From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dog.elm.relay.mailchannels.net (dog.elm.relay.mailchannels.net [23.83.212.48]) by sourceware.org (Postfix) with ESMTPS id 3087C3858D35 for ; Fri, 27 Oct 2023 10:25:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3087C3858D35 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3087C3858D35 Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=23.83.212.48 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1698402344; cv=pass; b=DPFQqkJW8+Lg8BVlOfNAGQKiY5G1IVUR14xMmsOAlkg3ubmQf/bBK6fPDF67pa/3sfe6jQwTyYC2qsPYx4/CZlp5qVqgcoEg++m3qXkeTKGohH+ie0GYLsvEkIAqoFTCEwx/Z4C30834DspDNpmnDyCS7nTB3masQCXqjSa4iAQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1698402344; c=relaxed/simple; bh=AwbPRYMMs2LGC5iQIk+uDstWfy6A5c2hRWlPAfOVjAU=; h=Message-ID:Date:MIME-Version:Subject:To:From; b=elHieyYUWHWnVYMAPYZRk/+4c+NHNYHA80fLRggLJaKCCBR8cV+q1XMJMKBeS31A485flqOEn9Pik5jrB0czBL6Gt1pd4yrS4Pty3B1BM1hCWAkUksyNcjJERJhgSxyJQnfYXg+REXG7OHqvmCFdt35TAgHB+QPJcwL9pggQMLk= ARC-Authentication-Results: i=2; server2.sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id E8D6D101E32; Fri, 27 Oct 2023 10:25:39 +0000 (UTC) Received: from pdx1-sub0-mail-a202.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 7F3ED102007; Fri, 27 Oct 2023 10:25:39 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1698402339; a=rsa-sha256; cv=none; b=MadYtEryz2nbsw+H02o4+jRYeh08Vi8TIkjLg3gJkv/IvJFDNSW2JhjvL8ibbJ72YiFZka RU2vwP5J0ePtarC0QmVbq0R2jfhNuZ8yFlR4YMrUaqJ9UXJB7+E8SoDNEe4u1DG3gQjwxm 2ygS43IfELW2vkLieD9mhycBquAICW7UANukd97ocwB0Pz+/8FBGFozc18GgfCZiYQBfHD 1chFiRbQPcZr2E4+b7m3zvX23K6CC1ujfQu4V/P4xuMiCBttPYPGfSg34urrehvy/QEBKe bUkWWcBVyFyoFKLmtbjzlMPYnIMPqDGI751jFZgR2VgZew+nTV4ABOWPBTIwuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1698402339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P82+a66LJ+2Gbk1INOKjrhcEd0Li7DncMlGwlW/iOU0=; b=Jk7EwGgUVPGVl2iXtG2xp5nCzxQmYT8OIqn9Tk1vTtuW4U6lEv3znkMeb3OmB4eQmdwwEM wx7ftPm0TfMmW6Sg+yzohr2EMxFXJoIvQO7h6Y0xYr9tGIXqe3QcDmhPLxVVmxIxdi3o6O QqugxB3n1h2vDoAdclFq3bdoUD7VGbsfJAo1o5yKTxMc6IORK+rfzUbdA9yJU1g/8FUCEb /Nb8We60DBr4ssZrNvnq6dFscUiTm8PvgQ8mg2L0n0BjNDEuVPPpCT8+IyncR92ap9pTjG GETU9Ifm2QAqaGyzVTvJ3fpy9V2k0+tjRQhmhHS6ANm+JGLP189cFsPJSXjcAQ== ARC-Authentication-Results: i=1; rspamd-86646d89b6-8l89m; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Little-Abaft: 18cb2cb830d513ba_1698402339638_2507335066 X-MC-Loop-Signature: 1698402339638:4255222012 X-MC-Ingress-Time: 1698402339638 Received: from pdx1-sub0-mail-a202.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.104.29.7 (trex/6.9.2); Fri, 27 Oct 2023 10:25:39 +0000 Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-02-142-113-138-136.dsl.bell.ca [142.113.138.136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a202.dreamhost.com (Postfix) with ESMTPSA id 4SGzMR0vrtzFs; Fri, 27 Oct 2023 03:25:39 -0700 (PDT) Message-ID: <29b98533-e9b9-4144-b09c-2e513edfeef7@sourceware.org> Date: Fri, 27 Oct 2023 06:25:34 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 06/19] elf: Do not parse ill-formatted strings Content-Language: en-US To: Adhemerval Zanella , libc-alpha@sourceware.org References: <20231017130526.2216827-1-adhemerval.zanella@linaro.org> <20231017130526.2216827-7-adhemerval.zanella@linaro.org> From: Siddhesh Poyarekar In-Reply-To: <20231017130526.2216827-7-adhemerval.zanella@linaro.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1172.0 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_SOFTFAIL,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-10-17 09:05, Adhemerval Zanella wrote: > Instead of ignoring ill-formatted tunable strings, first, check all the > tunable definitions are correct and then set each tunable value. It > means that partially invalid strings, like "key1=value1:key2=key2=value' > or 'key1=value':key2=value2=value2' do not enable 'key1=value1'. It > avoids possible user-defined errors in tunable definitions. > > Checked on x86_64-linux-gnu. > --- Harsher than 5/19, but fair I guess. Please send v3 with a tiny nit fixup I've mentioned below. Thanks, Sid > elf/dl-tunables.c | 50 +++++++++++++++++++++++++++++++++++----------- > elf/tst-tunables.c | 13 ++++++++---- > 2 files changed, 47 insertions(+), 16 deletions(-) > > diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c > index 59bee61124..5d4b8c5bc0 100644 > --- a/elf/dl-tunables.c > +++ b/elf/dl-tunables.c > @@ -154,17 +154,29 @@ __tunable_set_val (tunable_id_t id, tunable_val_t *valp, tunable_num_t *minp, > do_tunable_update_val (cur, valp, minp, maxp); > } > > -/* Parse the tunable string VALSTRING. VALSTRING is a duplicated values, > - where delimiters ':' are replaced with '\0', so string tunables are null > - terminated. */ > -static void > -parse_tunables (char *valstring) > +struct tunable_toset_t > +{ > + tunable_t *t; > + const char *value; > +}; > + > +enum { tunables_list_size = array_length (tunable_list) }; > + > +/* Parse the tunable string VALSTRING and set TUNABLES with the found tunables > + and their respectibles values. VALSTRING is a duplicated values, where > + delimiters ':' are replaced with '\0', so string tunables are null > + terminated. > + Return the number of tunables found (including 0 if the string is empty) > + or -1 if for a ill-formatted definition. */ > +static int > +parse_tunables_string (char *valstring, struct tunable_toset_t *tunables) > { > if (valstring == NULL || *valstring == '\0') > - return; > + return 0; > > char *p = valstring; > bool done = false; > + int ntunables = 0; > > while (!done) > { > @@ -177,7 +189,7 @@ parse_tunables (char *valstring) > /* If we reach the end of the string before getting a valid name-value > pair, bail out. */ > if (*p == '\0') > - break; > + return -1; > > /* We did not find a valid name-value pair before encountering the > colon. */ > @@ -190,30 +202,44 @@ parse_tunables (char *valstring) > /* Skip the ':' or '='. */ > p++; > > - const char *value = p; > + char *value = p; > > while (*p != '=' && *p != ':' && *p != '\0') > p++; > > if (*p == '=') > - break; > + return -1; > else if (*p == '\0') > done = true; > else > *p++ = '\0'; > > /* Add the tunable if it exists. */ > - for (size_t i = 0; i < sizeof (tunable_list) / sizeof (tunable_t); i++) > + for (size_t i = 0; i < tunables_list_size; i++) > { > tunable_t *cur = &tunable_list[i]; > > if (tunable_is_name (cur->name, name)) > { > - tunable_initialize (cur, value); > + tunables[ntunables++] = (struct tunable_toset_t) { cur, value }; > break; > } > } > } > + > + return ntunables; > +} > + > +static void > +parse_tunables (char *valstring) > +{ > + struct tunable_toset_t tunables[tunables_list_size]; > + int ntunables = parse_tunables_string (valstring, tunables); > + if (ntunables == -1) > + return; You don't actually need this; the for loop below will return without doing anything if ntunables == -1. > + > + for (int i = 0; i < ntunables; i++) > + tunable_initialize (tunables[i].t, tunables[i].value); > } > > /* Initialize the tunables list from the environment. For now we only use the > @@ -240,7 +266,7 @@ __tunables_init (char **envp) > continue; > } > > - for (int i = 0; i < sizeof (tunable_list) / sizeof (tunable_t); i++) > + for (int i = 0; i < tunables_list_size; i++) > { > tunable_t *cur = &tunable_list[i]; > > diff --git a/elf/tst-tunables.c b/elf/tst-tunables.c > index 03039b5260..e124fa4c6d 100644 > --- a/elf/tst-tunables.c > +++ b/elf/tst-tunables.c > @@ -161,7 +161,7 @@ static const struct test_t > 0, > 0, > }, > - /* If there is a ill-formatted key=value, everything after is also ignored. */ > + /* Ill-formatted tunables string is not parsed. */ > { > "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096:glibc.malloc.check=2", > 0, > @@ -186,13 +186,18 @@ static const struct test_t > 0, > 0, > }, > - /* Valid tunables set before ill-formatted ones are set. */ > { > "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096", > - 2, > 0, > 0, > - } > + 0, > + }, > + { > + "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096", > + 0, > + 0, > + 0, > + }, > }; > > static int