diff options
author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2020-12-30 11:54:00 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2020-12-31 16:55:21 +0530 |
commit | c43c5796121bc5bcc0867f02e5536874aa8196c1 (patch) | |
tree | 39306f12f031a62b0fe2ca679e656332e70eb388 /NEWS | |
parent | 2a08b6e8331a611dc29325bfa6e29fecc9a3a46e (diff) | |
download | glibc-c43c5796121bc5bcc0867f02e5536874aa8196c1.tar.gz glibc-c43c5796121bc5bcc0867f02e5536874aa8196c1.tar.xz glibc-c43c5796121bc5bcc0867f02e5536874aa8196c1.zip |
Introduce _FORTIFY_SOURCE=3
Introduce a new _FORTIFY_SOURCE level of 3 to enable additional fortifications that may have a noticeable performance impact, allowing more fortification coverage at the cost of some performance. With llvm 9.0 or later, this will replace the use of __builtin_object_size with __builtin_dynamic_object_size. __builtin_dynamic_object_size ----------------------------- __builtin_dynamic_object_size is an LLVM builtin that is similar to __builtin_object_size. In addition to what __builtin_object_size does, i.e. replace the builtin call with a constant object size, __builtin_dynamic_object_size will replace the call site with an expression that evaluates to the object size, thus expanding its applicability. In practice, __builtin_dynamic_object_size evaluates these expressions through malloc/calloc calls that it can associate with the object being evaluated. A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of __builtin_dynamic_object_size is able to emit __memcpy_chk with the allocation size expression passed into the function: void *copy_obj (const void *src, size_t alloc, size_t copysize) { void *obj = malloc (alloc); memcpy (obj, src, copysize); return obj; } Limitations ----------- If the object was allocated elsewhere that the compiler cannot see, or if it was allocated in the function with a function that the compiler does not recognize as an allocator then __builtin_dynamic_object_size also returns -1. Further, the expression used to compute object size may be non-trivial and may potentially incur a noticeable performance impact. These fortifications are hence enabled at a new _FORTIFY_SOURCE level to allow developers to make a choice on the tradeoff according to their environment.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 86e05fb023..8e02dbd0f7 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,12 @@ Major new features: The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils 2.28. +* A new fortification level _FORTIFY_SOURCE=3 is available. At this level, + glibc may use additional checks that may have an additional performance + overhead. At present these checks are available only on LLVM 9 and later. + The latest GCC available at this time (10.2) does not support this level of + fortification. + Deprecated and removed features, and other changes affecting compatibility: * The mallinfo function is marked deprecated. Callers should call |