[v3,02/16] Exclude routines from fortification
Checks
| Context |
Check |
Description |
| redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
Commit Message
Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
be excluded from the fortification.
On top of that:
- some tests explicitly verify that some level of fortification works
appropriately, we therefore shouldn't modify the level set for them.
- some objects need to be build with optimization disabled, which
prevents _FORTIFY_SOURCE to be used for them.
Assembler files that implement architecture specific versions of the
fortified routines were not excluded from _FORTIFY_SOURCE as there is no
C header included that would impact their behavior.
---
debug/Makefile | 12 +--
io/Makefile | 16 ++++
libio/Makefile | 21 +++++-
login/Makefile | 6 ++
misc/Makefile | 7 ++
posix/Makefile | 11 +++
rt/Makefile | 5 ++
setjmp/Makefile | 9 +++
socket/Makefile | 6 ++
stdio-common/Makefile | 15 +++-
stdlib/Makefile | 7 ++
string/Makefile | 17 +++++
sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
sysdeps/pthread/Makefile | 4 +
sysdeps/unix/sysv/linux/Makefile | 3 +
wcsmbs/Makefile | 23 +++++-
17 files changed, 247 insertions(+), 25 deletions(-)
Comments
On 2023-06-28 04:42, Frédéric Bérat wrote:
> Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
> be excluded from the fortification.
>
> On top of that:
> - some tests explicitly verify that some level of fortification works
> appropriately, we therefore shouldn't modify the level set for them.
> - some objects need to be build with optimization disabled, which
> prevents _FORTIFY_SOURCE to be used for them.
>
> Assembler files that implement architecture specific versions of the
> fortified routines were not excluded from _FORTIFY_SOURCE as there is no
> C header included that would impact their behavior.
> ---
> debug/Makefile | 12 +--
> io/Makefile | 16 ++++
> libio/Makefile | 21 +++++-
> login/Makefile | 6 ++
> misc/Makefile | 7 ++
> posix/Makefile | 11 +++
> rt/Makefile | 5 ++
> setjmp/Makefile | 9 +++
> socket/Makefile | 6 ++
> stdio-common/Makefile | 15 +++-
> stdlib/Makefile | 7 ++
> string/Makefile | 17 +++++
> sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
> sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
> sysdeps/pthread/Makefile | 4 +
> sysdeps/unix/sysv/linux/Makefile | 3 +
> wcsmbs/Makefile | 23 +++++-
> 17 files changed, 247 insertions(+), 25 deletions(-)
>
> diff --git a/debug/Makefile b/debug/Makefile
> index 9d658e3002..434e52f780 100644
> --- a/debug/Makefile
> +++ b/debug/Makefile
> @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
> # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
> # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
> CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
> -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>
> # _FORTIFY_SOURCE tests.
> # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
> @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
> # cannot be disabled via pragmas, so require -Wno-error to be used.
> define gen-chk-test
> tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
> +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
> -Wno-deprecated-declarations \
> -Wno-error
> $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> diff --git a/io/Makefile b/io/Makefile
> index d573064ecc..6ccc0e8691 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -149,6 +149,22 @@ routines := \
> write \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + getcwd \
> + getwd \
> + open \
> + open64 \
> + openat \
> + openat64 \
> + poll \
> + ppoll \
> + read \
> + readlink \
> + readlinkat \
> + ttyname_r \
> + # routines_no_fortify
> +
> others := \
> pwd \
> # others
> diff --git a/libio/Makefile b/libio/Makefile
> index 2877fec484..f5c487d9f5 100644
> --- a/libio/Makefile
> +++ b/libio/Makefile
> @@ -53,6 +53,21 @@ routines := \
>
> gen-as-const-headers += libio-macros.sym
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + fwprintf \
> + iofgets \
> + iofgets_u \
> + iofgetws \
> + iofgetws_u \
> + swprintf \
> + vasprintf \
> + vsnprintf \
> + vswprintf \
> + vwprintf \
> + wprintf \
> + # routines_no_fortify
> +
> tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
> tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
> tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf \
> @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
> CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
> # XXX Do we need filedoalloc and wfiledoalloc? Others?
>
> +# Prevent fortification as these are built with -O0
> +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> +
> CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
>
> # These test cases intentionally use overlapping arguments
> CFLAGS-tst-sprintf-ub.c += -Wno-restrict
This should also be built without fortification because the test
specifically tries to validate the sprintf entry point; the
__sprintf_chk entry point ought to get checked by the
tst-sprintf-chk-ub.c test.
In fact, I wonder if *all* tests should be built without fortification
by default regardless of whether glibc is built with fortification. We
have specific tests in debug/ to test the _chk entry points and it seems
like the tests should stick to validating only the regular entry points
unless otherwise specified.
Sid
> -CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
> +CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
>
> LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
>
> diff --git a/login/Makefile b/login/Makefile
> index 13b155d344..74216cbcb2 100644
> --- a/login/Makefile
> +++ b/login/Makefile
> @@ -66,6 +66,12 @@ include ../Rules
> CFLAGS-getpt.c += -fexceptions
> CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + getlogin_r \
> + ptsname_r \
> + # routines_no_fortify
> +
> ifeq (yesyes,$(have-fpie)$(build-shared))
> pt_chown-cflags += $(pie-ccflag)
> endif
> diff --git a/misc/Makefile b/misc/Makefile
> index 84aa4cb0ad..36ba7a0bad 100644
> --- a/misc/Makefile
> +++ b/misc/Makefile
> @@ -205,6 +205,13 @@ routines := \
> writev \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + getdomain \
> + gethostname \
> + syslog \
> + # routines_no_fortify
> +
> generated += \
> tst-allocate_once-mem.out \
> tst-allocate_once.mtrace \
> diff --git a/posix/Makefile b/posix/Makefile
> index ad43cbdec6..5113ee3b74 100644
> --- a/posix/Makefile
> +++ b/posix/Makefile
> @@ -183,6 +183,14 @@ routines := \
> wordexp \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + confstr \
> + getgroups \
> + pread \
> + pread64 \
> + # routines_no_fortify
> +
> aux := \
> environ \
> init-posix \
> @@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
> tst-execvp3-ARGS = --test-dir=$(objpfx)
> CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
>
> +# Test voluntarily overflows struct dirent
> +CFLAGS-bug-glob2.c += $(no-fortify-source)
> +
> $(objpfx)testcases.h: TESTS TESTS2C.sed
> LC_ALL=C sed -f TESTS2C.sed < $< > $@T
> mv $@T $@
> diff --git a/rt/Makefile b/rt/Makefile
> index a97333dc02..3d4a3f0eec 100644
> --- a/rt/Makefile
> +++ b/rt/Makefile
> @@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
> CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
> CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + mq_open \
> + # routines_no_fortify
> +
> LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
>
> $(objpfx)librt.so: $(shared-thread-library)
> diff --git a/setjmp/Makefile b/setjmp/Makefile
> index e5733a8c52..363fb6673c 100644
> --- a/setjmp/Makefile
> +++ b/setjmp/Makefile
> @@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
>
> include ../Rules
>
> +# This test messes the stack on purpose, which triggers longjump fortify
> +# failure
> +CFLAGS-bug269-setjmp.c += $(no-fortify-source)
> +
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + longjmp \
> + # routines_no_fortify
> +
> $(objpfx)tst-setjmp-fp: $(libm)
> diff --git a/socket/Makefile b/socket/Makefile
> index d9b0b4af64..08f20118cd 100644
> --- a/socket/Makefile
> +++ b/socket/Makefile
> @@ -60,6 +60,12 @@ routines := \
> socketpair \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + recv \
> + recvfrom \
> + # routines_no_fortify
> +
> tests := \
> tst-accept4 \
> tst-cmsg_cloexec \
> diff --git a/stdio-common/Makefile b/stdio-common/Makefile
> index 8871ec7668..fe304b8373 100644
> --- a/stdio-common/Makefile
> +++ b/stdio-common/Makefile
> @@ -117,6 +117,19 @@ routines := \
> wprintf_function_invoke \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + asprintf \
> + dprintf \
> + fprintf \
> + printf \
> + snprintf \
> + sprintf \
> + vfprintf \
> + vfwprintf \
> + vprintf \
> + # routines_no_fortify
> +
> aux := \
> errlist \
> errlist-data \
> @@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
>
> # BZ #11319 was first fixed for regular vdprintf, then reopened because
> # the fortified version had the same bug.
> -CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> +CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>
> CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
>
> diff --git a/stdlib/Makefile b/stdlib/Makefile
> index 0975f55ee6..25e42a77e7 100644
> --- a/stdlib/Makefile
> +++ b/stdlib/Makefile
> @@ -145,6 +145,13 @@ routines := \
> xpg_basename \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + mbstowcs \
> + wcstombs \
> + wctomb \
> + # routines_no_fortify
> +
> aux = \
> grouping \
> groupingwc \
> diff --git a/string/Makefile b/string/Makefile
> index d3106d10a9..8cdfd5b000 100644
> --- a/string/Makefile
> +++ b/string/Makefile
> @@ -118,6 +118,23 @@ routines := \
> xpg-strerror \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + explicit_bzero \
> + memcpy \
> + memmove \
> + mempcpy \
> + memset \
> + stpcpy \
> + stpncpy \
> + strcat \
> + strcpy \
> + strlcat \
> + strlcpy \
> + strncat \
> + strncpy \
> + # routines_no_fortify
> +
> tests := \
> bug-envz1 \
> bug-strcoll1 \
> diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> index 42cca25a09..34273a5f58 100644
> --- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> +++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> @@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
> CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-obstack-ieee128 test-obstack-ibm128
> -CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
> -CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> tests-internal += test-scanf-ieee128 test-scanf-ibm128
> CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
> @@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
> obstack_chk \
> vobstack_chk
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
> -CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
> CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
> - -Wno-psabi -Wno-unused-result
> + -Wno-psabi -Wno-unused-result \
> + $(no-fortify-source)
> CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> - -Wno-unused-result
> + -Wno-unused-result \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
> -CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
> CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
> - -Wno-psabi -Wno-unused-result
> + -Wno-psabi -Wno-unused-result \
> + $(no-fortify-source)
> CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> - -Wno-unused-result
> + -Wno-unused-result \
> + $(no-fortify-source)
> endif
>
> ifeq ($(subdir),argp)
> @@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-container += test-syslog-ieee128 test-syslog-ibm128
> -CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
>
> +# The following tests are setting _FORTIFY_SOURCE internally
> tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
> -CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
> -CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> +CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
> + $(no-fortify-source)
> +CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> + $(no-fortify-source)
> endif
>
> ifeq ($(subdir),stdlib)
> @@ -395,6 +419,31 @@ endif
> # Add IEEE binary128 files as make targets.
> routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
>
> +routines_no_fortify += \
> + ieee128-asprintf \
> + ieee128-dprintf \
> + ieee128-fprintf \
> + ieee128-fwprintf \
> + ieee128-obstack \
> + ieee128-printf \
> + ieee128-snprintf \
> + ieee128-sprintf \
> + ieee128-swprintf \
> + ieee128-syslog \
> + ieee128-vasprintf \
> + ieee128-vdprintf \
> + ieee128-vfprintf \
> + ieee128-vfwprintf \
> + ieee128-vobstack \
> + ieee128-vprintf \
> + ieee128-vsnprintf \
> + ieee128-vsprintf \
> + ieee128-vswprintf \
> + ieee128-vsyslog \
> + ieee128-vwprintf \
> + ieee128-wprintf \
> + # routines_no_fortify
> +
> # On powerpc64le, the routines responsible for converting between long
> # double and string (e.g.: printf, scanf, strtold, strfroml) default to
> # IBM long double mode. When support for TS 18661-3 was added, several
> diff --git a/sysdeps/ieee754/ldbl-opt/Makefile b/sysdeps/ieee754/ldbl-opt/Makefile
> index 22e778ad0e..0ed1cd2cae 100644
> --- a/sysdeps/ieee754/ldbl-opt/Makefile
> +++ b/sysdeps/ieee754/ldbl-opt/Makefile
> @@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
> -DOBJPFX=\"$(objpfx)\"
>
> endif
> +
> +routines_no_fortify += \
> + nldbl-asprintf \
> + nldbl-dprintf \
> + nldbl-fprintf \
> + nldbl-fwprintf \
> + nldbl-obstack_printf \
> + nldbl-obstack_vprintf \
> + nldbl-printf \
> + nldbl-snprintf \
> + nldbl-sprintf \
> + nldbl-swprintf \
> + nldbl-syslog \
> + nldbl-vasprintf \
> + nldbl-vdprintf \
> + nldbl-vfprintf \
> + nldbl-vfwprintf \
> + nldbl-vprintf \
> + nldbl-vsnprintf \
> + nldbl-vsprintf \
> + nldbl-vswprintf \
> + nldbl-vsyslog \
> + nldbl-vwprintf \
> + nldbl-wprintf \
> + # routines_no_fortify
> +
> +# We can't rely on Makeconfig here for whatever reason
> +CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
> +CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
> diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
> index 32cf4eb119..31028406d5 100644
> --- a/sysdeps/pthread/Makefile
> +++ b/sysdeps/pthread/Makefile
> @@ -304,6 +304,10 @@ tests-nolibpthread += \
> CFLAGS-tst-cleanup2.c += -fno-builtin
> CFLAGS-tst-cleanupx2.c += -fno-builtin
>
> +# Disable fortification due to sprintf(NULL,...)
> +CFLAGS-tst-cleanup2.c += $(no-fortify-source)
> +CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
> +
> tests += \
> tst-cancelx2 \
> tst-cancelx3 \
> diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
> index 594a5dc53e..9108b7d2ed 100644
> --- a/sysdeps/unix/sysv/linux/Makefile
> +++ b/sysdeps/unix/sysv/linux/Makefile
> @@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
> CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
> CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
>
> +# The test triggers FORTIFY abortion due to purposely wrong parameters
> +CFLAGS-test-errno-linux.c += $(no-fortify-source)
> +
> sysdep_headers += \
> bits/a.out.h \
> bits/epoll.h \
> diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
> index 22192985e1..d25a2214f8 100644
> --- a/wcsmbs/Makefile
> +++ b/wcsmbs/Makefile
> @@ -121,6 +121,27 @@ routines := \
> wmemset \
> # routines
>
> +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> +routines_no_fortify += \
> + mbsnrtowcs \
> + mbsrtowcs \
> + wcpcpy \
> + wcpncpy \
> + wcrtomb \
> + wcscat \
> + wcscpy \
> + wcslcat \
> + wcslcpy \
> + wcsncat \
> + wcsncpy \
> + wcsnrtombs \
> + wcsrtombs \
> + wmemcpy \
> + wmemmove \
> + wmempcpy \
> + wmemset \
> + # routines_no_fortify
> +
> tests := \
> test-c8rtomb \
> test-char-types \
> @@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
> CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
> -CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
> +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
>
> CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
> CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
On Fri, Jun 30, 2023 at 4:55 PM Siddhesh Poyarekar <siddhesh@gotplt.org>
wrote:
> On 2023-06-28 04:42, Frédéric Bérat wrote:
> > Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need
> to
> > be excluded from the fortification.
> >
> > On top of that:
> > - some tests explicitly verify that some level of fortification works
> > appropriately, we therefore shouldn't modify the level set for them.
> > - some objects need to be build with optimization disabled, which
> > prevents _FORTIFY_SOURCE to be used for them.
> >
> > Assembler files that implement architecture specific versions of the
> > fortified routines were not excluded from _FORTIFY_SOURCE as there is no
> > C header included that would impact their behavior.
> > ---
> > debug/Makefile | 12 +--
> > io/Makefile | 16 ++++
> > libio/Makefile | 21 +++++-
> > login/Makefile | 6 ++
> > misc/Makefile | 7 ++
> > posix/Makefile | 11 +++
> > rt/Makefile | 5 ++
> > setjmp/Makefile | 9 +++
> > socket/Makefile | 6 ++
> > stdio-common/Makefile | 15 +++-
> > stdlib/Makefile | 7 ++
> > string/Makefile | 17 +++++
> > sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81 +++++++++++++++++----
> > sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
> > sysdeps/pthread/Makefile | 4 +
> > sysdeps/unix/sysv/linux/Makefile | 3 +
> > wcsmbs/Makefile | 23 +++++-
> > 17 files changed, 247 insertions(+), 25 deletions(-)
> >
> > diff --git a/debug/Makefile b/debug/Makefile
> > index 9d658e3002..434e52f780 100644
> > --- a/debug/Makefile
> > +++ b/debug/Makefile
> > @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions
> -fasynchronous-unwind-tables
> > # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the
> order is:
> > # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
> > CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> > -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> > -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > # _FORTIFY_SOURCE tests.
> > # Auto-generate tests for _FORTIFY_SOURCE for different levels,
> compilers and
> > @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
> > # cannot be disabled via pragmas, so require -Wno-error to be used.
> > define gen-chk-test
> > tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> > -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3)
> -Wno-format \
> > +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
> > -Wno-deprecated-declarations \
> > -Wno-error
> > $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> > diff --git a/io/Makefile b/io/Makefile
> > index d573064ecc..6ccc0e8691 100644
> > --- a/io/Makefile
> > +++ b/io/Makefile
> > @@ -149,6 +149,22 @@ routines := \
> > write \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getcwd \
> > + getwd \
> > + open \
> > + open64 \
> > + openat \
> > + openat64 \
> > + poll \
> > + ppoll \
> > + read \
> > + readlink \
> > + readlinkat \
> > + ttyname_r \
> > + # routines_no_fortify
> > +
> > others := \
> > pwd \
> > # others
> > diff --git a/libio/Makefile b/libio/Makefile
> > index 2877fec484..f5c487d9f5 100644
> > --- a/libio/Makefile
> > +++ b/libio/Makefile
> > @@ -53,6 +53,21 @@ routines :=
> \
> >
> > gen-as-const-headers += libio-macros.sym
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + fwprintf \
> > + iofgets \
> > + iofgets_u \
> > + iofgetws \
> > + iofgetws_u \
> > + swprintf \
> > + vasprintf \
> > + vsnprintf \
> > + vswprintf \
> > + vwprintf \
> > + wprintf \
> > + # routines_no_fortify
> > +
> > tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc
> tst_putwc \
> > tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
> > tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf
> \
> > @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c +=
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
> > # XXX Do we need filedoalloc and wfiledoalloc? Others?
> >
> > +# Prevent fortification as these are built with -O0
> > +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> > +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> > +
> > CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
> >
> > # These test cases intentionally use overlapping arguments
> > CFLAGS-tst-sprintf-ub.c += -Wno-restrict
>
> This should also be built without fortification because the test
> specifically tries to validate the sprintf entry point; the
> __sprintf_chk entry point ought to get checked by the
> tst-sprintf-chk-ub.c test.
>
> In fact, I wonder if *all* tests should be built without fortification
> by default regardless of whether glibc is built with fortification. We
> have specific tests in debug/ to test the _chk entry points and it seems
> like the tests should stick to validating only the regular entry points
> unless otherwise specified.
>
>
I'm not so sure. The fact that fortification is enabled doesn't diminish
the validity of the tests, at the very end fortified function shouldn't
modify the behavior of these routines (modulo the additional tests on input
parameters).
Unless the test breaks because of fortification (like when tests
voluntarily mess with input parameters in a way that the test aborts on chk
routines), I don't see the need to undefine _FORTIFY_SOURCE.
Thus, by having fortification enabled during the tests, I could catch
errors in the tests (e.g. Incorrect maxlen parameter for swprintf
427dbaee86bcec31ba2fe9a42f32842cf17c4e77).
On top of that in the current configuration, assuming
"--enable-fortify-source" is **not** set, and the _FORTIFY_SOURCE macro is
**not** set through the environment neither, these are still tested without
fortification.
In one sense, having the glibc CI testing the entry points directly, while
the community will probably test with fortification, may help catch
unwanted behavioral changes (if that ever happens) due to incorrect check
routines implementation.
All of that said, we may need to reconsider the tests like
tst-sprintf-chk-ub.c though, considering the capability to enable
fortification from configure.
What do you think ?
Fred.
> Sid
>
> > -CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
> > +CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
> >
> > LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
> >
> > diff --git a/login/Makefile b/login/Makefile
> > index 13b155d344..74216cbcb2 100644
> > --- a/login/Makefile
> > +++ b/login/Makefile
> > @@ -66,6 +66,12 @@ include ../Rules
> > CFLAGS-getpt.c += -fexceptions
> > CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getlogin_r \
> > + ptsname_r \
> > + # routines_no_fortify
> > +
> > ifeq (yesyes,$(have-fpie)$(build-shared))
> > pt_chown-cflags += $(pie-ccflag)
> > endif
> > diff --git a/misc/Makefile b/misc/Makefile
> > index 84aa4cb0ad..36ba7a0bad 100644
> > --- a/misc/Makefile
> > +++ b/misc/Makefile
> > @@ -205,6 +205,13 @@ routines := \
> > writev \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getdomain \
> > + gethostname \
> > + syslog \
> > + # routines_no_fortify
> > +
> > generated += \
> > tst-allocate_once-mem.out \
> > tst-allocate_once.mtrace \
> > diff --git a/posix/Makefile b/posix/Makefile
> > index ad43cbdec6..5113ee3b74 100644
> > --- a/posix/Makefile
> > +++ b/posix/Makefile
> > @@ -183,6 +183,14 @@ routines := \
> > wordexp \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + confstr \
> > + getgroups \
> > + pread \
> > + pread64 \
> > + # routines_no_fortify
> > +
> > aux := \
> > environ \
> > init-posix \
> > @@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
> > tst-execvp3-ARGS = --test-dir=$(objpfx)
> > CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
> >
> > +# Test voluntarily overflows struct dirent
> > +CFLAGS-bug-glob2.c += $(no-fortify-source)
> > +
> > $(objpfx)testcases.h: TESTS TESTS2C.sed
> > LC_ALL=C sed -f TESTS2C.sed < $< > $@T
> > mv $@T $@
> > diff --git a/rt/Makefile b/rt/Makefile
> > index a97333dc02..3d4a3f0eec 100644
> > --- a/rt/Makefile
> > +++ b/rt/Makefile
> > @@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
> > CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
> > CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + mq_open \
> > + # routines_no_fortify
> > +
> > LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
> >
> > $(objpfx)librt.so: $(shared-thread-library)
> > diff --git a/setjmp/Makefile b/setjmp/Makefile
> > index e5733a8c52..363fb6673c 100644
> > --- a/setjmp/Makefile
> > +++ b/setjmp/Makefile
> > @@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
> >
> > include ../Rules
> >
> > +# This test messes the stack on purpose, which triggers longjump fortify
> > +# failure
> > +CFLAGS-bug269-setjmp.c += $(no-fortify-source)
> > +
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + longjmp \
> > + # routines_no_fortify
> > +
> > $(objpfx)tst-setjmp-fp: $(libm)
> > diff --git a/socket/Makefile b/socket/Makefile
> > index d9b0b4af64..08f20118cd 100644
> > --- a/socket/Makefile
> > +++ b/socket/Makefile
> > @@ -60,6 +60,12 @@ routines := \
> > socketpair \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + recv \
> > + recvfrom \
> > + # routines_no_fortify
> > +
> > tests := \
> > tst-accept4 \
> > tst-cmsg_cloexec \
> > diff --git a/stdio-common/Makefile b/stdio-common/Makefile
> > index 8871ec7668..fe304b8373 100644
> > --- a/stdio-common/Makefile
> > +++ b/stdio-common/Makefile
> > @@ -117,6 +117,19 @@ routines := \
> > wprintf_function_invoke \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + asprintf \
> > + dprintf \
> > + fprintf \
> > + printf \
> > + snprintf \
> > + sprintf \
> > + vfprintf \
> > + vfwprintf \
> > + vprintf \
> > + # routines_no_fortify
> > +
> > aux := \
> > errlist \
> > errlist-data \
> > @@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
> >
> > # BZ #11319 was first fixed for regular vdprintf, then reopened because
> > # the fortified version had the same bug.
> > -CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> > +CFLAGS-tst-bz11319-fortify2.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
> >
> > diff --git a/stdlib/Makefile b/stdlib/Makefile
> > index 0975f55ee6..25e42a77e7 100644
> > --- a/stdlib/Makefile
> > +++ b/stdlib/Makefile
> > @@ -145,6 +145,13 @@ routines := \
> > xpg_basename \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + mbstowcs \
> > + wcstombs \
> > + wctomb \
> > + # routines_no_fortify
> > +
> > aux = \
> > grouping \
> > groupingwc \
> > diff --git a/string/Makefile b/string/Makefile
> > index d3106d10a9..8cdfd5b000 100644
> > --- a/string/Makefile
> > +++ b/string/Makefile
> > @@ -118,6 +118,23 @@ routines := \
> > xpg-strerror \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + explicit_bzero \
> > + memcpy \
> > + memmove \
> > + mempcpy \
> > + memset \
> > + stpcpy \
> > + stpncpy \
> > + strcat \
> > + strcpy \
> > + strlcat \
> > + strlcpy \
> > + strncat \
> > + strncpy \
> > + # routines_no_fortify
> > +
> > tests := \
> > bug-envz1 \
> > bug-strcoll1 \
> > diff --git a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > index 42cca25a09..34273a5f58 100644
> > --- a/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > +++ b/sysdeps/ieee754/ldbl-128ibm-compat/Makefile
> > @@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128
> test-wprintf-ibm128
> > CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-obstack-ieee128 test-obstack-ibm128
> > -CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
> > -CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > tests-internal += test-scanf-ieee128 test-scanf-ibm128
> > CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi -std=c89 -D_GNU_SOURCE
> > @@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
> > obstack_chk \
> > vobstack_chk
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
> > -CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-printf-chk-redir-ieee128
> test-printf-chk-redir-ibm128
> > CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128
> -mabi=ieeelongdouble \
> > - -Wno-psabi -Wno-unused-result
> > + -Wno-psabi -Wno-unused-result \
> > + $(no-fortify-source)
> > CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble
> -Wno-psabi \
> > - -Wno-unused-result
> > + -Wno-unused-result \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
> > -CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-internal += test-wprintf-chk-redir-ieee128
> test-wprintf-chk-redir-ibm128
> > CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128
> -mabi=ieeelongdouble \
> > - -Wno-psabi -Wno-unused-result
> > + -Wno-psabi -Wno-unused-result \
> > + $(no-fortify-source)
> > CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble
> -Wno-psabi \
> > - -Wno-unused-result
> > + -Wno-unused-result \
> > + $(no-fortify-source)
> > endif
> >
> > ifeq ($(subdir),argp)
> > @@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128
> -mabi=ieeelongdouble -Wno-psabi
> > CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-container += test-syslog-ieee128 test-syslog-ibm128
> > -CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> >
> > +# The following tests are setting _FORTIFY_SOURCE internally
> > tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
> > -CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi
> > -CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
> > +CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble
> -Wno-psabi \
> > + $(no-fortify-source)
> > +CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
> > + $(no-fortify-source)
> > endif
> >
> > ifeq ($(subdir),stdlib)
> > @@ -395,6 +419,31 @@ endif
> > # Add IEEE binary128 files as make targets.
> > routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
> >
> > +routines_no_fortify += \
> > + ieee128-asprintf \
> > + ieee128-dprintf \
> > + ieee128-fprintf \
> > + ieee128-fwprintf \
> > + ieee128-obstack \
> > + ieee128-printf \
> > + ieee128-snprintf \
> > + ieee128-sprintf \
> > + ieee128-swprintf \
> > + ieee128-syslog \
> > + ieee128-vasprintf \
> > + ieee128-vdprintf \
> > + ieee128-vfprintf \
> > + ieee128-vfwprintf \
> > + ieee128-vobstack \
> > + ieee128-vprintf \
> > + ieee128-vsnprintf \
> > + ieee128-vsprintf \
> > + ieee128-vswprintf \
> > + ieee128-vsyslog \
> > + ieee128-vwprintf \
> > + ieee128-wprintf \
> > + # routines_no_fortify
> > +
> > # On powerpc64le, the routines responsible for converting between long
> > # double and string (e.g.: printf, scanf, strtold, strfroml) default to
> > # IBM long double mode. When support for TS 18661-3 was added, several
> > diff --git a/sysdeps/ieee754/ldbl-opt/Makefile
> b/sysdeps/ieee754/ldbl-opt/Makefile
> > index 22e778ad0e..0ed1cd2cae 100644
> > --- a/sysdeps/ieee754/ldbl-opt/Makefile
> > +++ b/sysdeps/ieee754/ldbl-opt/Makefile
> > @@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c +=
> -mlong-double-64 -std=gnu89 \
> > -DOBJPFX=\"$(objpfx)\"
> >
> > endif
> > +
> > +routines_no_fortify += \
> > + nldbl-asprintf \
> > + nldbl-dprintf \
> > + nldbl-fprintf \
> > + nldbl-fwprintf \
> > + nldbl-obstack_printf \
> > + nldbl-obstack_vprintf \
> > + nldbl-printf \
> > + nldbl-snprintf \
> > + nldbl-sprintf \
> > + nldbl-swprintf \
> > + nldbl-syslog \
> > + nldbl-vasprintf \
> > + nldbl-vdprintf \
> > + nldbl-vfprintf \
> > + nldbl-vfwprintf \
> > + nldbl-vprintf \
> > + nldbl-vsnprintf \
> > + nldbl-vsprintf \
> > + nldbl-vswprintf \
> > + nldbl-vsyslog \
> > + nldbl-vwprintf \
> > + nldbl-wprintf \
> > + # routines_no_fortify
> > +
> > +# We can't rely on Makeconfig here for whatever reason
> > +CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
> > +CFLAGS-.oS += $(call
> elide-fortify-source,_chk.oS,$(routines_no_fortify))
> > diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
> > index 32cf4eb119..31028406d5 100644
> > --- a/sysdeps/pthread/Makefile
> > +++ b/sysdeps/pthread/Makefile
> > @@ -304,6 +304,10 @@ tests-nolibpthread += \
> > CFLAGS-tst-cleanup2.c += -fno-builtin
> > CFLAGS-tst-cleanupx2.c += -fno-builtin
> >
> > +# Disable fortification due to sprintf(NULL,...)
> > +CFLAGS-tst-cleanup2.c += $(no-fortify-source)
> > +CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
> > +
> > tests += \
> > tst-cancelx2 \
> > tst-cancelx3 \
> > diff --git a/sysdeps/unix/sysv/linux/Makefile
> b/sysdeps/unix/sysv/linux/Makefile
> > index 594a5dc53e..9108b7d2ed 100644
> > --- a/sysdeps/unix/sysv/linux/Makefile
> > +++ b/sysdeps/unix/sysv/linux/Makefile
> > @@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions
> -fasynchronous-unwind-tables
> > CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
> > CFLAGS-tst-writev.c +=
> "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
> >
> > +# The test triggers FORTIFY abortion due to purposely wrong parameters
> > +CFLAGS-test-errno-linux.c += $(no-fortify-source)
> > +
> > sysdep_headers += \
> > bits/a.out.h \
> > bits/epoll.h \
> > diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile
> > index 22192985e1..d25a2214f8 100644
> > --- a/wcsmbs/Makefile
> > +++ b/wcsmbs/Makefile
> > @@ -121,6 +121,27 @@ routines := \
> > wmemset \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + mbsnrtowcs \
> > + mbsrtowcs \
> > + wcpcpy \
> > + wcpncpy \
> > + wcrtomb \
> > + wcscat \
> > + wcscpy \
> > + wcslcat \
> > + wcslcpy \
> > + wcsncat \
> > + wcsncpy \
> > + wcsnrtombs \
> > + wcsrtombs \
> > + wmemcpy \
> > + wmemmove \
> > + wmempcpy \
> > + wmemset \
> > + # routines_no_fortify
> > +
> > tests := \
> > test-c8rtomb \
> > test-char-types \
> > @@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-wcstold_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
> > CFLAGS-wcstof_l.c += $(strtox-CFLAGS)
> $(config-cflags-wno-ignored-attributes)
> > -CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
> > CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
>
>
On 2023-07-03 11:16, Frederic Berat wrote:
>
>
> On Fri, Jun 30, 2023 at 4:55 PM Siddhesh Poyarekar <siddhesh@gotplt.org
> <mailto:siddhesh@gotplt.org>> wrote:
>
> On 2023-06-28 04:42, Frédéric Bérat wrote:
> > Since the _FORTIFY_SOURCE feature uses some routines of Glibc,
> they need to
> > be excluded from the fortification.
> >
> > On top of that:
> > - some tests explicitly verify that some level of fortification
> works
> > appropriately, we therefore shouldn't modify the level set
> for them.
> > - some objects need to be build with optimization disabled, which
> > prevents _FORTIFY_SOURCE to be used for them.
> >
> > Assembler files that implement architecture specific versions of the
> > fortified routines were not excluded from _FORTIFY_SOURCE as
> there is no
> > C header included that would impact their behavior.
> > ---
> > debug/Makefile | 12 +--
> > io/Makefile | 16 ++++
> > libio/Makefile | 21 +++++-
> > login/Makefile | 6 ++
> > misc/Makefile | 7 ++
> > posix/Makefile | 11 +++
> > rt/Makefile | 5 ++
> > setjmp/Makefile | 9 +++
> > socket/Makefile | 6 ++
> > stdio-common/Makefile | 15 +++-
> > stdlib/Makefile | 7 ++
> > string/Makefile | 17 +++++
> > sysdeps/ieee754/ldbl-128ibm-compat/Makefile | 81
> +++++++++++++++++----
> > sysdeps/ieee754/ldbl-opt/Makefile | 29 ++++++++
> > sysdeps/pthread/Makefile | 4 +
> > sysdeps/unix/sysv/linux/Makefile | 3 +
> > wcsmbs/Makefile | 23 +++++-
> > 17 files changed, 247 insertions(+), 25 deletions(-)
> >
> > diff --git a/debug/Makefile b/debug/Makefile
> > index 9d658e3002..434e52f780 100644
> > --- a/debug/Makefile
> > +++ b/debug/Makefile
> > @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions
> -fasynchronous-unwind-tables
> > # set up for us, so keep the CFLAGS/CPPFLAGS split logical as
> the order is:
> > # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
> > CFLAGS-tst-longjmp_chk.c += -fexceptions
> -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > CFLAGS-tst-longjmp_chk2.c += -fexceptions
> -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-longjmp_chk2.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > CFLAGS-tst-longjmp_chk3.c += -fexceptions
> -fasynchronous-unwind-tables
> > -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
> > -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
> > -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-longjmp_chk3.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=1
> > +CPPFLAGS-tst-realpath-chk.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=2
> > +CPPFLAGS-tst-chk-cancel.c +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=2
> >
> > # _FORTIFY_SOURCE tests.
> > # Auto-generate tests for _FORTIFY_SOURCE for different levels,
> compilers and
> > @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
> > # cannot be disabled via pragmas, so require -Wno-error to be used.
> > define gen-chk-test
> > tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
> > -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
> -D_FORTIFY_SOURCE=$(3) -Wno-format \
> > +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) +=
> $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
> >
> -Wno-deprecated-declarations \
> > -Wno-error
> > $(eval $(call cflags-$(2),$(1),$(3),$(4)))
> > diff --git a/io/Makefile b/io/Makefile
> > index d573064ecc..6ccc0e8691 100644
> > --- a/io/Makefile
> > +++ b/io/Makefile
> > @@ -149,6 +149,22 @@ routines := \
> > write \
> > # routines
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + getcwd \
> > + getwd \
> > + open \
> > + open64 \
> > + openat \
> > + openat64 \
> > + poll \
> > + ppoll \
> > + read \
> > + readlink \
> > + readlinkat \
> > + ttyname_r \
> > + # routines_no_fortify
> > +
> > others := \
> > pwd \
> > # others
> > diff --git a/libio/Makefile b/libio/Makefile
> > index 2877fec484..f5c487d9f5 100644
> > --- a/libio/Makefile
> > +++ b/libio/Makefile
> > @@ -53,6 +53,21 @@ routines :=
> \
> >
> > gen-as-const-headers += libio-macros.sym
> >
> > +# Exclude fortified routines from being built with _FORTIFY_SOURCE
> > +routines_no_fortify += \
> > + fwprintf \
> > + iofgets \
> > + iofgets_u \
> > + iofgetws \
> > + iofgetws_u \
> > + swprintf \
> > + vasprintf \
> > + vsnprintf \
> > + vswprintf \
> > + vwprintf \
> > + wprintf \
> > + # routines_no_fortify
> > +
> > tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf
> tst_getwc tst_putwc \
> > tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
> > tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf
> tst-sscanf \
> > @@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c +=
> $(config-cflags-wno-ignored-attributes)
> > CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
> > # XXX Do we need filedoalloc and wfiledoalloc? Others?
> >
> > +# Prevent fortification as these are built with -O0
> > +CFLAGS-tst-bz24051.c += $(no-fortify-source)
> > +CFLAGS-tst-bz24153.c += $(no-fortify-source)
> > +
> > CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
> >
> > # These test cases intentionally use overlapping arguments
> > CFLAGS-tst-sprintf-ub.c += -Wno-restrict
>
> This should also be built without fortification because the test
> specifically tries to validate the sprintf entry point; the
> __sprintf_chk entry point ought to get checked by the
> tst-sprintf-chk-ub.c test.
>
> In fact, I wonder if *all* tests should be built without fortification
> by default regardless of whether glibc is built with fortification. We
> have specific tests in debug/ to test the _chk entry points and it
> seems
> like the tests should stick to validating only the regular entry points
> unless otherwise specified.
>
> I'm not so sure. The fact that fortification is enabled doesn't
> diminish the validity of the tests, at the very end fortified function
> shouldn't modify the behavior of these routines (modulo the additional
> tests on input parameters).
> Unless the test breaks because of fortification (like when tests
> voluntarily mess with input parameters in a way that the test aborts on
> chk routines), I don't see the need to undefine _FORTIFY_SOURCE.
>
> Thus, by having fortification enabled during the tests, I could catch
> errors in the tests (e.g. Incorrect maxlen parameter for swprintf
> 427dbaee86bcec31ba2fe9a42f32842cf17c4e77).
>
> On top of that in the current configuration, assuming
> "--enable-fortify-source" is **not** set, and the _FORTIFY_SOURCE macro
> is **not** set through the environment neither, these are still tested
> without fortification.
> In one sense, having the glibc CI testing the entry points directly,
> while the community will probably test with fortification, may help
> catch unwanted behavioral changes (if that ever happens) due to
> incorrect check routines implementation.
>
> All of that said, we may need to reconsider the tests like
> tst-sprintf-chk-ub.c though, considering the capability to enable
> fortification from configure.
>
> What do you think ?
OK that's fine, just that we'd need to do further fixups to tests in
future where we're testing fortified and unfortified variants.
Sid
@@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
# set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
# <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
-CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
-CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
# _FORTIFY_SOURCE tests.
# Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
@@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
# cannot be disabled via pragmas, so require -Wno-error to be used.
define gen-chk-test
tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
-CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
+CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
-Wno-deprecated-declarations \
-Wno-error
$(eval $(call cflags-$(2),$(1),$(3),$(4)))
@@ -149,6 +149,22 @@ routines := \
write \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ getcwd \
+ getwd \
+ open \
+ open64 \
+ openat \
+ openat64 \
+ poll \
+ ppoll \
+ read \
+ readlink \
+ readlinkat \
+ ttyname_r \
+ # routines_no_fortify
+
others := \
pwd \
# others
@@ -53,6 +53,21 @@ routines := \
gen-as-const-headers += libio-macros.sym
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ fwprintf \
+ iofgets \
+ iofgets_u \
+ iofgetws \
+ iofgetws_u \
+ swprintf \
+ vasprintf \
+ vsnprintf \
+ vswprintf \
+ vwprintf \
+ wprintf \
+ # routines_no_fortify
+
tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf \
@@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
# XXX Do we need filedoalloc and wfiledoalloc? Others?
+# Prevent fortification as these are built with -O0
+CFLAGS-tst-bz24051.c += $(no-fortify-source)
+CFLAGS-tst-bz24153.c += $(no-fortify-source)
+
CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
# These test cases intentionally use overlapping arguments
CFLAGS-tst-sprintf-ub.c += -Wno-restrict
-CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
+CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
@@ -66,6 +66,12 @@ include ../Rules
CFLAGS-getpt.c += -fexceptions
CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ getlogin_r \
+ ptsname_r \
+ # routines_no_fortify
+
ifeq (yesyes,$(have-fpie)$(build-shared))
pt_chown-cflags += $(pie-ccflag)
endif
@@ -205,6 +205,13 @@ routines := \
writev \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ getdomain \
+ gethostname \
+ syslog \
+ # routines_no_fortify
+
generated += \
tst-allocate_once-mem.out \
tst-allocate_once.mtrace \
@@ -183,6 +183,14 @@ routines := \
wordexp \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ confstr \
+ getgroups \
+ pread \
+ pread64 \
+ # routines_no_fortify
+
aux := \
environ \
init-posix \
@@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
tst-execvp3-ARGS = --test-dir=$(objpfx)
CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
+# Test voluntarily overflows struct dirent
+CFLAGS-bug-glob2.c += $(no-fortify-source)
+
$(objpfx)testcases.h: TESTS TESTS2C.sed
LC_ALL=C sed -f TESTS2C.sed < $< > $@T
mv $@T $@
@@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ mq_open \
+ # routines_no_fortify
+
LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
$(objpfx)librt.so: $(shared-thread-library)
@@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
include ../Rules
+# This test messes the stack on purpose, which triggers longjump fortify
+# failure
+CFLAGS-bug269-setjmp.c += $(no-fortify-source)
+
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ longjmp \
+ # routines_no_fortify
+
$(objpfx)tst-setjmp-fp: $(libm)
@@ -60,6 +60,12 @@ routines := \
socketpair \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ recv \
+ recvfrom \
+ # routines_no_fortify
+
tests := \
tst-accept4 \
tst-cmsg_cloexec \
@@ -117,6 +117,19 @@ routines := \
wprintf_function_invoke \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ asprintf \
+ dprintf \
+ fprintf \
+ printf \
+ snprintf \
+ sprintf \
+ vfprintf \
+ vfwprintf \
+ vprintf \
+ # routines_no_fortify
+
aux := \
errlist \
errlist-data \
@@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
# BZ #11319 was first fixed for regular vdprintf, then reopened because
# the fortified version had the same bug.
-CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
@@ -145,6 +145,13 @@ routines := \
xpg_basename \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ mbstowcs \
+ wcstombs \
+ wctomb \
+ # routines_no_fortify
+
aux = \
grouping \
groupingwc \
@@ -118,6 +118,23 @@ routines := \
xpg-strerror \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ explicit_bzero \
+ memcpy \
+ memmove \
+ mempcpy \
+ memset \
+ stpcpy \
+ stpncpy \
+ strcat \
+ strcpy \
+ strlcat \
+ strlcpy \
+ strncat \
+ strncpy \
+ # routines_no_fortify
+
tests := \
bug-envz1 \
bug-strcoll1 \
@@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-obstack-ieee128 test-obstack-ibm128
-CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
-CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
tests-internal += test-scanf-ieee128 test-scanf-ibm128
CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
@@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
obstack_chk \
vobstack_chk
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
-CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
- -Wno-psabi -Wno-unused-result
+ -Wno-psabi -Wno-unused-result \
+ $(no-fortify-source)
CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
- -Wno-unused-result
+ -Wno-unused-result \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
-CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
- -Wno-psabi -Wno-unused-result
+ -Wno-psabi -Wno-unused-result \
+ $(no-fortify-source)
CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
- -Wno-unused-result
+ -Wno-unused-result \
+ $(no-fortify-source)
endif
ifeq ($(subdir),argp)
@@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
+# The following tests are setting _FORTIFY_SOURCE internally
tests-container += test-syslog-ieee128 test-syslog-ibm128
-CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
+# The following tests are setting _FORTIFY_SOURCE internally
tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
-CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+ $(no-fortify-source)
+CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+ $(no-fortify-source)
endif
ifeq ($(subdir),stdlib)
@@ -395,6 +419,31 @@ endif
# Add IEEE binary128 files as make targets.
routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
+routines_no_fortify += \
+ ieee128-asprintf \
+ ieee128-dprintf \
+ ieee128-fprintf \
+ ieee128-fwprintf \
+ ieee128-obstack \
+ ieee128-printf \
+ ieee128-snprintf \
+ ieee128-sprintf \
+ ieee128-swprintf \
+ ieee128-syslog \
+ ieee128-vasprintf \
+ ieee128-vdprintf \
+ ieee128-vfprintf \
+ ieee128-vfwprintf \
+ ieee128-vobstack \
+ ieee128-vprintf \
+ ieee128-vsnprintf \
+ ieee128-vsprintf \
+ ieee128-vswprintf \
+ ieee128-vsyslog \
+ ieee128-vwprintf \
+ ieee128-wprintf \
+ # routines_no_fortify
+
# On powerpc64le, the routines responsible for converting between long
# double and string (e.g.: printf, scanf, strtold, strfroml) default to
# IBM long double mode. When support for TS 18661-3 was added, several
@@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
-DOBJPFX=\"$(objpfx)\"
endif
+
+routines_no_fortify += \
+ nldbl-asprintf \
+ nldbl-dprintf \
+ nldbl-fprintf \
+ nldbl-fwprintf \
+ nldbl-obstack_printf \
+ nldbl-obstack_vprintf \
+ nldbl-printf \
+ nldbl-snprintf \
+ nldbl-sprintf \
+ nldbl-swprintf \
+ nldbl-syslog \
+ nldbl-vasprintf \
+ nldbl-vdprintf \
+ nldbl-vfprintf \
+ nldbl-vfwprintf \
+ nldbl-vprintf \
+ nldbl-vsnprintf \
+ nldbl-vsprintf \
+ nldbl-vswprintf \
+ nldbl-vsyslog \
+ nldbl-vwprintf \
+ nldbl-wprintf \
+ # routines_no_fortify
+
+# We can't rely on Makeconfig here for whatever reason
+CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
+CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
@@ -304,6 +304,10 @@ tests-nolibpthread += \
CFLAGS-tst-cleanup2.c += -fno-builtin
CFLAGS-tst-cleanupx2.c += -fno-builtin
+# Disable fortification due to sprintf(NULL,...)
+CFLAGS-tst-cleanup2.c += $(no-fortify-source)
+CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
+
tests += \
tst-cancelx2 \
tst-cancelx3 \
@@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
+# The test triggers FORTIFY abortion due to purposely wrong parameters
+CFLAGS-test-errno-linux.c += $(no-fortify-source)
+
sysdep_headers += \
bits/a.out.h \
bits/epoll.h \
@@ -121,6 +121,27 @@ routines := \
wmemset \
# routines
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+ mbsnrtowcs \
+ mbsrtowcs \
+ wcpcpy \
+ wcpncpy \
+ wcrtomb \
+ wcscat \
+ wcscpy \
+ wcslcat \
+ wcslcpy \
+ wcsncat \
+ wcsncpy \
+ wcsnrtombs \
+ wcsrtombs \
+ wmemcpy \
+ wmemmove \
+ wmempcpy \
+ wmemset \
+ # routines_no_fortify
+
tests := \
test-c8rtomb \
test-char-types \
@@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
-CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)