From nobody Wed May 15 06:05:59 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfN6605XJz5KGkH
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 15 May 2024 06:06:54 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfN653ylkz4Kch;
	Wed, 15 May 2024 06:06:53 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1715753207;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=y9e5Y9XJh+zd9bAVBg672FIcsrZWSGwLFbHqT7yD+z4=;
	b=hvsGg/mylIxjXd1ns3EuuMuLayPtG/PwDmE9+1ziXzocsBFWWLIzgMSr6EDSUbNmWK5ChT
	tf2de06Z0pOWFGPS0sK+sUEBrqAurzyRrMVXpbwPm0QUtc1caj6iw50XRMqoziWAqa9EYj
	bx5LY0QQ6011UIgQhcip6LqOZAvhOSvqnfP0eVX4FI03cMpd+PUUG2aLjx/2S8Eufb1EYY
	5z2Ns9v24mCvK5y8yGrq/plhwJijIR5D4Uzi3S0v5j5fI9OisfsyGIcrzpJhI4v5f2b8oV
	zgMuwN+UFX2XRkvlmX9ywKAx3DtEvreKjW3gB9YBU6ydFlX9m4+zcslfu6adEQ==
Date: Wed, 15 May 2024 08:05:59 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Kyle Evans <kevans@freebsd.org>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
In-Reply-To: <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <83ac28b8e8e79866facbde716b051340@Leidinger.net>
 <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
 <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
Message-ID: <5777a5fc638682653d7bf1c4a041742d@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_edfc8542b893ab3cd310c38265551a90";
 micalg=pgp-sha256
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]
X-Rspamd-Queue-Id: 4VfN653ylkz4Kch

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_edfc8542b893ab3cd310c38265551a90
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
 format=flowed

Am 2024-05-15 01:15, schrieb Kyle Evans:
> On 5/14/24 11:34, Kyle Evans wrote:
>> On 5/14/24 07:47, Alexander Leidinger wrote:
>>> Am 2024-05-13 19:47, schrieb Kyle Evans:
>>>> Hi,
>>>> 
>>>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've 
>>>> imported an initial version of FORTIFY_SOURCE from FreeBSD. 
>>>> FORTIFY_SOURCE is an improvement over classical SSP, doing 
>>>> compiler-aided checking of stack object sizes to detect more 
>>>> fine-grained stack overflow without relying on the randomized stack 
>>>> canary just past the stack frame.
>>> 
>>> This breaks some port builds.
>>> 
>>> Example libfido2 (which is a dependency in the build of e.g. mysql):
>>> ---snip---
>>> [  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
>>> -DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM 
>>> -DHAVE_ENDIAN_H -DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE 
>>> -DHAVE_GETOPT -DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
>>> -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
>>> -DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
>>> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H 
>>> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL 
>>> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
>>> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
>>> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
>>> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native 
>>> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
>>> -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall 
>>> -Wextra -Werror -Wshadow -Wcast-qual -Wwrite-strings 
>>> -Wmissing-prototypes -Wbad-function-cast -Wimplicit-fallthrough 
>>> -pedantic -pedantic-errors -Wshorten-64-to-32 -fstack-protector-all 
>>> -Wconversion -Wsign-conversion -Wframe-larger-than=2047 -MD -MT 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -MF 
>>> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -c 
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
>>> FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
>>> /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
>>> -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
>>> -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
>>> -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE 
>>> -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP 
>>> -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
>>> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H 
>>> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL 
>>> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
>>> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
>>> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
>>> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native 
>>> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
>>> -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall 
>>> -Wextra -Werror -Wshadow -Wcast-qual -Wwrite-strings 
>>> -Wmissing-prototypes -Wbad-function-cast -Wimplicit-fallthrough 
>>> -pedantic -pedantic-errors -Wshorten-64-to-32 -fstack-protector-all 
>>> -Wconversion -Wsign-conversion -Wframe-larger-than=2047 -MD -MT 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -MF 
>>> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -c 
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: 
>>> error: use of GNU statement expression extension from macro expansion 
>>> [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>>>     18 |         memset(out, 0, sizeof(*out));
>>>        |         ^
>>> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>>>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, 
>>> len)
>>>        |     ^
>>> /usr/include/ssp/string.h:65:5: note: expanded from macro 
>>> '__ssp_bos_check3_typed'
>>>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, 
>>> __ssp_var(dstv), dst,      \
>>>        |     ^
>>> /usr/include/ssp/string.h:54:24: note: expanded from macro 
>>> '__ssp_bos_check3_typed_var'
>>>     54 |     src, lenvar, len) ({                                \
>>>        |                        ^
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: 
>>> error: use of GNU statement expression extension from macro expansion 
>>> [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>>>     60 |         memset(&iv, 0, sizeof(iv));
>>>        |         ^
>>> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>>>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, 
>>> len)
>>>        |     ^
>>> /usr/include/ssp/string.h:65:5: note: expanded from macro 
>>> '__ssp_bos_check3_typed'
>>>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, 
>>> __ssp_var(dstv), dst,      \
>>>        |     ^
>>> /usr/include/ssp/string.h:54:24: note: expanded from macro 
>>> '__ssp_bos_check3_typed_var'
>>>     54 |     src, lenvar, len) ({                                \
>>>        |                        ^
>>> ---snip---
>>> 
>>> I also have a failed archivers/libdeflate, devel/highway, www/node20, 
>>> and lang/rust, but those complain about something which could also be 
>>> attributed to some kind of interaction between my use of -fvectorize 
>>> and the new fortify stuff. Example with libdeflate (the libdeflate 
>>> update in ports is from March, and I had it compiled with -fvectorize 
>>> successfully before the fortify stuff came in):
>>> ---snip---
>>> In file included from 
>>> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
>>> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: 
>>> error: always_inline function '_mm512_set1_epi8' requires target 
>>> feature 'evex512', but would be inlined into function 
>>> 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 
>>> 'evex512'
>>>    197 |         const vec_t ones = VSET1_8(1);
>>>        |                            ^
>>> ---snip---
>>> Note, my CPUs don't support evex512 or avx512 at all, the compile 
>>> flags haven't changed, this version of the port is installed in 
>>> multiple jails (since March 28), so there is a change in behavior 
>>> since then. It may or may not be due to the fortify stuff.
>>> 
>>> I will test without -fvectorize later, poudriere is still building 
>>> ports, and I want to see if some other ports fail. Those 5 failed 
>>> port builds result in 160 skipped ports already (out of the >600 
>>> which this run wants to build).
>>> 
>>> Maybe you want to backout and request an exp-build to not get swamped 
>>> with failure reports from various people...
>>> 
>> 
>> There's really not that much that can go wrong here; I looked at 
>> enabling the warning in question in base to try and avoid future 
>> landmines, but that results in an absolute dumpster fire so I guess we 
>> won't do that.
>> 
>> Can you try this patch, please? https://termbin.com/jdtv -- it's the 
>> apparently proper way to avoid the warning.
>> 
> 
> I've confirmed that this patch fixes libfido2, will commit shortly.  
> The other failures you noted are indeed not related, FORTIFY_SOURCE has 
> no bearing on any of these things.

Your stdio.h does look different to my tree (it's from May 13, with 
manual removal of the ObsoleteFiles.inc stuff)... I did this manually 
now and give it a try in poudriere:
---snip---
#define sprintf(str, ...) __extension__ ({      \
     char *_ssp_str = (str);     \
     __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),           
\
         __VA_ARGS__); \
})

#define vsprintf(str, fmt, ap) __extension__ ({ \
     char *_ssp_str = (str);             \
     __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), fmt,     
\
         ap);                            \
})

#define snprintf(str, len, ...) __extension__ ({        \
     char *_ssp_str = (str);             \
     __builtin___snprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str),     
\
         __VA_ARGS__);                   \
})

#define vsnprintf(str, len, fmt, ap) __extension__ ({   \
     char *_ssp_str = (str);             \
     __builtin___vsnprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str),    
\
         fmt, ap);                       \
})

#define gets(str) __extension__ ({                      \
    char *_ssp_str = (str);              \
     __gets_chk(_ssp_str, __ssp_bos(_ssp_str));  \
})

#define fgets(str, len, fp) __extension__ ({            \
     char *_ssp_str = (str);             \
     __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp);        \
})
---snip---

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_edfc8542b893ab3cd310c38265551a90
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmZEUNYACgkQEg2wmwP4
2IaB6g//Yy4KIYY+bU4fDwzVlAFMWuNNtnUuf+jwWmKW5h2Bh/69y0TdrjTbQxFJ
QAiZ5xg+Jbmcd0ge+eEUVTKQZUfejyhueUquIhehm531X27CySwaYlEPsdYuGMzB
AjkcitB6lZkaDm86d4TilRWhg1O5WQcP+h1LRKh/NsuC0/OaQ+hOBOivrGBgM9U+
n4tQD1GJIcuZzGZ3HgiRcEJrtXr3vKeyOB3vLvvyDwkQew4fcBlXuaYw2YMXwem6
kpRaSwo3xm6xaG/HCUjgm8EAa/+K0q0+mplnPqjtrEdIdIlHn5aZGqXYoHx4ecgN
gMorMkOuBhWojQ2c9D/PQoKvFae97+6b88Q6sBMX/CgTJut3HCgL4fKFTmDGtezn
9v09Pw/MTDmC14B0ns7515ebeYHpL4ZAdNRdWlAeeTQ9nvHEjw2TK0OUsENWC3qz
L8uzpdRu+tD8DMTHgROn1MQSL7XnkfA4XZoqj3ikfeS+nn6/bW1VL+ApLPe8FEqa
JcXa81P8GIkhqUgpckB6okKukO/P1C9iULiqKdNFCU6KnGoAJaXfvQ85nTVF1IP9
i8pPcxxYv07Ego8J+W/GC+U53VPGqMjhgoPXrjcPM4FNNw/Xsc4w+jEqbVksnLsB
WMrsekDHO0ulflc2cnldkmIc2p+RdDNcex4z/azRYjPubFmrmFg=
=khMv
-----END PGP SIGNATURE-----

--=_edfc8542b893ab3cd310c38265551a90--