                                 |  1 +
>   misc/bits/syslog-decl.h                       | 35 +++++++++++++++++++
>   misc/bits/syslog.h                            | 10 +-----
>   misc/syslog.c                                 |  4 ++-
>   .../ldbl-128ibm-compat/ieee128-syslog.c       |  1 +
>   7 files changed, 46 insertions(+), 10 deletions(-)
>   create mode 100644 include/bits/syslog-decl.h
>   create mode 100644 misc/bits/syslog-decl.h
> 
> diff --git a/include/bits/syslog-decl.h b/include/bits/syslog-decl.h
> new file mode 100644
> index 0000000000..491a263777
> --- /dev/null
> +++ b/include/bits/syslog-decl.h
> @@ -0,0 +1 @@
> +#include <misc/bits/syslog-decl.h>
> diff --git a/include/sys/syslog.h b/include/sys/syslog.h
> index 44422eab13..1566228860 100644
> --- a/include/sys/syslog.h
> +++ b/include/sys/syslog.h
> @@ -3,6 +3,8 @@
>   #include <misc/sys/syslog.h>
>   #ifndef _ISOMAC
>   
> +#include <bits/syslog-decl.h>
> +
>   libc_hidden_ldbl_proto (syslog)
>   
>   /* __vsyslog_internal uses the same mode_flags bits as
> @@ -12,5 +14,7 @@ extern void __vsyslog_internal (int pri, const char *fmt, __gnuc_va_list ap,
>        attribute_hidden
>        __attribute__ ((__format__ (__printf__, 2, 0)));
>   
> +libc_hidden_ldbl_proto (__syslog_chk)
> +
>   #endif /* _ISOMAC */
>   #endif /* syslog.h */
> diff --git a/misc/Makefile b/misc/Makefile
> index 3497d30f3b..fe0d49c1de 100644
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -64,6 +64,7 @@ headers	:= \
>     sys/xattr.h \
>     syslog.h \
>     sys/syslog.h \
> +  bits/syslog-decl.h \
>     bits/syslog.h \
>     bits/syslog-ldbl.h \
>     bits/syslog-path.h \
> diff --git a/misc/bits/syslog-decl.h b/misc/bits/syslog-decl.h
> new file mode 100644
> index 0000000000..a9349feee0
> --- /dev/null
> +++ b/misc/bits/syslog-decl.h
> @@ -0,0 +1,35 @@
> +/* Checking routines for syslog functions. Declaration only.
> +   Copyright (C) 2023 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <https://www.gnu.org/licenses/>.  */
> +
> +#ifndef _BITS_SYSLOG_DECL_H
> +#define _BITS_SYSLOG_DECL_H 1
> +
> +#ifndef _SYS_SYSLOG_H
> +# error "Never include <bits/syslog-decl.h> directly; use <sys/syslog.h> instead."
> +#endif
> +
> +extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
> +     __attribute__ ((__format__ (__printf__, 3, 4)));
> +
> +#ifdef __USE_MISC
> +extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
> +			   __gnuc_va_list __ap)
> +     __attribute__ ((__format__ (__printf__, 3, 0)));
> +#endif
> +
> +#endif
> diff --git a/misc/bits/syslog.h b/misc/bits/syslog.h
> index 305cac4ba0..d7de90ed14 100644
> --- a/misc/bits/syslog.h
> +++ b/misc/bits/syslog.h
> @@ -20,15 +20,7 @@
>   # error "Never include <bits/syslog.h> directly; use <sys/syslog.h> instead."
>   #endif
>   
> -
> -extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
> -     __attribute__ ((__format__ (__printf__, 3, 4)));
> -
> -#ifdef __USE_MISC
> -extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
> -			   __gnuc_va_list __ap)
> -     __attribute__ ((__format__ (__printf__, 3, 0)));
> -#endif
> +#include <bits/syslog-decl.h>
>   
>   #include <bits/floatn.h>
>   #if defined __LDBL_COMPAT || __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI == 1
> diff --git a/misc/syslog.c b/misc/syslog.c
> index f67d4b58a4..1b8cb722c5 100644
> --- a/misc/syslog.c
> +++ b/misc/syslog.c
> @@ -101,7 +101,7 @@ __vsyslog (int pri, const char *fmt, va_list ap)
>   ldbl_weak_alias (__vsyslog, vsyslog)
>   
>   void
> -__syslog_chk (int pri, int flag, const char *fmt, ...)
> +___syslog_chk (int pri, int flag, const char *fmt, ...)
>   {
>     va_list ap;
>   
> @@ -109,6 +109,8 @@ __syslog_chk (int pri, int flag, const char *fmt, ...)
>     __vsyslog_internal (pri, fmt, ap, (flag > 0) ? PRINTF_FORTIFY : 0);
>     va_end (ap);
>   }
> +ldbl_hidden_def (___syslog_chk, __syslog_chk)
> +ldbl_strong_alias (___syslog_chk, __syslog_chk)
>   
>   void
>   __vsyslog_chk (int pri, int flag, const char *fmt, va_list ap)
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
> index 18aa7f707f..97810a7bbd 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/ieee128-syslog.c
> @@ -52,6 +52,7 @@ ___ieee128___syslog_chk (int pri, int flag, const char *fmt, ...)
>     __vsyslog_internal (pri, fmt, ap, mode);
>     va_end (ap);
>   }
> +hidden_def (___ieee128___syslog_chk)
>   strong_alias (___ieee128___syslog_chk, __syslog_chkieee128)
>   
>   void

[PATCH v3 13/16] libio/bits/stdio2.h: Clearly separate declaration from definitions

[Frédéric Bérat]

---
 libio/bits/stdio2-decl.h | 49 ++++++++++++++++++++++++++++++++++++++++
 libio/bits/stdio2.h      | 48 ---------------------------------------
 2 files changed, 49 insertions(+), 48 deletions(-)

diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
index 9d4668da21..114b06d24b 100644
--- a/libio/bits/stdio2-decl.h
+++ b/libio/bits/stdio2-decl.h
@@ -84,18 +84,55 @@ extern int __obstack_vprintf_chk (struct obstack *__restrict __obstack,
 #endif
 
 #if __GLIBC_USE (DEPRECATED_GETS)
+extern char *__REDIRECT (__gets_warn, (char *__str), gets)
+     __wur __warnattr ("please use fgets or getline instead, gets can't "
+		       "specify buffer size");
+
 extern char *__gets_chk (char *__str, size_t) __wur;
 #endif
 
+extern char *__REDIRECT (__fgets_alias,
+			 (char *__restrict __s, int __n,
+			  FILE *__restrict __stream), fgets)
+    __wur __attr_access ((__write_only__, 1, 2));
+extern char *__REDIRECT (__fgets_chk_warn,
+			 (char *__restrict __s, size_t __size, int __n,
+			  FILE *__restrict __stream), __fgets_chk)
+     __wur __warnattr ("fgets called with bigger size than length "
+		       "of destination buffer");
+
 extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
 			  FILE *__restrict __stream)
     __wur __attr_access ((__write_only__, 1, 3));
 
+extern size_t __REDIRECT (__fread_alias,
+			  (void *__restrict __ptr, size_t __size,
+			   size_t __n, FILE *__restrict __stream),
+			  fread) __wur;
+extern size_t __REDIRECT (__fread_chk_warn,
+			  (void *__restrict __ptr, size_t __ptrlen,
+			   size_t __size, size_t __n,
+			   FILE *__restrict __stream),
+			  __fread_chk)
+     __wur __warnattr ("fread called with bigger size * nmemb than length "
+		       "of destination buffer");
+
 extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
 			   size_t __size, size_t __n,
 			   FILE *__restrict __stream) __wur;
 
 #ifdef __USE_GNU
+extern char *__REDIRECT (__fgets_unlocked_alias,
+			 (char *__restrict __s, int __n,
+			  FILE *__restrict __stream), fgets_unlocked)
+    __wur __attr_access ((__write_only__, 1, 2));
+extern char *__REDIRECT (__fgets_unlocked_chk_warn,
+			 (char *__restrict __s, size_t __size, int __n,
+			  FILE *__restrict __stream), __fgets_unlocked_chk)
+     __wur __warnattr ("fgets_unlocked called with bigger size than length "
+		       "of destination buffer");
+
+
 extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
 				   int __n, FILE *__restrict __stream)
     __wur __attr_access ((__write_only__, 1, 3));
@@ -103,6 +140,18 @@ extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
 
 #ifdef __USE_MISC
 # undef fread_unlocked
+extern size_t __REDIRECT (__fread_unlocked_alias,
+			  (void *__restrict __ptr, size_t __size,
+			   size_t __n, FILE *__restrict __stream),
+			  fread_unlocked) __wur;
+extern size_t __REDIRECT (__fread_unlocked_chk_warn,
+			  (void *__restrict __ptr, size_t __ptrlen,
+			   size_t __size, size_t __n,
+			   FILE *__restrict __stream),
+			  __fread_unlocked_chk)
+     __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
+		       "length of destination buffer");
+
 extern size_t __fread_unlocked_chk (void *__restrict __ptr, size_t __ptrlen,
 				    size_t __size, size_t __n,
 				    FILE *__restrict __stream) __wur;
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
index ad85f7df8b..71226408ab 100644
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -182,10 +182,6 @@ __NTH (obstack_vprintf (struct obstack *__restrict __obstack,
 #endif
 
 #if __GLIBC_USE (DEPRECATED_GETS)
-extern char *__REDIRECT (__gets_warn, (char *__str), gets)
-     __wur __warnattr ("please use fgets or getline instead, gets can't "
-		       "specify buffer size");
-
 __fortify_function __wur char *
 gets (char *__str)
 {
@@ -195,16 +191,6 @@ gets (char *__str)
 }
 #endif
 
-extern char *__REDIRECT (__fgets_alias,
-			 (char *__restrict __s, int __n,
-			  FILE *__restrict __stream), fgets)
-    __wur __attr_access ((__write_only__, 1, 2));
-extern char *__REDIRECT (__fgets_chk_warn,
-			 (char *__restrict __s, size_t __size, int __n,
-			  FILE *__restrict __stream), __fgets_chk)
-     __wur __warnattr ("fgets called with bigger size than length "
-		       "of destination buffer");
-
 __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
 fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
 {
@@ -216,18 +202,6 @@ fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
   return __fgets_chk (__s, sz, __n, __stream);
 }
 
-extern size_t __REDIRECT (__fread_alias,
-			  (void *__restrict __ptr, size_t __size,
-			   size_t __n, FILE *__restrict __stream),
-			  fread) __wur;
-extern size_t __REDIRECT (__fread_chk_warn,
-			  (void *__restrict __ptr, size_t __ptrlen,
-			   size_t __size, size_t __n,
-			   FILE *__restrict __stream),
-			  __fread_chk)
-     __wur __warnattr ("fread called with bigger size * nmemb than length "
-		       "of destination buffer");
-
 __fortify_function __wur size_t
 fread (void *__restrict __ptr, size_t __size, size_t __n,
        FILE *__restrict __stream)
@@ -241,16 +215,6 @@ fread (void *__restrict __ptr, size_t __size, size_t __n,
 }
 
 #ifdef __USE_GNU
-extern char *__REDIRECT (__fgets_unlocked_alias,
-			 (char *__restrict __s, int __n,
-			  FILE *__restrict __stream), fgets_unlocked)
-    __wur __attr_access ((__write_only__, 1, 2));
-extern char *__REDIRECT (__fgets_unlocked_chk_warn,
-			 (char *__restrict __s, size_t __size, int __n,
-			  FILE *__restrict __stream), __fgets_unlocked_chk)
-     __wur __warnattr ("fgets_unlocked called with bigger size than length "
-		       "of destination buffer");
-
 __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
 fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
 {
@@ -265,18 +229,6 @@ fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
 
 #ifdef __USE_MISC
 # undef fread_unlocked
-extern size_t __REDIRECT (__fread_unlocked_alias,
-			  (void *__restrict __ptr, size_t __size,
-			   size_t __n, FILE *__restrict __stream),
-			  fread_unlocked) __wur;
-extern size_t __REDIRECT (__fread_unlocked_chk_warn,
-			  (void *__restrict __ptr, size_t __ptrlen,
-			   size_t __size, size_t __n,
-			   FILE *__restrict __stream),
-			  __fread_unlocked_chk)
-     __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
-		       "length of destination buffer");
-
 __fortify_function __wur size_t
 fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
 		FILE *__restrict __stream)
-- 
2.41.0

Re: [PATCH v3 13/16] libio/bits/stdio2.h: Clearly separate declaration from definitions

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> ---
>   libio/bits/stdio2-decl.h | 49 ++++++++++++++++++++++++++++++++++++++++
>   libio/bits/stdio2.h      | 48 ---------------------------------------
>   2 files changed, 49 insertions(+), 48 deletions(-)

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

> 
> diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
> index 9d4668da21..114b06d24b 100644
> --- a/libio/bits/stdio2-decl.h
> +++ b/libio/bits/stdio2-decl.h
> @@ -84,18 +84,55 @@ extern int __obstack_vprintf_chk (struct obstack *__restrict __obstack,
>   #endif
>   
>   #if __GLIBC_USE (DEPRECATED_GETS)
> +extern char *__REDIRECT (__gets_warn, (char *__str), gets)
> +     __wur __warnattr ("please use fgets or getline instead, gets can't "
> +		       "specify buffer size");
> +
>   extern char *__gets_chk (char *__str, size_t) __wur;
>   #endif
>   
> +extern char *__REDIRECT (__fgets_alias,
> +			 (char *__restrict __s, int __n,
> +			  FILE *__restrict __stream), fgets)
> +    __wur __attr_access ((__write_only__, 1, 2));
> +extern char *__REDIRECT (__fgets_chk_warn,
> +			 (char *__restrict __s, size_t __size, int __n,
> +			  FILE *__restrict __stream), __fgets_chk)
> +     __wur __warnattr ("fgets called with bigger size than length "
> +		       "of destination buffer");
> +
>   extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
>   			  FILE *__restrict __stream)
>       __wur __attr_access ((__write_only__, 1, 3));
>   
> +extern size_t __REDIRECT (__fread_alias,
> +			  (void *__restrict __ptr, size_t __size,
> +			   size_t __n, FILE *__restrict __stream),
> +			  fread) __wur;
> +extern size_t __REDIRECT (__fread_chk_warn,
> +			  (void *__restrict __ptr, size_t __ptrlen,
> +			   size_t __size, size_t __n,
> +			   FILE *__restrict __stream),
> +			  __fread_chk)
> +     __wur __warnattr ("fread called with bigger size * nmemb than length "
> +		       "of destination buffer");
> +
>   extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
>   			   size_t __size, size_t __n,
>   			   FILE *__restrict __stream) __wur;
>   
>   #ifdef __USE_GNU
> +extern char *__REDIRECT (__fgets_unlocked_alias,
> +			 (char *__restrict __s, int __n,
> +			  FILE *__restrict __stream), fgets_unlocked)
> +    __wur __attr_access ((__write_only__, 1, 2));
> +extern char *__REDIRECT (__fgets_unlocked_chk_warn,
> +			 (char *__restrict __s, size_t __size, int __n,
> +			  FILE *__restrict __stream), __fgets_unlocked_chk)
> +     __wur __warnattr ("fgets_unlocked called with bigger size than length "
> +		       "of destination buffer");
> +
> +
>   extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
>   				   int __n, FILE *__restrict __stream)
>       __wur __attr_access ((__write_only__, 1, 3));
> @@ -103,6 +140,18 @@ extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
>   
>   #ifdef __USE_MISC
>   # undef fread_unlocked
> +extern size_t __REDIRECT (__fread_unlocked_alias,
> +			  (void *__restrict __ptr, size_t __size,
> +			   size_t __n, FILE *__restrict __stream),
> +			  fread_unlocked) __wur;
> +extern size_t __REDIRECT (__fread_unlocked_chk_warn,
> +			  (void *__restrict __ptr, size_t __ptrlen,
> +			   size_t __size, size_t __n,
> +			   FILE *__restrict __stream),
> +			  __fread_unlocked_chk)
> +     __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
> +		       "length of destination buffer");
> +
>   extern size_t __fread_unlocked_chk (void *__restrict __ptr, size_t __ptrlen,
>   				    size_t __size, size_t __n,
>   				    FILE *__restrict __stream) __wur;
> diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
> index ad85f7df8b..71226408ab 100644
> --- a/libio/bits/stdio2.h
> +++ b/libio/bits/stdio2.h
> @@ -182,10 +182,6 @@ __NTH (obstack_vprintf (struct obstack *__restrict __obstack,
>   #endif
>   
>   #if __GLIBC_USE (DEPRECATED_GETS)
> -extern char *__REDIRECT (__gets_warn, (char *__str), gets)
> -     __wur __warnattr ("please use fgets or getline instead, gets can't "
> -		       "specify buffer size");
> -
>   __fortify_function __wur char *
>   gets (char *__str)
>   {
> @@ -195,16 +191,6 @@ gets (char *__str)
>   }
>   #endif
>   
> -extern char *__REDIRECT (__fgets_alias,
> -			 (char *__restrict __s, int __n,
> -			  FILE *__restrict __stream), fgets)
> -    __wur __attr_access ((__write_only__, 1, 2));
> -extern char *__REDIRECT (__fgets_chk_warn,
> -			 (char *__restrict __s, size_t __size, int __n,
> -			  FILE *__restrict __stream), __fgets_chk)
> -     __wur __warnattr ("fgets called with bigger size than length "
> -		       "of destination buffer");
> -
>   __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
>   fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
>   {
> @@ -216,18 +202,6 @@ fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
>     return __fgets_chk (__s, sz, __n, __stream);
>   }
>   
> -extern size_t __REDIRECT (__fread_alias,
> -			  (void *__restrict __ptr, size_t __size,
> -			   size_t __n, FILE *__restrict __stream),
> -			  fread) __wur;
> -extern size_t __REDIRECT (__fread_chk_warn,
> -			  (void *__restrict __ptr, size_t __ptrlen,
> -			   size_t __size, size_t __n,
> -			   FILE *__restrict __stream),
> -			  __fread_chk)
> -     __wur __warnattr ("fread called with bigger size * nmemb than length "
> -		       "of destination buffer");
> -
>   __fortify_function __wur size_t
>   fread (void *__restrict __ptr, size_t __size, size_t __n,
>          FILE *__restrict __stream)
> @@ -241,16 +215,6 @@ fread (void *__restrict __ptr, size_t __size, size_t __n,
>   }
>   
>   #ifdef __USE_GNU
> -extern char *__REDIRECT (__fgets_unlocked_alias,
> -			 (char *__restrict __s, int __n,
> -			  FILE *__restrict __stream), fgets_unlocked)
> -    __wur __attr_access ((__write_only__, 1, 2));
> -extern char *__REDIRECT (__fgets_unlocked_chk_warn,
> -			 (char *__restrict __s, size_t __size, int __n,
> -			  FILE *__restrict __stream), __fgets_unlocked_chk)
> -     __wur __warnattr ("fgets_unlocked called with bigger size than length "
> -		       "of destination buffer");
> -
>   __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
>   fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
>   {
> @@ -265,18 +229,6 @@ fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
>   
>   #ifdef __USE_MISC
>   # undef fread_unlocked
> -extern size_t __REDIRECT (__fread_unlocked_alias,
> -			  (void *__restrict __ptr, size_t __size,
> -			   size_t __n, FILE *__restrict __stream),
> -			  fread_unlocked) __wur;
> -extern size_t __REDIRECT (__fread_unlocked_chk_warn,
> -			  (void *__restrict __ptr, size_t __ptrlen,
> -			   size_t __size, size_t __n,
> -			   FILE *__restrict __stream),
> -			  __fread_unlocked_chk)
> -     __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
> -		       "length of destination buffer");
> -
>   __fortify_function __wur size_t
>   fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
>   		FILE *__restrict __stream)

[PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE

[Frédéric Bérat]

The change is meant to avoid unwanted PLT entry for the fgets_unlocked
routine when _FORTIFY_SOURCE is set.
---
 libio/bits/stdio2-decl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
index 114b06d24b..d7ef7283d6 100644
--- a/libio/bits/stdio2-decl.h
+++ b/libio/bits/stdio2-decl.h
@@ -122,7 +122,7 @@ extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
 			   FILE *__restrict __stream) __wur;
 
 #ifdef __USE_GNU
-extern char *__REDIRECT (__fgets_unlocked_alias,
+extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias,
 			 (char *__restrict __s, int __n,
 			  FILE *__restrict __stream), fgets_unlocked)
     __wur __attr_access ((__write_only__, 1, 2));
-- 
2.41.0

Re: [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> The change is meant to avoid unwanted PLT entry for the fgets_unlocked
> routine when _FORTIFY_SOURCE is set.
> ---
>   libio/bits/stdio2-decl.h | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
> index 114b06d24b..d7ef7283d6 100644
> --- a/libio/bits/stdio2-decl.h
> +++ b/libio/bits/stdio2-decl.h
> @@ -122,7 +122,7 @@ extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
>   			   FILE *__restrict __stream) __wur;
>   
>   #ifdef __USE_GNU
> -extern char *__REDIRECT (__fgets_unlocked_alias,
> +extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias,
>   			 (char *__restrict __s, int __n,
>   			  FILE *__restrict __stream), fgets_unlocked)
>       __wur __attr_access ((__write_only__, 1, 2));

Why not the same for all the others?

Sid

Re: [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE

[Frederic Berat]

[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]

On Fri, Jun 30, 2023 at 5:30 PM Siddhesh Poyarekar <siddhesh@gotplt.org>
wrote:

>
>
> On 2023-06-28 04:42, Frédéric Bérat wrote:
> > The change is meant to avoid unwanted PLT entry for the fgets_unlocked
> > routine when _FORTIFY_SOURCE is set.
> > ---
> >   libio/bits/stdio2-decl.h | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
> > index 114b06d24b..d7ef7283d6 100644
> > --- a/libio/bits/stdio2-decl.h
> > +++ b/libio/bits/stdio2-decl.h
> > @@ -122,7 +122,7 @@ extern size_t __fread_chk (void *__restrict __ptr,
> size_t __ptrlen,
> >                          FILE *__restrict __stream) __wur;
> >
> >   #ifdef __USE_GNU
> > -extern char *__REDIRECT (__fgets_unlocked_alias,
> > +extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias,
> >                        (char *__restrict __s, int __n,
> >                         FILE *__restrict __stream), fgets_unlocked)
> >       __wur __attr_access ((__write_only__, 1, 2));
>
> Why not the same for all the others?
>

I tend to avoid modifying things that are not strictly necessary. If that
happens to be needed on other aliases, then everything is ready for it, but
it seems I didn't stumbled upon a case where it was ...
When you look at it, the same way I didn't create libc_hidden_def/proto for
all the routines here (like e.g. __fread_chk) if that wasn't needed.


>
> Sid
>
>

Re: [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE

[Siddhesh Poyarekar]

On 2023-06-30 11:38, Frederic Berat wrote:
> 
> 
> On Fri, Jun 30, 2023 at 5:30 PM Siddhesh Poyarekar <siddhesh@gotplt.org 
> <mailto:siddhesh@gotplt.org>> wrote:
> 
> 
> 
>     On 2023-06-28 04:42, Frédéric Bérat wrote:
>      > The change is meant to avoid unwanted PLT entry for the
>     fgets_unlocked
>      > routine when _FORTIFY_SOURCE is set.
>      > ---
>      >   libio/bits/stdio2-decl.h | 2 +-
>      >   1 file changed, 1 insertion(+), 1 deletion(-)
>      >
>      > diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
>      > index 114b06d24b..d7ef7283d6 100644
>      > --- a/libio/bits/stdio2-decl.h
>      > +++ b/libio/bits/stdio2-decl.h
>      > @@ -122,7 +122,7 @@ extern size_t __fread_chk (void *__restrict
>     __ptr, size_t __ptrlen,
>      >                          FILE *__restrict __stream) __wur;
>      >
>      >   #ifdef __USE_GNU
>      > -extern char *__REDIRECT (__fgets_unlocked_alias,
>      > +extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias,
>      >                        (char *__restrict __s, int __n,
>      >                         FILE *__restrict __stream), fgets_unlocked)
>      >       __wur __attr_access ((__write_only__, 1, 2));
> 
>     Why not the same for all the others?
> 
> 
> I tend to avoid modifying things that are not strictly necessary. If 
> that happens to be needed on other aliases, then everything is ready for 
> it, but it seems I didn't stumbled upon a case where it was ...
> When you look at it, the same way I didn't create libc_hidden_def/proto 
> for all the routines here (like e.g. __fread_chk) if that wasn't needed.

So there's a slight difference; the __REDIRECT_FORTIFY is essentially an 
assurance that whenever there's an internal use of this function, the 
alias will redirect to that internal alias.  The hidden_def adds an 
alias, which is unnecessary until there's an actual internal use and the 
hidden_proto is only a complement to the hidden_def.

In that sense, I think the __REDIRECT_FORTIFY should be for all function 
aliases, not just the ones that are currently being used.

Sid

Re: [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE

[Siddhesh Poyarekar]

On 2023-06-30 11:48, Siddhesh Poyarekar wrote:
> On 2023-06-30 11:38, Frederic Berat wrote:
>>
>>
>> On Fri, Jun 30, 2023 at 5:30 PM Siddhesh Poyarekar 
>> <siddhesh@gotplt.org <mailto:siddhesh@gotplt.org>> wrote:
>>
>>
>>
>>     On 2023-06-28 04:42, Frédéric Bérat wrote:
>>      > The change is meant to avoid unwanted PLT entry for the
>>     fgets_unlocked
>>      > routine when _FORTIFY_SOURCE is set.
>>      > ---
>>      >   libio/bits/stdio2-decl.h | 2 +-
>>      >   1 file changed, 1 insertion(+), 1 deletion(-)
>>      >
>>      > diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h
>>      > index 114b06d24b..d7ef7283d6 100644
>>      > --- a/libio/bits/stdio2-decl.h
>>      > +++ b/libio/bits/stdio2-decl.h
>>      > @@ -122,7 +122,7 @@ extern size_t __fread_chk (void *__restrict
>>     __ptr, size_t __ptrlen,
>>      >                          FILE *__restrict __stream) __wur;
>>      >
>>      >   #ifdef __USE_GNU
>>      > -extern char *__REDIRECT (__fgets_unlocked_alias,
>>      > +extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias,
>>      >                        (char *__restrict __s, int __n,
>>      >                         FILE *__restrict __stream), 
>> fgets_unlocked)
>>      >       __wur __attr_access ((__write_only__, 1, 2));
>>
>>     Why not the same for all the others?
>>
>>
>> I tend to avoid modifying things that are not strictly necessary. If 
>> that happens to be needed on other aliases, then everything is ready 
>> for it, but it seems I didn't stumbled upon a case where it was ...
>> When you look at it, the same way I didn't create 
>> libc_hidden_def/proto for all the routines here (like e.g. 
>> __fread_chk) if that wasn't needed.
> 
> So there's a slight difference; the __REDIRECT_FORTIFY is essentially an 
> assurance that whenever there's an internal use of this function, the 
> alias will redirect to that internal alias.  The hidden_def adds an 
> alias, which is unnecessary until there's an actual internal use and the 
> hidden_proto is only a complement to the hidden_def.
> 
> In that sense, I think the __REDIRECT_FORTIFY should be for all function 
> aliases, not just the ones that are currently being used.

On second thoughts, I think it's OK to leave it as only for functions 
that are actually referenced internally for now.  We can leave it to the 
localplt check to catch the extra PLT refs and then fix this up.

So unless someone else thinks otherwise:

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Sid

[PATCH v3 15/16] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result

[Frédéric Bérat]

Return value from *scanf and *asprintf routines are now properly checked
in test-scanf-ldbl-compat-template.c and test-printf-ldbl-compat.c.
---
 .../test-printf-ldbl-compat.c                 | 10 +++++----
 .../test-scanf-ldbl-compat-template.c         | 21 ++++++++++---------
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c b/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
index 3c759e1427..be37af7c31 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
@@ -30,12 +30,13 @@ do_test_call_varg (FILE *stream, const char *format, ...)
   char *buffer = NULL;
   char string[128];
   va_list args;
+  int ret;
 
   printf ("%15s", "vasprintf: ");
   va_start (args, format);
-  vasprintf (&buffer, format, args);
+  ret = vasprintf (&buffer, format, args);
   va_end (args);
-  if (buffer == NULL)
+  if (ret == -1 || buffer == NULL)
     printf ("Error using vasprintf\n");
   else
     {
@@ -82,10 +83,11 @@ do_test_call_rarg (FILE *stream, const char *format, long double ld, double d)
 {
   char *buffer = NULL;
   char string[128];
+  int ret;
 
   printf ("%15s", "asprintf: ");
-  asprintf (&buffer, format, ld, d);
-  if (buffer == NULL)
+  ret = asprintf (&buffer, format, ld, d);
+  if (ret == -1 || buffer == NULL)
     printf ("Error using asprintf\n");
   else
     {
diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c b/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
index e8da3a67f0..776c12dd16 100644
--- a/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
+++ b/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
@@ -37,10 +37,10 @@
   ldptr = va_arg (args, long double *);					\
   fptr = va_arg (args, float *);					\
   va_end (args);							\
-  if (*ldptr == -1 && *fptr == -2)					\
+  if (*ldptr == -1 && *fptr == -2 && ret == 2)				\
     printf ("OK");							\
   else									\
-    printf ("ERROR (%Lf %f)", *ldptr, *fptr);				\
+    printf ("ERROR (%Lf %f %d)", *ldptr, *fptr, ret);			\
   printf ("\n");
 
 #define CLEAR_VALUE							\
@@ -48,10 +48,10 @@
   f = 0;
 
 #define CHECK_VALUE							\
-  if (ld == -1 && f == -2)						\
+  if (ld == -1 && f == -2 && ret == 2)					\
     printf ("OK");							\
   else									\
-    printf ("ERROR (%Lf %f)", ld, f);					\
+    printf ("ERROR (%Lf %f %d)", ld, f, ret);				\
   printf ("\n");
 
 static void
@@ -62,40 +62,41 @@ do_test_call (FILE *stream, CHAR *string, const CHAR *format, ...)
   float *fptr;
   long double *ldptr;
   va_list args;
+  int ret;
 
   CLEAR_VALUE
   printf ("fscanf: ");
-  FSCANF (stream, format, &ld, &f);
+  ret = FSCANF (stream, format, &ld, &f);
   CHECK_VALUE
 
   CLEAR_VALUE
   printf ("scanf: ");
-  SCANF (format, &ld, &f);
+  ret = SCANF (format, &ld, &f);
   CHECK_VALUE
 
   CLEAR_VALUE
   printf ("sscanf: ");
-  SSCANF (string, format, &ld, &f);
+  ret = SSCANF (string, format, &ld, &f);
   CHECK_VALUE
 
   CLEAR_VARGS
   printf ("vfscanf: ");
   va_start (args, format);
-  VFSCANF (stream, format, args);
+  ret = VFSCANF (stream, format, args);
   va_end (args);
   CHECK_VARGS
 
   CLEAR_VARGS
   printf ("vscanf: ");
   va_start (args, format);
-  VSCANF (format, args);
+  ret = VSCANF (format, args);
   va_end (args);
   CHECK_VARGS
 
   CLEAR_VARGS
   printf ("vsscanf: ");
   va_start (args, format);
-  VSSCANF (string, format, args);
+  ret = VSSCANF (string, format, args);
   va_end (args);
   CHECK_VARGS
 }
-- 
2.41.0

Re: [PATCH v3 15/16] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> Return value from *scanf and *asprintf routines are now properly checked
> in test-scanf-ldbl-compat-template.c and test-printf-ldbl-compat.c.
> ---
>   .../test-printf-ldbl-compat.c                 | 10 +++++----
>   .../test-scanf-ldbl-compat-template.c         | 21 ++++++++++---------
>   2 files changed, 17 insertions(+), 14 deletions(-)

LGTM.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

> 
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c b/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
> index 3c759e1427..be37af7c31 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/test-printf-ldbl-compat.c
> @@ -30,12 +30,13 @@ do_test_call_varg (FILE *stream, const char *format, ...)
>     char *buffer = NULL;
>     char string[128];
>     va_list args;
> +  int ret;
>   
>     printf ("%15s", "vasprintf: ");
>     va_start (args, format);
> -  vasprintf (&buffer, format, args);
> +  ret = vasprintf (&buffer, format, args);
>     va_end (args);
> -  if (buffer == NULL)
> +  if (ret == -1 || buffer == NULL)
>       printf ("Error using vasprintf\n");
>     else
>       {
> @@ -82,10 +83,11 @@ do_test_call_rarg (FILE *stream, const char *format, long double ld, double d)
>   {
>     char *buffer = NULL;
>     char string[128];
> +  int ret;
>   
>     printf ("%15s", "asprintf: ");
> -  asprintf (&buffer, format, ld, d);
> -  if (buffer == NULL)
> +  ret = asprintf (&buffer, format, ld, d);
> +  if (ret == -1 || buffer == NULL)
>       printf ("Error using asprintf\n");
>     else
>       {
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c b/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
> index e8da3a67f0..776c12dd16 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/test-scanf-ldbl-compat-template.c
> @@ -37,10 +37,10 @@
>     ldptr = va_arg (args, long double *);					\
>     fptr = va_arg (args, float *);					\
>     va_end (args);							\
> -  if (*ldptr == -1 && *fptr == -2)					\
> +  if (*ldptr == -1 && *fptr == -2 && ret == 2)				\
>       printf ("OK");							\
>     else									\
> -    printf ("ERROR (%Lf %f)", *ldptr, *fptr);				\
> +    printf ("ERROR (%Lf %f %d)", *ldptr, *fptr, ret);			\
>     printf ("\n");
>   
>   #define CLEAR_VALUE							\
> @@ -48,10 +48,10 @@
>     f = 0;
>   
>   #define CHECK_VALUE							\
> -  if (ld == -1 && f == -2)						\
> +  if (ld == -1 && f == -2 && ret == 2)					\
>       printf ("OK");							\
>     else									\
> -    printf ("ERROR (%Lf %f)", ld, f);					\
> +    printf ("ERROR (%Lf %f %d)", ld, f, ret);				\
>     printf ("\n");
>   
>   static void
> @@ -62,40 +62,41 @@ do_test_call (FILE *stream, CHAR *string, const CHAR *format, ...)
>     float *fptr;
>     long double *ldptr;
>     va_list args;
> +  int ret;
>   
>     CLEAR_VALUE
>     printf ("fscanf: ");
> -  FSCANF (stream, format, &ld, &f);
> +  ret = FSCANF (stream, format, &ld, &f);
>     CHECK_VALUE
>   
>     CLEAR_VALUE
>     printf ("scanf: ");
> -  SCANF (format, &ld, &f);
> +  ret = SCANF (format, &ld, &f);
>     CHECK_VALUE
>   
>     CLEAR_VALUE
>     printf ("sscanf: ");
> -  SSCANF (string, format, &ld, &f);
> +  ret = SSCANF (string, format, &ld, &f);
>     CHECK_VALUE
>   
>     CLEAR_VARGS
>     printf ("vfscanf: ");
>     va_start (args, format);
> -  VFSCANF (stream, format, args);
> +  ret = VFSCANF (stream, format, args);
>     va_end (args);
>     CHECK_VARGS
>   
>     CLEAR_VARGS
>     printf ("vscanf: ");
>     va_start (args, format);
> -  VSCANF (format, args);
> +  ret = VSCANF (format, args);
>     va_end (args);
>     CHECK_VARGS
>   
>     CLEAR_VARGS
>     printf ("vsscanf: ");
>     va_start (args, format);
> -  VSSCANF (string, format, args);
> +  ret = VSSCANF (string, format, args);
>     va_end (args);
>     CHECK_VARGS
>   }

[PATCH v3 16/16] Add --enable-fortify-source option

[Frédéric Bérat]

It is now possible to enable fortification through a configure option.
The level may be given as parameter, if none is provided, the configure
script will determine what is the highest level possible that can be set
considering GCC built-ins availability and set it.
If level is explicitly set to 3, configure checks if the compiler
supports the built-in function necessary for it or raise an error if it
isn't.

The result of the configure checks is a new variables, ${fortify_source}
that can be used to appropriately populate CFLAGS.

Updated NEWS and INSTALL.

Adding dedicated x86_64 variant that enables the configuration.
---
 INSTALL                      |  6 +++
 Makeconfig                   |  9 ++++-
 NEWS                         |  7 ++--
 config.make.in               |  1 +
 configure                    | 77 ++++++++++++++++++++++++++++++++++++
 configure.ac                 | 42 ++++++++++++++++++--
 manual/install.texi          |  6 +++
 scripts/build-many-glibcs.py |  4 +-
 8 files changed, 144 insertions(+), 8 deletions(-)

diff --git a/INSTALL b/INSTALL
index 6d51475536..44daf64ebd 100644
--- a/INSTALL
+++ b/INSTALL
@@ -276,6 +276,12 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
      the GNU C Library.  The default value refers to the main
      bug-reporting information for the GNU C Library.
 
+'--enable-fortify-source'
+'--enable-fortify-source=LEVEL'
+     Use -D_FORTIFY_SOURCE='LEVEL' to control code hardening, if not
+     provided, 'LEVEL' defaults to highest possible value for your
+     system, based on the supported 'CC' features.
+
    To build the library and related programs, type 'make'.  This will
 produce a lot of output, some of which may look like errors from 'make'
 but aren't.  Look for error messages from 'make' containing '***'.
diff --git a/Makeconfig b/Makeconfig
index f6396b3e0c..84e5043b14 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -902,6 +902,11 @@ define elide-stack-protector
 $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
 endef
 
+# We might want to compile with fortify-source
+ifneq ($(fortify-source),)
++fortify-source=$(fortify-source)
+endif
+
 # Some routine can't be fortified like the ones used by fortify
 define elide-fortify-source
 $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
@@ -973,7 +978,9 @@ endif	# $(+cflags) == ""
 # loader, cannot be fortified. Lastly debug is the fortification routines
 # themselves and they cannot be fortified.
 do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
-ifneq ($(do-fortify),$(subdir))
+ifeq ($(do-fortify),$(subdir))
++cflags += $(+fortify-source)
+else
 +cflags += $(no-fortify-source)
 endif
 
diff --git a/NEWS b/NEWS
index 027506a44c..b586f0bad5 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,10 @@ Major new features:
 * The strlcpy and strlcat functions have been added.  They are derived
   from OpenBSD, and are expected to be added to a future POSIX version.
 
+* A new configure option, "--enable-fortify-source", can be used to build GLIBC
+  with _FORTIFY_SOURCE. The level of fortification can either be provided, or
+  is set to the highest value supported by the compiler.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * In the Linux kernel for the hppa/parisc architecture some of the
@@ -502,9 +506,6 @@ Major new features:
 * The audit libraries will avoid unnecessary slowdown if it is not required
   PLT tracking (by not implementing the la_pltenter or la_pltexit callbacks).
 
-* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
-  for parts of the library that can't be built with it.
-
 Deprecated and removed features, and other changes affecting compatibility:
 
 * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
diff --git a/config.make.in b/config.make.in
index 75ad9765aa..d487a4f4e9 100644
--- a/config.make.in
+++ b/config.make.in
@@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
 have-ssp = @libc_cv_ssp@
 stack-protector = @stack_protector@
 no-stack-protector = @no_stack_protector@
+fortify-source = @fortify_source@
 no-fortify-source = @no_fortify_source@
 have-selinux = @have_selinux@
 have-libaudit = @have_libaudit@
diff --git a/configure b/configure
index 7a15f8d3e6..fa4a1c2346 100755
--- a/configure
+++ b/configure
@@ -611,7 +611,10 @@ libc_cv_gcc_unwind_find_fde
 libc_extra_cppflags
 libc_extra_cflags
 libc_cv_cxx_thread_local
+fortify_source
 no_fortify_source
+libc_cv_fortify_source
+enable_fortify_source
 have_selinux
 have_libcap
 have_libaudit
@@ -782,6 +785,7 @@ enable_pt_chown
 enable_mathvec
 enable_cet
 enable_scv
+enable_fortify_source
 with_cpu
 '
       ac_precious_vars='build_alias
@@ -1452,6 +1456,10 @@ Optional Features:
                           (CET), x86 only
   --disable-scv           syscalls will not use scv instruction, even if the
                           kernel supports it, powerpc only
+  --enable-fortify-source[=1|2|3]
+                          Use -D_FORTIFY_SOURCE=[1|2|3] to control code
+                          hardening, defaults to highest possible value for
+                          your system
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -3717,6 +3725,18 @@ if test "$use_scv" != "no"; then :
 
 fi
 
+# Check whether --enable-fortify-source was given.
+if test "${enable_fortify_source+set}" = set; then :
+  enableval=$enable_fortify_source; enable_fortify_source=$enableval
+else
+  enable_fortify_source=no
+fi
+
+case "$enable_fortify_source" in
+1|2|3|no|yes) ;;
+*) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;;
+esac
+
 # We keep the original values in `$config_*' and never modify them, so we
 # can write them unchanged into config.make.  Everything else uses
 # $machine, $vendor, and $os, and changes them whenever convenient.
@@ -6353,8 +6373,65 @@ $as_echo "#define HAVE_LIBCAP 1" >>confdefs.h
 fi
 
 
+fortify_source=""
 no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
+$as_echo_n "checking for __builtin_dynamic_object_size... " >&6; }
+if ${libc_cv___builtin_dynamic_object_size+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+__builtin_dynamic_object_size("", 0)
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  libc_cv___builtin_dynamic_object_size=yes
+         if test "$enable_fortify_source" = yes; then :
+  enable_fortify_source=3
+fi
+else
+  libc_cv___builtin_dynamic_object_size=no
+         if test "$enable_fortify_source" = yes; then :
+  enable_fortify_source=2
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
+$as_echo "$libc_cv___builtin_dynamic_object_size" >&6; }
+
+case $enable_fortify_source in #(
+  1|2) :
+    libc_cv_fortify_source=yes ;; #(
+  3) :
+    if test "$libc_cv___builtin_dynamic_object_size" = yes; then :
+  libc_cv_fortify_source=yes
+else
+  as_fn_error $? "Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3" "$LINENO" 5
+fi ;; #(
+  *) :
+    libc_cv_fortify_source=no ;;
+esac
+
+if test "$libc_cv_fortify_source" = yes; then :
+  fortify_source="${no_fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"
+
+fi
+
+
+
+
 
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
diff --git a/configure.ac b/configure.ac
index ebc04d49e6..ec4de6e551 100644
--- a/configure.ac
+++ b/configure.ac
@@ -466,6 +466,17 @@ AC_ARG_ENABLE([scv],
 
 AS_IF([[test "$use_scv" != "no"]],[AC_DEFINE(USE_PPC_SCV)])
 
+dnl Build glibc with _FORTIFY_SOURCE
+AC_ARG_ENABLE(fortify-source,
+              AS_HELP_STRING([--enable-fortify-source@<:@=1|2|3@:>@],
+                             [Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value for your system]),
+              [enable_fortify_source=$enableval],
+              [enable_fortify_source=no])
+case "$enable_fortify_source" in
+1|2|3|no|yes) ;;
+*) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);;
+esac
+
 # We keep the original values in `$config_*' and never modify them, so we
 # can write them unchanged into config.make.  Everything else uses
 # $machine, $vendor, and $os, and changes them whenever convenient.
@@ -1559,12 +1570,37 @@ if test "x$have_selinux" = xyes; then
 fi
 AC_SUBST(have_selinux)
 
-dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
-dnl This will allow users to enable fortification through FLAGS or compiler
-dnl defaults macro definitions.
+dnl Check if we support the requested _FORTIFY_SOURCE level
+dnl If not, then don't use it.
+dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
+dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
+dnl support it
+fortify_source=""
 no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
 
+AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
+        [libc_cv___builtin_dynamic_object_size=yes
+         AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
+        [libc_cv___builtin_dynamic_object_size=no
+         AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
+])
+
+AS_CASE([$enable_fortify_source],
+        [1|2], [libc_cv_fortify_source=yes],
+        [3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
+                    [libc_cv_fortify_source=yes],
+                    [AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
+        [libc_cv_fortify_source=no])
+
+AS_IF([test "$libc_cv_fortify_source" = yes],
+      [fortify_source="${no_fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"]
+      )
+
+AC_SUBST(enable_fortify_source)
+AC_SUBST(libc_cv_fortify_source)
 AC_SUBST(no_fortify_source)
+AC_SUBST(fortify_source)
 
 dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
 dnl to one symbol (PR 23840).
diff --git a/manual/install.texi b/manual/install.texi
index a44a552d1f..26b64062a0 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -303,6 +303,12 @@ Specify the URL that users should visit if they wish to report a bug,
 to be included in @option{--help} output from programs installed with
 @theglibc{}.  The default value refers to the main bug-reporting
 information for @theglibc{}.
+
+@item --enable-fortify-source
+@itemx --enable-fortify-source=@var{LEVEL}
+Use -D_FORTIFY_SOURCE=@option{LEVEL} to control code hardening, if not
+provided, @option{LEVEL} defaults to highest possible value for your system,
+based on the supported @code{CC} features.
 @end table
 
 To build the library and related programs, type @code{make}.  This will
diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
index e022abe284..e4eaec01e3 100755
--- a/scripts/build-many-glibcs.py
+++ b/scripts/build-many-glibcs.py
@@ -464,7 +464,9 @@ class Context(object):
                                       {'arch': 'i486',
                                        'ccopts': '-m32 -march=i486'},
                                       {'arch': 'i586',
-                                       'ccopts': '-m32 -march=i586'}])
+                                       'ccopts': '-m32 -march=i586'},
+                                      {'variant': 'enable-fortify-source',
+                                       'cfg': ['--enable-fortify-source']}])
         self.add_config(arch='x86_64',
                         os_name='gnu',
                         gcc_cfg=['--disable-multilib'])
-- 
2.41.0

Re: [PATCH v3 16/16] Add --enable-fortify-source option

[Siddhesh Poyarekar]

On 2023-06-28 04:42, Frédéric Bérat wrote:
> It is now possible to enable fortification through a configure option.
> The level may be given as parameter, if none is provided, the configure
> script will determine what is the highest level possible that can be set
> considering GCC built-ins availability and set it.
> If level is explicitly set to 3, configure checks if the compiler
> supports the built-in function necessary for it or raise an error if it
> isn't.
> 
> The result of the configure checks is a new variables, ${fortify_source}
> that can be used to appropriately populate CFLAGS.
> 
> Updated NEWS and INSTALL.
> 
> Adding dedicated x86_64 variant that enables the configuration.

Adhemerval, do you still think we should drop this and only look at 
CFLAGS?  I am still not a 100% convinced that we should only look at 
CFLAGS (it gives much less control which makes me uneasy) but I see your 
point.  We'll be setting CFLAGS in Fedora anyway (which I guess will be 
true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will 
likely have _FORTIFY_SOURCE disabled so we may have adequate coverage.

Thanks,
Sid

> ---
>   INSTALL                      |  6 +++
>   Makeconfig                   |  9 ++++-
>   NEWS                         |  7 ++--
>   config.make.in               |  1 +
>   configure                    | 77 ++++++++++++++++++++++++++++++++++++
>   configure.ac                 | 42 ++++++++++++++++++--
>   manual/install.texi          |  6 +++
>   scripts/build-many-glibcs.py |  4 +-
>   8 files changed, 144 insertions(+), 8 deletions(-)
> 
> diff --git a/INSTALL b/INSTALL
> index 6d51475536..44daf64ebd 100644
> --- a/INSTALL
> +++ b/INSTALL
> @@ -276,6 +276,12 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
>        the GNU C Library.  The default value refers to the main
>        bug-reporting information for the GNU C Library.
>   
> +'--enable-fortify-source'
> +'--enable-fortify-source=LEVEL'
> +     Use -D_FORTIFY_SOURCE='LEVEL' to control code hardening, if not
> +     provided, 'LEVEL' defaults to highest possible value for your
> +     system, based on the supported 'CC' features.
> +
>      To build the library and related programs, type 'make'.  This will
>   produce a lot of output, some of which may look like errors from 'make'
>   but aren't.  Look for error messages from 'make' containing '***'.
> diff --git a/Makeconfig b/Makeconfig
> index f6396b3e0c..84e5043b14 100644
> --- a/Makeconfig
> +++ b/Makeconfig
> @@ -902,6 +902,11 @@ define elide-stack-protector
>   $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-stack-protector))
>   endef
>   
> +# We might want to compile with fortify-source
> +ifneq ($(fortify-source),)
> ++fortify-source=$(fortify-source)
> +endif
> +
>   # Some routine can't be fortified like the ones used by fortify
>   define elide-fortify-source
>   $(if $(filter $(@F),$(patsubst %,%$(1),$(2))), $(no-fortify-source))
> @@ -973,7 +978,9 @@ endif	# $(+cflags) == ""
>   # loader, cannot be fortified. Lastly debug is the fortification routines
>   # themselves and they cannot be fortified.
>   do-fortify = $(filter-out elf dlfcn csu debug,$(subdir))
> -ifneq ($(do-fortify),$(subdir))
> +ifeq ($(do-fortify),$(subdir))
> ++cflags += $(+fortify-source)
> +else
>   +cflags += $(no-fortify-source)
>   endif
>   
> diff --git a/NEWS b/NEWS
> index 027506a44c..b586f0bad5 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -48,6 +48,10 @@ Major new features:
>   * The strlcpy and strlcat functions have been added.  They are derived
>     from OpenBSD, and are expected to be added to a future POSIX version.
>   
> +* A new configure option, "--enable-fortify-source", can be used to build GLIBC
> +  with _FORTIFY_SOURCE. The level of fortification can either be provided, or
> +  is set to the highest value supported by the compiler.
> +
>   Deprecated and removed features, and other changes affecting compatibility:
>   
>   * In the Linux kernel for the hppa/parisc architecture some of the
> @@ -502,9 +506,6 @@ Major new features:
>   * The audit libraries will avoid unnecessary slowdown if it is not required
>     PLT tracking (by not implementing the la_pltenter or la_pltexit callbacks).
>   
> -* Glibc now supports to be built with _FORTIFY_SOURCE. The value is undefined
> -  for parts of the library that can't be built with it.
> -
>   Deprecated and removed features, and other changes affecting compatibility:
>   
>   * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
> diff --git a/config.make.in b/config.make.in
> index 75ad9765aa..d487a4f4e9 100644
> --- a/config.make.in
> +++ b/config.make.in
> @@ -64,6 +64,7 @@ have-fpie = @libc_cv_fpie@
>   have-ssp = @libc_cv_ssp@
>   stack-protector = @stack_protector@
>   no-stack-protector = @no_stack_protector@
> +fortify-source = @fortify_source@
>   no-fortify-source = @no_fortify_source@
>   have-selinux = @have_selinux@
>   have-libaudit = @have_libaudit@
> diff --git a/configure b/configure
> index 7a15f8d3e6..fa4a1c2346 100755
> --- a/configure
> +++ b/configure
> @@ -611,7 +611,10 @@ libc_cv_gcc_unwind_find_fde
>   libc_extra_cppflags
>   libc_extra_cflags
>   libc_cv_cxx_thread_local
> +fortify_source
>   no_fortify_source
> +libc_cv_fortify_source
> +enable_fortify_source
>   have_selinux
>   have_libcap
>   have_libaudit
> @@ -782,6 +785,7 @@ enable_pt_chown
>   enable_mathvec
>   enable_cet
>   enable_scv
> +enable_fortify_source
>   with_cpu
>   '
>         ac_precious_vars='build_alias
> @@ -1452,6 +1456,10 @@ Optional Features:
>                             (CET), x86 only
>     --disable-scv           syscalls will not use scv instruction, even if the
>                             kernel supports it, powerpc only
> +  --enable-fortify-source[=1|2|3]
> +                          Use -D_FORTIFY_SOURCE=[1|2|3] to control code
> +                          hardening, defaults to highest possible value for
> +                          your system
>   
>   Optional Packages:
>     --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
> @@ -3717,6 +3725,18 @@ if test "$use_scv" != "no"; then :
>   
>   fi
>   
> +# Check whether --enable-fortify-source was given.
> +if test "${enable_fortify_source+set}" = set; then :
> +  enableval=$enable_fortify_source; enable_fortify_source=$enableval
> +else
> +  enable_fortify_source=no
> +fi
> +
> +case "$enable_fortify_source" in
> +1|2|3|no|yes) ;;
> +*) as_fn_error $? "Not a valid argument for --enable-fortify-source: \"$enable_fortify_source\"" "$LINENO" 5;;
> +esac
> +
>   # We keep the original values in `$config_*' and never modify them, so we
>   # can write them unchanged into config.make.  Everything else uses
>   # $machine, $vendor, and $os, and changes them whenever convenient.
> @@ -6353,8 +6373,65 @@ $as_echo "#define HAVE_LIBCAP 1" >>confdefs.h
>   fi
>   
>   
> +fortify_source=""
>   no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
>   
> +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
> +$as_echo_n "checking for __builtin_dynamic_object_size... " >&6; }
> +if ${libc_cv___builtin_dynamic_object_size+:} false; then :
> +  $as_echo_n "(cached) " >&6
> +else
> +
> +    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
> +/* end confdefs.h.  */
> +
> +int
> +main ()
> +{
> +__builtin_dynamic_object_size("", 0)
> +  ;
> +  return 0;
> +}
> +_ACEOF
> +if ac_fn_c_try_link "$LINENO"; then :
> +  libc_cv___builtin_dynamic_object_size=yes
> +         if test "$enable_fortify_source" = yes; then :
> +  enable_fortify_source=3
> +fi
> +else
> +  libc_cv___builtin_dynamic_object_size=no
> +         if test "$enable_fortify_source" = yes; then :
> +  enable_fortify_source=2
> +fi
> +fi
> +rm -f core conftest.err conftest.$ac_objext \
> +    conftest$ac_exeext conftest.$ac_ext
> +
> +fi
> +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
> +$as_echo "$libc_cv___builtin_dynamic_object_size" >&6; }
> +
> +case $enable_fortify_source in #(
> +  1|2) :
> +    libc_cv_fortify_source=yes ;; #(
> +  3) :
> +    if test "$libc_cv___builtin_dynamic_object_size" = yes; then :
> +  libc_cv_fortify_source=yes
> +else
> +  as_fn_error $? "Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3" "$LINENO" 5
> +fi ;; #(
> +  *) :
> +    libc_cv_fortify_source=no ;;
> +esac
> +
> +if test "$libc_cv_fortify_source" = yes; then :
> +  fortify_source="${no_fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"
> +
> +fi
> +
> +
> +
> +
>   
>   
>   { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
> diff --git a/configure.ac b/configure.ac
> index ebc04d49e6..ec4de6e551 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -466,6 +466,17 @@ AC_ARG_ENABLE([scv],
>   
>   AS_IF([[test "$use_scv" != "no"]],[AC_DEFINE(USE_PPC_SCV)])
>   
> +dnl Build glibc with _FORTIFY_SOURCE
> +AC_ARG_ENABLE(fortify-source,
> +              AS_HELP_STRING([--enable-fortify-source@<:@=1|2|3@:>@],
> +                             [Use -D_FORTIFY_SOURCE=[1|2|3] to control code hardening, defaults to highest possible value for your system]),
> +              [enable_fortify_source=$enableval],
> +              [enable_fortify_source=no])
> +case "$enable_fortify_source" in
> +1|2|3|no|yes) ;;
> +*) AC_MSG_ERROR([Not a valid argument for --enable-fortify-source: "$enable_fortify_source"]);;
> +esac
> +
>   # We keep the original values in `$config_*' and never modify them, so we
>   # can write them unchanged into config.make.  Everything else uses
>   # $machine, $vendor, and $os, and changes them whenever convenient.
> @@ -1559,12 +1570,37 @@ if test "x$have_selinux" = xyes; then
>   fi
>   AC_SUBST(have_selinux)
>   
> -dnl Create a variable that can be used to control were _FORTIFY_SOURCE is set.
> -dnl This will allow users to enable fortification through FLAGS or compiler
> -dnl defaults macro definitions.
> +dnl Check if we support the requested _FORTIFY_SOURCE level
> +dnl If not, then don't use it.
> +dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
> +dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
> +dnl support it
> +fortify_source=""
>   no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
>   
> +AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
> +    AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
> +        [libc_cv___builtin_dynamic_object_size=yes
> +         AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
> +        [libc_cv___builtin_dynamic_object_size=no
> +         AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
> +])
> +
> +AS_CASE([$enable_fortify_source],
> +        [1|2], [libc_cv_fortify_source=yes],
> +        [3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
> +                    [libc_cv_fortify_source=yes],
> +                    [AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
> +        [libc_cv_fortify_source=no])
> +
> +AS_IF([test "$libc_cv_fortify_source" = yes],
> +      [fortify_source="${no_fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"]
> +      )
> +
> +AC_SUBST(enable_fortify_source)
> +AC_SUBST(libc_cv_fortify_source)
>   AC_SUBST(no_fortify_source)
> +AC_SUBST(fortify_source)
>   
>   dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
>   dnl to one symbol (PR 23840).
> diff --git a/manual/install.texi b/manual/install.texi
> index a44a552d1f..26b64062a0 100644
> --- a/manual/install.texi
> +++ b/manual/install.texi
> @@ -303,6 +303,12 @@ Specify the URL that users should visit if they wish to report a bug,
>   to be included in @option{--help} output from programs installed with
>   @theglibc{}.  The default value refers to the main bug-reporting
>   information for @theglibc{}.
> +
> +@item --enable-fortify-source
> +@itemx --enable-fortify-source=@var{LEVEL}
> +Use -D_FORTIFY_SOURCE=@option{LEVEL} to control code hardening, if not
> +provided, @option{LEVEL} defaults to highest possible value for your system,
> +based on the supported @code{CC} features.
>   @end table
>   
>   To build the library and related programs, type @code{make}.  This will
> diff --git a/scripts/build-many-glibcs.py b/scripts/build-many-glibcs.py
> index e022abe284..e4eaec01e3 100755
> --- a/scripts/build-many-glibcs.py
> +++ b/scripts/build-many-glibcs.py
> @@ -464,7 +464,9 @@ class Context(object):
>                                         {'arch': 'i486',
>                                          'ccopts': '-m32 -march=i486'},
>                                         {'arch': 'i586',
> -                                       'ccopts': '-m32 -march=i586'}])
> +                                       'ccopts': '-m32 -march=i586'},
> +                                      {'variant': 'enable-fortify-source',
> +                                       'cfg': ['--enable-fortify-source']}])
>           self.add_config(arch='x86_64',
>                           os_name='gnu',
>                           gcc_cfg=['--disable-multilib'])

Re: [PATCH v3 16/16] Add --enable-fortify-source option

[Andreas Schwab]

On Jun 30 2023, Siddhesh Poyarekar wrote:

> On 2023-06-28 04:42, Frédéric Bérat wrote:
>> It is now possible to enable fortification through a configure option.
>> The level may be given as parameter, if none is provided, the configure
>> script will determine what is the highest level possible that can be set
>> considering GCC built-ins availability and set it.
>> If level is explicitly set to 3, configure checks if the compiler
>> supports the built-in function necessary for it or raise an error if it
>> isn't.
>> The result of the configure checks is a new variables, ${fortify_source}
>> that can be used to appropriately populate CFLAGS.
>> Updated NEWS and INSTALL.
>> Adding dedicated x86_64 variant that enables the configuration.
>
> Adhemerval, do you still think we should drop this and only look at
> CFLAGS?  I am still not a 100% convinced that we should only look at
> CFLAGS (it gives much less control which makes me uneasy) but I see your
> point.  We'll be setting CFLAGS in Fedora anyway (which I guess will be
> true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will
> likely have _FORTIFY_SOURCE disabled so we may have adequate coverage.

I prefer a configure option, mirroring --enable-stack-protector.  Since
glibc has very strict requirements wrt compiler flags it needs to handle
it specially anyway, and making it explicit is cleaner.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Re: [PATCH v3 16/16] Add --enable-fortify-source option

[Adhemerval Zanella Netto]

On 03/07/23 05:50, Andreas Schwab wrote:
> On Jun 30 2023, Siddhesh Poyarekar wrote:
> 
>> On 2023-06-28 04:42, Frédéric Bérat wrote:
>>> It is now possible to enable fortification through a configure option.
>>> The level may be given as parameter, if none is provided, the configure
>>> script will determine what is the highest level possible that can be set
>>> considering GCC built-ins availability and set it.
>>> If level is explicitly set to 3, configure checks if the compiler
>>> supports the built-in function necessary for it or raise an error if it
>>> isn't.
>>> The result of the configure checks is a new variables, ${fortify_source}
>>> that can be used to appropriately populate CFLAGS.
>>> Updated NEWS and INSTALL.
>>> Adding dedicated x86_64 variant that enables the configuration.
>>
>> Adhemerval, do you still think we should drop this and only look at
>> CFLAGS?  I am still not a 100% convinced that we should only look at
>> CFLAGS (it gives much less control which makes me uneasy) but I see your
>> point.  We'll be setting CFLAGS in Fedora anyway (which I guess will be
>> true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will
>> likely have _FORTIFY_SOURCE disabled so we may have adequate coverage.
> 
> I prefer a configure option, mirroring --enable-stack-protector.  Since
> glibc has very strict requirements wrt compiler flags it needs to handle
> it specially anyway, and making it explicit is cleaner.
> 

Fair enough, I am aiming to simplify the configure options and thus the
build permutation that arise for multiple option; but I see that following
current practice should be ok.

Re: [PATCH v3 16/16] Add --enable-fortify-source option

[Frederic Berat]

[-- Attachment #1: Type: text/plain, Size: 2186 bytes --]

On Mon, Jul 3, 2023 at 2:51 PM Adhemerval Zanella Netto <
adhemerval.zanella@linaro.org> wrote:

>
>
> On 03/07/23 05:50, Andreas Schwab wrote:
> > On Jun 30 2023, Siddhesh Poyarekar wrote:
> >
> >> On 2023-06-28 04:42, Frédéric Bérat wrote:
> >>> It is now possible to enable fortification through a configure option.
> >>> The level may be given as parameter, if none is provided, the configure
> >>> script will determine what is the highest level possible that can be
> set
> >>> considering GCC built-ins availability and set it.
> >>> If level is explicitly set to 3, configure checks if the compiler
> >>> supports the built-in function necessary for it or raise an error if it
> >>> isn't.
> >>> The result of the configure checks is a new variables,
> ${fortify_source}
> >>> that can be used to appropriately populate CFLAGS.
> >>> Updated NEWS and INSTALL.
> >>> Adding dedicated x86_64 variant that enables the configuration.
> >>
> >> Adhemerval, do you still think we should drop this and only look at
> >> CFLAGS?  I am still not a 100% convinced that we should only look at
> >> CFLAGS (it gives much less control which makes me uneasy) but I see your
> >> point.  We'll be setting CFLAGS in Fedora anyway (which I guess will be
> >> true for Ubuntu, Gentoo, Debian, etc. too) and the pre-commit CI will
> >> likely have _FORTIFY_SOURCE disabled so we may have adequate coverage.
> >
> > I prefer a configure option, mirroring --enable-stack-protector.  Since
> > glibc has very strict requirements wrt compiler flags it needs to handle
> > it specially anyway, and making it explicit is cleaner.
> >
>
> Fair enough, I am aiming to simplify the configure options and thus the
> build permutation that arise for multiple option; but I see that following
> current practice should be ok.
>
>
That would mean for me to do the following on this patch:
- if "--enable-fortify-source" is set, set -D_FORTIFY_SOURCE accordingly
(already done).
- if "--enable-fortify-source" is NOT set (i.e. assume
"--disable-fortify-source"), forcibly undefine _FORTIFY_SOURCE (currently
not done).

Do you all agree with that ?

Fred.

Re: [PATCH v3 16/16] Add --enable-fortify-source option

[Siddhesh Poyarekar]

On 2023-07-04 08:40, Frederic Berat wrote:
> That would mean for me to do the following on this patch:
> - if "--enable-fortify-source" is set, set -D_FORTIFY_SOURCE accordingly 
> (already done).
> - if "--enable-fortify-source" is NOT set (i.e. assume 
> "--disable-fortify-source"), forcibly undefine _FORTIFY_SOURCE 
> (currently not done).

Correct.

Sid