scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3

The 30379efad1 added _FORTIFY_SOURCE checks without check if compiler
does support all used fortify levels.  This patch fixes it by first
checking at configure time the maximum support fortify level and using
it instead of a pre-defined one.

Checked on x86_64 with gcc 11, 12, and 13.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Tested-by: Florian Weimer <fweimer@redhat.com>
This commit is contained in:
Adhemerval Zanella 2023-07-20 11:35:54 -03:00
parent 6c85c5a177
commit a3090c2c98
5 changed files with 30 additions and 30 deletions

View File

@ -545,7 +545,7 @@ tests-special += $(objpfx)check-installed-headers-c.out
libof-check-installed-headers-c := testsuite
$(objpfx)check-installed-headers-c.out: \
scripts/check-installed-headers.sh $(headers)
$(SHELL) $(..)scripts/check-installed-headers.sh c \
$(SHELL) $(..)scripts/check-installed-headers.sh c $(supported-fortify) \
"$(CC) $(filter-out -std=%,$(CFLAGS)) -D_ISOMAC $(+includes)" \
$(headers) > $@; \
$(evaluate-test)
@ -555,7 +555,7 @@ tests-special += $(objpfx)check-installed-headers-cxx.out
libof-check-installed-headers-cxx := testsuite
$(objpfx)check-installed-headers-cxx.out: \
scripts/check-installed-headers.sh $(headers)
$(SHELL) $(..)scripts/check-installed-headers.sh c++ \
$(SHELL) $(..)scripts/check-installed-headers.sh c++ $(supported-fortify) \
"$(CXX) $(filter-out -std=%,$(CXXFLAGS)) -D_ISOMAC $(+includes)" \
$(headers) > $@; \
$(evaluate-test)

4
Rules
View File

@ -85,7 +85,7 @@ tests-special += $(objpfx)check-installed-headers-c.out
libof-check-installed-headers-c := testsuite
$(objpfx)check-installed-headers-c.out: \
$(..)scripts/check-installed-headers.sh $(headers)
$(SHELL) $(..)scripts/check-installed-headers.sh c \
$(SHELL) $(..)scripts/check-installed-headers.sh c $(supported-fortify) \
"$(CC) $(filter-out -std=%,$(CFLAGS)) -D_ISOMAC $(+includes)" \
$(headers) > $@; \
$(evaluate-test)
@ -97,7 +97,7 @@ tests-special += $(objpfx)check-installed-headers-cxx.out
libof-check-installed-headers-cxx := testsuite
$(objpfx)check-installed-headers-cxx.out: \
$(..)scripts/check-installed-headers.sh $(headers)
$(SHELL) $(..)scripts/check-installed-headers.sh c++ \
$(SHELL) $(..)scripts/check-installed-headers.sh c++ $(supported-fortify) \
"$(CXX) $(filter-out -std=%,$(CXXFLAGS)) -D_ISOMAC $(+includes)" \
$(headers) > $@; \
$(evaluate-test)

28
configure vendored
View File

@ -7610,9 +7610,9 @@ fi
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
fortify_source="${no_fortify_source}"
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
printf %s "checking for __builtin_dynamic_object_size... " >&6; }
if test ${libc_cv___builtin_dynamic_object_size+y}
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5
printf %s "checking for maximum supported _FORTIFY_SOURCE level... " >&6; }
if test ${libc_cv_supported_fortify_source+y}
then :
printf %s "(cached) " >&6
else $as_nop
@ -7630,30 +7630,24 @@ __builtin_dynamic_object_size("", 0)
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
libc_cv___builtin_dynamic_object_size=yes
if test "$enable_fortify_source" = yes
then :
enable_fortify_source=3
fi
libc_cv_supported_fortify_source=3
else $as_nop
libc_cv___builtin_dynamic_object_size=no
if test "$enable_fortify_source" = yes
then :
enable_fortify_source=2
fi
libc_cv_supported_fortify_source=2
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
printf "%s\n" "$libc_cv___builtin_dynamic_object_size" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_supported_fortify_source" >&5
printf "%s\n" "$libc_cv_supported_fortify_source" >&6; }
case $enable_fortify_source in #(
yes) :
libc_cv_fortify_source=yes enable_fortify_source=$libc_cv_supported_fortify_source ;; #(
1|2) :
libc_cv_fortify_source=yes ;; #(
3) :
if test "$libc_cv___builtin_dynamic_object_size" = yes
if test $libc_cv_supported_fortify_source = 3
then :
libc_cv_fortify_source=yes
else $as_nop
@ -7673,6 +7667,8 @@ fi
config_vars="$config_vars
supported-fortify = $libc_cv_supported_fortify_source"
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
printf %s "checking whether the assembler requires one version per symbol... " >&6; }

View File

@ -1578,17 +1578,17 @@ dnl support it
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
fortify_source="${no_fortify_source}"
AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level],
[libc_cv_supported_fortify_source], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
[libc_cv___builtin_dynamic_object_size=yes
AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
[libc_cv___builtin_dynamic_object_size=no
AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
[libc_cv_supported_fortify_source=3],
[libc_cv_supported_fortify_source=2])
])
AS_CASE([$enable_fortify_source],
[yes], [libc_cv_fortify_source=yes enable_fortify_source=$libc_cv_supported_fortify_source],
[1|2], [libc_cv_fortify_source=yes],
[3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
[3], [AS_IF([test $libc_cv_supported_fortify_source = 3],
[libc_cv_fortify_source=yes],
[AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
[libc_cv_fortify_source=no])
@ -1601,6 +1601,7 @@ AC_SUBST(enable_fortify_source)
AC_SUBST(libc_cv_fortify_source)
AC_SUBST(no_fortify_source)
AC_SUBST(fortify_source)
LIBC_CONFIG_VAR([supported-fortify], [$libc_cv_supported_fortify_source])
dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
dnl to one symbol (PR 23840).

View File

@ -29,11 +29,12 @@ cxx_modes="-std=c++98 -std=gnu++98 -std=c++11 -std=gnu++11"
# These are probably the most commonly used three.
lib_modes="-D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE=700"
# Also check for fortify modes, since it might be enabled as default.
fortify_modes="1 2 3"
# Also check for fortify modes, since it might be enabled as default. The
# maximum value to be checked is define by maximum_fortify argument.
fortify_modes=""
if [ $# -lt 3 ]; then
echo "usage: $0 c|c++ \"compile command\" header header header..." >&2
echo "usage: $0 c|c++ maximum_fortify \"compile command\" header header header..." >&2
exit 2
fi
case "$1" in
@ -50,6 +51,8 @@ case "$1" in
exit 2;;
esac
shift
fortify_modes=$(seq -s' ' 1 $1)
shift
cc_cmd="$1"
shift
trap "rm -f '$cih_test_c'" 0
@ -104,7 +107,6 @@ EOF
for lang_mode in "" $lang_modes; do
for lib_mode in "" $lib_modes; do
for fortify_mode in "" $fortify_modes; do
echo :::: $lang_mode $lib_mode $fortify_mode
if [ -z "$lib_mode" ]; then
expanded_lib_mode='/* default library mode */'
else
@ -114,6 +116,7 @@ EOF
if [ ! -z $fortify_mode ]; then
fortify_mode="#define _FORTIFY_SOURCE $fortify_mode"
fi
echo :::: $lang_mode $lib_mode $fortify_mode
cat >"$cih_test_c" <<EOF
/* These macros may have been defined on the command line. They are
inappropriate for this test. */