From nobody Tue May 14 16:34:15 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vf24V1Vt2z5Kd47
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 16:34:18 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vf24V101lz4r5v;
	Tue, 14 May 2024 16:34:18 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715704458;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=w8mvn0PgcooTxg08m3B0VZEsoOsFBq0mpaWvt8dRYu8=;
	b=TGrtu+3WOgwWQSt+tLlcHCDAxVaJjYmPN0cPRd+VlLcO1oUXKQX4HtWbAPFN+aX8koH4CS
	ipoc6X0k5G83Nq05/SjzztQ0xqD3byaHLt1uRUjx7F/lNPHkd0rgfwkiyVH6hGwwcKUOuJ
	mX1dJLHJVAv+A1AulkUl6jZq6BrGotRMPPYMdUd1LkOMuZtFgHqyGiCLDOvm4jZ+HsAKoR
	a5hEYDGlCqhTMYxc61qLFKsxd0TKrKBu31OwV0gSjTLaM2vUX62IEbafOgUYdSIyRJpdKH
	HjunVuXpKW7rVi4NRGAL7gKbJD10YuQJta+YmL9Wn5sOoS3515UUdaTWPQxuWw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715704458; a=rsa-sha256; cv=none;
	b=c/v8E39f1g41sUwlXUNDpEE7E4ATGXkoUMqAyOZt4h4fO03IwKp0dJLnJvJVxczQdgl/+t
	OvVc5WKHP6p00j6nl56NpyijCNibvZSntsxuBALiM6gITgMYqX9zlpv4xNRsg6UopAbRn1
	NnAiaI9Cx19VpK8L+Bzl6FA0I+oz+FwosKYsoQt1rt3Wb5xmUkYGAPBKVT94OzXgHFQfJw
	gOgd2Pno694e3ygEaGrKDmxZ0zGMBe/sGFU/Vbnmbzo8t3cR8zo8iif0vfhfkUn0jwr34K
	FTgLTlddXml/MLAEQGK8QzfXr+RTfP2aUAB8F6ynd/cF7awZ7xca5cdA0qzKlg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715704458;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=w8mvn0PgcooTxg08m3B0VZEsoOsFBq0mpaWvt8dRYu8=;
	b=HQFSP6VfDmfnQfC2h+dSjqh/a+CKKnFPzvoR5i7byXxZhpNb5l84cN0Wh3hdAG7nMWnrbT
	5OwRwpwZBMq/t7E3KcMGddz9d0qUfV+yYZCKbrlJ0AAYx64ua6j4eaVh5KYKTgre4v81RL
	G3EAgCvziCndgzGmHX+I/2EBj/7taC+JAIYaf8vtLEczIYECYU92fHZ3rEnfOXXYeDVsyh
	8ZHq1RFsXAE7pLJvf1ad3ymyBjhaBuH67B7hMXlt0ntpoRgJnpgWoO2avfw7v6mnyaOD5s
	PlSaQBe/kxW5TlwAof5yVwdAJe+FqlvFH+FYySQqLekHA1aQSWUmgleDDhrwBw==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Vf24T4NDnz13MR;
	Tue, 14 May 2024 16:34:17 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
Date: Tue, 14 May 2024 11:34:15 -0500
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Content-Language: en-US
To: Alexander Leidinger <Alexander@Leidinger.net>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <83ac28b8e8e79866facbde716b051340@Leidinger.net>
From: Kyle Evans <kevans@FreeBSD.org>
In-Reply-To: <83ac28b8e8e79866facbde716b051340@Leidinger.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 5/14/24 07:47, Alexander Leidinger wrote:
> Am 2024-05-13 19:47, schrieb Kyle Evans:
>> Hi,
>>
>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've 
>> imported an initial version of FORTIFY_SOURCE from FreeBSD.  
>> FORTIFY_SOURCE is an improvement over classical SSP, doing 
>> compiler-aided checking of stack object sizes to detect more 
>> fine-grained stack overflow without relying on the randomized stack 
>> canary just past the stack frame.
> 
> This breaks some port builds.
> 
> Example libfido2 (which is a dependency in the build of e.g. mysql):
> ---snip---
> [  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
> -DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H 
> -DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT 
> -DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
> -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
> -DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L 
> -DTLS=__thread -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 
> -D_FIDO_PATCH=0 
> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
> -O2 -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
> -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
> -Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
> -Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
> src/CMakeFiles/fido2.dir/aes256.c.o -c 
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
> FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
> /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
> -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
> -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
> -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H 
> -DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP -DHAVE_SYSCONF 
> -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB -DHAVE_TIMINGSAFE_BCMP 
> -DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread 
> -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
> -O2 -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
> -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
> -Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
> -Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
> src/CMakeFiles/fido2.dir/aes256.c.o -c 
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>     18 |         memset(out, 0, sizeof(*out));
>        |         ^
> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
>        |     ^
> /usr/include/ssp/string.h:65:5: note: expanded from macro 
> '__ssp_bos_check3_typed'
>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
> dst,      \
>        |     ^
> /usr/include/ssp/string.h:54:24: note: expanded from macro 
> '__ssp_bos_check3_typed_var'
>     54 |     src, lenvar, len) ({                                \
>        |                        ^
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>     60 |         memset(&iv, 0, sizeof(iv));
>        |         ^
> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
>        |     ^
> /usr/include/ssp/string.h:65:5: note: expanded from macro 
> '__ssp_bos_check3_typed'
>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
> dst,      \
>        |     ^
> /usr/include/ssp/string.h:54:24: note: expanded from macro 
> '__ssp_bos_check3_typed_var'
>     54 |     src, lenvar, len) ({                                \
>        |                        ^
> ---snip---
> 
> I also have a failed archivers/libdeflate, devel/highway, www/node20, 
> and lang/rust, but those complain about something which could also be 
> attributed to some kind of interaction between my use of -fvectorize and 
> the new fortify stuff. Example with libdeflate (the libdeflate update in 
> ports is from March, and I had it compiled with -fvectorize successfully 
> before the fortify stuff came in):
> ---snip---
> In file included from 
> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
>    197 |         const vec_t ones = VSET1_8(1);
>        |                            ^
> ---snip---
> Note, my CPUs don't support evex512 or avx512 at all, the compile flags 
> haven't changed, this version of the port is installed in multiple jails 
> (since March 28), so there is a change in behavior since then. It may or 
> may not be due to the fortify stuff.
> 
> I will test without -fvectorize later, poudriere is still building 
> ports, and I want to see if some other ports fail. Those 5 failed port 
> builds result in 160 skipped ports already (out of the >600 which this 
> run wants to build).
> 
> Maybe you want to backout and request an exp-build to not get swamped 
> with failure reports from various people...
> 

There's really not that much that can go wrong here; I looked at 
enabling the warning in question in base to try and avoid future 
landmines, but that results in an absolute dumpster fire so I guess we 
won't do that.

Can you try this patch, please? https://termbin.com/jdtv -- it's the 
apparently proper way to avoid the warning.

Thanks,

Kyle Evans