From nobody Tue May 14 23:15:27 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfBzP0ZxXz5LB6p for ; Tue, 14 May 2024 23:15:29 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VfBzN6kJHz4f7W; Tue, 14 May 2024 23:15:28 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715728528; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k4hUgJmCIqRYgbiqjrRJoW1IJimNHcPqu8XkpPLgKw8=; b=oTsA3RQrf13PK1prbNh/pPSemsjxPQCcJUTFCL/xhHKNds60al76/elJEnar4Y7cmUVCgN jpVjKQlHuRgmtq2ExTSRdZ76EZVlhJm0aG2xb/Zy7zhPEjsA3HdhSXm2wR+zq1WTSRYqOh 3UiUAMiKwsct2jKUGDaGRaKfisyVUxVnOg1ppm2t7EiPcvEqloV9/AvaDRAKPaXK7HX2xY ByF22ObuoizljlDnXtv3rRfVqbP3xC/sNW81VX5WIk9zqxzme4OJaFX+NBnmIhov4gv9lO O7vg52u7r9Bpbf53QPXJVrn/kE1+i6rf5oigyd2qMuzgjxtrXdfuYfwWJpbB6w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715728528; a=rsa-sha256; cv=none; b=cLjxIXYv8ae3Z9QF8YV6UyPCgA+L7hBS/DJ6pGfr7Fjw3wNP3kTnl3OM5bnBFD9O1+ZGym MRvIRpAEpqkbB9ETYEC+UCy/ODy4BibPz4HLu3+prtm71dHos6QK6c5ddYMFhjg1UkAaOE anZiya7F8tXGphpGFFKc63w9nQ66f8VSUhJfBcI9Qe2nJ9NzPYjgTlRbLm5X4kSvh3NWwT qbpTuP0bmmR37HI1mk+EAVL3rpWr41ht65/FA3jyTJQHRO8GdtjHcgMchwiMjsCks41zfj mrSmc10wY04EENHzKxMngIWzE2J8YK36NoNs0HGWIFxJD7onuldkQ33Q5A5jCg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715728528; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k4hUgJmCIqRYgbiqjrRJoW1IJimNHcPqu8XkpPLgKw8=; b=Wocqs3mSlojpOWVW7zANOMGjom0DnMuCA3T5U4LTJMQGhabO2PdNyzGvL7aomIwsfrbjIU dxofksADZ1hH3iUgK6q+KjwUO7PXELwB0AYOY3w4Q5TqruYTrRLZd3Jis5F9saZAN6y24h euy3g2aE5IDTv4u/OHAXeiDqasLryUhcUVIKNR8G8JqtmE0uRhRwWnHSktSNtekPY36Aoy 1M1L6Y6mpkWQg7WPKYAV5f4s+D8pk+jAbbTxYStoD8eNbYphFMAavJ2RBCEX02VOeZcnvp 49HlHf9z+G6k3if9fFH/Zv3DJ1rBCzXVWfrdQjJ3tUuVoPG7OMbJ4GHAzuscjA== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VfBzN4NS0z19YG; Tue, 14 May 2024 23:15:28 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: Date: Tue, 14 May 2024 18:15:27 -0500 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Initial implementation of _FORTIFY_SOURCE Content-Language: en-US From: Kyle Evans To: Alexander Leidinger Cc: "freebsd-hackers@FreeBSD.org" References: <83ac28b8e8e79866facbde716b051340@Leidinger.net> <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org> In-Reply-To: <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 5/14/24 11:34, Kyle Evans wrote: > On 5/14/24 07:47, Alexander Leidinger wrote: >> Am 2024-05-13 19:47, schrieb Kyle Evans: >>> Hi, >>> >>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've >>> imported an initial version of FORTIFY_SOURCE from FreeBSD. >>> FORTIFY_SOURCE is an improvement over classical SSP, doing >>> compiler-aided checking of stack object sizes to detect more >>> fine-grained stack overflow without relying on the randomized stack >>> canary just past the stack frame. >> >> This breaks some port builds. >> >> Example libfido2 (which is a dependency in the build of e.g. mysql): >> ---snip--- >> [  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF >> -DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM >> -DHAVE_ENDIAN_H -DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE >> -DHAVE_GETOPT -DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H >> -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY >> -DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB >> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H >> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL >> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 >> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src >> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE >> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native >> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native >> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong >> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 >> -pipe -mtune=native -fvectorize -march=native >> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong >> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra >> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes >> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors >> -Wshorten-64-to-32 -fstack-protector-all -Wconversion >> -Wsign-conversion -Wframe-larger-than=2047 -MD -MT >> src/CMakeFiles/fido2.dir/aes256.c.o -MF >> src/CMakeFiles/fido2.dir/aes256.c.o.d -o >> src/CMakeFiles/fido2.dir/aes256.c.o -c >> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c >> FAILED: src/CMakeFiles/fido2.dir/aes256.c.o >> /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF >> -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H >> -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE >> -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE >> -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP >> -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB >> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H >> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL >> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 >> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src >> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE >> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native >> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native >> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong >> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 >> -pipe -mtune=native -fvectorize -march=native >> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong >> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra >> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes >> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors >> -Wshorten-64-to-32 -fstack-protector-all -Wconversion >> -Wsign-conversion -Wframe-larger-than=2047 -MD -MT >> src/CMakeFiles/fido2.dir/aes256.c.o -MF >> src/CMakeFiles/fido2.dir/aes256.c.o.d -o >> src/CMakeFiles/fido2.dir/aes256.c.o -c >> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c >> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion] >>     18 |         memset(out, 0, sizeof(*out)); >>        |         ^ >> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset' >>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len) >>        |     ^ >> /usr/include/ssp/string.h:65:5: note: expanded from macro >> '__ssp_bos_check3_typed' >>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), >> dst,      \ >>        |     ^ >> /usr/include/ssp/string.h:54:24: note: expanded from macro >> '__ssp_bos_check3_typed_var' >>     54 |     src, lenvar, len) ({                                \ >>        |                        ^ >> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion] >>     60 |         memset(&iv, 0, sizeof(iv)); >>        |         ^ >> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset' >>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len) >>        |     ^ >> /usr/include/ssp/string.h:65:5: note: expanded from macro >> '__ssp_bos_check3_typed' >>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), >> dst,      \ >>        |     ^ >> /usr/include/ssp/string.h:54:24: note: expanded from macro >> '__ssp_bos_check3_typed_var' >>     54 |     src, lenvar, len) ({                                \ >>        |                        ^ >> ---snip--- >> >> I also have a failed archivers/libdeflate, devel/highway, www/node20, >> and lang/rust, but those complain about something which could also be >> attributed to some kind of interaction between my use of -fvectorize >> and the new fortify stuff. Example with libdeflate (the libdeflate >> update in ports is from March, and I had it compiled with -fvectorize >> successfully before the fortify stuff came in): >> ---snip--- >> In file included from >> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93: >> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512' >>    197 |         const vec_t ones = VSET1_8(1); >>        |                            ^ >> ---snip--- >> Note, my CPUs don't support evex512 or avx512 at all, the compile >> flags haven't changed, this version of the port is installed in >> multiple jails (since March 28), so there is a change in behavior >> since then. It may or may not be due to the fortify stuff. >> >> I will test without -fvectorize later, poudriere is still building >> ports, and I want to see if some other ports fail. Those 5 failed port >> builds result in 160 skipped ports already (out of the >600 which this >> run wants to build). >> >> Maybe you want to backout and request an exp-build to not get swamped >> with failure reports from various people... >> > > There's really not that much that can go wrong here; I looked at > enabling the warning in question in base to try and avoid future > landmines, but that results in an absolute dumpster fire so I guess we > won't do that. > > Can you try this patch, please? https://termbin.com/jdtv -- it's the > apparently proper way to avoid the warning. > I've confirmed that this patch fixes libfido2, will commit shortly. The other failures you noted are indeed not related, FORTIFY_SOURCE has no bearing on any of these things. Thanks, Kyle Evans