Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 May 2024 14:47:03 +0200
From:      Alexander Leidinger <Alexander@Leidinger.net>
To:        Kyle Evans <kevans@freebsd.org>
Cc:        "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject:   Re: Initial implementation of _FORTIFY_SOURCE
Message-ID:  <83ac28b8e8e79866facbde716b051340@Leidinger.net>
In-Reply-To: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
References:  <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_a86ef231b52f32732eaa0ca443f44a8f
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Am 2024-05-13 19:47, schrieb Kyle Evans:
> Hi,
> 
> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
> an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is 
> an improvement over classical SSP, doing compiler-aided checking of 
> stack object sizes to detect more fine-grained stack overflow without 
> relying on the randomized stack canary just past the stack frame.

This breaks some port builds.

Example libfido2 (which is a dependency in the build of e.g. mysql):
---snip---
[  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
-DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H 
-DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT 
-DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
-DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
-DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
-DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L 
-DTLS=__thread -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 
-D_FIDO_PATCH=0 
-I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
-I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
-D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
-O2 -pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
-pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
-Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
-Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
-Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
-Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
src/CMakeFiles/fido2.dir/aes256.c.o -c 
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
/usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
-DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
-DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
-DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H 
-DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP -DHAVE_SYSCONF 
-DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB -DHAVE_TIMINGSAFE_BCMP 
-DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread 
-D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
-I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
-I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
-D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
-O2 -pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
-pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
-Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
-Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
-Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
-Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
src/CMakeFiles/fido2.dir/aes256.c.o -c 
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: 
error: use of GNU statement expression extension from macro expansion 
[-Werror,-Wgnu-statement-expression-from-macro-expansion]
    18 |         memset(out, 0, sizeof(*out));
       |         ^
/usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
   120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
       |     ^
/usr/include/ssp/string.h:65:5: note: expanded from macro 
'__ssp_bos_check3_typed'
    65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
dst,      \
       |     ^
/usr/include/ssp/string.h:54:24: note: expanded from macro 
'__ssp_bos_check3_typed_var'
    54 |     src, lenvar, len) ({                                \
       |                        ^
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: 
error: use of GNU statement expression extension from macro expansion 
[-Werror,-Wgnu-statement-expression-from-macro-expansion]
    60 |         memset(&iv, 0, sizeof(iv));
       |         ^
/usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
   120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
       |     ^
/usr/include/ssp/string.h:65:5: note: expanded from macro 
'__ssp_bos_check3_typed'
    65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
dst,      \
       |     ^
/usr/include/ssp/string.h:54:24: note: expanded from macro 
'__ssp_bos_check3_typed_var'
    54 |     src, lenvar, len) ({                                \
       |                        ^
---snip---

I also have a failed archivers/libdeflate, devel/highway, www/node20, 
and lang/rust, but those complain about something which could also be 
attributed to some kind of interaction between my use of -fvectorize and 
the new fortify stuff. Example with libdeflate (the libdeflate update in 
ports is from March, and I had it compiled with -fvectorize successfully 
before the fortify stuff came in):
---snip---
In file included from 
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: 
error: always_inline function '_mm512_set1_epi8' requires target feature 
'evex512', but would be inlined into function 
'adler32_x86_avx512_vl512_vnni' that is compiled without support for 
'evex512'
   197 |         const vec_t ones = VSET1_8(1);
       |                            ^
---snip---
Note, my CPUs don't support evex512 or avx512 at all, the compile flags 
haven't changed, this version of the port is installed in multiple jails 
(since March 28), so there is a change in behavior since then. It may or 
may not be due to the fortify stuff.

I will test without -fvectorize later, poudriere is still building 
ports, and I want to see if some other ports fail. Those 5 failed port 
builds result in 160 skipped ports already (out of the >600 which this 
run wants to build).

Maybe you want to backout and request an exp-build to not get swamped 
with failure reports from various people...

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_a86ef231b52f32732eaa0ca443f44a8f
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmZDXVYACgkQEg2wmwP4
2IZqHg//SkkwugcRRBf8WCZoKPg8a96Qr94RgTVkFSNS4DdutznQ4XIgvWIbt5nx
9YcF0WM5pw8hF21pt8WpB0xtjIErNB6YM1+efT4Qj+OC/FVq53r5ZBcY8PrN0cne
7z8A6bzaKvvHQn1XJzTWZFwSApaLVt3Jbcxo9K7UktWJuxnJABYXSn68Bc7K2s1z
KSbu1v2sIM9wYBmylIJPi/Vhfjoa37U/WzH9OZhsmOMzjJ/3znpI2q+w4weYEZ+C
uOsoqb/iyBZwh3XyYJmYtF/q7e+1+A7GnZVMxleTKWUc8ESZQUYgXBWWl+hHqCq4
Sipooy4V6TJQxZMOWpObCg9zdyinzc88XZWlAKR/KJo6FWYW60BofVXt9C7KUc6s
r3mqJzg1/kFo5fJItQrHYj5MayLaqA3iH7x5YEPHGxVNHDV6a8fVQK6UtdJS4S6l
iwvCMXu9BZms4AvOhRYj+8vOSPwYjwXRW4FIAVuMUQRi0d/0dsBjjqNI02DXJuOG
v8FsRscDemQliFnmDzGngv9d9TvB+wwxV+NhvqKt6ET0IbzEG/Wv/VZau0Tq11qU
waO2TG6T4QG8StjK/mEts+XkN0tnGPRyQJHxejPwmB5tII9UBuUHb28RObemGCsV
RkFfdCJF9dj4t/mxAo0KJtDcsyz/hELt7sbxfFPy3LurtUTEL3Q=
=Qnkn
-----END PGP SIGNATURE-----

--=_a86ef231b52f32732eaa0ca443f44a8f--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?83ac28b8e8e79866facbde716b051340>