* Correct way of calling prctl(2) (was: Sashimi of prctl(2))
[not found] ` <ddbdyaiptesjalgfmztxideej67e3yaob7ucsmbf6qvriwxiif@dohhxrqgwhrf>
@ 2024-05-28 9:24 ` Alejandro Colomar
2024-05-28 9:42 ` Alejandro Colomar
2024-05-28 15:20 ` Correct way of calling prctl(2) (was: Sashimi of prctl(2)) Xi Ruoyao
0 siblings, 2 replies; 7+ messages in thread
From: Alejandro Colomar @ 2024-05-28 9:24 UTC (permalink / raw)
To: libc-alpha; +Cc: linux-man
[-- Attachment #1: Type: text/plain, Size: 2361 bytes --]
[Adding libc-alpha@ for some doubts]
Hi!
On Sun, May 26, 2024 at 01:27:43PM GMT, Alejandro Colomar wrote:
> On Sun, May 26, 2024 at 01:07:24PM GMT, Alejandro Colomar wrote:
> > I'm considering making sashimi of prctl(2), similar to what I did
> > recently to proc(5). Another precedent is in ioctl(2).
I'll call the pages with names such as PR_CAP_AMBIENT(2const) and
PR_CAP_AMBIENT_RAISE(2const).
While doing that, I changed the prototypes in the SYNOPSIS to things
like
int prctl(PR_CAP_AMBIENT, unsigned long op, ...);
and
int prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, unsigned long cap, 0, 0);
Which makes me wonder. glibc implements prctl(2) as a variadic
function, so those 0s are actually of type (and more importantly of
width) 'int'. This means a user passing 0 is leaving some parameters
uninitialized.
From what I can see, glibc does no magic to set unspecified parameters
to 0, so this means passing '0' results in Undefined Behavior.
I guess I should document these as 0L in the SYNOPSIS.
int prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, unsigned long cap, 0L, 0L);
All of the software I've seen out there using prctl(2) either pass 0 (as
the manual page had been suggesting), such as in shadow:
<https://github.com/shadow-maint/shadow/blob/71e28359d12491727b2e94c71d2e1e1682d45a02/lib/idmapping.c#L161>
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
or don't pass anything at all (coreutils does this):
<https://git.savannah.gnu.org/cgit/coreutils.git/tree/src/timeout.c#n449>
if (prctl (PR_SET_DUMPABLE, 0) == 0)
Am I missing something or are all of those calls buggy?
Some prctl(2) calls report EINVAL when the unused arguments are nonzero,
while others simply ignore it, so maybe I can document the ones ignoring
the unused arguments as shorter calls:
int prctl(PR_SET_DUMPABLE, unsigned long dumpable);
And document the ones that report errors as using 0L:
int prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, unsigned long cap, 0, 0);
(BTW, util-linux seems to have this one wrong:)
<https://sources.debian.org/src/util-linux/2.40.1-2/lib/caputils.c/?hl=123#L123>
&& prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0) < 0)
What do you think about this?
Have a lovely day!
Alex
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Correct way of calling prctl(2) (was: Sashimi of prctl(2))
2024-05-28 9:24 ` Correct way of calling prctl(2) (was: Sashimi of prctl(2)) Alejandro Colomar
@ 2024-05-28 9:42 ` Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2024-05-28 15:20 ` Correct way of calling prctl(2) (was: Sashimi of prctl(2)) Xi Ruoyao
1 sibling, 1 reply; 7+ messages in thread
From: Alejandro Colomar @ 2024-05-28 9:42 UTC (permalink / raw)
To: libc-alpha, linux-api; +Cc: linux-man
[-- Attachment #1: Type: text/plain, Size: 2889 bytes --]
[Adding linux-api@]
On Tue, May 28, 2024 at 11:24:13AM GMT, Alejandro Colomar wrote:
> [Adding libc-alpha@ for some doubts]
>
> Hi!
>
> On Sun, May 26, 2024 at 01:27:43PM GMT, Alejandro Colomar wrote:
> > On Sun, May 26, 2024 at 01:07:24PM GMT, Alejandro Colomar wrote:
> > > I'm considering making sashimi of prctl(2), similar to what I did
> > > recently to proc(5). Another precedent is in ioctl(2).
>
> I'll call the pages with names such as PR_CAP_AMBIENT(2const) and
> PR_CAP_AMBIENT_RAISE(2const).
>
> While doing that, I changed the prototypes in the SYNOPSIS to things
> like
>
> int prctl(PR_CAP_AMBIENT, unsigned long op, ...);
>
> and
>
> int prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, unsigned long cap, 0, 0);
>
> Which makes me wonder. glibc implements prctl(2) as a variadic
> function, so those 0s are actually of type (and more importantly of
> width) 'int'. This means a user passing 0 is leaving some parameters
> uninitialized.
>
> From what I can see, glibc does no magic to set unspecified parameters
> to 0, so this means passing '0' results in Undefined Behavior.
>
> I guess I should document these as 0L in the SYNOPSIS.
>
> int prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, unsigned long cap, 0L, 0L);
>
> All of the software I've seen out there using prctl(2) either pass 0 (as
> the manual page had been suggesting), such as in shadow:
> <https://github.com/shadow-maint/shadow/blob/71e28359d12491727b2e94c71d2e1e1682d45a02/lib/idmapping.c#L161>
>
> if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
>
> or don't pass anything at all (coreutils does this):
> <https://git.savannah.gnu.org/cgit/coreutils.git/tree/src/timeout.c#n449>
>
> if (prctl (PR_SET_DUMPABLE, 0) == 0)
>
> Am I missing something or are all of those calls buggy?
>
> Some prctl(2) calls report EINVAL when the unused arguments are nonzero,
> while others simply ignore it, so maybe I can document the ones ignoring
> the unused arguments as shorter calls:
>
> int prctl(PR_SET_DUMPABLE, unsigned long dumpable);
>
> And document the ones that report errors as using 0L:
>
> int prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, unsigned long cap, 0, 0);
>
> (BTW, util-linux seems to have this one wrong:)
>
> <https://sources.debian.org/src/util-linux/2.40.1-2/lib/caputils.c/?hl=123#L123>
>
> && prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0) < 0)
And another problem is the definition of PR_CAP_AMBIENT_RAISE (and
similar macros), which are defined as ints:
$ grepc PR_CAP_AMBIENT_RAISE /usr/include/
/usr/include/linux/prctl.h:# define PR_CAP_AMBIENT_RAISE 2
but they should be defined as unsigned longs. (This is a Linux UAPI
problem.)
>
> What do you think about this?
>
> Have a lovely day!
> Alex
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants
2024-05-28 9:42 ` Alejandro Colomar
@ 2024-05-28 11:48 ` Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 1/2] uapi/linux/prctl: Use the L integer suffix for enumerations of width long Alejandro Colomar
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Alejandro Colomar @ 2024-05-28 11:48 UTC (permalink / raw)
To: linux-api; +Cc: linux-man, libc-alpha, Alejandro Colomar
[-- Attachment #1: Type: text/plain, Size: 578 bytes --]
Alejandro Colomar (2):
uapi/linux/prctl: Use the L integer suffix for enumerations of width
long
uapi/linux/prctl: Use the UL integer suffix for bit fields of width
long
include/uapi/linux/prctl.h | 186 ++++++++++++++++++-------------------
1 file changed, 93 insertions(+), 93 deletions(-)
Range-diff against v0:
-: ------------ > 1: eb1cdf3e2f33 uapi/linux/prctl: Use the L integer suffix for enumerations of width long
-: ------------ > 2: 16f5bd565191 uapi/linux/prctl: Use the UL integer suffix for bit fields of width long
--
2.45.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v1 1/2] uapi/linux/prctl: Use the L integer suffix for enumerations of width long
2024-05-28 11:48 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
@ 2024-05-28 11:48 ` Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 2/2] uapi/linux/prctl: Use the UL integer suffix for bit fields " Alejandro Colomar
2024-06-12 12:02 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2 siblings, 0 replies; 7+ messages in thread
From: Alejandro Colomar @ 2024-05-28 11:48 UTC (permalink / raw)
To: linux-api; +Cc: linux-man, libc-alpha, Alejandro Colomar
[-- Attachment #1: Type: text/plain, Size: 10750 bytes --]
The prctl(2) wrapper provided by glibc uses a variadic argument list.
This means that the arguments *must* have the right type (and more
importantly, the right width). To avoid the user having to cast these
constants, provide them with the appropriate width, that of a long.
Having the width of a long is sufficient, and we don't need UL. Let's
reserve that suffix for bit fields, which need to be unsigned to avoid
easily triggering undefined (or implementation-defined) behavior.
Link: <https://inbox.sourceware.org/libc-alpha/x6r3yc6l34g4k5g3tm6ywecdqux54xlpid7bp2fa7hvm43luc7@6fjgaxgm5uyj/T/>
Cc: <linux-api@vger.kernel.org>
Cc: <linux-man@vger.kernel.org>
Cc: <libc-alpha@sourceware.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
include/uapi/linux/prctl.h | 126 ++++++++++++++++++-------------------
1 file changed, 63 insertions(+), 63 deletions(-)
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 35791791a879..60e14adb8d20 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -16,8 +16,8 @@
/* Get/set unaligned access control bits (if meaningful) */
#define PR_GET_UNALIGN 5
#define PR_SET_UNALIGN 6
-# define PR_UNALIGN_NOPRINT 1 /* silently fix up unaligned user accesses */
-# define PR_UNALIGN_SIGBUS 2 /* generate SIGBUS on unaligned user access */
+# define PR_UNALIGN_NOPRINT 1L /* silently fix up unaligned user accesses */
+# define PR_UNALIGN_SIGBUS 2L /* generate SIGBUS on unaligned user access */
/* Get/set whether or not to drop capabilities on setuid() away from
* uid 0 (as per security/commoncap.c) */
@@ -27,8 +27,8 @@
/* Get/set floating-point emulation control bits (if meaningful) */
#define PR_GET_FPEMU 9
#define PR_SET_FPEMU 10
-# define PR_FPEMU_NOPRINT 1 /* silently emulate fp operations accesses */
-# define PR_FPEMU_SIGFPE 2 /* don't emulate fp operations, send SIGFPE instead */
+# define PR_FPEMU_NOPRINT 1L /* silently emulate fp operations accesses */
+# define PR_FPEMU_SIGFPE 2L /* don't emulate fp operations, send SIGFPE instead */
/* Get/set floating-point exception mode (if meaningful) */
#define PR_GET_FPEXC 11
@@ -39,18 +39,18 @@
# define PR_FP_EXC_UND 0x040000 /* floating point underflow */
# define PR_FP_EXC_RES 0x080000 /* floating point inexact result */
# define PR_FP_EXC_INV 0x100000 /* floating point invalid operation */
-# define PR_FP_EXC_DISABLED 0 /* FP exceptions disabled */
-# define PR_FP_EXC_NONRECOV 1 /* async non-recoverable exc. mode */
-# define PR_FP_EXC_ASYNC 2 /* async recoverable exception mode */
-# define PR_FP_EXC_PRECISE 3 /* precise exception mode */
+# define PR_FP_EXC_DISABLED 0L /* FP exceptions disabled */
+# define PR_FP_EXC_NONRECOV 1L /* async non-recoverable exc. mode */
+# define PR_FP_EXC_ASYNC 2L /* async recoverable exception mode */
+# define PR_FP_EXC_PRECISE 3L /* precise exception mode */
/* Get/set whether we use statistical process timing or accurate timestamp
* based process timing */
#define PR_GET_TIMING 13
#define PR_SET_TIMING 14
-# define PR_TIMING_STATISTICAL 0 /* Normal, traditional,
+# define PR_TIMING_STATISTICAL 0L /* Normal, traditional,
statistical process timing */
-# define PR_TIMING_TIMESTAMP 1 /* Accurate timestamp based
+# define PR_TIMING_TIMESTAMP 1L /* Accurate timestamp based
process timing */
#define PR_SET_NAME 15 /* Set process name */
@@ -59,9 +59,9 @@
/* Get/set process endian */
#define PR_GET_ENDIAN 19
#define PR_SET_ENDIAN 20
-# define PR_ENDIAN_BIG 0
-# define PR_ENDIAN_LITTLE 1 /* True little endian mode */
-# define PR_ENDIAN_PPC_LITTLE 2 /* "PowerPC" pseudo little endian */
+# define PR_ENDIAN_BIG 0L
+# define PR_ENDIAN_LITTLE 1L /* True little endian mode */
+# define PR_ENDIAN_PPC_LITTLE 2L /* "PowerPC" pseudo little endian */
/* Get/set process seccomp mode */
#define PR_GET_SECCOMP 21
@@ -74,8 +74,8 @@
/* Get/set the process' ability to use the timestamp counter instruction */
#define PR_GET_TSC 25
#define PR_SET_TSC 26
-# define PR_TSC_ENABLE 1 /* allow the use of the timestamp counter */
-# define PR_TSC_SIGSEGV 2 /* throw a SIGSEGV instead of reading the TSC */
+# define PR_TSC_ENABLE 1L /* allow the use of the timestamp counter */
+# define PR_TSC_SIGSEGV 2L /* throw a SIGSEGV instead of reading the TSC */
/* Get/set securebits (as per security/commoncap.c) */
#define PR_GET_SECUREBITS 27
@@ -96,12 +96,12 @@
* This influences when the process gets killed on a memory corruption.
*/
#define PR_MCE_KILL 33
-# define PR_MCE_KILL_CLEAR 0
-# define PR_MCE_KILL_SET 1
+# define PR_MCE_KILL_CLEAR 0L
+# define PR_MCE_KILL_SET 1L
-# define PR_MCE_KILL_LATE 0
-# define PR_MCE_KILL_EARLY 1
-# define PR_MCE_KILL_DEFAULT 2
+# define PR_MCE_KILL_LATE 0L
+# define PR_MCE_KILL_EARLY 1L
+# define PR_MCE_KILL_DEFAULT 2L
#define PR_MCE_KILL_GET 34
@@ -109,21 +109,21 @@
* Tune up process memory map specifics.
*/
#define PR_SET_MM 35
-# define PR_SET_MM_START_CODE 1
-# define PR_SET_MM_END_CODE 2
-# define PR_SET_MM_START_DATA 3
-# define PR_SET_MM_END_DATA 4
-# define PR_SET_MM_START_STACK 5
-# define PR_SET_MM_START_BRK 6
-# define PR_SET_MM_BRK 7
-# define PR_SET_MM_ARG_START 8
-# define PR_SET_MM_ARG_END 9
-# define PR_SET_MM_ENV_START 10
-# define PR_SET_MM_ENV_END 11
-# define PR_SET_MM_AUXV 12
-# define PR_SET_MM_EXE_FILE 13
-# define PR_SET_MM_MAP 14
-# define PR_SET_MM_MAP_SIZE 15
+# define PR_SET_MM_START_CODE 1L
+# define PR_SET_MM_END_CODE 2L
+# define PR_SET_MM_START_DATA 3L
+# define PR_SET_MM_END_DATA 4L
+# define PR_SET_MM_START_STACK 5L
+# define PR_SET_MM_START_BRK 6L
+# define PR_SET_MM_BRK 7L
+# define PR_SET_MM_ARG_START 8L
+# define PR_SET_MM_ARG_END 9L
+# define PR_SET_MM_ENV_START 10L
+# define PR_SET_MM_ENV_END 11L
+# define PR_SET_MM_AUXV 12L
+# define PR_SET_MM_EXE_FILE 13L
+# define PR_SET_MM_MAP 14L
+# define PR_SET_MM_MAP_SIZE 15L
/*
* This structure provides new memory descriptor
@@ -193,10 +193,10 @@ struct prctl_mm_map {
/* Control the ambient capability set */
#define PR_CAP_AMBIENT 47
-# define PR_CAP_AMBIENT_IS_SET 1
-# define PR_CAP_AMBIENT_RAISE 2
-# define PR_CAP_AMBIENT_LOWER 3
-# define PR_CAP_AMBIENT_CLEAR_ALL 4
+# define PR_CAP_AMBIENT_IS_SET 1L
+# define PR_CAP_AMBIENT_RAISE 2L
+# define PR_CAP_AMBIENT_LOWER 3L
+# define PR_CAP_AMBIENT_CLEAR_ALL 4L
/* arm64 Scalable Vector Extension controls */
/* Flag values must be kept in sync with ptrace NT_ARM_SVE interface */
@@ -211,9 +211,9 @@ struct prctl_mm_map {
#define PR_GET_SPECULATION_CTRL 52
#define PR_SET_SPECULATION_CTRL 53
/* Speculation control variants */
-# define PR_SPEC_STORE_BYPASS 0
-# define PR_SPEC_INDIRECT_BRANCH 1
-# define PR_SPEC_L1D_FLUSH 2
+# define PR_SPEC_STORE_BYPASS 0L
+# define PR_SPEC_INDIRECT_BRANCH 1L
+# define PR_SPEC_L1D_FLUSH 2L
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
# define PR_SPEC_NOT_AFFECTED 0
# define PR_SPEC_PRCTL (1UL << 0)
@@ -251,11 +251,11 @@ struct prctl_mm_map {
/* Dispatch syscalls to a userspace handler */
#define PR_SET_SYSCALL_USER_DISPATCH 59
-# define PR_SYS_DISPATCH_OFF 0
-# define PR_SYS_DISPATCH_ON 1
+# define PR_SYS_DISPATCH_OFF 0L
+# define PR_SYS_DISPATCH_ON 1L
/* The control values for the user space selector when dispatch is enabled */
-# define SYSCALL_DISPATCH_FILTER_ALLOW 0
-# define SYSCALL_DISPATCH_FILTER_BLOCK 1
+# define SYSCALL_DISPATCH_FILTER_ALLOW 0L
+# define SYSCALL_DISPATCH_FILTER_BLOCK 1L
/* Set/get enabled arm64 pointer authentication keys */
#define PR_PAC_SET_ENABLED_KEYS 60
@@ -263,14 +263,14 @@ struct prctl_mm_map {
/* Request the scheduler to share a core */
#define PR_SCHED_CORE 62
-# define PR_SCHED_CORE_GET 0
-# define PR_SCHED_CORE_CREATE 1 /* create unique core_sched cookie */
-# define PR_SCHED_CORE_SHARE_TO 2 /* push core_sched cookie to pid */
-# define PR_SCHED_CORE_SHARE_FROM 3 /* pull core_sched cookie to pid */
-# define PR_SCHED_CORE_MAX 4
-# define PR_SCHED_CORE_SCOPE_THREAD 0
-# define PR_SCHED_CORE_SCOPE_THREAD_GROUP 1
-# define PR_SCHED_CORE_SCOPE_PROCESS_GROUP 2
+# define PR_SCHED_CORE_GET 0L
+# define PR_SCHED_CORE_CREATE 1L /* create unique core_sched cookie */
+# define PR_SCHED_CORE_SHARE_TO 2L /* push core_sched cookie to pid */
+# define PR_SCHED_CORE_SHARE_FROM 3L /* pull core_sched cookie to pid */
+# define PR_SCHED_CORE_MAX 4L
+# define PR_SCHED_CORE_SCOPE_THREAD 0L
+# define PR_SCHED_CORE_SCOPE_THREAD_GROUP 1L
+# define PR_SCHED_CORE_SCOPE_PROCESS_GROUP 2L
/* arm64 Scalable Matrix Extension controls */
/* Flag values must be in sync with SVE versions */
@@ -289,7 +289,7 @@ struct prctl_mm_map {
#define PR_GET_MDWE 66
#define PR_SET_VMA 0x53564d41
-# define PR_SET_VMA_ANON_NAME 0
+# define PR_SET_VMA_ANON_NAME 0L
#define PR_GET_AUXV 0x41555856
@@ -307,19 +307,19 @@ struct prctl_mm_map {
# define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f
#define PR_RISCV_SET_ICACHE_FLUSH_CTX 71
-# define PR_RISCV_CTX_SW_FENCEI_ON 0
-# define PR_RISCV_CTX_SW_FENCEI_OFF 1
-# define PR_RISCV_SCOPE_PER_PROCESS 0
-# define PR_RISCV_SCOPE_PER_THREAD 1
+# define PR_RISCV_CTX_SW_FENCEI_ON 0L
+# define PR_RISCV_CTX_SW_FENCEI_OFF 1L
+# define PR_RISCV_SCOPE_PER_PROCESS 0L
+# define PR_RISCV_SCOPE_PER_THREAD 1L
/* PowerPC Dynamic Execution Control Register (DEXCR) controls */
#define PR_PPC_GET_DEXCR 72
#define PR_PPC_SET_DEXCR 73
/* DEXCR aspect to act on */
-# define PR_PPC_DEXCR_SBHE 0 /* Speculative branch hint enable */
-# define PR_PPC_DEXCR_IBRTPD 1 /* Indirect branch recurrent target prediction disable */
-# define PR_PPC_DEXCR_SRAPD 2 /* Subroutine return address prediction disable */
-# define PR_PPC_DEXCR_NPHIE 3 /* Non-privileged hash instruction enable */
+# define PR_PPC_DEXCR_SBHE 0L /* Speculative branch hint enable */
+# define PR_PPC_DEXCR_IBRTPD 1L /* Indirect branch recurrent target prediction disable */
+# define PR_PPC_DEXCR_SRAPD 2L /* Subroutine return address prediction disable */
+# define PR_PPC_DEXCR_NPHIE 3L /* Non-privileged hash instruction enable */
/* Action to apply / return */
# define PR_PPC_DEXCR_CTRL_EDITABLE 0x1 /* Aspect can be modified with PR_PPC_SET_DEXCR */
# define PR_PPC_DEXCR_CTRL_SET 0x2 /* Set the aspect for this process */
--
2.45.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v1 2/2] uapi/linux/prctl: Use the UL integer suffix for bit fields of width long
2024-05-28 11:48 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 1/2] uapi/linux/prctl: Use the L integer suffix for enumerations of width long Alejandro Colomar
@ 2024-05-28 11:48 ` Alejandro Colomar
2024-06-12 12:02 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2 siblings, 0 replies; 7+ messages in thread
From: Alejandro Colomar @ 2024-05-28 11:48 UTC (permalink / raw)
To: linux-api; +Cc: linux-man, libc-alpha, Alejandro Colomar
[-- Attachment #1: Type: text/plain, Size: 7043 bytes --]
The prctl(2) wrapper provided by glibc uses a variadic argument list.
This means that the arguments *must* have the right type (and more
importantly, the right width). To avoid the user having to cast these
constants, provide them with the appropriate width, that of a long.
These are bit fields, and bitwise operations are dangerous on signed
integers, so let's make sure they are unsigned.
Link: <https://inbox.sourceware.org/libc-alpha/x6r3yc6l34g4k5g3tm6ywecdqux54xlpid7bp2fa7hvm43luc7@6fjgaxgm5uyj/T/>
Cc: <linux-api@vger.kernel.org>
Cc: <linux-man@vger.kernel.org>
Cc: <libc-alpha@sourceware.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
include/uapi/linux/prctl.h | 60 +++++++++++++++++++-------------------
1 file changed, 30 insertions(+), 30 deletions(-)
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 60e14adb8d20..c016c316f3c5 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -33,12 +33,12 @@
/* Get/set floating-point exception mode (if meaningful) */
#define PR_GET_FPEXC 11
#define PR_SET_FPEXC 12
-# define PR_FP_EXC_SW_ENABLE 0x80 /* Use FPEXC for FP exception enables */
-# define PR_FP_EXC_DIV 0x010000 /* floating point divide by zero */
-# define PR_FP_EXC_OVF 0x020000 /* floating point overflow */
-# define PR_FP_EXC_UND 0x040000 /* floating point underflow */
-# define PR_FP_EXC_RES 0x080000 /* floating point inexact result */
-# define PR_FP_EXC_INV 0x100000 /* floating point invalid operation */
+# define PR_FP_EXC_SW_ENABLE 0x80UL /* Use FPEXC for FP exception enables */
+# define PR_FP_EXC_DIV 0x010000UL /* floating point divide by zero */
+# define PR_FP_EXC_OVF 0x020000UL /* floating point overflow */
+# define PR_FP_EXC_UND 0x040000UL /* floating point underflow */
+# define PR_FP_EXC_RES 0x080000UL /* floating point inexact result */
+# define PR_FP_EXC_INV 0x100000UL /* floating point invalid operation */
# define PR_FP_EXC_DISABLED 0L /* FP exceptions disabled */
# define PR_FP_EXC_NONRECOV 1L /* async non-recoverable exc. mode */
# define PR_FP_EXC_ASYNC 2L /* async recoverable exception mode */
@@ -188,8 +188,8 @@ struct prctl_mm_map {
#define PR_SET_FP_MODE 45
#define PR_GET_FP_MODE 46
-# define PR_FP_MODE_FR (1 << 0) /* 64b FP registers */
-# define PR_FP_MODE_FRE (1 << 1) /* 32b compatibility */
+# define PR_FP_MODE_FR (1UL << 0) /* 64b FP registers */
+# define PR_FP_MODE_FRE (1UL << 1) /* 32b compatibility */
/* Control the ambient capability set */
#define PR_CAP_AMBIENT 47
@@ -201,11 +201,11 @@ struct prctl_mm_map {
/* arm64 Scalable Vector Extension controls */
/* Flag values must be kept in sync with ptrace NT_ARM_SVE interface */
#define PR_SVE_SET_VL 50 /* set task vector length */
-# define PR_SVE_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+# define PR_SVE_SET_VL_ONEXEC (1UL << 18) /* defer effect until exec */
#define PR_SVE_GET_VL 51 /* get task vector length */
/* Bits common to PR_SVE_SET_VL and PR_SVE_GET_VL */
-# define PR_SVE_VL_LEN_MASK 0xffff
-# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
+# define PR_SVE_VL_LEN_MASK 0xffffUL
+# define PR_SVE_VL_INHERIT (1UL << 17) /* inherit across exec */
/* Per task speculation control */
#define PR_GET_SPECULATION_CTRL 52
@@ -215,7 +215,7 @@ struct prctl_mm_map {
# define PR_SPEC_INDIRECT_BRANCH 1L
# define PR_SPEC_L1D_FLUSH 2L
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-# define PR_SPEC_NOT_AFFECTED 0
+# define PR_SPEC_NOT_AFFECTED 0UL
# define PR_SPEC_PRCTL (1UL << 0)
# define PR_SPEC_ENABLE (1UL << 1)
# define PR_SPEC_DISABLE (1UL << 2)
@@ -240,10 +240,10 @@ struct prctl_mm_map {
# define PR_MTE_TCF_ASYNC (1UL << 2)
# define PR_MTE_TCF_MASK (PR_MTE_TCF_SYNC | PR_MTE_TCF_ASYNC)
/* MTE tag inclusion mask */
-# define PR_MTE_TAG_SHIFT 3
+# define PR_MTE_TAG_SHIFT 3UL
# define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT)
/* Unused; kept only for source compatibility */
-# define PR_MTE_TCF_SHIFT 1
+# define PR_MTE_TCF_SHIFT 1UL
/* Control reclaim behavior when allocating memory */
#define PR_SET_IO_FLUSHER 57
@@ -275,11 +275,11 @@ struct prctl_mm_map {
/* arm64 Scalable Matrix Extension controls */
/* Flag values must be in sync with SVE versions */
#define PR_SME_SET_VL 63 /* set task vector length */
-# define PR_SME_SET_VL_ONEXEC (1 << 18) /* defer effect until exec */
+# define PR_SME_SET_VL_ONEXEC (1UL << 18) /* defer effect until exec */
#define PR_SME_GET_VL 64 /* get task vector length */
/* Bits common to PR_SME_SET_VL and PR_SME_GET_VL */
-# define PR_SME_VL_LEN_MASK 0xffff
-# define PR_SME_VL_INHERIT (1 << 17) /* inherit across exec */
+# define PR_SME_VL_LEN_MASK 0xffffUL
+# define PR_SME_VL_INHERIT (1UL << 17) /* inherit across exec */
/* Memory deny write / execute */
#define PR_SET_MDWE 65
@@ -298,13 +298,13 @@ struct prctl_mm_map {
#define PR_RISCV_V_SET_CONTROL 69
#define PR_RISCV_V_GET_CONTROL 70
-# define PR_RISCV_V_VSTATE_CTRL_DEFAULT 0
-# define PR_RISCV_V_VSTATE_CTRL_OFF 1
-# define PR_RISCV_V_VSTATE_CTRL_ON 2
-# define PR_RISCV_V_VSTATE_CTRL_INHERIT (1 << 4)
-# define PR_RISCV_V_VSTATE_CTRL_CUR_MASK 0x3
-# define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc
-# define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f
+# define PR_RISCV_V_VSTATE_CTRL_DEFAULT 0UL
+# define PR_RISCV_V_VSTATE_CTRL_OFF 1UL
+# define PR_RISCV_V_VSTATE_CTRL_ON 2UL
+# define PR_RISCV_V_VSTATE_CTRL_INHERIT (1UL << 4)
+# define PR_RISCV_V_VSTATE_CTRL_CUR_MASK 0x3UL
+# define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xcUL
+# define PR_RISCV_V_VSTATE_CTRL_MASK 0x1fUL
#define PR_RISCV_SET_ICACHE_FLUSH_CTX 71
# define PR_RISCV_CTX_SW_FENCEI_ON 0L
@@ -321,11 +321,11 @@ struct prctl_mm_map {
# define PR_PPC_DEXCR_SRAPD 2L /* Subroutine return address prediction disable */
# define PR_PPC_DEXCR_NPHIE 3L /* Non-privileged hash instruction enable */
/* Action to apply / return */
-# define PR_PPC_DEXCR_CTRL_EDITABLE 0x1 /* Aspect can be modified with PR_PPC_SET_DEXCR */
-# define PR_PPC_DEXCR_CTRL_SET 0x2 /* Set the aspect for this process */
-# define PR_PPC_DEXCR_CTRL_CLEAR 0x4 /* Clear the aspect for this process */
-# define PR_PPC_DEXCR_CTRL_SET_ONEXEC 0x8 /* Set the aspect on exec */
-# define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */
-# define PR_PPC_DEXCR_CTRL_MASK 0x1f
+# define PR_PPC_DEXCR_CTRL_EDITABLE 0x1UL /* Aspect can be modified with PR_PPC_SET_DEXCR */
+# define PR_PPC_DEXCR_CTRL_SET 0x2UL /* Set the aspect for this process */
+# define PR_PPC_DEXCR_CTRL_CLEAR 0x4UL /* Clear the aspect for this process */
+# define PR_PPC_DEXCR_CTRL_SET_ONEXEC 0x8UL /* Set the aspect on exec */
+# define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10UL /* Clear the aspect on exec */
+# define PR_PPC_DEXCR_CTRL_MASK 0x1fUL
#endif /* _LINUX_PRCTL_H */
--
2.45.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Correct way of calling prctl(2) (was: Sashimi of prctl(2))
2024-05-28 9:24 ` Correct way of calling prctl(2) (was: Sashimi of prctl(2)) Alejandro Colomar
2024-05-28 9:42 ` Alejandro Colomar
@ 2024-05-28 15:20 ` Xi Ruoyao
1 sibling, 0 replies; 7+ messages in thread
From: Xi Ruoyao @ 2024-05-28 15:20 UTC (permalink / raw)
To: Alejandro Colomar, libc-alpha; +Cc: linux-man
On Tue, 2024-05-28 at 11:24 +0200, Alejandro Colomar wrote:
> From what I can see, glibc does no magic to set unspecified parameters
> to 0, so this means passing '0' results in Undefined Behavior.
On most targets where Glibc implements prctl in assembly (not C), the C
standard does not apply at all so there's no Undefined Behavior.
There's just "expected" and "unexpected" behaviors.
So on 32-bit targets (both long and int are 32-bit) there's no problem.
On targets like riscv64 and loongarch64 the ABI mandates a sign-
extension on parameters narrower than a GPR, so there's no problem as
well.
x86_64 does not have such a guarantee (as said
in https://gcc.gnu.org/PR46942) so yes passing '0' may leave the high 32
bits of the parameter uninitialized and cause problems (at least in
theory).
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants
2024-05-28 11:48 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 1/2] uapi/linux/prctl: Use the L integer suffix for enumerations of width long Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 2/2] uapi/linux/prctl: Use the UL integer suffix for bit fields " Alejandro Colomar
@ 2024-06-12 12:02 ` Alejandro Colomar
2 siblings, 0 replies; 7+ messages in thread
From: Alejandro Colomar @ 2024-06-12 12:02 UTC (permalink / raw)
To: linux-api, Andrew Morton, Palmer Dabbelt; +Cc: linux-man, libc-alpha
[-- Attachment #1: Type: text/plain, Size: 809 bytes --]
[TO += Andrew, Palmer]
Hi Andrew, Palmer,
On Tue, May 28, 2024 at 01:48:05PM GMT, Alejandro Colomar wrote:
>
> Alejandro Colomar (2):
> uapi/linux/prctl: Use the L integer suffix for enumerations of width
> long
> uapi/linux/prctl: Use the UL integer suffix for bit fields of width
> long
Ping.
Have a lovely day!
Alex
> include/uapi/linux/prctl.h | 186 ++++++++++++++++++-------------------
> 1 file changed, 93 insertions(+), 93 deletions(-)
>
> Range-diff against v0:
> -: ------------ > 1: eb1cdf3e2f33 uapi/linux/prctl: Use the L integer suffix for enumerations of width long
> -: ------------ > 2: 16f5bd565191 uapi/linux/prctl: Use the UL integer suffix for bit fields of width long
> --
> 2.45.1
>
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-06-12 12:02 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <eofw4itya3kwaznneoizgt3dspfa4h7ttrw6ehshfrksj3wmst@xwjxpi3iro6d>
[not found] ` <ddbdyaiptesjalgfmztxideej67e3yaob7ucsmbf6qvriwxiif@dohhxrqgwhrf>
2024-05-28 9:24 ` Correct way of calling prctl(2) (was: Sashimi of prctl(2)) Alejandro Colomar
2024-05-28 9:42 ` Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 1/2] uapi/linux/prctl: Use the L integer suffix for enumerations of width long Alejandro Colomar
2024-05-28 11:48 ` [PATCH v1 2/2] uapi/linux/prctl: Use the UL integer suffix for bit fields " Alejandro Colomar
2024-06-12 12:02 ` [PATCH v1 0/2] uapi/linux/prctl: Use the L and UL integer suffixes for certain constants Alejandro Colomar
2024-05-28 15:20 ` Correct way of calling prctl(2) (was: Sashimi of prctl(2)) Xi Ruoyao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).