build: Improve checks for `_FORTIFY

hebasto commented at 4:00 PM on August 26, 2023: member

_FORTIFY_SOURCE=3 requires __builtin_dynamic_object_size. If the latter is not supported, the fortification level fallbacks to 2.

However, the user is misled by the ./configure script:

checking whether C++ preprocessor accepts -D_FORTIFY_SOURCE=3... yes

This PR avoids misleading the user.

Additionally, it prevents warnings like this:

warning: #warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support) [-Wcpp]

build: Improve checks for `_FORTIFY_SOURCE`

`_FORTIFY_SOURCE=3` requires `__builtin_dynamic_object_size`. If the
latter is not supported, the fortification level fallbacks to 2.

This change makes the selection of the fortification level explicit and
prevents warnings like this:
```
warning: #warning Using _FORTIFY_SOURCE=2 (level 3 requires __builtin_dynamic_object_size support) [-Wcpp]
```

df701db329

hebasto added the label Build system on Aug 26, 2023

DrahtBot commented at 4:00 PM on August 26, 2023: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type	Reviewers
Concept NACK	fanquake, luke-jr

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

fanquake commented at 4:05 PM on August 26, 2023: member

Concept NACK.

hebasto commented at 4:07 PM on August 26, 2023: member

Concept NACK.

Mind elaborating?

fanquake commented at 4:08 PM on August 26, 2023: member

The fallbacking works as intended on newer glibc, and setting three means we get 2 on any older glibc. No need to complicate this to "fix warnings", which iirc only appear for Windows in any case.

hebasto commented at 4:12 PM on August 26, 2023: member

The fallbacking works as intended on newer glibc, and setting three means we get 2 on any older glibc.

It is hidden from the user who sees only

checking whether C++ preprocessor accepts -D_FORTIFY_SOURCE=3... yes

No need to complicate this to "fix warnings", which iirc only appear for Windows in any case.

"fix warnings" is just a byproduct of this change.

The main point is to provide the user with the truth about the fortification level which is actually supported and will be used during compilation.

DrahtBot added the label CI failed on Sep 3, 2023

DrahtBot removed the label CI failed on Sep 5, 2023

maflcko added the label DrahtBot Guix build requested on Sep 5, 2023

DrahtBot commented at 6:59 PM on September 5, 2023: contributor

Guix builds (on x86_64)

File	commit 9d3b216e009a53ffcecd57e7f10df15cccd5fd6d<br>(master)	commit 349362d4020dabf0c5907cde62bec933bd2c80de<br>(master and this pull)
SHA256SUMS.part	`3c57cd8199c723d6...`	`9f36e490ef4f4594...`
*-aarch64-linux-gnu-debug.tar.gz	`b3be5bf8b13acd79...`	`ec14a49d95f7645a...`
*-aarch64-linux-gnu.tar.gz	`9e53fc8bdaae2991...`	`fd9d7912a942496a...`
*-arm-linux-gnueabihf-debug.tar.gz	`2da52974294d7aa7...`	`2a2f9b46d0c641f5...`
*-arm-linux-gnueabihf.tar.gz	`849397fb888189c0...`	`8e6f2aeef6495c4d...`
*-arm64-apple-darwin-unsigned.dmg	`83850133c42db63f...`	`e53a7c9fd6510f92...`
*-arm64-apple-darwin-unsigned.tar.gz	`198c1392640d6281...`	`bdc9c9d830a2ef50...`
*-arm64-apple-darwin.tar.gz	`577cff9bca290b78...`	`a97dd1acdae4982d...`
*-powerpc64-linux-gnu-debug.tar.gz	`df855e3842293446...`	`248986c70a090364...`
*-powerpc64-linux-gnu.tar.gz	`6dbc4447804f6cfe...`	`7b334335df9a80fb...`
*-powerpc64le-linux-gnu-debug.tar.gz	`394cf58d49da4576...`	`9ac386ea150ba325...`
*-powerpc64le-linux-gnu.tar.gz	`d4bc7a07b39cffe9...`	`23980be008e97227...`
*-riscv64-linux-gnu-debug.tar.gz	`53fe0d40b995b2f3...`	`963e73b6d7e8866b...`
*-riscv64-linux-gnu.tar.gz	`6fe76c88c2922c51...`	`75059c48a2d63131...`
*-x86_64-apple-darwin-unsigned.dmg	`5808e1822110dd7f...`	`32e0f1434295f875...`
*-x86_64-apple-darwin-unsigned.tar.gz	`520cbaa034c71b5b...`	`cc09fff54f3b81fe...`
*-x86_64-apple-darwin.tar.gz	`9cf60f219aa2bfba...`	`a5678c74213dc586...`
*-x86_64-linux-gnu-debug.tar.gz	`ffd9cc7139745a85...`	`2ec9c64aeb8f948a...`
*-x86_64-linux-gnu.tar.gz	`61204c2275003f89...`	`113a67b2c7445ff6...`
*.tar.gz	`99ad0782b2c9f90d...`	`d02595cb9371c47b...`
guix_build.log	`a650778923504aaa...`	`b78a8334cea801a7...`
guix_build.log.diff		`b859b8a2e2997dc7...`

DrahtBot removed the label DrahtBot Guix build requested on Sep 5, 2023

luke-jr commented at 8:17 PM on September 5, 2023: member

Concept NACK. This would break if someone had a (future?) compiler that supports 3 without that exact symbol.

If it really bothers you, maybe check for that specific warning in the output?

hebasto commented at 7:07 PM on September 6, 2023: member

@luke-jr

If it really bothers you, maybe check for that specific warning in the output?

Do warnings are always emitted when a compiler falls back from level 3 to level 2?

DrahtBot added the label CI failed on Sep 21, 2023

DrahtBot removed the label CI failed on Sep 23, 2023

fanquake commented at 8:59 AM on September 27, 2023: member

The main point is to provide the user with the truth about the fortification level which is actually supported and will be used during compilation.

I don't think this matters, or is something you can guarantee. IIRC, even in the case that the provided fortification level is supported, glibc may internally fallback to a lower level, for a certain function, depending on various tests. So in that case, even if 3 was supported by the compiler, a more complicated function may only get the hardening equivalent of 2.

We just want to attempt using the highest supported level in any case. No need to try and second-guess glibc, or essentially drag it's build machinery inside our own build system.

hebasto closed this on Sep 27, 2023

bitcoin locked this on Sep 26, 2024

build: Improve checks for `_FORTIFY_SOURCE` #28344

Reviews

Guix builds (on x86_64)