From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id AC4923858296 for ; Wed, 21 Feb 2024 13:20:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AC4923858296 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AC4923858296 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708521660; cv=none; b=krRMC/oSDibiW5iHZAyedLFKVXpdBzAy9GaD2jm9pjywZpJOZsYxxmKfberKb7/GMzg/byl82y49WPLsinOkqxstayYiKAncfsVQIUJRd2iqVWPXhP9E7zrhqYRZloYJBa5qaldQOFrCEXR+nPNpNpeTe/G31hPc5EQSN7I9i58= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708521660; c=relaxed/simple; bh=sFMvxO5xf1uB+ygxl31uGIlCISE0G6djKhGFfBjx7nE=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=p0g9OkTH4ipsI1dtc+4wgBXGPOVJB4VaokSuDPAJqVp3SJ6niK7uWAaEOggRdstuX/0IkUWBcqQzVGGT1sikoAiIqbyDYz4iZiEl3PLF5qqSO3iffHPB1U7VNX7+aEtqjSvenG12TxBUPLx/PdMK2GFk8+ch6mTaTvozrRJQW4k= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1708521658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hc+BGn9PwcqDjRln6ox+Aa0FjZNoCXYCcHoVc7AZiu4=; b=bjrHB9NjTycmKdJAW5SQB2P5+8AQ1JG3whEPUUxP7iz00+LxnC3wxEJFy6aVpo5YUnefmq vvUhDCOev+zgGTkKWp0ihYvJS92BhC9GcAgJIg8l3Rco1ltPeJy4dAiFfY5hoSkSshKHB2 PMOcU8ZWz20Sa19heNUFnWUOfcMggIk= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-240-qwBX_GkbMPK85ovZYPwV9Q-1; Wed, 21 Feb 2024 08:20:56 -0500 X-MC-Unique: qwBX_GkbMPK85ovZYPwV9Q-1 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-78790be8fc1so25408385a.2 for ; Wed, 21 Feb 2024 05:20:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708521655; x=1709126455; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Hc+BGn9PwcqDjRln6ox+Aa0FjZNoCXYCcHoVc7AZiu4=; b=enNx1NkgKcbiAT/vTvx8B+vbxGOGDwQbvztiadsqgnN0OZvAcrPvOh/RbmJWdAclTN n6HesI7rQx1MM/AyV3KKuuUj7+qNGMOVmOzwSWYKjrWBbqUgKhQ2fC7HsxHqjPPbF0Ix zu3yUpps9M7pt84CreV0a9eaHg1BC7SaXfMKTscdCi8eGvbP4HfsmVM0YopjQs2jz/1O f7WlKDKwTCtz7vL1LyTy4uZhm/X+wK6agQ/I3RJPwueUXtYQ+2BvSA8PPSx1g+CfcCPF UdSIaGjQQDadNQyTX4mfxqRFkZo/uk5s+pl+rkOqreaLzuNUcmubJjScK1f/poDMdvvR 1KzA== X-Forwarded-Encrypted: i=1; AJvYcCXe5zv6a9f9ttp2lOYiXDa8sAulzDogS+SgSm0ciu30w9tdQAUJPa7WrGa1BytH6BiZhFr/WNqS/IL+k6/0PECmvXXmojBA4Y2B X-Gm-Message-State: AOJu0YyFNT05t/go1yEmUvGKIm9whnHMNDsFFZF9F8BXWx9hhdGSej74 X7Yk8xtGSGwJ3xF8V5ewxzaK7RHFpkO0Nh4sRRQ9TvFuiLFwOSJ3Qi4Q4TED7CllOCjsMWoeLt1 kZwvS3Ixfat9v0fZwzuU3fs2C/BX0H9gDm51tWx7B5cBM86zNVLTARq///7eCvT4Pfw== X-Received: by 2002:a05:620a:8316:b0:787:8b2f:19c5 with SMTP id pa22-20020a05620a831600b007878b2f19c5mr1127309qkn.15.1708521655309; Wed, 21 Feb 2024 05:20:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IFasodg6uHmv0iI/27A4CuwFIpieykhAGNQoNLlbX73psxpOzkUA14o5AKe4LmqQOf7yOU5lw== X-Received: by 2002:a05:620a:8316:b0:787:8b2f:19c5 with SMTP id pa22-20020a05620a831600b007878b2f19c5mr1127297qkn.15.1708521655005; Wed, 21 Feb 2024 05:20:55 -0800 (PST) Received: from [192.168.0.241] ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id vu21-20020a05620a561500b007872e92ff64sm4297447qkn.63.2024.02.21.05.20.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 21 Feb 2024 05:20:54 -0800 (PST) Message-ID: <312bc2d1-74d4-45f5-860b-87e4d5eb5aa9@redhat.com> Date: Wed, 21 Feb 2024 08:20:53 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 06/10] socket: Improve fortify with clang To: Adhemerval Zanella , libc-alpha@sourceware.org Cc: Siddhesh Poyarekar References: <20240208184622.332678-1-adhemerval.zanella@linaro.org> <20240208184622.332678-7-adhemerval.zanella@linaro.org> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <20240208184622.332678-7-adhemerval.zanella@linaro.org> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2/8/24 13:46, Adhemerval Zanella wrote: > It improve fortify checks recv, recvfrom, poll, and ppoll. The compile > and runtime hecks have similar coverage as with GCC. > LGTM. Tested on x86_64 and i686. Reviewed-by: Carlos O'Donell Tested-by: Carlos O'Donell > Checked on aarch64, armhf, x86_64, and i686. > --- > io/bits/poll2.h | 29 +++++++++++++++++++++-------- > socket/bits/socket2.h | 20 ++++++++++++++++---- > 2 files changed, 37 insertions(+), 12 deletions(-) > > diff --git a/io/bits/poll2.h b/io/bits/poll2.h > index 6152a8c5e4..24ec1056eb 100644 > --- a/io/bits/poll2.h > +++ b/io/bits/poll2.h > @@ -33,8 +33,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, > __poll_chk) > __warnattr ("poll called with fds buffer too small file nfds entries"); > > -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int > -poll (struct pollfd *__fds, nfds_t __nfds, int __timeout) > +__fortify_function __fortified_attr_access (__write_only__, 1, 2) > +__attribute_overloadable__ int > +poll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, > + int __timeout) > + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), > + "poll called with fds buffer " > + "too small file nfds entries") > { > return __glibc_fortify (poll, __nfds, sizeof (*__fds), > __glibc_objsize (__fds), > @@ -58,9 +63,13 @@ extern int __REDIRECT (__ppoll64_chk_warn, (struct pollfd *__fds, nfds_t __n, > __ppoll64_chk) > __warnattr ("ppoll called with fds buffer too small file nfds entries"); > > -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int > -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, > - const __sigset_t *__ss) > +__fortify_function __fortified_attr_access (__write_only__, 1, 2) > +__attribute_overloadable__ int > +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, > + const struct timespec *__timeout, const __sigset_t *__ss) > + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), > + "ppoll called with fds buffer " > + "too small file nfds entries") > { > return __glibc_fortify (ppoll64, __nfds, sizeof (*__fds), > __glibc_objsize (__fds), > @@ -81,9 +90,13 @@ extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, > __ppoll_chk) > __warnattr ("ppoll called with fds buffer too small file nfds entries"); > > -__fortify_function __fortified_attr_access (__write_only__, 1, 2) int > -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, > - const __sigset_t *__ss) > +__fortify_function __fortified_attr_access (__write_only__, 1, 2) > +__attribute_overloadable__ int > +ppoll (__fortify_clang_overload_arg (struct pollfd *, ,__fds), nfds_t __nfds, > + const struct timespec *__timeout, const __sigset_t *__ss) > + __fortify_clang_warning_only_if_bos_lt2 (__nfds, __fds, sizeof (*__fds), > + "ppoll called with fds buffer " > + "too small file nfds entries") > { > return __glibc_fortify (ppoll, __nfds, sizeof (*__fds), > __glibc_objsize (__fds), > diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h > index a88cb64370..04780f320e 100644 > --- a/socket/bits/socket2.h > +++ b/socket/bits/socket2.h > @@ -30,14 +30,20 @@ extern ssize_t __REDIRECT (__recv_chk_warn, > __warnattr ("recv called with bigger length than size of destination " > "buffer"); > > -__fortify_function ssize_t > -recv (int __fd, void *__buf, size_t __n, int __flags) > +__fortify_function __attribute_overloadable__ ssize_t > +recv (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __n, > + int __flags) > + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, > + "recv called with bigger length than " > + "size of destination buffer") > { > size_t sz = __glibc_objsize0 (__buf); > if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) > return __recv_alias (__fd, __buf, __n, __flags); > +#if !__fortify_use_clang > if (__glibc_unsafe_len (__n, sizeof (char), sz)) > return __recv_chk_warn (__fd, __buf, __n, sz, __flags); > +#endif > return __recv_chk (__fd, __buf, __n, sz, __flags); > } > > @@ -57,15 +63,21 @@ extern ssize_t __REDIRECT (__recvfrom_chk_warn, > __warnattr ("recvfrom called with bigger length than size of " > "destination buffer"); > > -__fortify_function ssize_t > -recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, > +__fortify_function __attribute_overloadable__ ssize_t > +recvfrom (int __fd, __fortify_clang_overload_arg0 (void *, __restrict, __buf), > + size_t __n, int __flags, > __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) > + __fortify_clang_warning_only_if_bos0_lt (__n, __buf, > + "recvfrom called with bigger length " > + "than size of destination buffer") > { > size_t sz = __glibc_objsize0 (__buf); > if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) > return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); > +#if !__fortify_use_clang > if (__glibc_unsafe_len (__n, sizeof (char), sz)) > return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, > __addr_len); > +#endif > return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); > } -- Cheers, Carlos.