From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org, Siddhesh Poyarekar <siddhesh@gotplt.org>
Subject: [PATCH 14/15] debug: Improve fcntl.h fortify warnings with clang
Date: Thu, 21 Dec 2023 15:59:28 -0300 [thread overview]
Message-ID: <20231221185929.1307116-15-adhemerval.zanella@linaro.org> (raw)
In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org>
It improves open, open64, openat, and openat64. The compile and runtime
checks have similar coverage as with GCC.
Checked on aarch64, armhf, x86_64, and i686.
---
io/bits/fcntl2.h | 92 ++++++++++++++++++++++++++++++++++++++++++++++++
io/fcntl.h | 3 +-
misc/sys/cdefs.h | 7 ++++
3 files changed, 100 insertions(+), 2 deletions(-)
diff --git a/io/bits/fcntl2.h b/io/bits/fcntl2.h
index bdb48fa815..6aa7793a81 100644
--- a/io/bits/fcntl2.h
+++ b/io/bits/fcntl2.h
@@ -32,6 +32,8 @@ extern int __REDIRECT (__open_2, (const char *__path, int __oflag),
extern int __REDIRECT (__open_alias, (const char *__path, int __oflag, ...),
open64) __nonnull ((1));
#endif
+
+#ifdef __va_arg_pack_len
__errordecl (__open_too_many_args,
"open can be called either with 2 or 3 arguments, not more");
__errordecl (__open_missing_mode,
@@ -58,12 +60,34 @@ open (const char *__path, int __oflag, ...)
return __open_alias (__path, __oflag, __va_arg_pack ());
}
+#elif __fortify_use_clang
+__fortify_function_error_function __attribute_overloadable__ int
+open (const char *__path, int __oflag, mode_t __mode, ...)
+ __fortify_clang_unavailable ("open can be called either with 2 or 3 arguments, not more");
+
+__fortify_function __attribute_overloadable__ int
+open (__fortify_clang_overload_arg (const char *, ,__path), int __oflag)
+ __fortify_clang_prefer_this_overload
+ __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag),
+ "open with O_CREAT or O_TMPFILE in second argument needs 3 arguments")
+{
+ return __open_2 (__path, __oflag);
+}
+
+__fortify_function __attribute_overloadable__ int
+open (__fortify_clang_overload_arg (const char *, ,__path), int __oflag,
+ mode_t __mode)
+{
+ return __open_alias (__path, __oflag);
+}
+#endif
#ifdef __USE_LARGEFILE64
extern int __open64_2 (const char *__path, int __oflag) __nonnull ((1));
extern int __REDIRECT (__open64_alias, (const char *__path, int __oflag,
...), open64) __nonnull ((1));
+# ifdef __va_arg_pack_len
__errordecl (__open64_too_many_args,
"open64 can be called either with 2 or 3 arguments, not more");
__errordecl (__open64_missing_mode,
@@ -90,6 +114,27 @@ open64 (const char *__path, int __oflag, ...)
return __open64_alias (__path, __oflag, __va_arg_pack ());
}
+# elif __fortify_use_clang
+__fortify_function_error_function __attribute_overloadable__ int
+open64 (const char *__path, int __oflag, mode_t __mode, ...)
+ __fortify_clang_unavailable ("open64 can be called either with 2 or 3 arguments, not more");
+
+__fortify_function __attribute_overloadable__ int
+open64 (__fortify_clang_overload_arg (const char *, ,__path), int __oflag)
+ __fortify_clang_prefer_this_overload
+ __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag),
+ "open64 with O_CREAT or O_TMPFILE in second argument needs 3 arguments")
+{
+ return __open64_2 (__path, __oflag);
+}
+
+__fortify_function __attribute_overloadable__ int
+open64 (__fortify_clang_overload_arg (const char *, ,__path), int __oflag,
+ mode_t __mode)
+{
+ return __open64_alias (__path, __oflag);
+}
+# endif
#endif
@@ -108,6 +153,8 @@ extern int __REDIRECT (__openat_alias, (int __fd, const char *__path,
int __oflag, ...), openat64)
__nonnull ((2));
# endif
+
+# ifdef __va_arg_pack_len
__errordecl (__openat_too_many_args,
"openat can be called either with 3 or 4 arguments, not more");
__errordecl (__openat_missing_mode,
@@ -134,6 +181,28 @@ openat (int __fd, const char *__path, int __oflag, ...)
return __openat_alias (__fd, __path, __oflag, __va_arg_pack ());
}
+# elif __fortify_use_clang
+__fortify_function_error_function __attribute_overloadable__ int
+openat (int __fd, const char *__path, int __oflag, mode_t __mode, ...)
+ __fortify_clang_unavailable ("openat can be called either with 3 or 4 arguments, not more");
+
+__fortify_function __attribute_overloadable__ int
+openat (int __fd, __fortify_clang_overload_arg (const char *, ,__path),
+ int __oflag)
+ __fortify_clang_prefer_this_overload
+ __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag),
+ "openat with O_CREAT or O_TMPFILE in third argument needs 4 arguments")
+{
+ return __openat_2 (__fd, __path, __oflag);
+}
+
+__fortify_function __attribute_overloadable__ int
+openat (int __fd, __fortify_clang_overload_arg (const char *, ,__path),
+ int __oflag, mode_t __mode)
+{
+ return __openat_alias (__fd, __path, __oflag);
+}
+# endif
# ifdef __USE_LARGEFILE64
@@ -147,6 +216,7 @@ __errordecl (__openat64_too_many_args,
__errordecl (__openat64_missing_mode,
"openat64 with O_CREAT or O_TMPFILE in third argument needs 4 arguments");
+# ifdef __va_arg_pack_len
__fortify_function int
openat64 (int __fd, const char *__path, int __oflag, ...)
{
@@ -168,5 +238,27 @@ openat64 (int __fd, const char *__path, int __oflag, ...)
return __openat64_alias (__fd, __path, __oflag, __va_arg_pack ());
}
+# elif __fortify_use_clang
+__fortify_function_error_function __attribute_overloadable__ int
+openat64 (int __fd, const char *__path, int __oflag, mode_t __mode, ...)
+ __fortify_clang_unavailable ("openat64 can be called either with 3 or 4 arguments, not more");
+
+__fortify_function __attribute_overloadable__ int
+openat64 (int __fd, __fortify_clang_overload_arg (const char *, ,__path),
+ int __oflag)
+ __fortify_clang_prefer_this_overload
+ __fortify_clang_error (__OPEN_NEEDS_MODE (__oflag),
+ "openat64 with O_CREAT or O_TMPFILE in third argument needs 4 arguments")
+{
+ return __openat64_2 (__fd, __path, __oflag);
+}
+
+__fortify_function __attribute_overloadable__ int
+openat64 (int __fd, __fortify_clang_overload_arg (const char *, ,__path),
+ int __oflag, mode_t __mode)
+{
+ return __openat64_alias (__fd, __path, __oflag);
+}
+# endif
# endif
#endif
diff --git a/io/fcntl.h b/io/fcntl.h
index dd620c086f..ac5e5cb72c 100644
--- a/io/fcntl.h
+++ b/io/fcntl.h
@@ -337,8 +337,7 @@ extern int posix_fallocate64 (int __fd, off64_t __offset, off64_t __len);
/* Define some inlines helping to catch common problems. */
-#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \
- && defined __va_arg_pack_len
+#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function
# include <bits/fcntl2.h>
#endif
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 659ffc96a7..a9022621e2 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -271,6 +271,8 @@
# define __fortify_clang_warning(__c, __msg) \
__attribute__ ((__diagnose_if__ ((__c), (__msg), "warning")))
+# define __fortify_clang_error(__c, __msg) \
+ __attribute__ ((__diagnose_if__ ((__c), (__msg), "error")))
# define __fortify_clang_warning_only_if_bos0_lt(n, buf, complaint) \
__attribute__ ((__diagnose_if__ \
(__fortify_clang_bosn_args (__bos0, n, buf, 1, complaint))))
@@ -284,6 +286,11 @@
__attribute__ ((__diagnose_if__ \
(__fortify_clang_bosn_args (__bos, n, buf, div, complaint))))
+# define __fortify_clang_prefer_this_overload \
+ __attribute__ ((enable_if (1, "")))
+# define __fortify_clang_unavailable(__msg) \
+ __attribute__ ((unavailable(__msg)))
+
# if __USE_FORTIFY_LEVEL == 3
# define __fortify_clang_overload_arg(__type, __attr, __name) \
__type __attr const __fortify_clang_pass_dynamic_object_size __name
--
2.34.1
next prev parent reply other threads:[~2023-12-21 19:00 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-21 18:59 [PATCH 00/15] Improve fortify support " Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 01/15] debug: Adapt fortify tests to libsupport Adhemerval Zanella
2023-12-21 19:54 ` Siddhesh Poyarekar
2023-12-21 18:59 ` [PATCH 02/15] debug: Increase tst-fortify checks for compiler without __va_arg_pack support Adhemerval Zanella
2023-12-21 20:02 ` Siddhesh Poyarekar
2023-12-21 21:43 ` Joseph Myers
2023-12-22 12:29 ` Adhemerval Zanella Netto
2023-12-21 18:59 ` [PATCH 03/15] debug: Add fortify dprintf tests Adhemerval Zanella
2023-12-21 20:03 ` Siddhesh Poyarekar
2023-12-21 18:59 ` [PATCH 04/15] debug: Add fortify syslog tests Adhemerval Zanella
2023-12-21 20:06 ` Siddhesh Poyarekar
2023-12-21 18:59 ` [PATCH 05/15] debug: Add fortify wprintf tests Adhemerval Zanella
2023-12-21 20:08 ` Siddhesh Poyarekar
2023-12-29 13:56 ` Adhemerval Zanella Netto
2023-12-21 18:59 ` [PATCH 06/15] cdefs.h: Add clang fortify directives Adhemerval Zanella
2023-12-21 21:33 ` Joseph Myers
2023-12-22 12:36 ` Adhemerval Zanella Netto
2023-12-21 18:59 ` [PATCH 07/15] libio: Improve fortify with clang Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 08/15] string: " Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 09/15] stdlib: " Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 10/15] unistd: " Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 11/15] socket: " Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 12/15] syslog: " Adhemerval Zanella
2023-12-21 18:59 ` [PATCH 13/15] wcsmbs: " Adhemerval Zanella
2023-12-21 18:59 ` Adhemerval Zanella [this message]
2023-12-21 18:59 ` [PATCH 15/15] debug: Improve mqueue.h fortify warnings " Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231221185929.1307116-15-adhemerval.zanella@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).