From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
libc-alpha@sourceware.org
Subject: Re: [PATCH 1/3] Don't add access size hints to fortifiable functions
Date: Tue, 19 Oct 2021 23:49:28 +0530 [thread overview]
Message-ID: <28128e10-19e1-99f7-4e51-ec19db9bb496@sourceware.org> (raw)
In-Reply-To: <fe60d430-7d0c-753c-e8e6-911dcadcdee2@linaro.org>
On 10/19/21 23:24, Adhemerval Zanella wrote:
>
>
> On 12/10/2021 13:16, Siddhesh Poyarekar via Libc-alpha wrote:
>> In the context of a function definition, the size hints imply that the
>> size of an object pointed to by one parameter is another parameter.
>> This doesn't make sense for the fortified versions of the functions
>> since that's the bit it's trying to validate.
>>
>> This is harmless with __builtin_object_size since it has fairly simple
>> semantics when it comes to objects passed as function parameters.
>> With __builtin_dynamic_object_size we could (as my patchset for gcc[1]
>> already does) use the access attribute to determine the object size in
>> the general case but it misleads the fortified functions.
>>
>> Disable the access attribute for fortified function inline functions
>> when building at _FORTIFY_SOURCE=3 to make this work better. The
>
> By 'work better' do you mean better code generation or better diagnostics
> from gcc?
Basically the problem occurs when access attributes are present on
regular functions that have inline fortified definitions to generate
_chk variants; the attributes get inherited by these definitions,
causing problems when analyzing them. For example with poll(fds, nfds,
timeout), nfds is hinted using the __attr_access as being the size of fds.
Now, when analyzing the inline function definition in bits/poll2.h, the
compiler sees that nfds is the size of fds and tries to use that
information in the function body. In _FORTIFY_SOURCE=3 case, where the
object size could be a non-constant expression, this information results
in the conclusion that nfds is the size of fds, which defeats the
purpose of the implementation because we're trying to check here if nfds
does indeed represent the size of fds. Hence for this case, it is best
to not have the access attribute.
With the attributes gone, the expression evaluation should get delayed
until the function is actually inlined into its destinations.
>> access attributes remain for the _chk variants since they can be used
>> by the compiler to warn when the caller is passing invalid arguments.
>>
>> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
>
> The change looks ok, but what about other function that use
> __attr_access ((__write_only__, ...). Should they be adapated as well?
Only functions that have a fortified implementation need to be changed,
which is basically all of the functions below.
> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
>
Thanks,
Siddhesh
next prev parent reply other threads:[~2021-10-19 18:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-12 16:16 [PATCH 0/3] _FORTIFY_SOURCE=3 improvements Siddhesh Poyarekar
2021-10-12 16:16 ` [PATCH 1/3] Don't add access size hints to fortifiable functions Siddhesh Poyarekar
2021-10-19 17:54 ` Adhemerval Zanella
2021-10-19 18:19 ` Siddhesh Poyarekar [this message]
2021-10-19 18:24 ` Adhemerval Zanella
2021-10-19 18:37 ` Siddhesh Poyarekar
2021-10-12 16:16 ` [PATCH 2/3] Make sure that the fortified function conditionals are constant Siddhesh Poyarekar
2021-10-19 19:34 ` Adhemerval Zanella
2021-10-20 3:16 ` Siddhesh Poyarekar
2021-10-12 16:16 ` [PATCH 3/3] debug: Add tests for _FORTIFY_SOURCE=3 Siddhesh Poyarekar
2021-10-18 13:14 ` [PING][PATCH 0/3] _FORTIFY_SOURCE=3 improvements Siddhesh Poyarekar
2021-10-20 5:24 ` [PATCH v2 0/2] " Siddhesh Poyarekar
2021-10-20 5:24 ` [PATCH v2 1/2] Make sure that the fortified function conditionals are constant Siddhesh Poyarekar
2021-10-20 12:00 ` Adhemerval Zanella
2021-10-20 5:24 ` [PATCH v2 2/2] debug: Add tests for _FORTIFY_SOURCE=3 Siddhesh Poyarekar
2021-10-20 12:06 ` Adhemerval Zanella
2021-10-20 14:28 ` [PATCH v2 0/2] _FORTIFY_SOURCE=3 improvements Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28128e10-19e1-99f7-4e51-ec19db9bb496@sourceware.org \
--to=siddhesh@sourceware.org \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).