From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Cc: Sergey Bugaev <bugaevc@gmail.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments
Date: Tue, 30 May 2023 09:41:10 +0200 [thread overview]
Message-ID: <87edmyxo4p.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <8354c659-cfb0-993a-2764-72a2cd6f6ed4@linaro.org> (Adhemerval Zanella Netto's message of "Mon, 29 May 2023 15:09:39 -0300")
* Adhemerval Zanella Netto:
> On 29/05/23 14:31, Sergey Bugaev wrote:
>> Hello,
>>
>> On Mon, May 29, 2023 at 7:54 PM Adhemerval Zanella Netto
>> <adhemerval.zanella@linaro.org> wrote:
>>> Some comments below.
>>
>> thank you for the review :)
>>
>>>> +/* Return VALUE, but do it in a way that the compiler cannot
>>>> + see that it's a compile-time constant. */
>>>> +static int __attribute_noinline__
>>>> +hide_constant (int value)
>>>> +{
>>>> + volatile int v = value;
>>>> + return v;
>>>> +}
>>>> +
>>>
>>> Interesting construct, but I wonder if 'volatile' is really required here.
>>> Afaiu what really prevents compiler to return fortify compiler warning here
>>> is the __attribute_noinline__.
>>
>> It's not really required. Apparently even an 'inline' function call is
>> enough to to disarm __builtin_constant_p [0]; I just threw both
>> volatile and noinline in for good measure.>
>> [0] https://godbolt.org/z/v9569KGTT
>
> It is because afaiu 'volatile' does not really match the semantics of what you
> are trying to do here.
The noinline attribute does exactly what it says: it prevents inlining,
but it does not prevent inter-procedural analysis. So if a function
returns a constrant, the compiler will still use that constant
elsewhere. Newer GCC versions support the noipa attribute. If you drop
the static, you can use the weak attribute for compatibility with pretty
much all GCC versions.
But I think using volatile (without noinline for clarity) is fine here.
>>>> +template<typename, typename>
>>>> +struct __fcntl_types_compatible_helper
>>>
>>> This makes the C++ tests fail with GCC 13:
>>>
>>> [...]
>>> ../include/bits/../../io/bits/fcntl2.h:460:1: error: template with C linkage
>>> 460 | template<typename __T>
>>> | ^~~~~~~~
>>> ../misc/sys/cdefs.h:140:25: note: ‘extern "C"’ linkage started here
>>> 140 | # define __BEGIN_DECLS extern "C" {
>>
>> Interesting. Any idea why this wasn't failing in my testing?
>
> My guess is because template with extern "C" are not really supported in all
> configurations.
It's possible to use extern "C++" around the template.
>> So maybe it is a good idea to move this all into fcntl3.h like it was
>> done in Florian's patch? Then I'd include that after __END_DECLS and
>> only if GCC >= 8.
>
> Yes, it would be better indeed.
Even then, we may still have to use extern "C++", to preserve
compatibility with C++ applications which include <fcntl.h> in an extern
"C" block. See this commit:
commit e37208ce86916af9510ffb9ce7b3c187986f07de
Author: Florian Weimer <fweimer@redhat.com>
Date: Sat Oct 22 17:33:26 2016 +0200
math.h: Wrap C++ bits in extern "C++"
It is still common to include system header files in an extern "C"
block. This means that exiting <math.h>'s own extern "C" block
is not sufficient to get back to C++ mode. Use an extern "C++"
wrapper instead.
Thanks,
Florian
next prev parent reply other threads:[~2023-05-30 7:41 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-28 17:20 [PATCH v2 0/3] fcntl fortification Sergey Bugaev
2023-05-28 17:20 ` [PATCH v2 1/3] support: Add support_fcntl_support_ofd_locks () Sergey Bugaev
2023-05-29 13:18 ` Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin,end} Sergey Bugaev
2023-05-29 14:50 ` [PATCH v2 2/3] cdefs.h: Define __glibc_warn_system_headers_{begin, end} Adhemerval Zanella Netto
2023-05-28 17:20 ` [PATCH v2 3/3] io: Add FORTIFY_SOURCE check for fcntl arguments Sergey Bugaev
2023-05-29 16:54 ` Adhemerval Zanella Netto
2023-05-29 17:31 ` Sergey Bugaev
2023-05-29 18:09 ` Adhemerval Zanella Netto
2023-05-29 19:57 ` Sergey Bugaev
2023-05-29 20:14 ` Adhemerval Zanella Netto
2023-05-29 20:49 ` Sergey Bugaev
2023-05-29 21:09 ` Adhemerval Zanella Netto
2023-05-29 21:59 ` Sergey Bugaev
2023-05-30 11:34 ` Adhemerval Zanella Netto
2023-05-30 7:41 ` Florian Weimer [this message]
2023-05-30 9:07 ` Sergey Bugaev
2023-05-30 9:50 ` Florian Weimer
2023-05-30 11:35 ` Adhemerval Zanella Netto
2023-05-30 8:09 ` [PATCH v2 0/3] fcntl fortification Florian Weimer
2023-05-30 10:46 ` Sergey Bugaev
2023-05-30 11:08 ` Florian Weimer
2023-05-30 11:34 ` Sergey Bugaev
2023-05-30 11:50 ` Florian Weimer
2023-05-30 11:51 ` Florian Weimer
2023-05-30 12:15 ` Sergey Bugaev
2023-05-30 12:26 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87edmyxo4p.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=adhemerval.zanella@linaro.org \
--cc=bugaevc@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).