Prepare the system for _FORTIFY_SOURCE
Needs ReviewPublic
Actions

Authored by kevans on Oct 5 2021, 3:48 AM.

Details

Reviewers

ngie
imp

Summary

Notably:

libc needs to #undef some of the macros from ssp/* for underlying implementations
ssp/* wants a __RENAME() macro (snatched more or less from NetBSD)

There's some extra hinkiness included for read(), since libc spells it
as "_read" while the rest of the world spells it "read."

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 57112
Build 54000: arc lint + arc unit

Event Timeline

kevans created this revision.Oct 5 2021, 3:48 AM

Herald added a reviewer: ngie. · View Herald TranscriptOct 5 2021, 3:48 AM

Herald added a subscriber: imp. · View Herald Transcript

kevans requested review of this revision.Oct 5 2021, 3:48 AM

Harbormaster completed remote builds in B41956: Diff 96255.Oct 5 2021, 3:48 AM

kevans added a parent revision: D32306: Import _FORTIFY_SOURCE implementation from NetBSD.Oct 5 2021, 3:48 AM

kevans added a child revision: D32308: Add a build knob for _FORTIFY_SOURCE.

Re _read, I thought all system calls had three functions foo, _foo and sys_foo depending on which layer of indirection you were trying to bypass... I know that's why libc uses things like _read and _write.

In D32307#729071, @imp wrote:

Re _read, I thought all system calls had three functions foo, _foo and sys_foo depending on which layer of indirection you were trying to bypass... I know that's why libc uses things like _read and _write.

Right, sorry, I need to update that comment.

In D32307#729072, @kevans wrote:

In D32307#729071, @imp wrote:

Re _read, I thought all system calls had three functions foo, _foo and sys_foo depending on which layer of indirection you were trying to bypass... I know that's why libc uses things like _read and _write.

Right, sorry, I need to update that comment.

You've likely already thought of this, but if not... do we need to _FORTIFY_SOURCE system calls that FreeBSD has that are 'read like' that aren't in NetBSD?

arichardson added a subscriber: arichardson.Oct 5 2021, 7:46 AM

arichardson added inline comments.

lib/libc/amd64/string/bcopy.c
8	`(bcopy)` will prevent function macro expansion, no need for #undef. Same for the other files.

kib added a subscriber: kib.Oct 5 2021, 11:17 AM

kib added inline comments.

lib/libc/Makefile
22	I am not sure about all current and future uses of this define, but I dislike it being taken from the user namespace. Usually we use something like _IN_LIBC

kevans added inline comments.Oct 5 2021, 4:05 PM

lib/libc/Makefile
22	It also wouldn't be used much, but I wonder if it'd be better to just `-D_FORTIFY_SOURCE_read=_read` and default `_FORTIFY_SOURCE_read` to `read` in the header.

emaste added a subscriber: emaste.Oct 5 2021, 8:50 PM

kevans marked an inline comment as done.Oct 5 2021, 9:44 PM

Just prevent macro expansion, and use -D_FORTIFY_SOURCE_read instead of defining
some indicator for "in libc" to be misused later.

Harbormaster completed remote builds in B41979: Diff 96308.Oct 5 2021, 9:45 PM

lwhsu added a subscriber: lwhsu.Feb 7 2022, 1:36 AM

kevans added a reviewer: imp.Sep 25 2022, 1:37 AM

imp requested changes to this revision.Sep 25 2022, 4:57 AM

imp added inline comments.

lib/libc/sys/read.c
39 ↗	(On Diff #96308)	you only changed an include... and nothing else... So what does this accomplish?
sys/sys/cdefs.h
615–616	I'm torn on this #else... It means that no compilers that don't define PCC nor GNUC will be an automatic error EVEN IF THEY DONT USE __RENAME() So that's bad, right? I'd be tempted to either leave it undefined or # it like you do for kernel standalone....