From: Frederic Berat <fberat@redhat.com>
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH v3 02/16] Exclude routines from fortification
Date: Mon, 3 Jul 2023 17:16:38 +0200 [thread overview]
Message-ID: <CAObJKZr=b7Uycip5so-M0CJKMtnO=BC-=uZ7O4t+_1K+oQEM+A@mail.gmail.com> (raw)
In-Reply-To: <1b46ffc4-5d65-faeb-96f0-c0828dc89cfb@gotplt.org>
[-- Attachment #1: Type: text/plain, Size: 25042 bytes --]
On Fri, Jun 30, 2023 at 4:55 PM Siddhesh Poyarekar <siddhesh@gotplt.org>
wrote:
> On 2023-06-28 04:42, Frédéric Bérat wrote:
> > Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need
> to
> > be excluded from the fortification.
> >
> > On top of that:
> > - some tests explicitly verify that some level of fortification works
> > appropriately, we therefore shouldn't modify the level set for them.
> > - some objects need to be build with optimization disabled, which
> > prevents _FORTIFY_SOURCE to be used for them.
> >
> > Assembler files that implement architecture specific versions of the
> > fortified routines were not excluded from _FORTIFY_SOURCE as there is no
> > C header included that would impact their behavior.
> > ---
> > debug/Makefile | 12 +--
> > io/Makefile | 16 ++++
> > libio/Makefile | 21 +++++-
> > login/Makefile | 6 ++
> > misc/Makefile | 7 ++
> > posix/Makefile | 11 +++
> > rt/Makefile | 5 ++
> > setjmp/Makefile | 9 +++
> > socket/Makefile | 6 ++
> > stdio-common/Makefile | 15 +++-
> > stdlib/Makefile | 7 ++
> > string/Makefile | 17 +++++
> > sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
> > sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
> > sysdeps/pthread/Makefile | 4 +
> > sysdeps/unix/sysv/linux/Makefile | 3 +
> > wcsmbs/Makefile | 23 +++++-
> > 17 files changed, 247 insertions(+), 25 deletions(-)
> >
> > diff --git a/debug/Makefile b/debug/Makefile
> > index 9d658e3002..434e52f780 100644
> > --- a/debug/Makefile
> > +++ b/debug/Makefile
> > @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions
> -fasynchronous-unwind-tables
> > # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the
> order is:
> > # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
> > CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> > -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> > -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > # _FORTIFY_SOURCE tests.
> > # Auto-generate tests for _FORTIFY_SOURCE for different levels,
> compilers and
> > @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
> > # cannot be disabled via pragmas, so require -Wno-error to be used.
> > define gen-chk-test
> > tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> > -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3)
> -Wno-format \
> > +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
> > -Wno-deprecated-declarations \
> > -Wno-error
> > $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> > diff --git a/io/Makefile b/io/Makefile
> > index d573064ecc..6ccc0e8691 100644
> > --- a/io/Makefile
> > +++ b/io/Makefile
> > @@ -149,6 +149,22 @@ routines := \
> > write \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getcwd \
> > + getwd \
> > + open \
> > + open64 \
> > + openat \
> > + openat64 \
> > + poll \
> > + ppoll \
> > + read \
> > + readlink \
> > + readlinkat \
> > + ttyname_r \
> > + # routines_no_fortify
> > +
> > others := \
> > pwd \
> > # others
> > diff --git a/libio/Makefile b/libio/Makefile
> > index 2877fec484..f5c487d9f5 100644
> > --- a/libio/Makefile
> > +++ b/libio/Makefile
> > @@ -53,6 +53,21 @@ routines :=
> \
> >
> > gen-as-const-headers += libio-macros.sym
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + fwprintf \
> > + iofgets \
> > + iofgets_u \
> > + iofgetws \
> > + iofgetws_u \
> > + swprintf \
> > + vasprintf \
> > + vsnprintf \
> > + vswprintf \
> > + vwprintf \
> > + wprintf \
> > + # routines_no_fortify
> > +
> > tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc
> tst_putwc \
> > tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
> > tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf
> \
> > @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c +=
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
> > # XXX Do we need filedoalloc and wfiledoalloc? Others?
> >
> > +# Prevent fortification as these are built with -O0
> > +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> > +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> > +
> > CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
> >
> > # These test cases intentionally use overlapping arguments
> > CFLAGS-tst-sprintf-ub.c += -Wno-restrict
>
> This should also be built without fortification because the test
> specifically tries to validate the sprintf entry point; the
> __sprintf_chk entry point ought to get checked by the
> tst-sprintf-chk-ub.c test.
>
> In fact, I wonder if *all* tests should be built without fortification
> by default regardless of whether glibc is built with fortification. We
> have specific tests in debug/ to test the _chk entry points and it seems
> like the tests should stick to validating only the regular entry points
> unless otherwise specified.
>
>
I'm not so sure. The fact that fortification is enabled doesn't diminish
the validity of the tests, at the very end fortified function shouldn't
modify the behavior of these routines (modulo the additional tests on input
parameters).
Unless the test breaks because of fortification (like when tests
voluntarily mess with input parameters in a way that the test aborts on chk
routines), I don't see the need to undefine _FORTIFY_SOURCE.
Thus, by having fortification enabled during the tests, I could catch
errors in the tests (e.g. Incorrect maxlen parameter for swprintf
427dbaee86bcec31ba2fe9a42f32842cf17c4e77).
On top of that in the current configuration, assuming
"--enable-fortify-source" is **not** set, and the _FORTIFY_SOURCE macro is
**not** set through the environment neither, these are still tested without
fortification.
In one sense, having the glibc CI testing the entry points directly, while
the community will probably test with fortification, may help catch
unwanted behavioral changes (if that ever happens) due to incorrect check
routines implementation.
All of that said, we may need to reconsider the tests like
tst-sprintf-chk-ub.c though, considering the capability to enable
fortification from configure.
What do you think ?
Fred.
> Sid
>
> > -CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
> > +CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
> >
> > LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
> >
> > diff --git a/login/Makefile b/login/Makefile
> > index 13b155d344..74216cbcb2 100644
> > --- a/login/Makefile
> > +++ b/login/Makefile
> > @@ -66,6 +66,12 @@ include ../Rules
> > CFLAGS-getpt.c += -fexceptions
> > CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getlogin_r \
> > + ptsname_r \
> > + # routines_no_fortify
> > +
> > ifeq (yesyes,$(have-fpie)$(build-shared))
> > pt_chown-cflags += $(pie-ccflag)
> > endif
> > diff --git a/misc/Makefile b/misc/Makefile
> > index 84aa4cb0ad..36ba7a0bad 100644
> > --- a/misc/Makefile
> > +++ b/misc/Makefile
> > @@ -205,6 +205,13 @@ routines := \
> > writev \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getdomain \
> > + gethostname \
> > + syslog \
> > + # routines_no_fortify
> > +
> > generated += \
> > tst-allocate_once-mem.out \
> > tst-allocate_once.mtrace \
> > diff --git a/posix/Makefile b/posix/Makefile
> > index ad43cbdec6..5113ee3b74 100644
> > --- a/posix/Makefile
> > +++ b/posix/Makefile
> > @@ -183,6 +183,14 @@ routines := \
> > wordexp \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + confstr \
> > + getgroups \
> > + pread \
> > + pread64 \
> > + # routines_no_fortify
> > +
> > aux := \
> > environ \
> > init-posix \
> > @@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
> > tst-execvp3-ARGS = --test-dir=$(objpfx)
> > CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
> >
> > +# Test voluntarily overflows struct dirent
> > +CFLAGS-bug-glob2.c += $(no-fortify-source)
> > +
> > $(objpfx)testcases.h: TESTS TESTS2C.sed
> > LC_ALL=C sed -f TESTS2C.sed < $< > $@T
> > mv $@T $@
> > diff --git a/rt/Makefile b/rt/Makefile
> > index a97333dc02..3d4a3f0eec 100644
> > --- a/rt/Makefile
> > +++ b/rt/Makefile
> > @@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
> > CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
> > CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + mq_open \
> > + # routines_no_fortify
> > +
> > LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
> >
> > $(objpfx)librt.so: $(shared-thread-library)
> > diff --git a/setjmp/Makefile b/setjmp/Makefile
> > index e5733a8c52..363fb6673c 100644
> > --- a/setjmp/Makefile
> > +++ b/setjmp/Makefile
> > @@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
> >
> > include ../Rules
> >
> > +# This test messes the stack on purpose, which triggers longjump fortify
> > +# failure
> > +CFLAGS-bug269-setjmp.c += $(no-fortify-source)
> > +
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + longjmp \
> > + # routines_no_fortify
> > +
> > $(objpfx)tst-setjmp-fp: $(libm)
> > diff --git a/socket/Makefile b/socket/Makefile
> > index d9b0b4af64..08f20118cd 100644
> > --- a/socket/Makefile
> > +++ b/socket/Makefile
> > @@ -60,6 +60,12 @@ routines := \
> > socketpair \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + recv \
> > + recvfrom \
> > + # routines_no_fortify
> > +
> > tests := \
> > tst-accept4 \
> > tst-cmsg_cloexec \
> > diff --git a/stdio-common/Makefile b/stdio-common/Makefile
> > index 8871ec7668..fe304b8373 100644
> > --- a/stdio-common/Makefile
> > +++ b/stdio-common/Makefile
> > @@ -117,6 +117,19 @@ routines := \
> > wprintf_function_invoke \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + asprintf \
> > + dprintf \
> > + fprintf \
> > + printf \
> > + snprintf \
> > + sprintf \
> > + vfprintf \
> > + vfwprintf \
> > + vprintf \
> > + # routines_no_fortify
> > +
> > aux := \
> > errlist \
> > errlist-data \
> > @@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
> >
> > # BZ #11319 was first fixed for regular vdprintf, then reopened because
> > # the fortified version had the same bug.
> > -CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> > +CFLAGS-tst-bz11319-fortify2.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
> >
> > diff --git a/stdlib/Makefile b/stdlib/Makefile
> > index 0975f55ee6..25e42a77e7 100644
> > --- a/stdlib/Makefile
> > +++ b/stdlib/Makefile
> > @@ -145,6 +145,13 @@ routines := \
> > xpg_basename \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + mbstowcs \
> > + wcstombs \
> > + wctomb \
> > + # routines_no_fortify
> > +
> > aux = \
> > grouping \
> > groupingwc \
> > diff --git a/string/Makefile b/string/Makefile
> > index d3106d10a9..8cdfd5b000 100644
> > --- a/string/Makefile
> > +++ b/string/Makefile
> > @@ -118,6 +118,23 @@ routines := \
> > xpg-strerror \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + explicit_bzero \
> > + memcpy \
> > + memmove \
> > + mempcpy \
> > + memset \
> > + stpcpy \
> > + stpncpy \
> > + strcat \
> > + strcpy \
> > + strlcat \
> > + strlcpy \
> > + strncat \
> > + strncpy \
> > + # routines_no_fortify
> > +
> > tests := \
> > bug-envz1 \
> > bug-strcoll1 \
> > diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > index 42cca25a09..34273a5f58 100644
> > --- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > +++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > @@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128
> test-wprintf-ibm128
> > CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-obstack-ieee128 test-obstack-ibm128
> > -CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
> > -CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > tests-internal += test-scanf-ieee128 test-scanf-ibm128
> > CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi -std=c89 -D_GNU_SOURCE
> > @@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
> > obstack_chk \
> > vobstack_chk
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
> > -CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-printf-chk-redir-ieee128
> test-printf-chk-redir-ibm128
> > CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128
> -mabi=ieeelongdouble \
> > - -Wno-psabi -Wno-unused-result
> > + -Wno-psabi -Wno-unused-result \
> > + $(no-fortify-source)
> > CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble
> -Wno-psabi \
> > - -Wno-unused-result
> > + -Wno-unused-result \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
> > -CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-wprintf-chk-redir-ieee128
> test-wprintf-chk-redir-ibm128
> > CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128
> -mabi=ieeelongdouble \
> > - -Wno-psabi -Wno-unused-result
> > + -Wno-psabi -Wno-unused-result \
> > + $(no-fortify-source)
> > CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble
> -Wno-psabi \
> > - -Wno-unused-result
> > + -Wno-unused-result \
> > + $(no-fortify-source)
> > endif
> >
> > ifeq ($(subdir),argp)
> > @@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128
> -mabi=ieeelongdouble -Wno-psabi
> > CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-container += test-syslog-ieee128 test-syslog-ibm128
> > -CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
> > -CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> > endif
> >
> > ifeq ($(subdir),stdlib)
> > @@ -395,6 +419,31 @@ endif
> > # Add IEEE binary128 files as make targets.
> > routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
> >
> > +routines_no_fortify += \
> > + ieee128-asprintf \
> > + ieee128-dprintf \
> > + ieee128-fprintf \
> > + ieee128-fwprintf \
> > + ieee128-obstack \
> > + ieee128-printf \
> > + ieee128-snprintf \
> > + ieee128-sprintf \
> > + ieee128-swprintf \
> > + ieee128-syslog \
> > + ieee128-vasprintf \
> > + ieee128-vdprintf \
> > + ieee128-vfprintf \
> > + ieee128-vfwprintf \
> > + ieee128-vobstack \
> > + ieee128-vprintf \
> > + ieee128-vsnprintf \
> > + ieee128-vsprintf \
> > + ieee128-vswprintf \
> > + ieee128-vsyslog \
> > + ieee128-vwprintf \
> > + ieee128-wprintf \
> > + # routines_no_fortify
> > +
> > # On powerpc64le, the routines responsible for converting between long
> > # double and string (e.g.: printf, scanf, strtold, strfroml) default to
> > # IBM long double mode. When support for TS 18661-3 was added, several
> > diff --git a/sysdeps/ieee754/ldbl-opt/Makefile
> b/sysdeps/ieee754/ldbl-opt/Makefile
> > index 22e778ad0e..0ed1cd2cae 100644
> > --- a/sysdeps/ieee754/ldbl-opt/Makefile
> > +++ b/sysdeps/ieee754/ldbl-opt/Makefile
> > @@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c +=
> -mlong-double-64 -std=gnu89 \
> > -DOBJPFX=\"$(objpfx)\"
> >
> > endif
> > +
> > +routines_no_fortify += \
> > + nldbl-asprintf \
> > + nldbl-dprintf \
> > + nldbl-fprintf \
> > + nldbl-fwprintf \
> > + nldbl-obstack_printf \
> > + nldbl-obstack_vprintf \
> > + nldbl-printf \
> > + nldbl-snprintf \
> > + nldbl-sprintf \
> > + nldbl-swprintf \
> > + nldbl-syslog \
> > + nldbl-vasprintf \
> > + nldbl-vdprintf \
> > + nldbl-vfprintf \
> > + nldbl-vfwprintf \
> > + nldbl-vprintf \
> > + nldbl-vsnprintf \
> > + nldbl-vsprintf \
> > + nldbl-vswprintf \
> > + nldbl-vsyslog \
> > + nldbl-vwprintf \
> > + nldbl-wprintf \
> > + # routines_no_fortify
> > +
> > +# We can't rely on Makeconfig here for whatever reason
> > +CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
> > +CFLAGS-.oS += $(call
> elide-fortify-source,_chk.oS,$(routines_no_fortify))
> > diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
> > index 32cf4eb119..31028406d5 100644
> > --- a/sysdeps/pthread/Makefile
> > +++ b/sysdeps/pthread/Makefile
> > @@ -304,6 +304,10 @@ tests-nolibpthread += \
> > CFLAGS-tst-cleanup2.c += -fno-builtin
> > CFLAGS-tst-cleanupx2.c += -fno-builtin
> >
> > +# Disable fortification due to sprintf(NULL,...)
> > +CFLAGS-tst-cleanup2.c += $(no-fortify-source)
> > +CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
> > +
> > tests += \
> > tst-cancelx2 \
> > tst-cancelx3 \
> > diff --git a/sysdeps/unix/sysv/linux/Makefile
> b/sysdeps/unix/sysv/linux/Makefile
> > index 594a5dc53e..9108b7d2ed 100644
> > --- a/sysdeps/unix/sysv/linux/Makefile
> > +++ b/sysdeps/unix/sysv/linux/Makefile
> > @@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions
> -fasynchronous-unwind-tables
> > CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
> > CFLAGS-tst-writev.c +=
> "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
> >
> > +# The test triggers FORTIFY abortion due to purposely wrong parameters
> > +CFLAGS-test-errno-linux.c += $(no-fortify-source)
> > +
> > sysdep_headers += \
> > bits/a.out.h \
> > bits/epoll.h \
> > diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
> > index 22192985e1..d25a2214f8 100644
> > --- a/wcsmbs/Makefile
> > +++ b/wcsmbs/Makefile
> > @@ -121,6 +121,27 @@ routines := \
> > wmemset \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + mbsnrtowcs \
> > + mbsrtowcs \
> > + wcpcpy \
> > + wcpncpy \
> > + wcrtomb \
> > + wcscat \
> > + wcscpy \
> > + wcslcat \
> > + wcslcpy \
> > + wcsncat \
> > + wcsncpy \
> > + wcsnrtombs \
> > + wcsrtombs \
> > + wmemcpy \
> > + wmemmove \
> > + wmempcpy \
> > + wmemset \
> > + # routines_no_fortify
> > +
> > tests := \
> > test-c8rtomb \
> > test-char-types \
> > @@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-wcstold_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
> > CFLAGS-wcstof_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > -CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
> > CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
>
>
next prev parent reply other threads:[~2023-07-03 15:16 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 8:42 [PATCH v3 00/16] Allow glibc to be built with _FORTIFY_SOURCE Frédéric Bérat
2023-06-28 8:42 ` [PATCH v3 01/16] " Frédéric Bérat
2023-06-28 14:48 ` Joseph Myers
2023-06-28 8:42 ` [PATCH v3 02/16] Exclude routines from fortification Frédéric Bérat
2023-06-30 14:55 ` Siddhesh Poyarekar
2023-07-03 15:16 ` Frederic Berat [this message]
2023-07-04 16:04 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 03/16] sysdeps: Ensure ieee128*_chk routines to be properly named Frédéric Bérat
2023-06-30 14:58 ` Siddhesh Poyarekar
2023-06-30 15:55 ` Paul E Murphy
2023-06-30 15:57 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 04/16] string: Ensure *_chk routines have their hidden builtin definition available Frédéric Bérat
2023-06-30 15:06 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 05/16] stdio: " Frédéric Bérat
2023-06-30 15:09 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 06/16] asprintf_chk: Ensure compatibility for both s390x and ppc64le Frédéric Bérat
2023-06-30 15:11 ` Siddhesh Poyarekar
2023-06-30 16:08 ` Rajalakshmi Srinivasaraghavan
2023-06-30 17:51 ` Paul E Murphy
2023-07-03 5:35 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 07/16] misc/sys/cdefs.h: Create FORTIFY redirects for internal calls Frédéric Bérat
2023-06-30 15:13 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 08/16] wchar: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:17 ` Siddhesh Poyarekar
2023-06-30 15:26 ` Frederic Berat
2023-06-28 8:42 ` [PATCH v3 09/16] posix/bits/unistd.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:19 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 10/16] unistd: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:25 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 11/16] misc/bits/select2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:26 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 12/16] misc/bits/syslog.h: Clearly separate declaration from definition Frédéric Bérat
2023-06-30 15:28 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 13/16] libio/bits/stdio2.h: Clearly separate declaration from definitions Frédéric Bérat
2023-06-30 15:29 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 14/16] libio/bits/stdio2-decl.h: Avoid PLT entries with _FORTIFY_SOURCE Frédéric Bérat
2023-06-30 15:30 ` Siddhesh Poyarekar
2023-06-30 15:38 ` Frederic Berat
2023-06-30 15:48 ` Siddhesh Poyarekar
2023-06-30 17:08 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 15/16] sysdeps/ieee754/ldbl-128ibm-compat: Fix warn unused result Frédéric Bérat
2023-06-30 15:33 ` Siddhesh Poyarekar
2023-06-28 8:42 ` [PATCH v3 16/16] Add --enable-fortify-source option Frédéric Bérat
2023-06-30 13:51 ` Siddhesh Poyarekar
2023-07-03 8:50 ` Andreas Schwab
2023-07-03 12:51 ` Adhemerval Zanella Netto
2023-07-04 12:40 ` Frederic Berat
2023-07-04 15:59 ` Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAObJKZr=b7Uycip5so-M0CJKMtnO=BC-=uZ7O4t+_1K+oQEM+A@mail.gmail.com' \
--to=fberat@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).