From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D01253858C20 for ; Tue, 20 Feb 2024 22:06:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D01253858C20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D01253858C20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708466767; cv=none; b=BTcibPetRJBKYG+ysbdgQsrWSMKU7FcqVUmTrVjLRVbCuPHoAPNuAMKL8kni4fHEGk0RUVoaFPR79LmxVxxizQYDUj705DEMPxUKh13xorPb7i864BC/X0Qqyz11IUDT/zYMZk+SHiqCdZreLuFb++CdtC1LFJaAQMBeozROQIE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1708466767; c=relaxed/simple; bh=8PM5AblZorFdN0eaMpfMeakO+FLGHKW624ApbjD5w6M=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=QXZq35spx/b0nmtWASblTZYDIfQpR5yn8W1PAdikkSgx44VtZoUKpZem5CoQ+7LuQKdG4YSJ/V7+YpOEPWXqHJZkYiyQY9d5yFoS2fIcHkIN0laPUA8xM4011cqLXSs4BUTfyBAZyQbUj6kzZ85FDR4p+N8h6exVG4gjqvnirmQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1708466764; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u86228gZ1K6Nw8opknQ6f225EBQSKKWhna2EbPH/7Sw=; b=dqDiM9qaeXsvCmMd1QdbPCjNrzWiXD9Ayx2CIGiILF7jzYBUbYiX0OGkkmDOhIn35J4xph Afk2poNJWfDeIDFRuHFJ2rCPK5o4wfVU79S3C5UerjGpZGWunJUzXU+wZxOlPB07lyMiof Sv8v9Ywjl82I3Ye8GsqHxiJnE3RO5n8= Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-287-5vp20aFeMe6aMghxbfV9ug-1; Tue, 20 Feb 2024 17:06:02 -0500 X-MC-Unique: 5vp20aFeMe6aMghxbfV9ug-1 Received: by mail-qt1-f199.google.com with SMTP id d75a77b69052e-42dd52a27f7so56597371cf.2 for ; Tue, 20 Feb 2024 14:06:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708466761; x=1709071561; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u86228gZ1K6Nw8opknQ6f225EBQSKKWhna2EbPH/7Sw=; b=QavAx2VET2Z6xF+P0M4BIqmHkkGzKjjI5AVuYwi9UNNjH2fj5/XjAWjndCa5cCMnYg 0kDR4/qDYoQy0Vv3uaq8BeMFmpCKaKufENbfJUuIpXHC94vbutZmogUJRqEgixP6vAKl fJq+IGnjQLHAmZqt/asJjSHFDbsZfFVkqcyytf2ZVcr2fn/o+8q4PQiAaMQBQg8htZ9B n1N+JAuB9zU1BBrWcPk529ELczdHPaNJEstQZUMsAN6PtRhHAG4GFI32BQrnz7iPi3SP q7LNwkyS4mWysHWBp4xIe7pjp6IpOS0y+2OCHvOgXdgETPhjww+mmNp+FcFRBluG6Snv CQgQ== X-Forwarded-Encrypted: i=1; AJvYcCVoofOJ5ORXdVvAVfH4diorwCHKf6cEATgiaye/YYWX0beuqlMYqT6ApAW9SKXHJVosekkpGWBLYMRW5n33fR1iW+gc4VQ0yHgp X-Gm-Message-State: AOJu0YxSqWGIcJ3gcOxaDRUOksuT6mktY8xEqsYjuFooxbd7mmmNoRkT N/OkgqD2ECf60ZO4A6lPPeHaqFZxDX1EstLu8Gi9XuNvwjk5M0JJ4eIUx1EfuT1Yw2iMWcqKgOV 59mZ6Eha8OadGIc4S0VYOi6KnntfLrMTskGJMlsvd849e0RWESGPzfckYFaOxWG0aMw== X-Received: by 2002:a05:622a:301:b0:42e:1315:7cee with SMTP id q1-20020a05622a030100b0042e13157ceemr6895412qtw.65.1708466761731; Tue, 20 Feb 2024 14:06:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IFXz/zDPMgxWBQIi78sJCca3dHYesbA+hUwNcDOmI0YaNE9YCM6baeJ0vpVxx9yawkmOShCcQ== X-Received: by 2002:a05:622a:301:b0:42e:1315:7cee with SMTP id q1-20020a05622a030100b0042e13157ceemr6895400qtw.65.1708466761423; Tue, 20 Feb 2024 14:06:01 -0800 (PST) Received: from [192.168.0.241] ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id i11-20020ac871cb000000b0042dfb466c85sm3200509qtp.64.2024.02.20.14.06.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Feb 2024 14:06:01 -0800 (PST) Message-ID: <34e611d0-078d-4732-b2df-3c859bf51cdc@redhat.com> Date: Tue, 20 Feb 2024 17:06:00 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 05/10] unistd: Improve fortify with clang To: Adhemerval Zanella , libc-alpha@sourceware.org Cc: Siddhesh Poyarekar References: <20240208184622.332678-1-adhemerval.zanella@linaro.org> <20240208184622.332678-6-adhemerval.zanella@linaro.org> From: Carlos O'Donell Organization: Red Hat In-Reply-To: <20240208184622.332678-6-adhemerval.zanella@linaro.org> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2/8/24 13:46, Adhemerval Zanella wrote: > It improve fortify checks for read, pread, pread64, readlink, > readlinkat, getcwd, getwd, confstr, getgroups, ttyname_r, getlogin_r, > gethostname, and getdomainname. The compile and runtime checks have > similar coverage as with GCC. LGTM. Tested on x86_64 and i686. Reviewed-by: Carlos O'Donell Tested-by: Carlos O'Donell > > Checked on aarch64, armhf, x86_64, and i686. > --- > posix/bits/unistd.h | 110 +++++++++++++++++++++++++++++++++----------- > 1 file changed, 82 insertions(+), 28 deletions(-) > > diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h > index bd209ec28e..2757b0619a 100644 > --- a/posix/bits/unistd.h > +++ b/posix/bits/unistd.h > @@ -22,8 +22,12 @@ > > # include > > -__fortify_function __wur ssize_t > -read (int __fd, void *__buf, size_t __nbytes) > +__fortify_function __attribute_overloadable__ __wur ssize_t > +read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes) > + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, > + "read called with bigger length than " > + "size of the destination buffer") > + > { > return __glibc_fortify (read, __nbytes, sizeof (char), > __glibc_objsize0 (__buf), > @@ -32,16 +36,24 @@ read (int __fd, void *__buf, size_t __nbytes) > > #if defined __USE_UNIX98 || defined __USE_XOPEN2K8 > # ifndef __USE_FILE_OFFSET64 > -__fortify_function __wur ssize_t > -pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset) > +__fortify_function __attribute_overloadable__ __wur ssize_t > +pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), > + size_t __nbytes, __off_t __offset) > + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, > + "pread called with bigger length than " > + "size of the destination buffer") OK. > { > return __glibc_fortify (pread, __nbytes, sizeof (char), > __glibc_objsize0 (__buf), > __fd, __buf, __nbytes, __offset); > } > # else > -__fortify_function __wur ssize_t > -pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) > +__fortify_function __attribute_overloadable__ __wur ssize_t > +pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), > + size_t __nbytes, __off64_t __offset) > + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, > + "pread called with bigger length than " > + "size of the destination buffer") > { > return __glibc_fortify (pread64, __nbytes, sizeof (char), > __glibc_objsize0 (__buf), > @@ -50,8 +62,12 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) > # endif > > # ifdef __USE_LARGEFILE64 > -__fortify_function __wur ssize_t > -pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) > +__fortify_function __attribute_overloadable__ __wur ssize_t > +pread64 (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), > + size_t __nbytes, __off64_t __offset) > + __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf, > + "pread64 called with bigger length than " > + "size of the destination buffer") > { > return __glibc_fortify (pread64, __nbytes, sizeof (char), > __glibc_objsize0 (__buf), > @@ -61,9 +77,14 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) > #endif > > #if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K > -__fortify_function __nonnull ((1, 2)) __wur ssize_t > -__NTH (readlink (const char *__restrict __path, char *__restrict __buf, > +__fortify_function __attribute_overloadable__ __nonnull ((1, 2)) __wur ssize_t > +__NTH (readlink (const char *__restrict __path, > + __fortify_clang_overload_arg0 (char *, __restrict, __buf), > size_t __len)) > + __fortify_clang_warning_only_if_bos_lt (__len, __buf, > + "readlink called with bigger length " > + "than size of destination buffer") > + > { > return __glibc_fortify (readlink, __len, sizeof (char), > __glibc_objsize (__buf), > @@ -72,9 +93,13 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf, > #endif > > #ifdef __USE_ATFILE > -__fortify_function __nonnull ((2, 3)) __wur ssize_t > +__fortify_function __attribute_overloadable__ __nonnull ((2, 3)) __wur ssize_t > __NTH (readlinkat (int __fd, const char *__restrict __path, > - char *__restrict __buf, size_t __len)) > + __fortify_clang_overload_arg0 (char *, __restrict, __buf), > + size_t __len)) > + __fortify_clang_warning_only_if_bos_lt (__len, __buf, > + "readlinkat called with bigger length " > + "than size of destination buffer") > { > return __glibc_fortify (readlinkat, __len, sizeof (char), > __glibc_objsize (__buf), > @@ -82,8 +107,11 @@ __NTH (readlinkat (int __fd, const char *__restrict __path, > } > #endif > > -__fortify_function __wur char * > -__NTH (getcwd (char *__buf, size_t __size)) > +__fortify_function __attribute_overloadable__ __wur char * > +__NTH (getcwd (__fortify_clang_overload_arg (char *, , __buf), size_t __size)) > + __fortify_clang_warning_only_if_bos_lt (__size, __buf, > + "getcwd called with bigger length " > + "than size of destination buffer") > { > return __glibc_fortify (getcwd, __size, sizeof (char), > __glibc_objsize (__buf), > @@ -91,8 +119,9 @@ __NTH (getcwd (char *__buf, size_t __size)) > } > > #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED > -__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char * > -__NTH (getwd (char *__buf)) > +__fortify_function __attribute_overloadable__ __nonnull ((1)) > +__attribute_deprecated__ __wur char * > +__NTH (getwd (__fortify_clang_overload_arg (char *,, __buf))) > { > if (__glibc_objsize (__buf) != (size_t) -1) > return __getwd_chk (__buf, __glibc_objsize (__buf)); > @@ -100,8 +129,12 @@ __NTH (getwd (char *__buf)) > } > #endif > > -__fortify_function size_t > -__NTH (confstr (int __name, char *__buf, size_t __len)) > +__fortify_function __attribute_overloadable__ size_t > +__NTH (confstr (int __name, __fortify_clang_overload_arg (char *, ,__buf), > + size_t __len)) > + __fortify_clang_warning_only_if_bos_lt (__len, __buf, > + "confstr called with bigger length than " > + "size of destination buffer") > { > return __glibc_fortify (confstr, __len, sizeof (char), > __glibc_objsize (__buf), > @@ -109,8 +142,13 @@ __NTH (confstr (int __name, char *__buf, size_t __len)) > } > > > -__fortify_function int > -__NTH (getgroups (int __size, __gid_t __list[])) > +__fortify_function __attribute_overloadable__ int > +__NTH (getgroups (int __size, > + __fortify_clang_overload_arg (__gid_t *, , __list))) > + __fortify_clang_warning_only_if_bos_lt (__size * sizeof (__gid_t), __list, > + "getgroups called with bigger group " > + "count than what can fit into " > + "destination buffer") > { > return __glibc_fortify (getgroups, __size, sizeof (__gid_t), > __glibc_objsize (__list), > @@ -118,8 +156,13 @@ __NTH (getgroups (int __size, __gid_t __list[])) > } > > > -__fortify_function int > -__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen)) > +__fortify_function __attribute_overloadable__ int > +__NTH (ttyname_r (int __fd, > + __fortify_clang_overload_arg (char *, ,__buf), > + size_t __buflen)) > + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, > + "ttyname_r called with bigger buflen " > + "than size of destination buffer") > { > return __glibc_fortify (ttyname_r, __buflen, sizeof (char), > __glibc_objsize (__buf), > @@ -128,8 +171,11 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen)) > > > #ifdef __USE_POSIX199506 > -__fortify_function int > -getlogin_r (char *__buf, size_t __buflen) > +__fortify_function __attribute_overloadable__ int > +getlogin_r (__fortify_clang_overload_arg (char *, ,__buf), size_t __buflen) > + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, > + "getlogin_r called with bigger buflen " > + "than size of destination buffer") > { > return __glibc_fortify (getlogin_r, __buflen, sizeof (char), > __glibc_objsize (__buf), > @@ -139,8 +185,12 @@ getlogin_r (char *__buf, size_t __buflen) > > > #if defined __USE_MISC || defined __USE_UNIX98 > -__fortify_function int > -__NTH (gethostname (char *__buf, size_t __buflen)) > +__fortify_function __attribute_overloadable__ int > +__NTH (gethostname (__fortify_clang_overload_arg (char *, ,__buf), > + size_t __buflen)) > + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, > + "gethostname called with bigger buflen " > + "than size of destination buffer") > { > return __glibc_fortify (gethostname, __buflen, sizeof (char), > __glibc_objsize (__buf), > @@ -150,8 +200,12 @@ __NTH (gethostname (char *__buf, size_t __buflen)) > > > #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98) > -__fortify_function int > -__NTH (getdomainname (char *__buf, size_t __buflen)) > +__fortify_function __attribute_overloadable__ int > +__NTH (getdomainname (__fortify_clang_overload_arg (char *, ,__buf), > + size_t __buflen)) > + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, > + "getdomainname called with bigger " > + "buflen than size of destination buffer") OK. > { > return __glibc_fortify (getdomainname, __buflen, sizeof (char), > __glibc_objsize (__buf), -- Cheers, Carlos.