From 23a246a51fd5cd1deb592984b530ecfecc7195ed Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 29 Aug 2018 11:04:17 +0100 Subject: [PATCH] annobin: Detect comdat functions and create notes for them. annocheck: Better temporary directory deletion. Default to ingnoring unknowns. --- annocheck/annocheck.c | 49 +++++++++++++++++++++++++++---------------- annocheck/hardened.c | 38 ++++++++++++++++++++++++--------- plugin/annobin.cc | 7 ++++++- 3 files changed, 65 insertions(+), 29 deletions(-) diff --git a/annocheck/annocheck.c b/annocheck/annocheck.c index f8a5f28..ade2522 100644 --- a/annocheck/annocheck.c +++ b/annocheck/annocheck.c @@ -36,7 +36,7 @@ static const char * files[MAX_NUM_FILES]; static const char * progname; static const char * base_component = "annocheck"; static const char * component = "annocheck"; -static bool ignore_unknown = false; +static bool ignore_unknown = true; static char * saved_args = NULL; static char * prefix = ""; static const char * debug_rpm = NULL; @@ -198,9 +198,11 @@ usage (void) einfo (INFO, " --debug-rpm= [Find separate dwarf debug information in ]"); einfo (INFO, " --dwarf-dir= [Look in for separate dwarf debug information files]"); einfo (INFO, " --help [Display this message & exit]"); - einfo (INFO, " --ignore-unknown [Do not complain about unknown file types]"); + einfo (INFO, " --ignore-unknown [Do not complain about unknown file types][default]"); + einfo (INFO, " --report-unknown [Do complain about unknown file types]"); einfo (INFO, " --quiet [Do not print anything, just return an exit status]"); einfo (INFO, " --verbose [Produce informational messages whilst working. Repeat for more information]"); + einfo (INFO, " --timing [Produce informational messages about how long it takes to process a file]"); einfo (INFO, " --version [Report the verion of the tool & exit]"); einfo (INFO, "The following options are internal to the scanner and not expected to be supplied by the user:"); @@ -285,6 +287,10 @@ process_command_line (uint argc, const char * argv[]) ignore_unknown = true; break; + case 'r': /* --report-unknown */ + ignore_unknown = false; + break; + case 'q': /* --quiet */ save_arg (orig_arg); verbosity = -1UL; @@ -1285,16 +1291,13 @@ process_rpm_file (const char * filename) /* Then all the other options that the user has supplied. */ " ", saved_args ? saved_args : "", " .", - /* Then move out of the directory. */ - " && cd ..", - /* And delete it. */ - " && rm -r ", dirname, NULL); einfo (VERBOSE2, "Running rpm extractor command sequence: %s", command); fflush (stdin); - if (system (command)) + int result = system (command); + if (result == -1 || result == 127) return einfo (WARN, "Failed to process rpm file: %s", filename); free (command); @@ -1302,8 +1305,14 @@ process_rpm_file (const char * filename) free (fname); free (pname); - einfo (VERBOSE2, "RPM processed successful"); - return true; + /* Delete the temporary directory. */ + command = concat ("rm -r ", dirname, NULL); + if (system (command)) + einfo (WARN, "Failed to delete temporary directory: %s", dirname); + free (command); + + einfo (VERBOSE2, "RPM processed successfully"); + return result == EXIT_SUCCESS; } static bool @@ -1312,6 +1321,12 @@ process_file (const char * filename) size_t len; struct stat statbuf; + /* Fast track ignoring of debuginfo files. + FIXME: Maybe add other file extensions ? + FIXME: Maybe check that the extension is at the end of the filename ? */ + if (ignore_unknown && strstr (filename, ".debug")) + return true; + /* When ignoring unknown file types (which typically happens when processing the contents of an rpm), we do not follow symbolic links. This allows us to detect and ignore these links. */ @@ -1477,6 +1492,7 @@ main (int argc, const char ** argv) { if (tmpdir == NULL) { + assert (level == 0); tmpdir = create_tmpdir (); if (tmpdir == NULL) return EXIT_FAILURE; @@ -1516,16 +1532,13 @@ main (int argc, const char ** argv) if (debug_rpm_dir) rmdir (debug_rpm_dir); - if (level == 0 && tmpdir != NULL && self_made_tmpdir) - rmdir (tmpdir); + if (self_made_tmpdir) + { + assert (level == 0); + assert (tmpdir != 0); + rmdir (tmpdir); + } - /* FIXME: This is a hack. When --ignore-unknown is active we - are probably processing an rpm, and we do not want the - return status from annocheck to stop the cleanup of the - temporary directory. */ - if (!res && ignore_unknown) - res = true; - return res ? EXIT_SUCCESS : EXIT_FAILURE; } diff --git a/annocheck/hardened.c b/annocheck/hardened.c index 8b16e5a..52b616f 100644 --- a/annocheck/hardened.c +++ b/annocheck/hardened.c @@ -911,19 +911,37 @@ check_dynamic_section (annocheck_data * data, if (dyn == NULL) break; - if (dyn->d_tag == DT_BIND_NOW) - tests[TEST_BIND_NOW].num_pass ++; + switch (dyn->d_tag) + { + case DT_BIND_NOW: + tests[TEST_BIND_NOW].num_pass ++; + break; + + case DT_FLAGS: + if (dyn->d_un.d_val & DF_BIND_NOW) + tests[TEST_BIND_NOW].num_pass ++; + break; + + case DT_TEXTREL: + tests[TEST_TEXTREL].num_fail ++; + break; - else if (dyn->d_tag == DT_FLAGS - && dyn->d_un.d_val & DF_BIND_NOW) - tests[TEST_BIND_NOW].num_pass ++; + case DT_RPATH: + case DT_RUNPATH: + { + const char * path = elf_strptr (data->elf, sec->shdr.sh_link, dyn->d_un.d_val); - if (dyn->d_tag == DT_TEXTREL) - tests[TEST_TEXTREL].num_fail ++; + if (not_rooted_at_usr (path)) + { + einfo (VERBOSE, "%s: fail: Bad runpath: %s", data->filename, path); + tests[TEST_RUN_PATH].num_fail ++; + } + } + break; - if (dyn->d_tag == DT_RPATH || dyn->d_tag == DT_RUNPATH) - if (not_rooted_at_usr (elf_strptr (data->elf, sec->shdr.sh_link, dyn->d_un.d_val))) - tests[TEST_RUN_PATH].num_fail ++; + default: + break; + } } return true; diff --git a/plugin/annobin.cc b/plugin/annobin.cc index 4d14230..0376c6d 100644 --- a/plugin/annobin.cc +++ b/plugin/annobin.cc @@ -935,9 +935,14 @@ annobin_create_function_notes (void * gcc_data, void * user_data) if (!in_lto_p && ! flag_profile_values) func_section = concat (".text.hot", NULL); } + else if (DECL_COMDAT_GROUP (current_function_decl)) + { + targetm.asm_out.unique_section (current_function_decl, 0); + func_section = concat (annobin_get_section_name (current_function_decl), NULL); + } } } - + /* If the function is going to be in its own section, then we do not know where it will end up in memory. In particular we cannot rely upon it being included in the memory range covered by the global notes. So for -- 2.43.5