From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) by sourceware.org (Postfix) with ESMTPS id 2689D3858C5E for ; Tue, 30 May 2023 11:34:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2689D3858C5E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-1967cd396a1so3070830fac.0 for ; Tue, 30 May 2023 04:34:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685446452; x=1688038452; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=Hu8fuz8aeT5VIC5j+09oTnsnPOoeyX5eZBr1FPYj+i0=; b=zUubz8KvO/GpG7MgPk986mvOSgeRsXJCdSzKyMdFDTBNp8CXgJjnZnMgGupnHgp7HL VN+lGTaJTR3kxQ810q5J7zXEFSF7dUe03uyZIt+6haTe0z5rmBddwigYmHw0B30wgHZV 3bL7Yw+w9pri0jbT6PmMh1cIQjYEHXo33D+IGT036exGZwNCbMcFU42TbcPrEgfu13SU YY47aOH2k6p6D9JbRCIstTy1jyecfgOrDNA5NaVguEWG9o6d7+zrk044LVtoViszrwe4 nNJX6lSbGzRCd98n3GeUh9AMnh3HOHpN9yR1Pt9G6xAfha1rayMJ+HDvroaaD4MwOVyE B3Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685446452; x=1688038452; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Hu8fuz8aeT5VIC5j+09oTnsnPOoeyX5eZBr1FPYj+i0=; b=cVDPVV9SMKybw0SBsqFUlMsosoX3CV+KOO7rurhl1pG32AKV2m5eTBXIF9+o/FnpQX g+9sz5/vccL4YO/a+QoevY0iPw7dr4aHTB20Htc6XOMnh/R/5w7sVyaf633m9brd6fqj JnRq+WKzULTcNoiYWFaotn7sUBH/kiSDGEFygvCR4FmLJZtpO47uG7sKtmdMRT1w4NL6 pHloIX1cQT1ySR5DZhRTPPGWF2cKi/g6A7iQUwJ+S8xDIvU9ABTL388/jzVsFi/3QhV8 ZDTkSgjsZ5US4X1ZB7J1ang5grtAQ+1NSuCM3cJ9s8LBhp0N84kOmirZu5VpIuuqs1JF 2g7g== X-Gm-Message-State: AC+VfDyqqptkZexbxNzm34BGb+nnYc9BkXiSCtI3nmXS/JR7BE7Tw2OX aNE4C0TjhcDsmU7pFiWllsvjtQ== X-Google-Smtp-Source: ACHHUZ5f65Ixeggj1DoJxN3HHot1iQ2auOLqLUyoTBsud9XS0T9P10BTK6VFHJbL9AesmP5v/3c6Gg== X-Received: by 2002:a05:6808:1a9d:b0:398:110f:dcc6 with SMTP id bm29-20020a0568081a9d00b00398110fdcc6mr1061392oib.44.1685446452471; Tue, 30 May 2023 04:34:12 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c1:4dd5:b058:c94a:90a7:2c43? ([2804:1b3:a7c1:4dd5:b058:c94a:90a7:2c43]) by smtp.gmail.com with ESMTPSA id i14-20020a056820012e00b00549efd1fc72sm5082722ood.35.2023.05.30.04.34.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 May 2023 04:34:11 -0700 (PDT) Message-ID: <3ee83de4-6d6a-7988-3632-2fea34332e89@linaro.org> Date: Tue, 30 May 2023 08:34:08 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.11.1 Subject: Re: [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments Content-Language: en-US To: Sergey Bugaev Cc: Florian Weimer , libc-alpha@sourceware.org References: <20230528172013.73111-1-bugaevc@gmail.com> <20230528172013.73111-4-bugaevc@gmail.com> <31457dbb-a805-262f-4b62-be0b40960ca6@linaro.org> <8354c659-cfb0-993a-2764-72a2cd6f6ed4@linaro.org> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 29/05/23 18:59, Sergey Bugaev wrote: > On Tue, May 30, 2023 at 12:09 AM Adhemerval Zanella Netto > wrote: >> It is returned unmodified, but the asm acts a compiler barrier which gcc >> documentation also declares as 'strong memory barrier' [1] (which I think was >> written before C11 memory semantic). >> >> [1] https://gcc.gnu.org/onlinedocs/gcc/Volatiles.html > > But that one is talking about load/store reordering, not constant > propagation. Here's what I'm talking about: [0] (and an actual Rust > version at [1]). > > [0]: https://godbolt.org/z/qaMa7EavY > [1]: https://godbolt.org/z/c4dhaKbqe > > Would you like me to add something similar to Rust's black_box > glibc-wide in a header (if so, what would be a good name?), or should > I just do it locally in tst-fortify.c where I need it? Ah, I see it now. I am not sure if it would change the benchmarks we have, since the idea is only to prevent compiler optimize away function calls that might have no side-effects. But it does seems a useful addition for internal header, maybe tune the name a bit. > >>> Rust's black_box is / was [0] instead implemented as >>> >>> llvm_asm!("" : : "r"(&mut dummy) : "memory" : "volatile"); >> >> What the 'volatile' constraint does for the llvm_asm? Is is to mimic a >> 'asm volatile' or is something else? > > Yes, I believe it was the same thing as 'asm volatile'. This is > because llvm_asm!() was not a special *syntax* like inline asm is in > GCC, but a magic macro, so 'volatile' has to go inside the macro. > > But also note that llvm_asm!() has been deprecated and removed [2] (it > was always an unstable feature, never intended to be stabilized); it's > been replaced by the new asm!() macro that has a different mini-syntax > (more like the Rust formatting macros, less like GCC/LLVM inline > assembly). > > [2]: https://github.com/rust-lang/rust/pull/92816 > > With the asm!() macro the same would rather look like this: > > asm!( > "/* pretend to use {0} */", > in(reg) &mut dummy, > options(nostack, preserves_flags) > ) > > The default around 'volatile' (and other flags) has been flipped, now > you'd need to specify 'options(pure)' to get the previous non-volatile > behavior. Thanks for the explanation. > >> It is exported because all tests are actually built with _GNU_SOURCE (done >> by include/libc-symbols.h), so the test check is superfluous. It also >> leaks implementation details, such as internal defines. Usually to check >> for internal implementation we use test-internal (which are built >> statically). >> >> But if you really want to check for _LARGEFILE64_SOURCE, you will need to >> add *another* fortify test that undef _GNU_SOURCE (like stdlib/tst-strtol-binary-c11.c >> for instance). > > I thought the > > src-chk-nongnu = \#undef _GNU_SOURCE > > part handled undoing the #define _GNU_SOURCE (from > include/libc-symbols.h) for the -nongnu- tests? But at same time we always use -D_LARGEFILE64_SOURCE=1 for nognu: CFLAGS-tst-fortify-$(1)-nongnu-$(2)-$(3).$(1) += -D_LARGEFILE64_SOURCE=1 We have some overlap on current way to organize tst-fortify, but I think it should cover everything: 1. tst-fortify-c-default: uses _GNU_SOURCE, provides both LFS and non-LFS, no redirections. 2. tst-fortify-c-lfs: uses _GNU_SOURCE and _FILE_OFFSET_BITS=64, provides both LFS and non-LFS, redirects non-LFS calls to LFS. 3. tst-fortify-c-nongnu: undef _GNU_SOURCE, defines _LARGEFILE64_SOURCE, provides both LFS and non-LFS, no redirections. I guess you might add another configuration to undef _GNU_SOURCE and define _LARGEFILE64_SOURCE; but I don't think it would increase coverage. > > I also think I might have actually gotten errors here about missing > fcntl64 and the like before I added the ifdef check, but I might be > misremembering this one. > > Sergey