From 479d2e17759283bff90566ecdcfa8b815382b619 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 18 Oct 2021 16:18:17 +0100 Subject: [PATCH] 10.17: Annocheck: Better reporting of problems in object files --- annobin-global.h | 2 +- annocheck/annocheck.c | 3 --- annocheck/hardened.c | 29 +++++++++++++++++++---------- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/annobin-global.h b/annobin-global.h index 9616071..12aa68f 100644 --- a/annobin-global.h +++ b/annobin-global.h @@ -19,7 +19,7 @@ extern "C" { /* The version of the package. NB/ This number is expected to be in the form "NNnn" where "NN" is major version number and "nn" is the minor version number. */ -#define ANNOBIN_VERSION 1016 +#define ANNOBIN_VERSION 1017 /* The version of the annotation specification supported. */ #define SPEC_VERSION 3 diff --git a/annocheck/annocheck.c b/annocheck/annocheck.c index 27b570c..26f9854 100644 --- a/annocheck/annocheck.c +++ b/annocheck/annocheck.c @@ -674,7 +674,6 @@ run_checkers (const char * filename, int fd, Elf * elf) /* Note - do not skip empty sections, they may still be interesting to some tools. If a tool is not interested in an empty section, it can always determine this in its interesting_sec() function. */ - einfo (VERBOSE2, "%s: Examining section %s", filename, sec.secname); /* Walk the checkers, asking each in turn if they are interested in this section. */ for (tool = first_sec_checker; tool != NULL; tool = ((checker_internal *)(tool->internal))->next_sec) @@ -728,8 +727,6 @@ run_checkers (const char * filename, int fd, Elf * elf) /* Fuzzzing can produce segments like this. */ continue; - einfo (VERBOSE2, "%s: considering segment %lu", filename, (unsigned long) cnt); - for (tool = first_seg_checker; tool != NULL; tool = ((checker_internal *)(tool->internal))->next_seg) { if (((checker_internal *)(tool->internal))->skip || tool->interesting_seg == NULL) diff --git a/annocheck/hardened.c b/annocheck/hardened.c index 5c74d74..4dd3e93 100644 --- a/annocheck/hardened.c +++ b/annocheck/hardened.c @@ -3188,8 +3188,10 @@ check_dynamic_section (annocheck_data * data, const char * path = elf_strptr (data->elf, sec->shdr.sh_link, dyn->d_un.d_val); if (check_runtime_search_paths (data, path)) - maybe (data, TEST_RUN_PATH, SOURCE_DYNAMIC_SECTION, - "the RPATH dynamic tag is deprecated. Link with --enable-new-dtags to use RUNPATH instead"); + { + pass (data, TEST_RUN_PATH, SOURCE_DYNAMIC_SECTION, "the DT_RUNPATH dynamic tag is present and correct"); + inform (data, "info: the RPATH dynamic tag is deprecated. Link with --enable-new-dtags to use RUNPATH instead"); + } } break; @@ -4252,6 +4254,13 @@ check_for_gaps (annocheck_data * data) pass (data, TEST_NOTES, SOURCE_ANNOBIN_NOTES, "no gaps found"); } +static bool +C_compiler_seen (void) +{ + return is_C_compiler (per_file.seen_tools_with_code) + /* Object files do not record a note range, so seen_tools_with_code will not have been updated. */ + || (is_object_file () && is_C_compiler (per_file.seen_tools)); +} static bool finish (annocheck_data * data) @@ -4331,7 +4340,7 @@ finish (annocheck_data * data) case TEST_LTO: if (per_file.seen_tools & TOOL_GO) skip (data, i, SOURCE_FINAL_SCAN, "at least part of the binary is compield GO"); - else if (is_C_compiler (per_file.seen_tools_with_code)) + else if (C_compiler_seen ()) maybe (data, i, SOURCE_FINAL_SCAN, "no indication that LTO was used"); else skip (data, i, SOURCE_FINAL_SCAN, "not compiled C/C++ code"); @@ -4402,7 +4411,7 @@ finish (annocheck_data * data) skip (data, i, SOURCE_FINAL_SCAN, "kernel modules are not compiled with this feature"); else if (per_file.seen_tools & TOOL_GO) skip (data, i, SOURCE_FINAL_SCAN, "GO compilation does not use the C preprocessor"); - else if (is_C_compiler (per_file.seen_tools_with_code)) + else if (C_compiler_seen ()) fail (data, i, SOURCE_FINAL_SCAN, "no indication that the necessary option was used (and a C compiler was detected)"); else skip (data, i, SOURCE_FINAL_SCAN, "no C/C++ compiled code found"); @@ -4422,7 +4431,7 @@ finish (annocheck_data * data) case TEST_PIC: if (per_file.seen_tools & TOOL_GO) skip (data, i, SOURCE_FINAL_SCAN, "GO does not support a -fPIC option"); - else if (is_C_compiler (per_file.seen_tools_with_code)) + else if (C_compiler_seen ()) maybe (data, i, SOURCE_FINAL_SCAN, "no valid notes found regarding this test"); else skip (data, i, SOURCE_FINAL_SCAN, "not C/C++ compiled code"); @@ -4434,17 +4443,17 @@ finish (annocheck_data * data) else if (per_file.seen_tools == TOOL_GAS || (per_file.gcc_from_comment && per_file.seen_tools == (TOOL_GAS | TOOL_GCC))) skip (data, i, SOURCE_FINAL_SCAN, "no compiled code found"); - else if (is_C_compiler (per_file.seen_tools_with_code)) + else if (C_compiler_seen ()) /* The skip is necessary because some glibc code is built this way. */ skip (data, i, SOURCE_FINAL_SCAN, "no notes found regarding this feature"); else - skip (data, i, SOURCE_FINAL_SCAN, "not C/C++ compiled code"); + skip (data, i, SOURCE_FINAL_SCAN, "not compiled C/C++ code"); break; - + case TEST_OPTIMIZATION: if (per_file.seen_tools & TOOL_GO) skip (data, i, SOURCE_FINAL_SCAN, "GO optimized by default"); - else if (is_C_compiler (per_file.seen_tools_with_code)) + else if (C_compiler_seen ()) maybe (data, i, SOURCE_FINAL_SCAN, "no valid notes found regarding this test"); else skip (data, i, SOURCE_FINAL_SCAN, "not C/C++ compiled code"); @@ -4458,7 +4467,7 @@ finish (annocheck_data * data) skip (data, i, SOURCE_FINAL_SCAN, "no compiled code found"); else if (per_file.current_tool == TOOL_GO) skip (data, i, SOURCE_FINAL_SCAN, "GO is stack safe"); - else if (! is_C_compiler (per_file.seen_tools_with_code)) + else if (! C_compiler_seen ()) skip (data, i, SOURCE_FINAL_SCAN, "no C/C++ compiled code found"); else if (is_kernel_module (data)) skip (data, i, SOURCE_FINAL_SCAN, "kernel modules do not support stack clash protection"); -- 2.43.5