From patchwork Wed Dec 30 06:43:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1421423 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=libc-alpha-bounces@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=sourceware.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=urRYK2/A; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4D5cjM3S65z9sTK for ; Thu, 31 Dec 2020 03:50:31 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B681A3850403; Wed, 30 Dec 2020 16:50:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B681A3850403 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1609347027; bh=HXaTZruo4LMeTKZOZpRaIspKC2x3NOPjqUPbtSO/4iY=; h=Resent-From:Resent-Date:Resent-To:To:Subject:Date:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:Cc:From; b=urRYK2/A7TEGpN98k9h3d9XqccuJvF3rTMhA4sFpuCNPWIqUmv2gS+1RzGEHGmz+/ NiDccEfObUdjCGDKGCkAGq+YDsSvLaLzq+XDDtakVpU5M8P53raRh1I4giQpkgxFre hWS6beiBCSDz4uzAPYK/GL+WeXDgHzxxmqxaiS/g= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: by sourceware.org (Postfix, from userid 0) id 790183851C34; Wed, 30 Dec 2020 16:50:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 790183851C34 Resent-From: Christopher Faylor Resent-Date: Wed, 30 Dec 2020 16:50:26 +0000 Resent-Message-ID: <20201230165026.GA3020380@server2.sourceware.org> Resent-To: libc-alpha@sourceware.org To: libc-alpha@sourceware.org Subject: [PATCH v7 0/4] _FORTIFY_SOURCE=3 Date: Wed, 30 Dec 2020 12:13:44 +0530 Message-Id: <20201230064348.376092-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Cc: fweimer@redhat.com, jakub@redhat.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This patchset implements a new fortification level, _FORTIFY_SOURCE=3. This level allows size information to be dynamic, which may potentially have a noticeable performance impact. It uses the __builtin_dynamic_object_size builtin available in clang to expand coverage of fortifications at the expense of some performance. Patch 1/4 adds a warning on unsupported _FORTIFY_LEVEL values. This change can go in independently of the new fortification level. Patch 2/4 adds the macro scaffolding to allow the new _FORTIFY_SOURCE level and to select the __builtin_dynamic_object_size builtin when it is available. Patch 3/4 adds support for string functions; these functions have additional fortified builtins of the form __builtin___func_chk. Patch 4/4 adds support for non-string functions that are fortification-ready for levels 1 and 2. Testing: The glibc testsuite doesn't directly support clang at the moment, so having tests in the glibc source tree is pointless as long as gcc does not have support for __builtin_dynamic_object_size. There is a separate project on GitHub called fortify-test-suite[1] that houses fortification tests and is capable of testing multiple levels of fortification with multiple compilers. I have proposed a PR[2] to add support for _FORTIFY_SOURCE=3 and have verified my changes with those tests. Those tests run clean for clang when run with these changes and PR[2] and they fail at level 3 for gcc, as expected. [1] https://github.com/serge-sans-paille/fortify-test-suite [2] https://github.com/serge-sans-paille/fortify-test-suite/pull/9 Changes since last version of the patchset: - Split out patches as suggested during review - Renamed __objsize to __glibc_objsize Siddhesh Poyarekar (4): Warn on unsupported fortification levels Introduce _FORTIFY_SOURCE=3 string: Enable __FORTIFY_LEVEL=3 nonstring: Enable __FORTIFY_LEVEL=3 NEWS | 6 ++ include/features.h | 8 ++ include/string.h | 5 +- io/bits/poll2.h | 18 ++-- libio/bits/stdio.h | 2 +- libio/bits/stdio2.h | 62 ++++++++------ manual/creature.texi | 3 +- misc/sys/cdefs.h | 9 ++ posix/bits/unistd.h | 120 ++++++++++++++------------ socket/bits/socket2.h | 22 ++--- stdlib/bits/stdlib.h | 42 +++++---- string/bits/string_fortified.h | 29 ++++--- string/bits/strings_fortified.h | 6 +- wcsmbs/bits/wchar2.h | 146 ++++++++++++++++++-------------- 14 files changed, 279 insertions(+), 199 deletions(-)