From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) by sourceware.org (Postfix) with ESMTPS id 0A97D3858D28 for ; Sat, 17 Jun 2023 22:22:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0A97D3858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-2b45c289615so23547141fa.1 for ; Sat, 17 Jun 2023 15:22:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687040542; x=1689632542; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=JYvh959vRe78N8NsOSZCfvJDfuPHKkN7lFuqyJLNZPA=; b=Tp8k12OGhOlbmq70APLoFcL2N5FvWylKa+b2pn33NoDk1BMDOz98G5yciGv9x4RiHI 6auJBDA0+oYl8NvNctmgoBizJYxaKCsJDyl4H4vgNVBZV1w/XagDIC9KXkJWnhTqgUYq /8EYQXWUgK1cTsAd39gKuKu4wV+pE7Wd13gtlH1K9N3mdlkxyHEL73DoEsrxv06UqHsk DlNgbc6kVXBspvv5L5YasPTKs9Z84ZekZgmo1sd4eWy2FaWjKVqX+XGUlMZEHK4ElSeK CCsPmO8F+YhWaR8eENJ8UvqNDyfvJHtvKaYBffuUFowVo56bs0x/GehYZ3SDbAW65I6M 5C9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687040542; x=1689632542; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JYvh959vRe78N8NsOSZCfvJDfuPHKkN7lFuqyJLNZPA=; b=hCd8WqY7TIPbld2WzZLaJ4QA0mbF2V77SYK5tcm0csP5/eaCf6JXg5cXUxlZn0Fztz C/+d0kJ77IbVaMz1wbCl/3e6t4gzX/8OCxE58tYNAmf+w+Q81rfbRNtlcBntGAwFS0h7 m+PIbKferbPlsU7Q/oVMbGd9xCSgiBwQRSYtXZJee+3KtnFZ+cILSUw7EYFF7YrXRlng +JdqYSHp4OvcYZQwrw+m3PQnNHqLW+eni8wt7hJQ3gI+RQ3CIXMgzuHl5jkLrgrF3WvS DSCfy6ErSbWDXbXP8TGecgqCkI5ptrU6Cn7H/1midWzL9QDaM6Z2z0rR5L7IelL/Uxm2 ylxg== X-Gm-Message-State: AC+VfDw/tXVBh+3Wf+qvxmciXDmmLsZAt9RZCVtP6guKeg7Hdpcv9VO8 RJVzrnSDgatv4JW1BleSBHkV93FtjyI= X-Google-Smtp-Source: ACHHUZ4ImC8uMZVt33DI9g8f1dRDWgQMsXdD1u7Nd+lJOdvz+pDIrKWi//ynLPmhT0N8fhIX/P6OWw== X-Received: by 2002:a19:d611:0:b0:4f6:2d98:2985 with SMTP id n17-20020a19d611000000b004f62d982985mr3048421lfg.14.1687040541634; Sat, 17 Jun 2023 15:22:21 -0700 (PDT) Received: from surface-pro-6.. ([2a00:1370:818c:173b:cc34:4e0d:9ea6:c16c]) by smtp.gmail.com with ESMTPSA id j28-20020ac253bc000000b004f76a88dbcbsm1567091lfh.176.2023.06.17.15.22.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 17 Jun 2023 15:22:21 -0700 (PDT) From: Sergey Bugaev To: libc-alpha@sourceware.org Subject: [PATCH v3 0/5] fcntl fortification Date: Sun, 18 Jun 2023 01:22:13 +0300 Message-ID: <20230617222218.642125-1-bugaevc@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hello, this is v3 of the fcntl fortification work. v1 was at [0], v2 at [1]. [0]: https://sourceware.org/pipermail/libc-alpha/2023-May/148332.html [1]: https://sourceware.org/pipermail/libc-alpha/2023-May/148569.html Changes since v2: - This is now in its own separate header, bits/fcntl3.h (bits/fcntl2.h is used by the open fortification) - Clang is now supported in addition to GCC! - Clang does not support nor need the "-Wsystem-headers" pragma - Clang does support error/warning attributes since recently - There seems to be a bug in Clang which prevents the type mismatch warning from actually firing. Specifically, it appears that Clang gets confused about C functions names vs symbol names when it comes to attribute ((warning)), and does not emit the warning if the function declared with __warnattr has a symbol name matching that of another function that has not been declared with __warnattr. While this could be worked around in glibc (such as by adding __fcntl_warn as a real wrapper function when built with Clang), I think this just needs to be fixed in Clang. Any LLVM developers here? :D - Changed hide_constant utility to use an empty inline asm statement instead of volatile and noinline, as per the discussion. I did not make this into a general-purpose glibc-wide utility because I don't know what a fitting name and place (header) for it would be. If you'd like to see it glibc-wide, please suggest me where to put it and how to name it! - Fixed the C++ template linkage thing - Addressed misc review comments - Looked into applying __builtin_constant_p to the result of the cmd check and not the cmd value itself, as suggested by Florian. Unfortunately this does not work at all :( __builtin_constant_p starts returning 0 given anything remotely complex like even a trivial inline function call (so technically hide_constant would still work if it was just 'return value;'), even if the function is (later?) fully inlined and const-folded. *Maybe* this could be made to work if I used an obscene amount of macros instead of inline functions (to handle all the various commands being conditionally defined), but I don't want to go there. So since this didn't work out, I left the runtime __fcntl_2 function, but split it into a separate patch, so you can apply it or drop it depending on what you prefer in the end. Clang / C++ demo: ------------------------------------------------------------------ $ clang++ test-fcntl.cpp -D _FORTIFY_SOURCE=2 -O2 In file included from test-fcntl.cpp:1: In file included from /usr/include/fcntl.h:348: /usr/include/bits/fcntl3.h:394:5: error: call to '__fcntl_missing_arg' declared with 'error' attribute: fcntl with with this command needs 3 arguments __fcntl_missing_arg (); ^ 1 error generated. ------------------------------------------------------------------ Sergey