Re: [PATCH v4 00/15] Allow glibc to be built with _FORTIFY_SOURCE

[Siddhesh Poyarekar <siddhesh@gotplt.org>]

On 2023-07-04 12:55, Frédéric Bérat wrote:
> Hello,
> 
> This patch series introduces a new "--enable-fortify-source" option to glibc
> build. This option may either be set to a value between 1 and 3, or left empty
> to let configure select the highest value available for the build system.
> 
> The first patch adds the new configure option, the second excludes the routines
> that can't be built with the option enabled.
> 
> The next patches are fixing test and compilation errors that arose with
> fortification enabled.
> 
> I couldn't test the patch series in all configuration possible on all arches
> possible but I ran the following:
> 
>   - build-many-glibcs was executed on x86_64, for all arches/variants. This was
>     mainly done to ensure that installed headers were not broken (as some
>     patches are modifying system headers)
>   - The new "enable-fortify-source" variant for BMG got executed on x86_64
>   - make check and benchtests were executed on x86_64, i686, ppc64le, aarch64,
>     s390x, with and without fortification enabled.
> 
> Fred.
> 
> Changes since v1:
>   - The patch that introduced the new config option has been split in 2.
>     There is now one patch that allows glibc to be built with fortification and
>     one that adds a new configure option to enable it.
>     The patch adding the configure option has been moved to the end of the
>     series.
>   - A new variant has been added to x86_64 bmg to test enable-fortify-source.
>   - NEWS and INSTALL have been updated.
>   - Patch series has been re-based
>   - Error message has been fixed in newly introduced headers
>   - Include directive has been fixed in newly introduced include/* headers
> 
> Changes since v2:
>   - Test for bug269 modifies the stack in a way that may trigger an abort on
>     longjump when fortification is enabled. Thus, disable fortification for this
>     test.
>   - Added 2 patches to perform the same changes on stdio.h that was done for
>     unistd.h and wchar.h. Declarations that were in stdio2.h are moved into
>     existing stdio-decl.h, and __REDIRECT is rplaced by __REDIRECT_FORTIFY for
>     fgets_unlocked_alias.
>   - Title for some patches were modified without content change.
> 
> Changes since v3:
>   - Patch 02 (Exclude routines from fortification): Add $(no-fortify-source) to
>     CFLAGS-tst-sprintf-ub.c
>   - Patch 06 (asprintf_chk: Ensure compatibility for both s390x and ppc64le) is
>     squashed in patch 05 (stdio: Ensure *_chk routines have their hidden builtin
>     definition available). Hence, reviewed-by on patch 05 is dropped.
>   - Patch 05 now details why s390x couldn't build if ldbl_* macros are used with
>     __asprintf_chk
>   - Patch 08 (wchar: Avoid PLT entries with _FORTIFY_SOURCE): unexpected left
>     over is removed.
>   - Patch 10 (unistd: Avoid PLT entries with _FORTIFY_SOURCE):
>     libc_hidden_builtin_{def,proto} replaced with libc_hidden_{def,proto}
>   - Patch 11 (misc/bits/select2.h: Clearly separate declaration from
>     definitions): libc_hidden_builtin_{def,proto} replaced with
>     libc_hidden_{def,proto}
>   - Patch 16 (Add --enable-fortify-source option): if "--enable-fortify-source"
>     is NOT set (i.e. assume "--disable-fortify-source"), forcibly undefine
>     _FORTIFY_SOURCE (instead of letting it pass-through). This is the default
>     and matches old behavior.

Almost done.  In summary:

- Wait for Paul to review the ldbl-128 symbol hacks

- Merge 1/15 and 15/15 together into a single, first patch of the series 
with the recommended changes.

That should get us through.

Given that you'll likely be doing more glibc work, I'll be happy to 
sponsor write access for you if you like so that you can push your own 
patches after review.  Please review the consensus[1] wiki page to 
understand the responsibilities of someone with write access and then 
once you're ready, request an account on sourceware[2].

Cheers,
Sid

[1] https://sourceware.org/glibc/wiki/Consensus
[2] https://sourceware.org/cgi-bin/pdw/ps_form.cgi