stdlib: tests: don't double-define _FORTIFY_SOURCE
Checks
Context |
Check |
Description |
dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
dj/TryBot-32bit |
success
|
Build for i686
|
Commit Message
If using -D_FORITFY_SOURCE=3 (in my case, I've patched GCC to add
=3 instead of =2 (we've done =2 for years in Gentoo)), building
glibc tests will fail on testmb like:
```
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
<built-in>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
make[2]: *** [../o-iterator.mk:9: /var/tmp/portage/sys-libs/glibc-2.36/work/build-x86-x86_64-pc-linux-gnu-nptl/stdlib/testmb.o] Error 1
make[2]: *** Waiting for unfinished jobs....
```
It's just because we're always setting -D_FORTIFY_SOURCE=2
rather than unsetting it first. If F_S is already 2, it's harmless,
but if it's another value (say, 1, or 3), the compiler will bawk.
(I'm not aware of a reason this couldn't be tested with =3,
but the toolchain support is limited for that (too new), and we want
to run the tests everywhere possible.)
Signed-off-by: Sam James <sam@gentoo.org>
---
stdlib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 2022-08-05 16:13, Sam James via Libc-alpha wrote:
> If using -D_FORITFY_SOURCE=3 (in my case, I've patched GCC to add
> =3 instead of =2 (we've done =2 for years in Gentoo)), building
> glibc tests will fail on testmb like:
> ```
> <command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
> <built-in>: note: this is the location of the previous definition
> cc1: all warnings being treated as errors
> make[2]: *** [../o-iterator.mk:9: /var/tmp/portage/sys-libs/glibc-2.36/work/build-x86-x86_64-pc-linux-gnu-nptl/stdlib/testmb.o] Error 1
> make[2]: *** Waiting for unfinished jobs....
> ```
>
> It's just because we're always setting -D_FORTIFY_SOURCE=2
> rather than unsetting it first. If F_S is already 2, it's harmless,
> but if it's another value (say, 1, or 3), the compiler will bawk.
>
> (I'm not aware of a reason this couldn't be tested with =3,
> but the toolchain support is limited for that (too new), and we want
> to run the tests everywhere possible.)
>
> Signed-off-by: Sam James <sam@gentoo.org>
> ---
> stdlib/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/stdlib/Makefile b/stdlib/Makefile
> index f7b25c1981..d8b59022cc 100644
> --- a/stdlib/Makefile
> +++ b/stdlib/Makefile
> @@ -380,7 +380,7 @@ CFLAGS-tst-qsort.c += $(stack-align-test-flags)
> CFLAGS-tst-makecontext.c += -funwind-tables
> CFLAGS-tst-makecontext2.c += $(stack-align-test-flags)
>
> -CFLAGS-testmb.c += -D_FORTIFY_SOURCE=2 -Wall -Werror
> +CFLAGS-testmb.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -Werror
I think we'll be better off with -D_FORTIFY_SOURCE=3 here since the
intent is to test the fortified versions of the mb functions and =3 will
give the maximum coverage. The downside is that it will emit a warning
when building with older gcc (because _FORTIFY_SOURCE=3 is not supported
there and protection will downgrade to _FORTIFY_SOURCE=2) so the -Werror
will need to go away and maybe even need -Wno-error.
Alternatively, some magic here to determine the maximum fortification
level wouldn't hurt, but I won't gate your patch on that :) I can work
on that bit.
Thanks,
Sid
> On 8 Aug 2022, at 14:26, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>
> On 2022-08-05 16:13, Sam James via Libc-alpha wrote:
>> If using -D_FORITFY_SOURCE=3 (in my case, I've patched GCC to add
>> =3 instead of =2 (we've done =2 for years in Gentoo)), building
>> glibc tests will fail on testmb like:
>> ```
>> <command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
>> <built-in>: note: this is the location of the previous definition
>> cc1: all warnings being treated as errors
>> make[2]: *** [../o-iterator.mk:9: /var/tmp/portage/sys-libs/glibc-2.36/work/build-x86-x86_64-pc-linux-gnu-nptl/stdlib/testmb.o] Error 1
>> make[2]: *** Waiting for unfinished jobs....
>> ```
>> It's just because we're always setting -D_FORTIFY_SOURCE=2
>> rather than unsetting it first. If F_S is already 2, it's harmless,
>> but if it's another value (say, 1, or 3), the compiler will bawk.
>> (I'm not aware of a reason this couldn't be tested with =3,
>> but the toolchain support is limited for that (too new), and we want
>> to run the tests everywhere possible.)
>> Signed-off-by: Sam James <sam@gentoo.org>
>> ---
>> stdlib/Makefile | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> diff --git a/stdlib/Makefile b/stdlib/Makefile
>> index f7b25c1981..d8b59022cc 100644
>> --- a/stdlib/Makefile
>> +++ b/stdlib/Makefile
>> @@ -380,7 +380,7 @@ CFLAGS-tst-qsort.c += $(stack-align-test-flags)
>> CFLAGS-tst-makecontext.c += -funwind-tables
>> CFLAGS-tst-makecontext2.c += $(stack-align-test-flags)
>> -CFLAGS-testmb.c += -D_FORTIFY_SOURCE=2 -Wall -Werror
>> +CFLAGS-testmb.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -Werror
>
> I think we'll be better off with -D_FORTIFY_SOURCE=3 here since the intent is to test the fortified versions of the mb functions and =3 will give the maximum coverage. The downside is that it will emit a warning when building with older gcc (because _FORTIFY_SOURCE=3 is not supported there and protection will downgrade to _FORTIFY_SOURCE=2) so the -Werror will need to go away and maybe even need -Wno-error.
>
This is a fair point, although I now see we've actually got libc_cv_predef_fortify_source
which sets CPPUNDEFS for exactly this sort of problem anyway.
I don't see the warning with gcc-11 + -Werror + F_S=3 on a test program. I can build some
older GCCs as I should probably keep them around anyway though.
> Alternatively, some magic here to determine the maximum fortification level wouldn't hurt, but I won't gate your patch on that :) I can work on that bit.
I started looking at that and I'm not sure there's a point. includes/features.h downgrades us appropriately. I think we can unconditionally
set F_S=3 if I'm right about GCC not caring, as all the logic is on the glibc side, right?
We can always split this into two if you want:
1. The original commit (I can convert it to use libc_cv_predef_fortify_source's result) & backport it to 2.36
2. Another to crank to =3 and don't backport it in case I'm missing something.
>
> Thanks,
> Sid
best,
sam
On 2022-08-08 18:30, Sam James wrote:
> This is a fair point, although I now see we've actually got libc_cv_predef_fortify_source
> which sets CPPUNDEFS for exactly this sort of problem anyway.
>
> I don't see the warning with gcc-11 + -Werror + F_S=3 on a test program. I can build some
> older GCCs as I should probably keep them around anyway though.
Interesting, because you should have seen the warning about
_FORTIFY_SOURCE=3 not being supported; I'm surprised that it doesn't
fail due to that warning.
>> Alternatively, some magic here to determine the maximum fortification level wouldn't hurt, but I won't gate your patch on that :) I can work on that bit.
>
> I started looking at that and I'm not sure there's a point. includes/features.h downgrades us appropriately. I think we can unconditionally
> set F_S=3 if I'm right about GCC not caring, as all the logic is on the glibc side, right?
It's the warning I'm thinking about avoiding.
>
> We can always split this into two if you want:
> 1. The original commit (I can convert it to use libc_cv_predef_fortify_source's result) & backport it to 2.36
Sounds good to me.
> 2. Another to crank to =3 and don't backport it in case I'm missing something.
>
Thanks,
Sid
> On 10 Aug 2022, at 15:29, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>
> On 2022-08-08 18:30, Sam James wrote:
>> This is a fair point, although I now see we've actually got libc_cv_predef_fortify_source
>> which sets CPPUNDEFS for exactly this sort of problem anyway.
>> I don't see the warning with gcc-11 + -Werror + F_S=3 on a test program. I can build some
>> older GCCs as I should probably keep them around anyway though.
>
> Interesting, because you should have seen the warning about _FORTIFY_SOURCE=3 not being supported; I'm surprised that it doesn't fail due to that warning.
... and I see it now. I don't know what I did the other day. Oops.
>
>>> Alternatively, some magic here to determine the maximum fortification level wouldn't hurt, but I won't gate your patch on that :) I can work on that bit.
>> I started looking at that and I'm not sure there's a point. includes/features.h downgrades us appropriately. I think we can unconditionally
>> set F_S=3 if I'm right about GCC not caring, as all the logic is on the glibc side, right?
>
> It's the warning I'm thinking about avoiding.
>
>> We can always split this into two if you want:
>> 1. The original commit (I can convert it to use libc_cv_predef_fortify_source's result) & backport it to 2.36
>
> Sounds good to me.
>
>> 2. Another to crank to =3 and don't backport it in case I'm missing something.
>
Okay, sounds like a plan, cheers. I'll get on it.
> Thanks,
> Sid
> On 10 Aug 2022, at 16:06, Sam James via Libc-alpha <libc-alpha@sourceware.org> wrote:
>
>
>
>> On 10 Aug 2022, at 15:29, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>>
>> On 2022-08-08 18:30, Sam James wrote:
>>> This is a fair point, although I now see we've actually got libc_cv_predef_fortify_source
>>> which sets CPPUNDEFS for exactly this sort of problem anyway.
>>> I don't see the warning with gcc-11 + -Werror + F_S=3 on a test program. I can build some
>>> older GCCs as I should probably keep them around anyway though.
>>
>> Interesting, because you should have seen the warning about _FORTIFY_SOURCE=3 not being supported; I'm surprised that it doesn't fail due to that warning.
>
> ... and I see it now. I don't know what I did the other day. Oops.
>
>>
>>>> Alternatively, some magic here to determine the maximum fortification level wouldn't hurt, but I won't gate your patch on that :) I can work on that bit.
>>> I started looking at that and I'm not sure there's a point. includes/features.h downgrades us appropriately. I think we can unconditionally
>>> set F_S=3 if I'm right about GCC not caring, as all the logic is on the glibc side, right?
>>
>> It's the warning I'm thinking about avoiding.
>>
>>> We can always split this into two if you want:
>>> 1. The original commit (I can convert it to use libc_cv_predef_fortify_source's result) & backport it to 2.36
>>
>> Sounds good to me.
>>
>>> 2. Another to crank to =3 and don't backport it in case I'm missing something.
>>
>
> Okay, sounds like a plan, cheers. I'll get on it.
>
I ended up getting frustrated with some over engineering and got distracted with fixing up
autoconf-archive's macro for it.
Could you push the this one or do you want me to resend it?
Cheers!
On 2023-02-02 13:21, Sam James wrote:
> I ended up getting frustrated with some over engineering and got distracted with fixing up
> autoconf-archive's macro for it.
>
> Could you push the this one or do you want me to resend it?
Sorry I forgot to push it, done now.
Sid
@@ -380,7 +380,7 @@ CFLAGS-tst-qsort.c += $(stack-align-test-flags)
CFLAGS-tst-makecontext.c += -funwind-tables
CFLAGS-tst-makecontext2.c += $(stack-align-test-flags)
-CFLAGS-testmb.c += -D_FORTIFY_SOURCE=2 -Wall -Werror
+CFLAGS-testmb.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -Werror
# Run a test on the header files we use.