From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=eald=BJ=gmail.com=bugaevc@sourceware.org>
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a])
	by sourceware.org (Postfix) with ESMTPS id 0E4D5385840D
	for <libc-alpha@sourceware.org>; Sat, 20 May 2023 11:47:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0E4D5385840D
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-ot1-x32a.google.com with SMTP id 46e09a7af769-6af6b5cf489so61571a34.3
        for <libc-alpha@sourceware.org>; Sat, 20 May 2023 04:47:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1684583226; x=1687175226;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=1q6qzy9J9EpWJwBtIZvUp1dMeN1FlHfpZuugGNVvojA=;
        b=AnBuPCa9ARchUIHJscAcTfu/q1HnqcUo0z2erMQDiPTeJQinLWoxEfuYW1CQKPlrxN
         Hw/yDtcm+T2AUqH6UTw72GD4hWLISnS9vsbS7ldmojB3kdzGJucLPzvCmqyZjf3dFsAr
         7gsAkJUJ1gm/5EXW9yr79wyYAUvLXKnhuuMHXniRfKsC1ZczlnEXwjHOdnbREqTW3vYK
         quSk77RMRl5H8LLiOEcg99ul6jn8kqn8EYb5J0Y+EpUQ/aptF0W3xaZC41NnwoX0PlXa
         /CpSiFf9IRyWpbIs9eOV1eXQ9Cig+wOUng8pNYjYtOh6J6z8EybAtDR06ltN8cB0SSD1
         q4pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1684583226; x=1687175226;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1q6qzy9J9EpWJwBtIZvUp1dMeN1FlHfpZuugGNVvojA=;
        b=Uu28bPAxrYSZSPXQdgym0H2/AH0XyvYwpJTuD6bb78BsvC7N7rYvOsk/1q0i0PVB2G
         LnApZnulfZfgzIuXjwqbgwzCSk5LpjbqGpyCMw55DDyrrHeS3V4sLZHmkvX8VmZNVhyP
         rQR44ugGOT3yR8LRJTKr49ot677oSH2R8yySATg7KTBTE8ftFGb9+1YQn6C5PLUSJ6Zx
         nERXabYd8EsKadHDswJ+5z6ZFdZhqR4qLFvpiXALI8e8rjjXVANx9HMa4DHI6POHyinT
         xF8S6va1Q6uP58nSR2I00Slqdy56FRMqr0zuHgutgtT9D9uGSLNo9RJMLkFzitJ6Zyvd
         Vcfg==
X-Gm-Message-State: AC+VfDw5AI7HZO0WYdV/xt2gxm8wxu6UolRdT4ZCcY2UARqvl6hAyEZV
	oTXikf7gHPkUoGOx+1P7IhxpAXg3taaEJ8w0g+f75ukN
X-Google-Smtp-Source: ACHHUZ4fCrKcCLjjiyv+5F4kfePuBhAZM1T6tBjtrQ8StgZeFQUg9DfBhFPUS4EqzODinH0lQnR2s0uw281q62a6Nmc=
X-Received: by 2002:a05:6808:aac:b0:378:c02:bd51 with SMTP id
 r12-20020a0568080aac00b003780c02bd51mr2828180oij.33.1684583226202; Sat, 20
 May 2023 04:47:06 -0700 (PDT)
MIME-Version: 1.0
References: <20230519213059.3812385-1-bugaevc@gmail.com> <20230519213059.3812385-2-bugaevc@gmail.com>
 <b629c14d-d4d5-133b-a5ef-5f8789e8234@codesourcery.com>
In-Reply-To: <b629c14d-d4d5-133b-a5ef-5f8789e8234@codesourcery.com>
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Sat, 20 May 2023 14:46:54 +0300
Message-ID: <CAN9u=HcmgmNkbp+7mo6GieGycDQ7s6LVS908f2o7WRv2_2y+Kg@mail.gmail.com>
Subject: Re: [RFC PATCH 1/1] io: Add FORTIFY_SOURCE check for fcntl arguments
To: Joseph Myers <joseph@codesourcery.com>
Cc: libc-alpha@sourceware.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

Hello,

On Sat, May 20, 2023 at 12:55=E2=80=AFAM Joseph Myers <joseph@codesourcery.=
com> wrote:
> I'm concerned about the lack of testcases in this patch.  I'm not sure of
> how we should be checking for compile-time errors (there are several
> existing tests for runtime fortification), but having this functionality
> without testcases seems risky.

Yes, absolutely, I agree. Let me attempt to add some tests then!

Considering it's unclear how to test for compilation errors, maybe we
don't have to (despite these errors being the main point of the
patch). What's important is ensuring that the fortification doesn't
break legitimate programs, either because of me messing up how
fcntl/fcntl64 are defined in some particular configuration vs how they
are now defined in fcntl2.h, or because of some undefined F_COMMAND
being used in __fcntl_cmd_needs_arg.

I see that there's already debug/tst-fortify.c that gets built and
tested in various configurations (exactly what I need!) and even has
the CHK_FAIL_START / CHK_FAIL_END facilities for catching the SIGABRT
and recording test success. So should I just add a bunch of
fcntl/fcntl64 tests there?

What would be a good way to test for 32-bit vs 64-bit confusion?
Something involving F_OFD_*LK, perhaps?

Is there an existing test for open{at,64,at64} fortification somewhere
that I could copy-paste^W^W take inspiration from?

Sergey