From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oo1-xc30.google.com (mail-oo1-xc30.google.com [IPv6:2607:f8b0:4864:20::c30]) by sourceware.org (Postfix) with ESMTPS id 85E0838582A4 for ; Thu, 8 Feb 2024 18:46:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 85E0838582A4 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 85E0838582A4 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::c30 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707418003; cv=none; b=tuTpkVDPvDj+S1cGiwByAzS6uHerNv/CR7NIf2j4nIXygxPP0wva+m+nGE+HvKnOEK3+HhsuZToQZuGCqAzuA2xqPENgs6os3IrxanKKR7vOXF3MpA5uJkx1lc0/gGVL48/iDoGj8jybQiNpzYFNchomF5xJX5g2Eu1coEN+lLw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707418003; c=relaxed/simple; bh=okIx+NTh+eMK8CCevULhjvm3YeC/n1evLjmrFQUkvnQ=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=QLKoW988yAuHPmlf/qIWEVCzWJHYfmRmnuvGlw60WHy+iEpYMvOnwgxRErg53DZiIF3ERudGq/CdB80vWbR/SWhdrFaZCNyFEGN6HWJYMYE9RjkAbKCaysIlJLbNEi8JX+8bTA9PPCPNYl4MlzvFmtqBFHKKTP8HS6whYDgf1+k= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oo1-xc30.google.com with SMTP id 006d021491bc7-5986d902ae6so74627eaf.3 for ; Thu, 08 Feb 2024 10:46:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707417999; x=1708022799; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GgzVWNbxuGa9i5GiEZrgxNuLo7vlKaoDPYjJ99vA8jQ=; b=xR3zcvtxRs/vIhbyREm7sjPqxwBsWCXPwFGecYpVQl11f0O/LM219HGixRXjySKOIA WZdffzaQ1QlnS5aevw77OIAWx7WDXJYeYTzKLm4ZkJ3VFZKNUrZd4A5EH4SH+kHQDhjz QNc0altC3JRvPTbz1CZQfm1uRqj9qRcuJbacDZV+3Erg0qLcjqAvv+PTbR7eIDmlRhAj zPGRVlgL8U8iQTWlm6vY/XtEYBLobXmHXp8HRK2/B7cgQRxb1cbF1+oKsR0qg+BpQtCb b+bnZauk4Rpd4Zh4upHvnXrGDI7Oa0AXJfims4OnKKECGPLwsXgQ38lisZ5SmjevJ3b3 si/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707417999; x=1708022799; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GgzVWNbxuGa9i5GiEZrgxNuLo7vlKaoDPYjJ99vA8jQ=; b=GzUBGpxIpTTkPqcZtlaQjqaxerI/nWoYJExr0AYQPF+ig2THgX4Bu/2NGFe57YuWAE QMp3/0vQ56Q3q/ejukcpin8b800AHshsAOZCbCtLCorYPNFs9TZVQAEotRhKrymyUHov alkVk36XLoudeDgTGf5eu/iKU66nq47VI/jaWwueIl652l7Q1yhf1Tf+ePvEjMFm017p EcLjmzNjsfiJ7lYD7mdmUqhf/5NalCo8xgLVgrnjUopkyN/PL0Zfq4RuaU9uoCc4dqss CLS7eKYZYPwJ4o5o3pUhBukntT6/xeYFSFRQs5EzBaI/Jq/8lDO50cOrcLRSCJtqBtlb A9TQ== X-Gm-Message-State: AOJu0YyXs6eiRWgYRf8HW2EOy6xfZpKJE4bRQi9wNSoVfSZQ8iNlZMLW SGhn7/IXzqP/mc8ghwVaAHkfEto5730aB/kfBZX8FbsLVu/hwSnAdw+C7iyzJpyzZ4/n5l5pYRx r X-Google-Smtp-Source: AGHT+IENwiupHrey2UaBTfBMAis6TRKlkKUEjvrFXS+YR8JnvAZSVmJQufX2e+e3fpwaJ4Gw3FKTRQ== X-Received: by 2002:a05:6358:2c96:b0:178:a1d9:4a9f with SMTP id l22-20020a0563582c9600b00178a1d94a9fmr6692096rwm.31.1707417999223; Thu, 08 Feb 2024 10:46:39 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:378:6793:1dc3:1346:d6d6]) by smtp.gmail.com with ESMTPSA id n26-20020a638f1a000000b005d7994a08dcsm156408pgd.36.2024.02.08.10.46.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 10:46:38 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Siddhesh Poyarekar Subject: [PATCH v3 06/10] socket: Improve fortify with clang Date: Thu, 8 Feb 2024 15:46:18 -0300 Message-Id: <20240208184622.332678-7-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240208184622.332678-1-adhemerval.zanella@linaro.org> References: <20240208184622.332678-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: It improve fortify checks recv, recvfrom, poll, and ppoll. The compile and runtime hecks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- io/bits/poll2.h | 29 +++++++++++++++++++++-------- socket/bits/socket2.h | 20 ++++++++++++++++---- 2 files changed, 37 insertions(+), 12 deletions(-) diff --git a/io/bits/poll2.h b/io/bits/poll2.h index 6152a8c5e4..24ec1056eb 100644 --- a/io/bits/poll2.h +++ b/io/bits/poll2.h @@ -33,8 +33,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __poll_chk) __warnattr ("poll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -poll (struct pollfd *__fds, nfds_t __nfds, int __timeout) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +poll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + int __timeout) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "poll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (poll, __nfds, sizeof (*__fds), __glibc_objsize (__fds), @@ -58,9 +63,13 @@ extern int __REDIRECT (__ppoll64_chk_warn, (struct pollfd *__fds, nfds_t __n, __ppoll64_chk) __warnattr ("ppoll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, - const __sigset_t *__ss) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + const struct timespec *__timeout, const __sigset_t *__ss) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "ppoll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (ppoll64, __nfds, sizeof (*__fds), __glibc_objsize (__fds), @@ -81,9 +90,13 @@ extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __ppoll_chk) __warnattr ("ppoll called with fds buffer too small file nfds entries"); -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, - const __sigset_t *__ss) +__fortify_function __fortified_attr_access (__write_only__, 1, 2) +__attribute_overloadable__ int +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, + const struct timespec *__timeout, const __sigset_t *__ss) + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), + "ppoll called with fds buffer " + "too small file nfds entries") { return __glibc_fortify (ppoll, __nfds, sizeof (*__fds), __glibc_objsize (__fds), diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h index a88cb64370..04780f320e 100644 --- a/socket/bits/socket2.h +++ b/socket/bits/socket2.h @@ -30,14 +30,20 @@ extern ssize_t __REDIRECT (__recv_chk_warn, __warnattr ("recv called with bigger length than size of destination " "buffer"); -__fortify_function ssize_t -recv (int __fd, void *__buf, size_t __n, int __flags) +__fortify_function __attribute_overloadable__ ssize_t +recv (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __n, + int __flags) + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, + "recv called with bigger length than " + "size of destination buffer") { size_t sz = __glibc_objsize0 (__buf); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __recv_alias (__fd, __buf, __n, __flags); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __recv_chk_warn (__fd, __buf, __n, sz, __flags); +#endif return __recv_chk (__fd, __buf, __n, sz, __flags); } @@ -57,15 +63,21 @@ extern ssize_t __REDIRECT (__recvfrom_chk_warn, __warnattr ("recvfrom called with bigger length than size of " "destination buffer"); -__fortify_function ssize_t -recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, +__fortify_function __attribute_overloadable__ ssize_t +recvfrom (int __fd, __fortify_clang_overload_arg0 (void *, __restrict, __buf), + size_t __n, int __flags, __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, + "recvfrom called with bigger length " + "than size of destination buffer") { size_t sz = __glibc_objsize0 (__buf); if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); +#if !__fortify_use_clang if (__glibc_unsafe_len (__n, sizeof (char), sz)) return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, __addr_len); +#endif return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); } -- 2.34.1